HIPAA Blog

[ Monday, May 12, 2003 ]

 

Jackson Walker has redesigned its website, along with a front-page HIPAA article. Check it out.
Jeff [11:32 AM]

 

This is a pretty funny story about a physician exercising "self help" in connection with the Pennsylvania medical malpractice insurance crisis.
Jeff [11:14 AM]

 

New Phoenix Survey:

Saw this Friday, but didn't post to it until someone reminded me to. Phoenix has release their latest survey, which was taken over the first two weeks of April. In other words, on the doorstep of Privacy Rule effectiveness. The most visible statistic to come out of the survey is the level of readiness for and compliance with the Privacy Rule by its effective date: 78% of providers, 68% of payors, and 47% of clearinghouses reported being in compliance. Since this is a self-selecting survey, those numbers are probably slightly elevated. All in all, that's pretty pathetic. Those reporting less than complete compliance at least are doing the visible things (NoPPs, BA Agreements, etc.). I can't wait to see how pathetic people are when it comes to getting the transaction and code sets operational.
Jeff [10:09 AM]

[ Tuesday, May 06, 2003 ]

 

By the way, here's the South Carolina decision, if you're looking for the legal text. Happy reading.
Jeff [10:56 AM]

[ Monday, May 05, 2003 ]

 

More on the legal front: I already noted below that the 4th Circuit poured out the plaintiffs in the HIPAA case out of South Carolina (the South Carolina Medical Society along with some others brought suit to enjoin enforcement of HIPAA on several grounds, including overstepping regulatory authority). It's now being reported that the plaintiffs will appeal to the US Supreme Court. It will be interesting to see if the "Supremes" will hear the case.
Jeff [4:58 PM]

 

If you're in New Orleans on Thursday at 1:00, pm, you can check out the oral arguments in the 5th Circuit on the HIPAA case that came out of the Houston District court. What could be more exciting than hearing a bunch of lawyers and judges argue over HIPAA?
Jeff [4:49 PM]

 

Pamela Jones, an alert HIPAA contributor with Medabiliti Software (check them out), alerted me to an e-mail from Ron Panzer with Hospice Patients Alliance, an advocacy group, on the filing of the first HIPAA complaint, against a hospice organization in Florida. The complaint was filed by Hospice Patients Alliance against Hospice of the Florida Suncoast and its for-profit subsidiary, Suncoast Solutions. As you can see from this link, it seems like the Suncoast folks have made quite a few enemies along the way. This sort of reminds me of the HealthSouth bulletin board on Yahoo, which was overrun by folks complaining about CEO Richard Scrushy (or as it was usually spelled on the bulletin board, Screw-She).

Mr. Panzer's e-mail, posted on the HIPAAlive discussion site, outlined why they filed the complaint:

Having filed the first HIPAA complaint in the USA, Hospice Patients Alliance looks forward to seeing if the privacy
protections built into HIPAA will actually be enforced. While every provider in the country has frantically been working round
the clock to comply with HIPAA, nobody knows what OCR will actually do when it finds violations.

We filed our complaint against a hospice in Florida, Hospice of the Florida Suncoast, which has a for-profit subsidiary, Suncoast Solutions. Suncoast makes software for hospice record-keeping and used ACTUAL patient data in its marketing, promotions, help screens and elsewhere throughout the software. Hundreds of real patients' and patients' families' information was released to about 100 hospices all over the USA, exposing this PHI to thousands of staff in these completely different hospice corporations. While Suncoast used a few obviously false names in a few situations, we have verified that real patient data is in the software and notified HHS/OCR in order to bring Suncoast into compliance with the privacy regulations. We would never had done so, except that the hospice had been warned repeatedly over a two year period to stop breaching confidentiality through Suncoast and refused and continues to refuse to correct the breach. The continued breach of confidentiality at Suncoast is one of the most bewildering and bizarre confidentiality breaches I have ever read about and constitutes one of the most severe breaches in US history.

If true, this is extreme laziness, at a minimum. Inexcusable.
Jeff [3:00 PM]

[ Friday, May 02, 2003 ]

 

Here's an article in the Olympia, Washington newspaper on the impact of HIPAA on friends and family seeking information on hospitalized loved ones. Interesting point regarding "imprisonment" in nursing homes: if a resident does not want to be listed in a directory (paranoia as an early manifestation of Alzheimers, perhaps), and they move rooms, family members won't be able to find out about them.
Jeff [10:33 AM]

 

Off-Topic but it made me smile:

Check out the headline from this article from the Pittsburgh Post-Gazette: SARS Virus Delaying Seniors' Canadian Drug Trips. And I thought they gave that up in the '60's.
Jeff [10:23 AM]

[ Tuesday, April 29, 2003 ]

 

The South Carolina case challenging HIPAA has made it to the Federal Circuit court, and has been found constitutional. There is still the Texas case (the Federal District court upheld HIPAA there too, but it's on appeal to the 5th circuit), as well as the case filed a few weeks ago, on the eve of the Privacy Rule's effective date, where the plaintiffs basically wanted to repeal the revisions to the Privacy Rule that took away the consent requirement.
Jeff [10:53 AM]

[ Tuesday, April 22, 2003 ]

 

I have been informed that House Bill 330 has been passed by both houses of the Texas legislature and now awaits the governor's signature (very likely) or veto (unlikely). This bill deletes portions of the Texas state HIPAA statute that (i) required all entities that regularly deal in medical information to comply with HIPAA (regardless of whether they are "covered entities" as defined in HIPAA and (ii) set out the rules to protect health information that is being used in research. Those were the guts of the Texas HIPAA statute; most of what's left involves authorizing disclosures to public agencies and restrictions on marketing (these are actually tighter than the HIPAA restrictions).
Jeff [3:28 PM]

 

Here's an interesting diversion. Which Monty Python and the Holy Grail character are you?
Jeff [10:00 AM]

[ Monday, April 21, 2003 ]

 

On a more positive note, WEDI and The Council for Affordable Quality Healthcare have established this cooperative website to help plans and providers coordinate their migration to the new electronic billing and payment standards. It includes templates and other tools to help plans and providers communicate in order to help the transition. Remember, you should be testing already, and have less than six months to switch to the X12 standards.
Jeff [9:21 AM]

 

Here's something a little, um, off the fringe from the Association of American Physicians and Surgeons. They support Ron Paul's bill to revoke HIPAA and encourage patients to deliver to their doctors a statement they call a "patient request for non-disclosure of medical records" where the patient invokes his constitutional right to privacy and forbids the physician from releasing medical records to anyone without express consent. They even want to post newspaper ads encouraging individuals to pressure their doctors to "escape HIPAA and refuse to participate."

As I've stated, the best way to ensure that good care is delivered is to make sure there is free and unfettered distribution of information. That, of course, runs headlong into privacy concerns, which seek the total restriction on the distribution of the same information. How do you balance these two? If you want total privacy, then you will not get good care. If your physician cannot release your records to another physician or caregiver (which he would do if he were to discuss your health status with someone else), you will limit the care you get by preventing your doctor from leveraging his knowledge against the knowledge of others.
Jeff [9:12 AM]

[ Wednesday, April 16, 2003 ]

 

Here's a useful fact sheet from HIPAAdvisory on what the Privacy Rule really means. Pretty level-headed. Somebody from the Dallas NBC affialiate should check this out.
Jeff [12:21 PM]

 

Here is an interesting release from the Centers for Disease Control outlining how HIPAA impacts them. They're trying to clarify how the Privacy Rule is impacted by their need and desire to pursue public health issues. Keep in mind the basic HIPAA rule that disclosures required by law do not need an authorization, and should be addressed in your NoPP.
Jeff [12:19 PM]

 

Congratulations are in order for Karen and Ben Pyatt: last week, they welcomed Christian Paul Pyatt into the world. Living proof ofthis theory.

Of course, this is an unauthorized disclosure of PHI. But any of you who've been trying to contact Karen only to get me doing your HIPAA work, now you know why.
Jeff [9:38 AM]

 

News flash from the Pittsburgh Post-Gazette: HIPAA spawns paperwork and confusion. Film at 11.

Also, news from Corpus Christi, Texas.
Jeff [8:51 AM]

 

Hoo-ah! You should all be happy to know that the Department of Defense has announced that it is fully compliant with HIPAA.

Also, here is the DoD Health Information Privacy Regulation. And here is the Tricare HIPAA page (Tricare is the contractor that handles the department of defense healthcare operations).

Now drop and give me 20, maggot!
Jeff [8:32 AM]

[ Tuesday, April 15, 2003 ]

 

HIPAA haiku:
From the HR department at the Texas Teachers Retirement System:

Deadline comes swiftly.
Non-compliant? No mercy.
PHI sacred.
Jeff [4:54 PM]

 

The OCR has its first installment of the interim final rule on enforcement, to be forthwith known as "the Enforcement Rule." It has the procedural requirements for investigating complaints and levying fines. OIG "intends to seek and promote voluntary compliance with the rules," which jibes with what they've been telling us so far. Basically, OCR will investigate, which may include subpoenaing information and testimony, and will propose punishment or corrective action. Only covered entities may be fined. Once the punishment is determined, the covered entity has the right to a hearing before an administrative law judge. The ALJ decides the case, which can be appealed to the Departmental Appeals Board.
Jeff [2:53 PM]

 

We've been discussing e-mail a lot recently. When can you encrypt, when must you encrypt, are you responsible if someone sends you something unencrypted, do you need confidentiality statements on your e-mails, questions like that. There is a group that is putting together programs, geared primarily toward doctors, helping them figure out ways to use e-mail in a secure, protected fashion. The project is called HealthyEmail, but I don't know what their pricing structure is.

Check it out if you're interested in e-mails.
Jeff [2:32 PM]

 

The Association of American Medical Colleges is establishing a survey project to monitor and document the effects HIPAA is having on academic medical research. This will be useful in determining if HIPAA really hinders research, how it hinders it, and what types of policy initiatives could fix those problems. Keep in mind the rule that HIPAA is an object lesson in the law of unintended consequences; the results of the AAMC project will be very interesting.
Jeff [9:45 AM]

 

There are other HIPAA news stories here, here, here, here, and here.
Jeff [8:47 AM]

 

Here's an article on how employers are reacting. Businesses that have employee benefit plans including health benefits, such as self-funded insurance plans, are impacted by HIPAA as well.
Jeff [8:39 AM]

 

I don't think I mentioned it earlier in the crush of news on Friday, but a group of privacy advocates and healthcare professionals have filed a lawsuit in Philadelphia to stop implementation of the Privacy Rule. Their rationale? The rule allows people to see your health information without your consent. In other words, the rule is not restrictive enough.
Jeff [8:37 AM]

 

For its part, OCR has published a Summary of the HIPAA Privacy Rule. Looks like another pretty good resource.
Jeff [8:29 AM]

 

CMS has published a Fact Sheet on how to file a health information privacy complaint with the Office for Civil Rights.
Jeff [8:27 AM]

[ Monday, April 14, 2003 ]

 

The National Association of Chain Drug Stores hired the Mintz Levin law firm to do a HIPAA Preemption Analysis of State Privacy Laws. Very nice resource to know about.
Jeff [2:16 PM]

 

In case you were wondering, the Canadian men and American women won the 2003 World Curling Championships.
Jeff [12:51 PM]

 

Today's New York Times story on HIPAA.
Jeff [11:03 AM]

 

Seems like something is going in today.

I can't remember, but there's something up in the HIPAA world.
Jeff [10:33 AM]

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template

[ Advertisers ]
Electronic Medical Records

Health Insurance from AIG

[ HIPAA Training]

Auditing Requirements and IT Responsibilities for HIPAA electronic record security regulation

Be Prepared for a HIPAA Security Audit

HIPAA Compliance and Workforce Training for Medical Practices

A discussion of medical privacy issues buried in political arcana

E-mail me at jdrummond-at-jw.com

- Archives - March 2002 April 2002 May 2002 June 2002 July 2002 August 2002 September 2002 October 2002 November 2002 December 2002 January 2003 February 2003 March 2003 April 2003 May 2003 June 2003 July 2003 August 2003 September 2003 October 2003 November 2003 December 2003 January 2004 February 2004 March 2004 April 2004 May 2004 June 2004 July 2004 August 2004 September 2004 October 2004 November 2004 December 2004 January 2005 February 2005 March 2005 April 2005 May 2005 June 2005 July 2005 August 2005 September 2005 October 2005 November 2005 December 2005 January 2006 February 2006 March 2006 April 2006 May 2006 June 2006 July 2006 August 2006 September 2006 October 2006 November 2006 December 2006 January 2007 February 2007 March 2007 April 2007 May 2007 June 2007 July 2007 August 2007 September 2007 October 2007 November 2007 December 2007 January 2008 February 2008 March 2008 April 2008 May 2008 June 2008 July 2008 August 2008 September 2008 October 2008 November 2008 December 2008 January 2009 February 2009 March 2009 April 2009 May 2009 June 2009 July 2009

[ Links ]
Jackson Walker home page
My (official Jackson Walker) Bio
HHS' Administrative Simplification page
OCR's HIPAA Privacy page
NIST's HIPAA Security Implementation page
HIPAA.org page
TCS standard-setting
HIPAA Summit's page
Harvard's HIPAA colloquium
Workgroup for EDI
Siemen's HIPAA page
Phoenix Health System's HIPAAdvisory
Beacon Partner's HIPAAcomply
FindLaw's HIPAA law page
HIPAAComplete
HIPAADocs
AMA's HIPAA page
AHA's semi-HIPAA page
American Health Lawyers Assn
SHARP (the Southern SNIP)
Boundary Information Group's HIPAAinfo.net
HIPAA academy
MedAbiliti's Health Innovation Daily News
Thompson-West's Privacy Litigation Reporter
HIPAAnswers (HIPAA compliance solutions)
Healthcare Intelligence Network Blog
Prescription Drug Encyclopedia
Compliance Home Portal
HIPAA Training (Supremus Group) MPMsoft (HIPAA-compliant billing software)

[ WebRings ]
< ? law blogs # >

[ Syndicated RSS Feed ]
Click Here