HIPAA Blog

[ Saturday, June 25, 2005 ]

 

A Note About Comments:

I have enabled comments on the blog, but they don't actually show up on the blog unless you look at the permalinked post. In other words, someone may have commented on one of the blog entries, but you wouldn't know unless you clicked on the post's permalink, which is the little blue time-stamp after my name. Then, the comments appear at the end.

By the way, the Diva responded to my responses to her. I haven't had time to respond further, but let me say that there's no HIPAA crime in a company exposing its own trade secrets or other commercial or competitive information. If Coke posts its secret recipe on a technical web site somewhere, OCR will not care. There may be trade secret problems, and Coke may have a hard time protecting itself from disgruntled employees with access to the recipe if it does so, but it's just not a HIPAA violation. The Diva keeps thinking the big boo-boo on Kaiser's part was disclosing that technical data. Well, Miss, it's not. The boo-boo that's costing Kaiser 200 Large is the disclosure of PHI of 140 people. They could've revealed the secret recipe for Coke, the missing 19 minutes from the Nixon tapes, and the surprise ending of next year's Desparate Housewives, and there still wouldn't have been a HIPAA violation.

That's a major disconnect.

Jeff [3:57 PM]

Comments:
Thank you for pointing out the hidden comments.

I'm not sure why your addressing me when you argue that this isn't a HIPAA problem. I'm a layman here. I thought the exposure of the technical data was a problem, but all I can do is report that and let the experts determine whether it's worth investigating. I'm not sure why you think that I think that the technical exposure has anything to do with HIPAA.

I did report the site to the OCR as an afterthought because I saw a couple of items that might be patient data. I'm a layman trying to figure out where to report what seems to be a problem, not a lawyer trying to argue what is or is not covered by HIPAA.

I'd like to point out that I did not report Kaiser to the DMHC, the agency that fined them. Kaiser went to the DMHC because they thought they could use HIPAA (and note Kaiser here is the one defining the HIPAA violation), to prompt a State Agency to overstep the jurisdiction of the entities it's supposed to regulate. It seems to me by doing that, Kaiser defined this as a HIPAA problem to the DMHC.

The frustrating thing for me here is that you keep using your blog to argue me down (in a most condescending fashion), but you keep misrepresenting me to do it. You're like the news guy from NBC who already had the story written in his head, and who couldn't be bothered to look at what was really going on.

My view of the ongoing crime here is that Kaiser lied to 140 patients in order to pin the blame for the Systems Diagrams on someone who they thought would be an easy mark (playing on the "disgruntled" stereotype) - and when they couldn't just lie their way out of it, they tricked a State Agency into helping them. I can see you you're mainly interested in the HIPAA thing, but doesn't Kaiser's sleazy reaction bother you the eensiest weensiest bit?
 
Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template