tag:blogger.com,1999:blog-33806362012-02-08T22:46:23.297-06:00HIPAA BlogA discussion of medical privacy issues buried in political arcanaJeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comBlogger1922125tag:blogger.com,1999:blog-3380636.post-40691420935224857222012-02-08T22:44:00.000-06:002012-02-08T22:46:23.315-06:00HIPAA 5010 News: We're getting closer, but we're still not ready for the new HIPAA 5010 standards. (Subscription may be required).Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-59699435211257515202012-02-07T16:03:00.002-06:002012-02-07T16:13:32.327-06:00FERPA News: this is slightly off-topic, but I do tend to keep up with FERPA, the Family Educational Rights and Privacy Act. It's sorta like HIPAA for schools, only a little less so. If you follow FERPA or are involved with schools, you may want to know that there were new regulations recently published that (i) clarify the federal, state and local educational agencies who may share student Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-14608424674548004162012-02-06T09:23:00.002-06:002012-02-06T09:27:56.787-06:00MN AG case (Accretive): Apparently Accretive has now lost its debt collector's license in Minnesota. They aren't going to fight the license suspension, which might mean that they are working toward a conclusion here that might just be folding up the tents. Here's more information on the case.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-83062736706952245162012-02-06T09:19:00.002-06:002012-02-06T09:22:49.373-06:00HIPAA 5010 News: If you've been reading here, you know this isn't really news (or at least isn't new), but here's more information on the 90-day extension of enforceability of the 5010 Standards. March 31 is the current deadline.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-62041453930067362232012-01-31T12:06:00.002-06:002012-01-31T12:09:25.592-06:00University of Miami Data Breach: flash drive with patient data stolen from doctor's car. How unusual! No SSN or similar financial data (good), but apparently not encrypted (bad).Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-6618754649854592772012-01-31T11:39:00.002-06:002012-01-31T11:43:19.252-06:00Guest Post:How HIPAA Can Affect College StudentsNormally the media publishes stories about HIPAA in relation to medical data breaches by negligent clinicians out of compliance or in the context of the law creating a significant burden for practices now trusted to maintain their patients’ records with the utmost vigilance. Though HIPAA was intended for the salutatory purpose of making health care Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-50548969433108307752012-01-31T11:37:00.002-06:002012-01-31T11:39:13.488-06:00Beaten down by contracts of adhesion. I just totally clicked through the new Google privacy policy, accepting it without even reading it. Now, my life really is an open book.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-55399981741466183162012-01-25T17:36:00.003-06:002012-02-07T11:05:19.892-06:00Going to HIMSS? #HIMSShero I've gotten a couple of emails about this new player in the health IT business: DrFirst (@DrFirst). The stated focus is to help physicians migrate to EHRs, with an apparent big focus on ePrescribing (including a controlled substance e-prescribing solution). If you're going to HIMSS, check them out at Booth 5456. In the interim, check out their introductory video; if youJeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-89003885000635073232012-01-25T12:43:00.002-06:002012-01-25T12:46:55.561-06:00HIPAA White Paper from ProofPoint: I was reviewing an InfoWeek health tech email and saw a link to a Dark Reading article on the latest HIPAA email security rules. It led me to this white paper. I don't know who they are or what they're pushing, and in full disclosure I just sort of scanned over this, but it looks pretty interesting. They go back and talk about the original EDI focus of HIPAA, Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-59391471585641386692012-01-23T17:42:00.002-06:002012-01-23T17:47:51.591-06:00HIPAA-compliant authorizations in electronic format: I received the following from one of the outreach folks as HHS:Greetings,In April 2012 individuals applying for Social Securitydisability benefits online will be able to sign the “Authorization to DiscloseInformation to the Social Security Administration” (Form SSA-827)electronically. As a result, your readers may begin receiving some of Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-21049964105349315002012-01-23T09:08:00.003-06:002012-01-23T09:11:37.964-06:00Breach Notification: a couple of articles to clip and hold onto, just, ya know, in case:Richard Mackey (first of a series)Greg FreemanJeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-15561139022166680442012-01-20T09:47:00.003-06:002012-01-20T09:50:40.597-06:002011 Year in Review, 2012 Year in Preview: While I hate to promote another law firm, McDermott Will & Emory is a good health law shop, and they've posted a White Paper on 2011 events and 2012 predictions for Data Protection and Privacy. I haven't had a chance to review it yet. but will try to get to it this weekend, and will update this post if I see anything exceptional. Also, don't know if thisJeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-54654911607209732982012-01-20T09:15:00.005-06:002012-01-20T09:33:22.418-06:00Accretive Health (Minnesota) Data Breach: The Minnesota AG has sued a healthcare service group for Fairview Health and North Memorial in Minnesota hired Accretive as their debt collection company, and Accretive lost a laptop with unencrypted patient data. The data included stuff you'd expect a debt collector to need (names, SSNs, amounts owed, even procedures performed), but the data also Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-26105993557673492872012-01-18T12:39:00.002-06:002012-01-18T12:43:38.539-06:00Go to Jail: 13 months in jail for a computer specialist with an Atlanta physician practice who left the practice, joined a new practice, and hacked into the old practice to steal patient data and use it for direct-mail soliciations for his new employer. He also deleted the information off of his old employer's computers.This shows the need for good employee exit policies and access termination Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-77054850968934316642012-01-16T16:45:00.002-06:002012-01-16T16:50:12.526-06:00OT: 1% of Americans eat up 22% of all healthcare spending; half of all healthcare spending is spent on only 5% of the citizenry.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-29460258698300630582012-01-16T16:33:00.002-06:002012-01-16T16:36:15.271-06:00Social Media in Healthcare: Who is using social media, what are they using, and how are they using it? Here'a a pretty neat infographic from Ray Lau at Innovative Data Solutions.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-22927189642873072312012-01-09T08:12:00.003-06:002012-01-09T08:14:46.483-06:00Seven Health IT Trends to Watch in 2012: From Government Health IT. Of course, most are data breach or other HIPAA issues.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-58394390094364891522012-01-05T17:46:00.002-06:002012-01-05T17:56:32.522-06:00A List Inspired by Spinal Tap: According to Dark Reading, the number 1 trend of the top 11 trends for healthcare data in 2012 will be data breaches involving portable devices. Class action litigation is #2 (hey Sutter, you're a trendsetter!). Why a top 11? Only 1 reason.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-18012295425742411902012-01-03T17:03:00.001-06:002012-01-03T17:03:47.721-06:00Forbes Notes the surge in HIPAA complaints and problems in 2011.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-28705473217396203522012-01-03T13:39:00.002-06:002012-01-03T13:41:49.177-06:00DWI: Doctoring While iPhoning. Texting or using a cell phone while performing heart bypass surgery is much more common than I would have ever thought.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-34802128409803906692012-01-02T09:50:00.002-06:002012-01-02T09:52:52.385-06:005010 Standards: By the way, here's information on the new 5010 standards. They became effective yesterday, although they won't be enforced for a few more months. They will be eventually, to be sure, so if you haven't already gone there, you need to get moving.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-42200172341546776262011-12-30T08:34:00.002-06:002011-12-30T08:36:56.195-06:00Loma Linda Breach: An employee at Loma Linda University Medical Center took home medical records. I'm guessing that, as a nurse, she didn't need to work on her dictation or anything of the sort. She has been fired.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-28901686725976216092011-12-28T10:32:00.003-06:002011-12-28T10:40:31.080-06:005010 News: MGMA is asking for more time for transition to 5010. The deadline in January 1, 2012, and was there for a couple of years. HHS has already pushed back a 3-month grace period, and now MGMA wants 6. I'm not technical enough to know why this is such a problem, but can't folks just get this switched over? Then again, how important can it be to make the switch? What advantages does 5010 Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-19455418527937090322011-12-28T10:28:00.002-06:002011-12-28T10:30:47.879-06:00Nothing to See Here: Here's a story about nothing: customers of small pharmacies complain of privacy violations when the pharmacies are sold to Walgreens and their records are sent there. Isn't that a HIPAA violation? No, it's not. It is definitely part of "healthcare operations" to transfer records to a successor provider, which is the case here. If you don't want Walgreens to have your records,Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-23140725658678144212011-12-20T09:50:00.003-06:002011-12-20T09:57:03.097-06:00UCLA Update: You may remember that a UCLA physician took home a portable hard drive which was stolen from his house (along with the slip of paper with the password to access the data). UCLA has now been sued for $16 million ($1,000 per patient, the California statutory damages amount).Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0