HIPAA Blog

[ Wednesday, January 26, 2011 ]

 

Meaningful Use and Expedited Adoption of HIT: Anthony Guerra has a very interesting article on HIT adoption for purposes of meeting the meaningful use rewards. His point is that, by requiring the specific elements and the speed at which HIT systems must be adopted, ONCHIT is setting up many hospital and health systems for failure. I think he's right. It's like making the entire class sit for the AP exam (when the teacher hasn't taught the class all of the AP elements). But it's worse than that -- if you don't achieve meaningful use, you don't get the incentives; but you also get penalized with reduced reimbursement later. It's a double-whammy.
Jeff [11:36 AM]

[ Tuesday, January 25, 2011 ]

 

Vermont: It's not just Connecticut that has an AG going after HealthNet. Vermont has fined HealthNet $55,000 for failing to protect a hard drive with medical data on it.
Jeff [11:23 PM]

[ Thursday, January 20, 2011 ]

 

EMRs and iPads: Unless you've been under a rock for the last year or so, you know that the iPad is the current cutting edge in mobile computing. But so far, it doesn't seem that EMR vendors are moving very quickly to develop iPad apps that connect their EMR technology with iPad users.
Jeff [11:16 AM]

[ Monday, January 17, 2011 ]

 

Psychotherapy Notes: tomorrow in LA (I think) and across the internet, HHS is hosting a webinar to discuss whether test data should be included in the definition of "psychotherapy notes" under HIPAA. Psychotherapy notes get special treatment under HIPAA; the patient doesn't have access to them as part of an individual's right to access their medical records, and they are subject to some other restrictions. The HITECH Act required HHS to study whether the definition should be expanded to include test results from mental health evaluations, and this webinar, conducted in connection with the Substance Abuse and Mental Health Services Administration, is part of that process. If you want to take part, check in here.
Jeff [1:14 PM]

 

Off Topic: Rich Doctors: One of my least-favorite gripes about the US healthcare system is how doctors are greedy and make too much money. Do you want the best and brightest to become doctors? If you're at the head of your class, why go to medical school (and residency and fellowship etc.) when you can go straight to Wall Street and make tons more money?

If you don't mind that your surgeon isn't quite as smart as your broker, keep his pay down, and that's exactly what you'll get.
Jeff [9:46 AM]

[ Wednesday, January 12, 2011 ]

 

Well Done!! University Medical Center in Tucson fired 4 personnel for improperly accessing medical records, apparently of those injured in the Tucson shooting spree. No time wasted, no explanations requested or offered. Just fired. That's the right thing to do. Employees will always be tempted to snoop; the best way to prevent them from giving in to that temptation is to harshly deal with those who do give in.

Well done.
Jeff [8:38 PM]

[ Monday, January 10, 2011 ]

 

Rowan Regional Medical Center, North Carolina: this hospital was investigated by OCR for a potential HIPAA violation. OCR did not find a violation, but the hospital has required the personnel involved to undergo more HIPAA training. The individual is going to sue the hospital, and the personnel, apparently. Stay tuned.
Jeff [11:35 AM]

[ Thursday, January 06, 2011 ]

 

Facebook posting: A nurse in east Texas claims she was fired in retaliation for her complaints that other staff and physicians posted photos of sedated patients on their Facebook pages. If true, it would be hard to argue that posting a photo of a patient's face was not a disclosure of PHI, if there was any indication that the individual was a patient. It's hard to see any treatment, payment, or healthcare operations reason for such postings, and if the patients consented, then we'd probably know that already. Maybe the photos were not identifiable? If there's no link between the photo and the fact that the person in the photo was a patient, the photo might not be PHI, but releasing it might give rise to some other sort of invasion of privacy tort. Interesting.
Jeff [12:12 PM]

 

The Doctor will Skype you now: Telemedicine comes to the masses, thanks to videochat technology like Skype. Frankly, this is a lot less troubling than doctors texting or emailing, since there's no retained packets of information. I don't know if/how Skype or other transmitters might encrypt signals, or how important that might be anyway, since intercepting and snooping on a Skype feed looks a lot more like wiretapping that cyberthievery. Covered entities clearly are allowed to carry on phone conversations with patients without the requirement that the conversation be encrypted, so it seems a Skype call would fall under those rules, rather than the email rules.
Jeff [11:31 AM]

[ Wednesday, January 05, 2011 ]

 

Reportable Data Breaches: How many big HIPAA breaches have there been? As of today, 217 separate breaches of data involving over 500 individuals have been reported to HHS, involving over 6.3 million individuals. There might be some overlap there, but I'd suspect well over 6 million individuals have had their PHI breached in the 15 months. Over half are the loss or theft of some computer device or media, and half of those are lost/stolen laptops.

All of those cases involved unencrypted information on those laptops and computer devices. If that information had been encrypted, there would have been no need to make a report.

In other words, the total number of breaches on the list would have been reduced by more than half if everyone encrypted. Something to think about.
Jeff [6:23 PM]

 

Top Trends for Health Information Privacy: The InfomationWeek offshoot "Dark Reading" contacted some health information privacy folks to get their preditions for the near future. As you might expect, they expect some bad things to happen.

Here's their "top 7 trends." I tend to agree with a few (especially #2 and #7), but think a few are overwrought (#5 and #6, for example). The folks they asked tend to have a little "Jeremiah" in them, so take the gloom-and-doom with a grain of salt. But I definitely think that more attention, rather than less, will fall on the health information privacy and security sector. If you are a covered entity or business associate and you deal with PHI, and if you've been coasting since '03 on your privacy policies (just to give an example), you ought to start paying attention. Security and privacy failures will soon subject negligent or inattentive players to some serious financial liabilities. Now would be a good time to prepare and do a little low-cost risk management.
Jeff [2:44 PM]

[ Tuesday, January 04, 2011 ]

 

What to expect in 2011: Look for some new/final HIPAA regs in March. At least that's when they are due, and that's what HHS spokesmen have been saying.
Jeff [9:43 AM]

[ Monday, January 03, 2011 ]

 

Doctors and Facebook: The Wall Street Jounal takes up the debate.
Jeff [8:26 AM]

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template

A discussion of medical privacy issues buried in political arcana

E-mail me at jdrummond-at-jw.com

- Archives - March 2002 April 2002 May 2002 June 2002 July 2002 August 2002 September 2002 October 2002 November 2002 December 2002 January 2003 February 2003 March 2003 April 2003 May 2003 June 2003 July 2003 August 2003 September 2003 October 2003 November 2003 December 2003 January 2004 February 2004 March 2004 April 2004 May 2004 June 2004 July 2004 August 2004 September 2004 October 2004 November 2004 December 2004 January 2005 February 2005 March 2005 April 2005 May 2005 June 2005 July 2005 August 2005 September 2005 October 2005 November 2005 December 2005 January 2006 February 2006 March 2006 April 2006 May 2006 June 2006 July 2006 August 2006 September 2006 October 2006 November 2006 December 2006 January 2007 February 2007 March 2007 April 2007 May 2007 June 2007 July 2007 August 2007 September 2007 October 2007 November 2007 December 2007 January 2008 February 2008 March 2008 April 2008 May 2008 June 2008 July 2008 August 2008 September 2008 October 2008 November 2008 December 2008 January 2009 February 2009 March 2009 April 2009 May 2009 June 2009 July 2009 August 2009 September 2009 October 2009 November 2009 December 2009 January 2010 February 2010 March 2010 April 2010 May 2010 June 2010 July 2010 August 2010 September 2010 October 2010 November 2010 December 2010 January 2011 February 2011 March 2011 April 2011 May 2011 June 2011 July 2011 August 2011 September 2011 October 2011 November 2011 December 2011 January 2012

[ Advertisers ]
Electronic Medical Records

Health Insurance from Chartis Direct

Presciption Drug Information

Foot Problems

[ Links ]
Jackson Walker home page
My (official Jackson Walker) Bio
HHS' Administrative Simplification page
OCR's HIPAA Privacy page
ICD-10 Codes
NIST's HIPAA Security Implementation page
HIPAA.org page
TCS standard-setting
HIPAA Summit's page
Harvard's HIPAA colloquium
Workgroup for EDI
Siemen's HIPAA page
Phoenix Health System's HIPAAdvisory
Beacon Partner's HIPAAcomply
FindLaw's HIPAA law page
HIPAAComplete
HIPAADocs
AMA's HIPAA page
AHA's semi-HIPAA page
American Health Lawyers Assn
SHARP (the Southern SNIP)
Boundary Information Group's HIPAAinfo.net
HIPAA academy
MedAbiliti's Health Innovation Daily News
Thompson-West's Privacy Litigation Reporter
HIPAAnswers (HIPAA compliance solutions)
Healthcare Intelligence Network Blog
Prescription Drug Encyclopedia
Compliance Home Portal
HIPAA Training (Supremus Group)
MPMsoft (HIPAA-compliant billing software)
DMEPOS Surety Bonds
Hospital.com
Human Resources Daily Advisor

[ WebRings ]
< ? law blogs # >

[ Syndicated RSS Feed ]
Click Here