[ Wednesday, September 06, 2006 ]
New GAO report:
The GAO recently issued a report to Congress
on privacy breaches in public health programs, focusing primarily on the occurrence of such breaches where outsourcing (domestic or offshore) is in play. Privacy is extremely important in public health; you would think anyone with a public health degree
would know that. The news isn't good: between one-third and one-half of all Medicare managed care and fee-for-service contractors, state Medicaid agencies, and TRICARE contractors report some sort of privacy breach.
Importantly, the report doesn't say anything about the frequency or severity of the breaches, and they could be pretty simple things (like putting papers containing PHI in the regular trash instead of shredding). Still, though, it's a little scary.
Do these breaches implicate HIPAA somehow (i.e., the privacy system envisioned in the HIPAA regulations is failing)? I think not. It's more of an indication that any information is susceptible to bad handling, particularly where there are so many people with access, and that it is important for public health agencies to step up their vigilance. I don't think oursourcing itself is the problem -- governmental workers are no less likely be scrupulously protect information (remember the VA laptop theft?) than independent contractors. However, whether within the public health programs or via contract with their contractors, emphasis on the old "culture of privacy" should be heightened.
Jeff [11:11 AM]
Blogger: HIPAA Blog - Edit your Template