tag:blogger.com,1999:blog-33806362009-11-05T10:27:36.955-06:00HIPAA BlogA discussion of medical privacy issues buried in political arcanaJeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.comBlogger1477125tag:blogger.com,1999:blog-3380636.post-53398875916123549292009-11-05T10:19:00.002-06:002009-11-05T10:27:36.966-06:00Interesting Georgia personal representative decision: Well, interesting if you're a HIPAA geek. The Georgia Supreme Court has ruled that a spouse of a deceased person is that person's "personal representative" for HIPAA purposes. It seems the complicating factor in Alvista Healthcare Center v. Miller was the fact that the information was being sought by the surviving wife who was pursuing a Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-77556369266849196292009-11-03T10:57:00.003-06:002009-11-03T10:59:34.733-06:00Data Breach experience: Here's an interesting first-person perspective of a data breach victim. Understandable (if not really balanced) concerns about the ability of research organizations to use data without consent.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-74707164146425573332009-11-02T11:40:00.002-06:002009-11-02T11:43:34.703-06:00Survey: As I mentioned below, SoftwareAdvice is taking a survey on EMR adoption. They've decided to hold the survey open until Thursday, November 5th to see if they can compile more data. You can take the survey here.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-38367961938433577512009-11-02T10:44:00.002-06:002009-11-02T11:30:40.890-06:00Miami HIPAA/ID Theft sentencing: As noted below, the Miami ID theft ring at Palmetto General Hospital resulted in two convictions of a medical records employee and an outside accomplice. The hospital employee got 2 years and 5 days (?) and the accomplice got 11 months in jail.Via BNA (subscription required).Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-14496046325057178942009-10-31T09:44:00.002-05:002009-10-31T10:01:35.598-05:00Red Flags Update: I didn't see this until this morning, but knew it was coming. Sunday is November 1, the date the much-delayed Red Flags Rule would become enforceable against "creditors" (financial institutions, which obviously ought to implement identity theft prevention programs, have been under the Red Flags Rule for about a year). And when the eve of enforcement rolls around, FTC punts. Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-68769409088958707212009-10-30T09:48:00.002-05:002009-10-30T09:50:28.797-05:00Cost-efficient technology: HIPAA issues abound, obviously, but there sure are some good iPhone and smartphone apps that doctors and patients can use that deliver a big bang for the buck.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-21246403082884796462009-10-29T08:54:00.002-05:002009-10-29T09:01:39.751-05:00Red Flags and Small Businesses: To stop ID theft, businesses need to follow the Red Flags Rule. TJMaxx and other high-profile breaches show that. But is it even more important for small businesses to follow the Red Flags Rule? Some say so.Pro: small businesses have less technology, so lower technological defenses against ID theft. They also tend to be more likely to fall victim to social Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-82903266008927870142009-10-28T13:38:00.002-05:002009-10-28T13:46:02.492-05:00Arkansas Snoopin' update: Sentences have been handed down in the Little Rock, Arkansas snoopin' case, which involved the brutal murder of Ann Pressly, a Little Rock news anchor. A doctor and two hospital employees were caught accessing the medical records of the victim, and have each been sentenced to a year's probation, plus fines and community service.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-8987597808107603842009-10-28T11:14:00.002-05:002009-10-28T11:18:04.810-05:00EHR Adoption Due to Stimulus Bill Provisions: Have the EHR provisions in the so-called Stimulus Bill impacted your decision and/or timing about adopting electronic medical records? The folks at SoftwareAdvice are surveying folks to see if the statutory changes caused healthcare providers to take action, or just go looking. Go take the survey if you have any insights.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-44529978270714549222009-10-28T08:41:00.002-05:002009-10-28T08:45:13.165-05:005 Vulnerabilities that Lead to Identity Theft: Interesting article in InfoWeek's Dark Reading on areas to watch for ID theft. I thought it would be about specific items and behaviors that could pose risks, but it's more global than that. Interestingly, #5 is "Healthcare."Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-90286195736034159012009-10-26T10:20:00.002-05:002009-10-26T10:25:55.886-05:00Curb Your Enthusiasm: The digitization of medical records is not the cure-all some claim it will be. As with just about every other component of the health reform debate, nothing will be as good (the public option will end the uninsured problem), bad (death panels will kill grandma), or efficient (cutting fraud and abuse will save $500 billion) as the most vocal proponents/critics say. Here, Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-39379235321808396452009-10-22T09:54:00.001-05:002009-10-22T09:55:23.934-05:00Cost of a (non-HIPAA) Data Breach: FTC fines ChoicePoint $275,000 for 2008 breach.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-2687845057742328462009-10-21T07:34:00.002-05:002009-10-21T07:39:41.270-05:00Hospital bans Facebook: New England Baptist Hospital has banned its employees from using Facebook at work over privacy and time-wasting concerns. The second concern is definitely apt; as for the first, that's probably punishing the medium when the message is the potential problem. It's an interesting dilemma for all businesses, but the privacy/patient information issue is particularly relevantJeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-15129502251248760242009-10-20T08:57:00.001-05:002009-10-20T08:58:40.994-05:00Red Flag Reduction Reax: Some disagree with the new legislation to exempt small providers from the Red Flags Rule.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-23229920023695853462009-10-19T08:03:00.003-05:002009-10-19T08:05:57.240-05:00Second Life: Interesting article on Children's Memorial Hospital in Chicago's use of Second Life for training and peer support for disabled patients. I'm still not very sure how to purposefully navigate through Second Life: I have an identity there and an avatar that looks nothing like me, thankfully, but have never had any successful interactions there. Is there a "Second Life for Dummies" Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-19732945058978867802009-10-15T09:48:00.004-05:002009-10-22T07:50:43.408-05:00RED FLAGS UPDATE:In case you're following the Red Flags issue (the latest FTC compliance date was shifted to November 1), here's some big, big news: The House Financial Services Committee has quickly (and without Republican objection) moved forward a bill that would fully exempt healthcare, legal, and accounting firms with fewer than 20 employees from the definition of "creditor" under the Red Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-56660838116039395642009-10-06T11:57:00.001-05:002009-10-06T11:59:58.914-05:00Express Scripts: a 2008 successful hacker into the pharmacy benefits management company's data base might have exposed personal information 700,000 people.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-58430445266474482892009-10-06T09:29:00.004-05:002009-10-06T11:38:03.126-05:00FTC Endorsement Rule: In light of the (unconstitutional) FTC guidance published yesterday requiring bloggers to disclose any compensation for endorsement, let me state that anyone listed under the "Advertisers" to the left has paid for that spot. Most of the "Links" are unpaid, but some might've plied me with liquor. Rest assured, the grand total of what I've been paid in cash for posts or links Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-967223701668873902009-10-05T13:50:00.002-05:002009-10-05T13:55:58.802-05:0070,000,000 Records; Is That a Lot? The National Archives hosts a database that allows veterans to request copies of their medical records and discharge data. One of the hard drives went out, so the Archives sent it to the contractor to fix. The contractor couldn't fix, so it sent it to another contractor to recycle. Unfortunately, nobody scrubbed the data off of the drive, which may hold Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-12279738228226117362009-10-05T13:45:00.001-05:002009-10-05T13:48:04.649-05:00Not what we intended: Congressmen react to Secretary Sibelius' "no harm" standard for notifying of data breach. Apparently, that's too loose a standard for the Congressmen, who did not intend for HHS to give away such a big escape hatch for data breachers.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-22221032490294904712009-10-05T07:38:00.001-05:002009-10-05T07:40:22.305-05:00Data breach for physicians: Here's a twist. Yeah, it's the same old story of the stolen laptop, but this time the information was physician info (including some social security numbers), lost by an insurance company.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-53105315154194486632009-10-01T16:55:00.001-05:002009-10-01T16:57:14.238-05:00Bookmark this Permalink: HHS has published its instructions for submitting a notice of a data breach involving PHI here. Count the number of affected individuals and follow the instructions.Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-29559344202270992192009-09-25T22:18:00.003-05:002009-09-25T22:24:41.830-05:00Business Associate Agreements: The HITECH provisions of HIPAA contain some big changes for business associates, as well as some changes to business associate agreements. But the specifics aren't that well defined. What should you do? Should you amend your existing BAAs? Should you adopt a new form of BAA for new relationships, but keep the existing form to see what happens? Well, according Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-31041072726241637132009-09-24T09:26:00.002-05:002009-09-24T09:33:16.790-05:00New York: Here's a story (subscription required) about a NY scam similar to the Miami scam mentioned Tuesday. A lawyer and seven employees of a public hospital were arrested for running a scam where medical information of auto accident victims was taken by the hospital employees and sold to the lawyer, who used the information to file personal injury suits and get the patients unnecessary care Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0tag:blogger.com,1999:blog-3380636.post-87664147327403898512009-09-24T09:16:00.004-05:002009-09-25T22:14:11.122-05:00Social Media in Healthcare: I'll be speaking again next year at Q1 Production's 2nd Annual Healthcare New Media Marketing Conference, this time in Chicago. June 14-15, 2010. I'll be discussing the legal implications of using social media in healthcare, particularly in healthcare marketing.On that note, here's a story about a hospital system and a physician recruiting agency using Facebook and Jeffhttp://www.blogger.com/profile/12067054401696214042noreply@blogger.com0