[ Tuesday, November 29, 2016 ]
What does the Trump Administration mean for healthcare? Here's one perspective.
Jeff [4:28 PM]
[ Thursday, November 17, 2016 ]
California data breach notification law undergoes changes: I don't think this is ultimately as big a deal as I initially thought, but Governor Jerry Brown has signed into law a revision to the California data breach notification law, requiring notification where encrypted data is part of the breach. Under existing law, if the data is encrypted, no breach notification is required. Under the new law, if the data is encrypted and lost, and the encryption key is believed to be acquired as well, then reporting is required. That makes sense, and I would have thought that it would have been the case prior to the law change. I would have certainly advised California clients to report a breach of encrypted data if the encryption key was compromised as well. Presumably, if encrypted data is lost but the encryption key remains in safe hands, then no notification is required.
Jeff [3:45 PM]
[ Monday, November 14, 2016 ]
Idaho State University: Update: My apologies, this appeared in a newsfeed of mine last week, and while I was surprised I hadn't seen it otherwise, I figured out I might have missed it. Turns out it's not current news, and I did, in fact, report on it back in 2013 when it happened.
Thanks to Dissent Doe for pointing that out.
Today's earlier post: A contractor failed to reactivate a firewall after doing some work on a server, potentially exposing PHI of 17,000 patients. ISU apparently had a BAA with the contractor, but the OCR investigation determined that they hadn't done a risk assessment recently enough. Fine? $400,000. I'm guessing the contractor paid it (probably out of insurance), but that detail is harder to find. More here.
Thanks to Dissent Doe for pointing that out.
Today's earlier post: A contractor failed to reactivate a firewall after doing some work on a server, potentially exposing PHI of 17,000 patients. ISU apparently had a BAA with the contractor, but the OCR investigation determined that they hadn't done a risk assessment recently enough. Fine? $400,000. I'm guessing the contractor paid it (probably out of insurance), but that detail is harder to find. More here.
Jeff [10:16 AM]
[ Wednesday, November 09, 2016 ]
Off-Topic:
A friend emailed from Florida asking what I thought about the election. Here's my hot take.
Surprised but not surprised. Do you read Scott
Adams? He writes the Dilbert cartoon. He’s been saying all along that Trump would
win just because Trump is a master of persuasion. Read his post from yesterday on confirmation
bias and you’ll see what he’s up to. If
you have time, it would be very interesting to go back and read what he wrote back
at the beginning. I said early that there’s no way Trump can win. I knew he’d have popularity as a protest
vote, an “I’m mad as hell and I’m not going to take it anymore” vote. People in early primaries would vent their
spleens and he’d poll well, drawing a couple second place finishes as the herd
got thinned. Then folks would get
serious, realize that burning down the house is not the way to get rid of the
cockroach infestation, no matter how bad it might be. He’d start losing, make a noisy exit, and
build on the free publicity for his next reality TV show. But as it progressed, and he stayed in, and
kept winning, and took the lead, I threw my hands up and said whatever I’ve
thought all along has been wrong all along: I know in my brain that it’s
impossible for Trump to win, so he’s going to win. I can’t explain it; nobody can; it’s like the
EM Drive: it violates the laws of physics, but it’s real and it works.
I kept that as my mantra from the latter
parts of the primary season throughout the entire election season until about a
week ago, when I finally faced reality and said there’s no way. I can’t deny the ultimate truth: despite
being the worst, most crooked, lamest, least likeable presidential candidate in
history (Nixon and LBJ may have been a little less likeable, but she leads so
far in all other categories that she’s cumulatively way out in front of them),
Hillary was still going to beat the least prepared, most ridiculous candidate on
a non-fringe party ticket in at least my lifetime. Ultimately, the Democrat machine would beat the
MAGA crowd: the Philly transit strike was ended, mail-in ballots in Colorado and
Nevada were stacking up in some of the greatest voter fraud efforts ever, and
the press was relentlessly encouraging the flyover rubes to stay home in
droves. It was gonna be relatively
close, but the Never-Trumpers would outweigh the hold-your-nose, vote-for-the-orangutan-its-important
voters, and Hillary and all her baggage would end up in the White House, where
she could use the levers of government to prevent her criminal enterprises from
taking her down. There would be an
exceedingly strong push to impeach her, and the House might eventually even do
so, but the Senate Dems, having already sold their souls, would have no problem
finding that being caught red-handed committing a felony (not just a felony,
but a felony involving the loss of State Secrets, death of diplomats and HumInt
assets, and the sale of government favors to Arab dictators) isn’t enough to
impeach, as long as the target is someone on your team.
Maybe I needed to return to my certainty
for it to happen; maybe, like Charley Brown and the football, it’s only once I
truly believe my eyes that I get to learn that I was wrong again. But sure enough, as soon as I stopped
believing Trump would actually win despite the facts in front of my face, he
won despite the facts in front of my face.
Amazing.
If Trump had lost, the next candidate would
be much worse than Trump. Keep in mind
how we got here. In response to
government overreach (specifically the Stimulus Bill, doubled-down on by
Obamacare) the Tea Party rose as an absolutely true grass-roots political
movement. No leader, no spokesman, no
organizer. It was respectful and polite,
it cleaned
up after its
rallies, and it gave voice to a lot of people who really (and legitimately,
and rightly) felt that government was not only not listening to them, but was
actively and arrogantly going in the opposite direction. And what was the response to the Tea Party? They were vilified as racists and fascists,
not only by the Democrats and the press (he said, repeating himself), but by
the Republican establishment (GOPe) itself.
And despite the Tea Party delivering huge Republican victories in 2010
and 2012, the GOPe marginalized them and worked against them, continuing to
work for larger government (or at least not fighting against it, such as by
passing continuing resolutions that continued the growth of the State). The Democrats in particular, but also the mainstream
media, the entertainment industry, even the GOPe, dismissed them as
ignorant fly-over rubes. Being
resented by your superiors is one thing, but being resented by those you
consider incompetent, being told that you and all your friends are racists and
fascists, at some point you fight back.
The Tea Party was the polite, “ahem, excuse me” movement; Trump is the “hey,
I’m talking here!” movement. Unless the
political class took the moment to acknowledge the gulf and actively reach out
to the disaffected, the next movement would have been a punch. And there is NO WAY IN HELL that they were
going to reach out. The smug, arrogant,
narcissism on the Left would not have been conciliatory, but would’ve been as
condescending as ever (they’d have to be, that’s the only way you can defend
against the absolute truth that Hillary is a felon and if you’re a Clinton or
Obama, the laws are for the little people), and the third wave would have been
a bad tsunami for our country. If you
think Obama’s “I won” attitude was off-putting, wait until you get to hear it
from someone with much less charm than Obama, like Hillary.
Our betters in the Democratic party,
academia, the media, and the entertainment industry should learn a lesson from
this, but they won’t. They are entirely bought into their perception that the
only way you could be opposed to Hillary is if you are a racist or sexist (or
both). Here’s the Slate homepage on the
day after the election:
If you voted for Trump, you are a white
supremacist, misogynist, anti-democratic, anti-gay, anti-semitic hater. That’s just one page. Do you think the people who voted for Trump,
faced with this attack/accusation, will look deep into their souls, and look at
their Trump-voting peers, acknowledge their guilt and change their ways? Or will they say, “no, I’m not, and I know I’m
not, and I know my friends aren’t, . . . ” and no longer listen to said
Democrats, academia, media, and press? My
youngest looked at the front page of today’s paper and said, “We should keep
this, it’s a historic day and this might be valuable in the future.” I agreed, not so much because of Trump, but because
it might be the signal of the end of newspapers themselves: the press’
self-beclowning becomes suicide. This is
a shameful day for the media, although obviously they (at least those at Slate)
don’t see it this way. Unless they
figure that out, and figure out why they don’t know the country they think they
have the pulse of, they will be done.
They have no factual authority any more, and they have squandered their
moral authority, and there are too many other ways/places to get
information. You can only tell your
target audience that they are stupid, racist, fascists rubes for so long before
they go away. . . .
Ever heard of the Gell-Mann
Amnesia effect? Once you begin to realize
that the media is lying about you, you begin to realize that the rest of what
it’s saying may be lies as well. Less
power to the media.
So, Trump-administration-wise, what do I
think will happen? Ultimately, I don’t
think it will be too bad. First, unlike
Hillary, if Trump tries to do something stupid, the Republicans in Congress
will stop him. Keep in mind, he’s not
a Republican; he contributed to Hillary’s campaign against Obama in 2008,
and has always aligned with Democrat (statist) policies until he decided to run
for President. He does not have that
many genuine Republican ideas (enforcing existing immigration laws is not the
same thing as building a wall), and his trade policies are closer to Bernie
Sanders than Ted Cruz. But if he goes too
far, the Republicans in Congress will keep him in check. That would not have been true of the
Democrats; like they did in 2009, they would have taken legislation to the last
inch they could get, and would support any bad idea Clinton came up with (hey, they
might get the Vince Foster treatment if they didn’t; you don’t want a naked
Rahm Emanuel coming after you). That
actually was sufficient reason to hold your nose and vote for Trump, especially
if the Democrats were going to win the Senate.
As I noted on Twitter a few days
ago:
Secondly, Trump has not expressed much in
the way of policy specifics. There’s too
much out there to bite off all at once, or perhaps even at all, for one iconoclast. I suspect whatever policies he does come up
with won’t be bold or far-reaching.
Sure, he said he’ll Build The Wall, but Obama said he’d close
Gitmo. How’d that work out? And Obama really, really, really wanted/wants
to close Gitmo. I don’t think Trump
really cares about the Wall, it was only red meat to his audience. The other stuff he’s likely to do will be a
ratcheting back of the regulatory machine, which is actually an absolute must
to regenerate legitimate and deep-reaching economic recovery. I don’t think he’ll even “repeal” Obamacare,
although it will be substantially dismantled (more “amend and restate” than “repeal
and replace”). But in fact, nobody
knows. We are in entirely unknown
territory now.
Trade may be an area where he really does
something, but like with the Wall, I think his rhetoric was “boob bait for
Bubbas” and what he actually does will be much less dramatic. Also, remember that while he was
pontificating about the Wall (“just got 10 feet higher,” “I’ll make Mexico pay
for it”), he still went and had a completely civil meeting with the President
of Mexico. He seems to know when to say
outrageous things and when not to. That
being said, he’ll have to do something splashy regarding trade. Maybe that will work out (probably not).
Jeff [1:23 PM]
[ Tuesday, November 08, 2016 ]
Off Topic:
This is a post for HMGT-6330. The additional links are:
Private Insurance numbers
Paying the Penalty
Insurers leaving
Who is affected
CO-OP info
CO-OP troubles
Overall Obamacare Troubles
This is a post for HMGT-6330. The additional links are:
Private Insurance numbers
Paying the Penalty
Insurers leaving
Who is affected
CO-OP info
CO-OP troubles
Overall Obamacare Troubles
Jeff [3:02 PM]
[ Thursday, November 03, 2016 ]
Hmm, I'd expect a better level of understanding from the National Coordinator for Health Information Technology. Or maybe it's just the reporting that's bad, and something is lost in the translation. At the Brainstorm Health conference yesterday, Dr. Vindell Washington, head of ONCHIT, said that patient data belongs to the patient (true), and that the providers who hold the data do not own it (hmm, not true).
You know the Cubs won the World Series, right? That's data, and you have it, and you own it. I also know the Cubs won, so I also have and own that data. If you stayed up late enough, you'd have seen that the MVP, Ben Zobrist, got a Chevy Camaro. That's also data, and you and I and Ben all have and own that. The car itself? Only Ben owns that; you and I don't. That's the thing about data -- it's an asset capable of being owned, but it's not a zero-sum game, and the fact that one person owns it doesn't prevent others from owning it as well.
The medical RECORD (the actual specific paper or digital representation of the data), on the other hand, is a different story. Dr. Washington noted that 20 states say that the medical provider owns the data; I don't think that's true. I believe those 20 states' laws refer to ownership of the record, not ownership of the data. And that does make sense; while both the patient and provider may own the data, and while the patient has a right to get a copy of the data from the provider, the provider actually is the owner of the specific copy of the data that is the medical record. Additionally, if the patient owns the data and the provider does not also own it, presumably the patient could require the provider to delete its copy of the data. That would not be a good idea, for reasons that you and I (and even Ben Zobrist) can figure out.
The lesson is, don't confuse the concepts of "data" and "records." They mean the same thing in many situations, but not always.
You know the Cubs won the World Series, right? That's data, and you have it, and you own it. I also know the Cubs won, so I also have and own that data. If you stayed up late enough, you'd have seen that the MVP, Ben Zobrist, got a Chevy Camaro. That's also data, and you and I and Ben all have and own that. The car itself? Only Ben owns that; you and I don't. That's the thing about data -- it's an asset capable of being owned, but it's not a zero-sum game, and the fact that one person owns it doesn't prevent others from owning it as well.
The medical RECORD (the actual specific paper or digital representation of the data), on the other hand, is a different story. Dr. Washington noted that 20 states say that the medical provider owns the data; I don't think that's true. I believe those 20 states' laws refer to ownership of the record, not ownership of the data. And that does make sense; while both the patient and provider may own the data, and while the patient has a right to get a copy of the data from the provider, the provider actually is the owner of the specific copy of the data that is the medical record. Additionally, if the patient owns the data and the provider does not also own it, presumably the patient could require the provider to delete its copy of the data. That would not be a good idea, for reasons that you and I (and even Ben Zobrist) can figure out.
The lesson is, don't confuse the concepts of "data" and "records." They mean the same thing in many situations, but not always.
The article also states, ""Contrary to what some people may believe, patients have the right to ask their health care providers for access to their personal data." I guess it may be true that "some" people believe that patients DON'T have that right, but I'd suspect it's a precious few who are so ill-informed. OF COURSE people have the right to "ask . . . for access"; you also have the right to ask your provider to fix you a sandwich, or to marry you, but don't expect him/her to agree. But more importantly, assuming your provider is covered by HIPAA which 99.99% are, your provider is OBLIGATED to actually give you that access. Not necessarily for free, as Dr. Washington implies, but at a cost not to exceed the cost of producing the data. But your provider doesn't have to give you the only copy, or delete his/her copy after giving you access.
Jeff [10:45 AM] http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template
