[ Monday, August 27, 2007 ]


What I said: There was a Privacy Symposium at Harvard a few days ago, and Linda Sanches, a senior advisor at OCR (the Privacy Rule enforcement agency) spoke on enforcement activities. According to this article from BNA (subscription required), the big problems are unauthorized use and disclosure, lack of safeguards, and failure to give access to the individual.

The numbers: 29,000 complaints, 7,000 resolved (one third due to no violation, two thirds with agreement to fix the problem), 6,000 pending (400 referrals to DOJ, 200 referrals to CMS for security issues). I'm no math major, but that makes it look like 16,000 complaints haven't even been addressed yet.

Better than the numbers, is this quote from the article, which buttresses what I've been saying all along, that lost laptops make the news, but your medical information really isn't important to unknown individuals who might find/steal the laptop.

Although incidents involving lost laptop computers or medical records found in
dumpsters receive the most media attention, "more bothersome" occurrences are
those involving persons inside an institution who misuse and share patient
information, often as a result of personal relationship issues, Sanches said.

If you're concerned about someone accessing your medical information (as opposed to your identity information), don't go to a healthcare provider where you know anyone who works there.

Jeff [9:59 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template