tag:blogger.com,1999:blog-33806362008-10-02T10:19:25.395-05:00HIPAA BlogA discussion of medical privacy issues buried in political arcanaJeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comBlogger1259125tag:blogger.com,1999:blog-3380636.post-15384294288423380342008-10-02T10:18:00.000-05:002008-10-02T10:19:25.422-05:002008-10-02T10:19:25.422-05:00California snoopin'More California: Here's Modern Healthcare's take on it.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-15084006456955735822008-10-02T10:07:00.002-05:002008-10-02T10:11:07.779-05:002008-10-02T10:11:07.779-05:00WalMart-DossiaWal-Mart: It seems Wal-Mart has included electronic personal health records for all its employees as part of its open enrollment process for next year's beneficiaries. Wal-Mart is part of the Dossia consortium of large employers that's trying to make PHRs available to employees and encourage employees to use a PHR to maintain medical information and manage their healthcare.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-45465444751610237942008-10-01T13:21:00.001-05:002008-10-01T13:23:17.435-05:002008-10-01T13:23:17.435-05:00California Snoopin: Ahnuld signed the law creating the new state agency to enforce the new hospital medical record privacy law.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-301947844635489072008-09-22T10:15:00.002-05:002008-09-22T10:18:39.830-05:002008-09-22T10:18:39.830-05:00employee cell phone cameras MySpaceCell Phone Cameras: In Albuquerque, 2 UNM Hospital workers took pictures of patients receiving treatment, and posted them on their MySpace pages. Once discovered, they got fired. Good. Seriously, just how dumb is that? The hospital should have a policy prohibiting it, but do you really need an explicit policy not to take pictures of patients and post them on the internet? Isn't that common Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-40254094811150783632008-09-16T15:25:00.002-05:002008-09-16T15:26:48.112-05:002008-09-16T15:26:48.112-05:00OIG guidance re friends and familyFriends and Family: the OIG has issued new guidance for providers to follow when trying to determine when they can provide PHI to friends and family of patients.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-51732183778904229182008-09-15T09:52:00.003-05:002008-09-15T10:00:59.801-05:002008-09-15T10:00:59.801-05:00media disposalHow do you dispose of old backup tapes? Obviously, you follow your document retention policy. But what should that policy look like? Duration is definitely an issue; there are legal requirements for certain records, business uses, and other reasons to keep them a long time, as well as good reasons for deleting them as soon as possible (legal risks [including simply the cost of responding to Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-28144161025889597122008-09-10T07:30:00.002-05:002008-09-10T07:30:51.601-05:002008-09-10T07:30:51.601-05:00Medical ID theftMedical Identity theft accounts for 3% of all identity theft cases, according to this article.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-56997030460298859102008-09-08T10:30:00.002-05:002008-09-08T10:35:16.627-05:002008-09-08T10:35:16.627-05:00Piedmont and Providence: Feds finally put teeth into HIPAA, according to ComputerWeek. I'm not so sure. So far, nothing's come from Piedmont, except other audits and an attractive government contract for PwC. And Providence was a settlement of a bad (in the sense of being high-profile) data breach, and the penalty amount isn't really enough to scare too many people. Hopefully these news itemsJeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-18922882464628904882008-09-02T18:24:00.002-05:002008-09-02T18:29:27.839-05:002008-09-02T18:29:27.839-05:00new California healthcare data breach lawNew California legislation: From a post to the AHLA Health Information Technology listserv:
Here's a summary of the two companion legislative bills; they are all but
signed, and will take effect January 1, 2009. The scuttlebutt in Sacramento is
that the bills are directly driven by Governor Schwarzenegger's personal
interest in their passage, following unauthorized access by UCLA Medical CenterJeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-37754948841210399522008-08-28T10:38:00.002-05:002008-08-28T10:44:11.176-05:002008-08-28T10:44:11.176-05:00SnoopinCelebrity Snoopin': USA Today is on the case. The lawyers quoted are right: celebrities have as much right as anyone to the privacy protections of HIPAA, but tabloids aren't responsible or liable for republishing medical information about celebrities. They could potentially be an accessory to the crime committed by the snooper, or an aider and abbettor. They could also possibly be prosecuted Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-61463741168511982362008-08-27T11:07:00.001-05:002008-08-27T11:12:20.986-05:002008-08-27T11:12:20.986-05:00Britney/UCLA/California snoopin'Britney Update: More news from California on the "California Snoopin'" problem exposed by the LA Times regarding UCLA Medical Center and celebrity patient medical records. The California legislature has proposed legislation to require hospitals to have plans in place to safeguard medical records from inappropriate viewing, and to set up a state agency to review the plans and fine hospitals up toJeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-51972786645214901662008-08-26T11:55:00.002-05:002008-08-26T11:58:44.326-05:002008-08-26T11:58:44.326-05:00Data Breaches in 2008 so farData Breach Problem: It keeps getting worse. We've already had as many personal data breaches this year so far as we had in all of 2007, and it's only August.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-15116727874729962602008-08-22T13:48:00.001-05:002008-08-22T13:49:10.772-05:002008-08-22T13:49:10.772-05:00Health ID TheftHealth Identity Theft: another article. Again, insiders are the most likely culprit.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-29500656926951469902008-08-19T12:37:00.002-05:002008-08-19T12:46:16.566-05:002008-08-19T12:46:16.566-05:00Snooping, selling recordsMore medical record snooping issues: This time from Iowa. Part of the problem is healthcare employees snooping in medical records. This is understandable and should be expected. It's not acceptable, and those who do it should be severely punished. And since it's predictable, healthcare providers should be on the lookout for it, and should make an example of anyone who gets caught. Other Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-47660354391147842452008-08-19T12:31:00.002-05:002008-08-19T12:37:07.698-05:002008-08-19T12:37:07.698-05:00Self-care toolsSelf-Care Tools: Interesting article in the Wall Street Journal on technological devices that help patients (and their physicians, if they so wish) control and manage their care. This is just the type of thing to drive technology into the healthcare delivery system: get techno benefits to patients that are easy to see, and the system will incorporate the technology. It's easy to see how this Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-77014364261028209962008-08-18T15:51:00.002-05:002008-08-18T15:57:08.393-05:002008-08-18T15:57:08.393-05:00Providence CSO speaksProvidence CSO Speaks: Eric Cowperthwaite, chief security officer at Providence Health and Services, gave an interview with CSOOnline discussing Providence's problems with HIPAA. He's understandably cautious, but it's nice that he's willing to talk about it. There are no earthshattering revelations in the interview. Still, it's useful that this is in the news, since it will keep the focus on Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-78889238056514008572008-08-18T10:37:00.004-05:002008-08-18T17:19:14.010-05:002008-08-18T17:19:14.010-05:00health social networking issuesFacebook for your Health: I don't know if you saw this over the weekend, but the Washington Post ran a story on Saturday about a personal healthcare social networking program set up by WellNet, a health management company. I'm not clear on how WellNet is set up; it doesn't look like an HMO, but rather an information management company that helps employers understand and manage employee health Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-18227123713142911402008-08-15T16:45:00.000-05:002008-08-15T16:47:25.669-05:002008-08-15T16:47:25.669-05:00More Providence post-mortemMore on Providence: AIS has a pretty good wrap-up of the Providence "resolution agreement," including some interesting "follow the money" answers.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-49508744626128096592008-08-12T15:46:00.002-05:002008-08-12T15:48:53.397-05:002008-08-12T15:48:53.397-05:00Medicare EHR Pilot ProgramEHRs for Medicare Patients: Medicare is going to start up a pilot program in Arizona and Utah to provide electronic health record options to Medicare patients. Old folks + technology = funny results sometimes, but it's certainly true that the elderly, as the biggest consumers of healthcare, stand to gain the most from the efficiencies and safety that EHRs can bring. We'll see.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-4102619543145235232008-08-08T11:31:00.003-05:002008-08-08T11:33:51.863-05:002008-08-08T11:33:51.863-05:00Michigan GovernorMichigan Governor's PHI Hacked: It's not only the UCLA Medical Center (or NY Presby for Clinton) that has a problem. It seems Sparrow Hospital in Michigan also has a problem with employees peeking into the medical records of the rich and famous (or at least powerful).Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-2171525428675184242008-08-06T10:45:00.002-05:002008-08-06T10:50:20.090-05:002008-08-06T10:50:20.090-05:00HHCC provides EMRsElectronic Medical Records: Hartford Healthcare Corporation, parent of Hartford Hospital and Midstate Medical Center in Connecticut, is taking advantage of the Stark exception to subsidize the purchase and installation of an Allscripts electronic medical record system with several big physician groups affiliated with the hospital system.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-5862431562564716072008-08-05T12:36:00.001-05:002008-08-05T12:37:41.539-05:002008-08-05T12:37:41.539-05:00UCLA celeb med record snoopersUCLA: It turns out there were a whole lot more prying eyes at UCLA Medical Center than originally thought.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-31172578794411179612008-08-01T07:28:00.001-05:002008-08-01T07:29:59.001-05:002008-08-01T07:29:59.001-05:00EHR praise for DossiaDossia gets props: In EHR news, a federal panel pushing for healthcare IT has given high praise to Google, Microsoft, and others participating in the Dossia patient-controlled electronic health records initiative.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-10619519298537612112008-07-29T10:56:00.003-05:002008-07-29T11:00:31.533-05:002008-07-29T11:00:31.533-05:00Georgia BC/BS data breachData Breach in Georgia: Apparently, Blue Cross and Blue Shield of Georgia didn't test out a change in their computer system, and somehow addresses on EOBs got mismatched. The result was about 200,000 Explanation Of Benefit letters were sent to the wrong addresses. The letters contain patient names and ID numbers, as well as information about the patient's doctor and procedures performed. In Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comtag:blogger.com,1999:blog-3380636.post-84692221196183625392008-07-24T23:16:00.002-05:002008-07-24T23:21:41.261-05:002008-07-24T23:21:41.261-05:00Congress pushes EMRs: Sorry for the lack of postings, but I've been vacationing in the face of a hurricane. Anyway, I saw this in some email headline clippings this morning: The House has moved forward the acronymally abominous "Protecting Records, Optimizing Treatment, and Easing Communications through Healthcare Technology Act", to be known as the "PRO(TECH)T Act." It's designed to encourage Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com