iHealthBeat: Privacy and Security

Stakeholders Defend Data Breach Notification Rule's 'Harm Threshold'

Tue, 09 Feb 2010 08:00:00 GMT

At a HIPAA summit last week, several participants said the 'harm threshold' allows health care organizations to avoid data breach notifications that could unnecessarily alarm patients. Some stakeholders and members of Congress have concerns about the standard. HealthLeaders Media.

N.H. Lawmakers Set To Consider Bill Affirming Patient Rights to EHRs

Mon, 08 Feb 2010 08:00:00 GMT

This week, New Hampshire legislators are scheduled to hear a bill that would provide patients with greater control over their electronic health records. The measure aims to restore state protections that existed prior to the 2003 federal HIPAA privacy rules. Laconia Citizen.

Business Associates Will Pay Up for Health Data Breaches, Official Says

Fri, 05 Feb 2010 08:00:00 GMT

Sue McAndrew of HHS' Office of Civil Rights said health care business associates might need to pay OCR directly for violations of the HIPAA privacy and security rules. McAndrew said OCR might waive some penalties under certain circumstances. HealthLeaders Media.

Study: About 51% of U.S. Adults Look Up Health Topics Online

Thu, 04 Feb 2010 08:00:00 GMT

A new survey from CDC's National Center for Health Statistics finds that more than half of U.S. adults use the Internet to research health information. Fewer Americans went online to e-mail physicians, refill prescriptions or schedule medical appointments. Researchers also found that women were more likely than men to use the Internet for health-related purposes. Reuters, MedPage Today.

Medical Groups Ask for Exemption From FTC's 'Red Flags' Regulations

Mon, 01 Feb 2010 08:00:00 GMT

Several medical associations recently sent a letter asking the Federal Trade Commission to exempt health care professionals from the "Red Flags" rule requiring businesses to take specific steps to safeguard against identity theft. Health Data Management, HealthLeaders Media.

Questions Raised Over How Much Data Patients Should Access in EHRs

Thu, 28 Jan 2010 08:00:00 GMT

New federal regulations require health care providers to provide patients with electronic copies of their health records within 48 hours of a request. Stakeholders disagree about how much information the health care providers should disclose. Huffington Post Investigative Fund.

Tab for Response to Data Breach Hits $7 Million for BCBS of Tennessee

Tue, 26 Jan 2010 08:00:00 GMT

After an October theft, BlueCross BlueShield of Tennessee has spent more than $7 million to assess the missing data and provide credit monitoring for affected members. The insurer said it might have to spend millions more as the investigation continues. Chattanooga Times Free Press.

New Survey Suggests Lingering Concerns Over Widespread Use of EHRs

Tue, 26 Jan 2010 08:00:00 GMT

The privacy-focused Ponemon Institute has released a survey indicating that respondents were more comfortable with the idea of health care providers storing and having access to their electronic health records than either government agencies or technology firms. Forbes.

New Web Scams Strive To Trick Physicians Into Exposing Patient Data

Mon, 25 Jan 2010 08:00:00 GMT

In the latest generation of e-mail scams, hackers are posing as insurers, IT administrators and other trusted sources to request passwords and other information. Experts advise several strategies to prevent such scams from exposing patient data. American Medical News.

Industry Stakeholders Warn of Higher Penalties for Health Data Breaches

Mon, 25 Jan 2010 08:00:00 GMT

By mid-February, fines for health care privacy breaches could rise to as much as $1.5 million as a result of increased privacy protections included in the 2009 federal economic stimulus package. Health care organizations say they have been working to meet the new requirements. San Francisco Business Times.

FTC's New Red Flags Rules: Are They the Right Cure at the Right Time?

Tue, 19 Jan 2010 08:00:00 GMT

With all of the controversy and push-back the new red flags rules have triggered in the health care sphere, the potential for further revisions cannot be ruled out. However, there is a real deadline looming and health care providers should heed it.

Conflicting Privacy Laws Could Hinder Kansas Health Data Exchange

Tue, 19 Jan 2010 08:00:00 GMT

The e-Health Advisory Council agreed to ask the Kansas Legislature to address inconsistencies in the state's patient privacy protection laws. Meanwhile, the group decided to hold off on seeking legislative approval to create a group to govern a statewide health data exchange. Kansas Health Institute News.

Data Breach Affects 500,000 BCBS of Tennessee Customers

Fri, 15 Jan 2010 08:00:00 GMT

The October theft of 57 hard drives might have exposed personal and health data of about 500,000 BlueCross BlueShield of Tennessee members. The drives contained audio files of recorded phone conversations with BCBS customers. HealthLeaders Media, Chattanooga Times Free Press.

Push for EHRs Raises New Concerns About Health Care Fraud

Thu, 14 Jan 2010 08:00:00 GMT

Fraud and security experts warn that the health care industry's rush to transition to electronic health records could lead to an increase in health data breaches and fraud. Health care fraud costs the U.S. health care system as much as $100 billion annually. CNNMoney.

Conn. Attorney General Sues Health Net Over Data Security Breach

Thu, 14 Jan 2010 08:00:00 GMT

Connecticut Attorney General Richard Blumenthal filed a lawsuit against Health Net in response to a May 2009 data breach. The case marks the first time a state attorney general has used new authority under the 2009 federal stimulus package to enforce HIPAA violations. Hartford Courant et al.

Kaiser Informs More Than 15,000 Members of Health Data Breach

Wed, 13 Jan 2010 08:00:00 GMT

Kaiser Permanente is notifying more than 15,000 members in Northern California that an external computer drive containing their personal data was stolen from a Kaiser employee's car last month. The breach comes after Kaiser was fined last year under new California privacy laws. San Francisco Chronicle et al.

Patient Concerns Curb Demand for Health IT Systems, Experts Say

Tue, 12 Jan 2010 08:00:00 GMT

At a recent conference, experts said health care providers are hesitant to invest in electronic health record systems because patients still have reservations about the technology. Many consumers are unconvinced that EHRs would protect the privacy of their health records. MSNBC.

NHIN Work Group Mulls Options for Verifying Participants' Identities

Fri, 08 Jan 2010 08:00:00 GMT

Yesterday, the Nationwide Health Information Network work group discussed whether HHS should develop its own health care provider authentication process or if the department should use commercially available identity proofing and authentication programs. Federal Computer Week.

Minnesota Rolls Out Rx Database To Help Curb Prescription Drug Abuse

Wed, 06 Jan 2010 08:00:00 GMT

Starting this week, Minnesota pharmacies will need to report the dispersal of certain controlled substances to a new prescription monitoring program. The project aims to help health care providers identify patients who might be misusing prescription drugs. AP/Minneapolis Star Tribune.

HHS Plans To Examine Privacy of De-Identified Patient Information

Wed, 06 Jan 2010 08:00:00 GMT

HHS plans to hire a contractor to study whether patient data that have been de-identified under the HIPAA privacy rule can be re-identified and matched to a specific individual. The federal government's push for electronic health records has sparked privacy concerns about patient data. Washington Technology.

Do Health Care Organizations Have Policies on Appropriate Use of Social Technology Tools?

Thu, 17 Dec 2009 08:00:00 GMT

Thirty-six percent of health IT professionals surveyed said their organization has a policy in place outlining the appropriate use of externally operated social technology tools by employees, compared with 29% of respondents who said their organization does not have such a policy in place, according to a new survey.

Studies: EHR Privacy Still a Concern Among Health Care Providers

Wed, 16 Dec 2009 08:00:00 GMT

One new study found that most health care providers are at least somewhat concerned about the privacy of electronic health data. Another study found that mental health professionals are particularly worried about inappropriate access to digital patient data. Healthcare IT News.

Proposal To Ban Rx Data Mining Unlikely To Make Final Senate Reform Bill

Tue, 15 Dec 2009 08:00:00 GMT

Yesterday, a Senate staff member said a proposal offered last week to ban prescription drug data mining for marketing purposes is unlikely to be included in the Senate's final health care reform bill. Drugmakers and the American Medical Association support prescription data mining. Reuters.

Facebook's New Privacy Settings Spur Questions on Patient Data Control

Tue, 15 Dec 2009 08:00:00 GMT

Last week, Facebook rolled out privacy controls that allow users to customize the visibility of their personal information. The new features are driving experts to consider whether electronic health records could offer patients similar control over their data. Modern Healthcare.

San Antonio's Diabetes Registry Faces Uncertain Future, Officials Say

Mon, 14 Dec 2009 08:00:00 GMT

Initial funding for San Antonio's diabetes registry has expired and privacy concerns prompted changes to the database that could make results less accurate, according to officials. New York City is the only other U.S. city to collect diabetes data to assess treatment efficacy. San Antonio Express-News.

Watchdog Group Grades Personal Health Records on Privacy Protections

Tue, 08 Dec 2009 08:00:00 GMT

Patient Privacy Rights' new report card rates the privacy protections of personal health record systems. NoMoreClipboard.com received an A, while WebMD and CapMed both received Cs for their respective PHR applications. Employer- and insurer-based PHR systems were given Fs. Federal Computer Week.

Growth of EHRs Could Lead to Rise in Medical Identity Theft

Mon, 30 Nov 2009 08:00:00 GMT

Some experts are expressing concern that electronic health records could facilitate medical identity theft by making patient data more easily accessible. Experts say that false insurance claims could drive up an individual's medical bills and add incorrect information to a patient's files. In addition, faulty claims could exhaust an individual's lifetime benefits. Wall Street Journal.

Concerns Growing Over Use of Data Mining for Prescription Marketing

Mon, 30 Nov 2009 08:00:00 GMT

Drug companies often purchase electronic prescription information from data-mining firms to create targeted sales pitches for certain medications. Some patient advocates have expressed concern that such tactics could inappropriately influence physician decisions. Chicago Tribune.

Experts Highlight Risks of Improperly Secured Electronic Health Data

Mon, 23 Nov 2009 08:00:00 GMT

At a recent Health IT Standards Committee meeting, one participant said hackers could infiltrate health data systems to change patient records in dangerous ways. Other experts discussed the risks in cloud computing and challenges in health information sharing. NextGov, Government Health IT.

Health Net Reports Data Breach Affecting 1.5M Members Nationwide

Thu, 19 Nov 2009 08:00:00 GMT

Yesterday, the insurance company Health Net reported that it had lost an external hard drive containing personal and health data on 1.5 million members nationwide. Connecticut officials are investigating whether the insurer waited too long to report the breach. Hartford Courant et al.

Survey: Many Business Associates Unprepared To Secure Health Data

Wed, 18 Nov 2009 08:00:00 GMT

A new HIMSS Analytics survey finds that about one-third of health care business associates are unaware that the economic stimulus package requires them to comply with HIPAA health data protection rules. The security vendor ID Experts sponsored the study. Healthcare IT News et al.

HITRUST Unveils New Certification Program for Health IT Security

Tue, 17 Nov 2009 08:00:00 GMT

The Health Information Trust Alliance's new certification program aims to help health care providers determine whether they are complying with HITRUST's Common Security Framework. The group is offering a full and partial certification track. Modern Healthcare, Healthcare IT News.

Recent Survey Highlights Need for Health Care Organizations To Strengthen Data Protection

Mon, 16 Nov 2009 08:00:00 GMT

David Finn of Symantec, Lisa Gallagher of HIMSS, Susan McAndrew of HHS and Deborah Peel of Patient Privacy Rights spoke with iHealthBeat about a recent HIMSS survey on data security among health care organizations.

Despite Backlash, Final Data Breach Rule Could Include Harm Threshold

Mon, 16 Nov 2009 08:00:00 GMT

Some consumer groups and lawmakers are urging HHS to reconsider a provision that would require health care providers to notify consumers only about data breaches that pose significant harm. The American Hospital Association and others support the harm standard. Huffington Post.

Connecticut Attorney General Investigating BCBS Data Breach

Tue, 10 Nov 2009 08:00:00 GMT

Connecticut Attorney General Richard Blumenthal is examining whether the BlueCross BlueShield Association waited too long to disclose the theft of a laptop containing names, addresses and identification numbers of affiliated physicians. Although the theft took place in August, BCBS did not notify affected individuals about the data breach until last month. Hartford Courant et al.

Privacy, Security Laws Impede Health Data Sharing, Experts Say

Mon, 09 Nov 2009 08:00:00 GMT

At a forum last week, health IT experts said the requirements of the Federal Information Security Management Act and HIPAA privacy rules make it challenging for federal agencies and private-sector health providers to share electronic health information. Government Health IT.

House Subcommittee Approves Legislation To Step Up Cybersecurity

Fri, 06 Nov 2009 08:00:00 GMT

The House Subcommittee on Technology and Innovation approved a bill designed to boost oversight of the country's electronic infrastructure. The bill includes an amendment to conduct identity management research and standards development on health IT systems. CongressDaily, eWeek.

Survey: Many Medical Groups Falling Short of Data Security Standards

Wed, 04 Nov 2009 08:00:00 GMT

A new survey conducted by the Healthcare Information and Management Systems Society finds that many health care organizations have not implemented sufficient protections to secure patients' medical data. The security systems firm Symantec sponsored the survey. Healthcare IT News, HIMSS release.

HHS Releases Interim Final Rule Strengthening HIPAA Penalties

Mon, 02 Nov 2009 08:00:00 GMT

HHS' interim final rule sets stricter penalties for HIPAA violations as required under the federal economic stimulus package. Under HHS' rule, health care organizations that experience data breaches can face fines ranging from $100 to $50,000 per violation. HHS has not yet released specific details about its audit and enforcement plans. Healthcare IT News et al.

ONC Wants To Survey Consumers on Health Information Sharing

Thu, 29 Oct 2009 07:00:00 GMT

A notice in yesterday's Federal Register proposes surveying about 2,500 Americans about their opinions on health information exchange. The Office of the National Coordinator for Health IT plans to release a report and hold a Web seminar on the findings. Health Data Management, Government Health IT.

Labs Push for Federal Exemptions From State Data Sharing Statutes

Thu, 29 Oct 2009 07:00:00 GMT

Clinical laboratories are urging policymakers to amend federal regulations to allow labs to exchange test result data with health plans, researchers and other HIPAA-covered entities. State medical privacy laws currently govern the release of most lab data. Modern Healthcare.

Does the Health Care Industry Need Better Guidelines on Use of Secondary EHR Data?

Thu, 29 Oct 2009 07:00:00 GMT

Nine out of 10 health care executives said they somewhat or strongly agree that there needs to be better guidelines on how secondary electronic health record data should be used and shared, according to a recent survey. Sixty-six percent of pharmaceutical companies, 65% of health care provider organizations and 54% of health care payers use some form of secondary health data.

AHA Endorses 'Risk Threshold' in HHS' Data-Breach Notification Rule

Tue, 27 Oct 2009 07:00:00 GMT

The American Hospital Association backs a provision that would require notification of a health data breach only if the organization determines the breach poses significant harm. However, AHA is urging "further improvements" to other aspects of the rule. Health Data Management, Healthcare IT News.

Advocates Raise Concerns About Security of Supposedly De-Identified Patient Health Data

Tue, 27 Oct 2009 07:00:00 GMT

Ryan Howard of Practice Fusion, Deborah Peel of Patient Privacy Rights, Dan Rode of AHIMA and Vitaly Shmatikov of the University of Texas-Austin spoke with iHealthBeat about data mining and patient privacy concerns.

Critics Urge Lawmakers To Tread Carefully With Health IT Proposals

Mon, 26 Oct 2009 07:00:00 GMT

Some stakeholders claim that health IT systems can cause medication errors, miscalculations, misdiagnoses and other problems. Health care providers currently are not required to submit reports about adverse events caused by computers and software systems. Washington Post.

Groups Take Opposing Stances on Data-Breach Notification Rule

Fri, 23 Oct 2009 07:00:00 GMT

In a recent letter to HHS Secretary Kathleen Sebelius, Consumer Watchdog argued that HHS violated congressional intent by adding a harm threshold to its data-breach notification rule. Meanwhile, Premier is urging the agency to retain the harm threshold, arguing that it "will not result in the abuse of discretion by covered entities." Health Data Management, Consumer Watchdog release.

Survey: IT Workers Say Medical Centers Could Boost Privacy Measures

Tue, 20 Oct 2009 07:00:00 GMT

According to a recent survey, many health IT workers believe their organizations could do more to protect electronic patient data. About 70% of surveyed workers reported that their institution's senior management does not prioritize patient data privacy. Healthcare IT News, LogLogic Release.

Study Suggests Hackers Could Re-Identify Personal EHR Data

Mon, 19 Oct 2009 07:00:00 GMT

In a recent study, researchers determined the identities of supposedly anonymous Netflix users by connecting user data to individually identifiable information posted on other Web sites. Privacy advocates say the study demonstrates that hackers might have the capacity to re-identify anonymous electronic health record information. New York Times.

Federal Agencies Step Up Efforts To Combat Medical Identity Fraud

Fri, 16 Oct 2009 07:00:00 GMT

Yesterday, HHS Secretary Kathleen Sebelius and Assistant Attorney General Tony West discussed the government's continued efforts to curb medical identity theft and Medicare fraud. HHS also recently developed online resources about identity theft protection. Healthcare IT News.

Lawmakers Take Issue With Harm Threshold for Breach Notification

Tue, 13 Oct 2009 07:00:00 GMT

In a recent letter to HHS Secretary Kathleen Sebelius, six members of the House of Representatives wrote that they are "deeply concerned" about the harm threshold provision included in HHS' interim final rule on personal health data breach notification. HealthLeaders Media.

AHIMA Releases Bill of Rights for Health Data Privacy Protections

Tue, 06 Oct 2009 07:00:00 GMT

The American Health Information Management Association's new Health Information Bill of Rights declares that patients have the right to access their health data, expect privacy protections and seek legal compensation for data breaches. The group plans to offer health care providers a certification showing that they agree to comply with the guidelines. Modern Healthcare, Health Data Management.

Opinion: Many Factors Dictate Security of Electronic Records

Mon, 05 Oct 2009 07:00:00 GMT

Patients must believe that their medical information is secure before they will have faith in electronic health records, according to John Halamka of Harvard Medical School and the federal Healthcare Information Technology Standards Panel. Computerworld.

New HHS Guidance Lays Out Steps To Comply With Data Breach Rule

Mon, 05 Oct 2009 07:00:00 GMT

Last week, HHS detailed how HIPAA-covered entities would go about reporting data breaches under a new rule that took effect last month. The federal economic stimulus package mandated the new rule, which won't be enforced until February 2010. HealthLeaders Media.

Doctors in BCBS Networks Face Data Breach After Laptop Theft

Mon, 05 Oct 2009 07:00:00 GMT

In August, a laptop including Social Security numbers and other information about doctors was stolen after a BlueCross BlueShield Association employee violated company rules by downloading an unencrypted version of the information. The computer did not include personal health records or other information about patients. Boston Globe.

FDA's Growing Role Regulating Health 2.0, Health IT

Fri, 02 Oct 2009 07:00:00 GMT

FDA will likely play an increasingly important role in regulating health IT, and it's important for Health 2.0 entrepreneurs and champions to participate in FDA's efforts.

HHS Holds Keys to Next Generation of Health Information Privacy

Thu, 24 Sep 2009 07:00:00 GMT

Stronger laws are not enough. Effective implementation -- including education, outreach and oversight -- will be needed to embed better privacy and security practices throughout the health care system as we move into the age of digital health records.

Health Data Breach Notification Rules To Take Effect This Week

Tue, 22 Sep 2009 07:00:00 GMT

Tomorrow, HHS is scheduled to implement a rule requiring health care providers to alert patients of health data security breaches. On Thursday, the Federal Trade Commission is scheduled to implement a companion rule that will apply to personal health record vendors and other entities not covered under HIPAA privacy and security regulations. Federal Computer Week, HealthLeaders Media.

Enforcement of New HIPAA Privacy, Security Rules Remains Unclear

Mon, 21 Sep 2009 07:00:00 GMT

The federal economic stimulus package calls for HHS to conduct audits to ensure that covered entities are complying with the strengthened HIPAA privacy and security rules. However, officials have yet to issue guidance on how they plan to conduct such audits. HealthLeaders Media.

Standards Panel OKs Guidance on Privacy, Security of EHRs

Wed, 16 Sep 2009 07:00:00 GMT

Yesterday, the Health IT Standards Committee endorsed work group recommendations on how electronic health records should ensure the privacy and security of health information. The panel outlined specific guidelines for EHRs to meet by 2011 and 2013. The standards panel now will shift its focus to health IT implementation guidance. Health Data Management et al.

New Program To Evaluate, Certify Health IT Privacy, Security

Thu, 10 Sep 2009 07:00:00 GMT

A whole new mini industry is forming to provide help as the country's health care system moves fitfully into the digital age. A new program to evaluate and certify privacy and security efforts in health IT is one company's attempt to corner a segment of that new landscape.

Groups Grade Obama on Medical Privacy, Other Security Issues

Thu, 10 Sep 2009 07:00:00 GMT

Yesterday, advocates released report cards grading the Obama administration on medical privacy and other issues. Some groups gave high scores for the stimulus package's new privacy rules, while others criticized Obama's support for electronic health records. Modern Healthcare et al.

HITRUST To Develop Health IT Security Certification Program

Tue, 08 Sep 2009 07:00:00 GMT

The Health Information Trust Alliance is leading an effort to create a health IT certification program to help health care organizations determine whether IT security products comply with HIPAA criteria and HITRUST's Common Security Framework. Federal Computer Week et al.

VA Seeks Proposals for Health Technology Research Center

Fri, 28 Aug 2009 07:00:00 GMT

The Department of Veterans Affairs' "Emerging Health Technologies Advancement Center" will be dedicated to developing new health technologies, including systems to manage privacy and security, and technology to facilitate health information exchange. Government Health IT.

Computer Glitch Causes VA To Mistakenly Tell Veterans They Have ALS

Tue, 25 Aug 2009 07:00:00 GMT

At least 1,200 veterans recently received letters from the Department of Veterans Affairs mistakenly informing them that they have amyotrophic lateral sclerosis, or Lou Gehrig's disease. VA said computer coding problems are responsible for the error. Modern Healthcare et al.

HHS Finalizes Rule on Public Disclosure of Patient Data Breaches

Thu, 20 Aug 2009 07:00:00 GMT

Yesterday, HHS' Office for Civil Rights released a final rule requiring all HIPAA-covered entities to notify patients of electronic data security breaches. The rule accompanies an FTC rule that applies to non-HIPAA covered businesses and health IT vendors. Modern Healthcare et al.

FTC Sets Rule Requiring Public Notification of PHR Breaches

Wed, 19 Aug 2009 07:00:00 GMT

This week, the Federal Trade Commission issued a final rule requiring personal health record providers to alert consumers about data security breaches. The rule also requires organizations to notify the media if the security breach involves more than 500 people. FTC's regulations will apply to Google Health, Microsoft HealthVault and others. Government Health IT, Health Data Management.

Experts Focus on Legal Issues Surrounding EHR Use at AHIMA Summit

Wed, 19 Aug 2009 07:00:00 GMT

At an American Health Information Management Association summit this week, experts said health care providers and health IT vendors should consider legal and ownership issues when converting to electronic health record systems. Modern Healthcare, Health Data Management.

White House Shuts Down E-Mail Service for 'Fishy' Health Reform Tips

Tue, 18 Aug 2009 07:00:00 GMT

In response to privacy concerns, the White House has halted the use of an e-mail account launched earlier this month to collect "fishy" information being circulated about health reform efforts. The White House will continue to gather information through its Web site. Wall Street Journal et al.

Google Executive Tapped for Board of Cyber Security Group

Thu, 13 Aug 2009 07:00:00 GMT

Yesterday, the National Cyber Security Alliance announced that Google executive Eric Davis will join its board of directors. The announcement follows Google Health's recent efforts to promote patient privacy by endorsing the Declaration of Health Data Rights. Healthcare IT News.

Some Industry Experts Say Health Data Privacy Laws Should Be Updated

Wed, 12 Aug 2009 07:00:00 GMT

Current privacy laws are becoming more outdated as health care providers transition to electronic health records, experts say. Former National Coordinator for Health IT David Brailer recommends updating the rules to give patients more control of their health data. CNNMoney.

Stimulus Package Addresses Medical Data Sales, Patient Privacy

Mon, 10 Aug 2009 07:00:00 GMT

Under the economic stimulus package, pharmacies and other health groups could face tighter restrictions for selling personal prescription information to drugmakers and data-mining firms. Government agencies currently are working to develop final rules on the matter. New York Times.

HHS Shifts Enforcement of HIPAA Security Rule to Civil Rights Office

Tue, 04 Aug 2009 07:00:00 GMT

HHS Secretary Kathleen Sebelius has announced that HHS' Office of Civil Rights will manage enforcement of both the HIPAA security and HIPAA privacy rules in an effort to improve efficiency and reduce duplication. Previously, CMS enforced the security rule. Modern Healthcare et al.

Health IT Push Could Threaten Health Data Security, Experts Say

Tue, 04 Aug 2009 07:00:00 GMT

Privacy advocates are raising concerns that the federal government's push for health IT adoption could make health information less secure and lead to an increase in health data breaches. The federal government has stressed the need for increased security for EHRs, but it has not yet proposed ways to better protect patients' health data. Wall Street Journal.

FTC Delays Enforcement of 'Red Flags' Identity Theft Protection Rule

Thu, 30 Jul 2009 07:00:00 GMT

For the third time, the Federal Trade Commission has pushed back the compliance deadline for its "Red Flags" identity theft protection rule. The agency says health care providers must comply with the rule because they accept deferred payments. Health Data Management et al.

'Anonymized' Medical Data Protects Privacy, Improves Care

Thu, 30 Jul 2009 07:00:00 GMT

The transformative potential of health IT is great, but getting there depends on our ability to build consumer trust in new electronic systems. Ensuring privacy -- without compromising the value of collecting and comparing data -- will go a long way toward securing that trust.

Stimulus Package Steps Up Health Data Privacy, Security

Tue, 28 Jul 2009 07:00:00 GMT

The federal stimulus package places more stringent privacy and security regulations on facilities that handle protected health information. Experts say that health care facilities have focused mainly on the stimulus package funding rather than security provisions and that facilities could face significant penalties if they do not comply with the new rules. Healthcare Informatics.

Privacy Advocate Raises Concerns About Work Group's Proposals

Mon, 27 Jul 2009 07:00:00 GMT

Coalition for Patient Privacy founder Deborah Peel called a proposal by the Health IT Standards Committee's privacy and security work group to delay implementation of consent management tools until 2015 "a stunning defeat for consumer protection." However, Steven Findlay, co-chair of the work group, said, "Consent management is not the way to achieve patient privacy." Federal Computer Week.

Blumenthal Undecided on Expanding FISMA to Health Care Facilities

Mon, 27 Jul 2009 07:00:00 GMT

Several federal health officials have said private health care entities should comply with the Federal Information Security Management Act to ease data sharing with federal agencies. National Coordinator for Health IT David Blumenthal has not yet taken a stance on the issue. Federal Computer Week.

California Cancer Center Notifies Patients of Computer Data Breach

Fri, 17 Jul 2009 07:00:00 GMT

A University of California-San Diego Cancer Center has informed 30,000 patients that computer hackers might have accessed their personal data. Meanwhile, California's Kaiser Bellflower Hospital received another fine after employees improperly accessed patient records. San Diego Union-Tribune et al.

Alberta Health Officials Identify Possible Health Record Security Breach

Thu, 09 Jul 2009 07:00:00 GMT

Alberta Health Services has sent letters alerting residents that a computer virus might have copied information from the department's electronic health record system. Officials say the compromised data included medical records but no financial information. Toronto's Globe and Mail et al.

RFID Provider Backs Legislation To Prohibit Forced Implantation

Tue, 07 Jul 2009 07:00:00 GMT

Radio frequency identification systems provider VeriChip says it supports a Pennsylvania bill to ban the forced implantation of RFID systems into humans. California, North Dakota and Wisconsin already have passed similar bills prohibiting forced implantation. Healthcare IT News.

Lawsuit Filed Over Stimulus Package's Health IT Provisions

Mon, 06 Jul 2009 07:00:00 GMT

A registered nurse has filed a civil lawsuit against three Obama administration officials alleging that the federal stimulus package's health IT provisions violate patients' rights to privacy, due process and personal security. The suit also alleges that the economic stimulus package violates the HIPAA medical privacy rule and Federal Common Law. Health Data Management, Healthcare IT News.

Advocate Calls for New Protections for Health Data Stored Online

Wed, 01 Jul 2009 07:00:00 GMT

At an event yesterday, Leslie Harris of the Center for Democracy and Technology said new medical privacy laws have boosted protections in the traditional health care system but called for rules that pertain specifically to Web-based services for patients to store health information. CongressDaily.

Courts Refuse To Block State Laws Restricting Rx Data-Mining Firms

Tue, 30 Jun 2009 07:00:00 GMT

On Monday, the U.S. Supreme Court declined to hear a case by two data-mining firms appealing a New Hampshire law that restricts prescription data collection. Last week, an appeals court also declined to grant an injunction that would have blocked a similar Vermont law. Reuters et al.

Data-Mining Firms Seek To Block Vermont Rx Data Marketing Law

Wed, 24 Jun 2009 07:00:00 GMT

Yesterday, an attorney representing three prescription data-mining firms asked an appeals court to stop Vermont from enacting a law next week that would restrict their work until the judges decide whether to uphold a lower court ruling. AP/Washington Post, AP/Barre Montpelier Times Argus.

Group Launches Web Site Promoting Patient Health Data Rights

Tue, 23 Jun 2009 07:00:00 GMT

Yesterday, a group of advocates, physicians and bloggers launched HealthDataRights.org to encourage policymakers to support initiatives that improve patient access to electronic health records. The group also released a Declaration of Health Data Rights. New York Times' "Bits" et al.

Memphis Health Data Exchange Demonstrates Benefits, Cost Savings

Mon, 22 Jun 2009 07:00:00 GMT

A regional health information exchange in Memphis, Tenn., helps health care providers make more informed care decisions and reduces costs by eliminating duplicate tests. Such initiatives are set to receive $300 million under the federal economic stimulus law. Kaiser Health News.

Medical Identity Theft Concerns Grow as EHR Adoption Increases

Mon, 15 Jun 2009 07:00:00 GMT

Pam Dixon, executive director of World Privacy Forum, said medical identity theft likely has grown because of an increase in use of electronic health records systems without adequate safeguards. Health care providers say that they are taking measures to prevent identity theft. New York Times.

Rise in Health Record Hacking Cases Prompts Re-Examination of Data Protection Methods

Tue, 09 Jun 2009 07:00:00 GMT

Internet security consultant Greg Reber, Shelton Waggener of the University of California-Berkeley and Anne Wallace of the Identity Theft Assistance Center spoke with iHealthBeat about patient data breaches and securing sensitive information.

HISPC Releases Guide on Harmonizing State Privacy, Security Rules

Mon, 08 Jun 2009 07:00:00 GMT

The Health Information Security and Privacy Collaboration's new Action and Implementation Manual details seven projects to develop common, replicable multistate approaches that could help reduce differences in state privacy and security policies. Health Data Management.

GAO Reports Urge FDA To Boost Privacy, Modernize IT Systems

Wed, 03 Jun 2009 07:00:00 GMT

On Monday, the Government Accountability Office released a report calling for FDA to prioritize privacy and security issues while developing its Sentinel Initiative project to monitor medical product safety. A day later, GAO released another report recommending that the agency develop a comprehensive plan to modernize its IT infrastructure and systems. Government Health IT et al.

Cerner Markets Patient Data to Drug Companies, Researchers

Mon, 01 Jun 2009 07:00:00 GMT

Cerner is capitalizing on the billions of anonymous patient records it has access to by marketing the information to pharmaceutical firms and clinical researchers. Cerner says its data-mining capabilities could help accelerate the drug development process, identify potential new uses for existing drugs and pinpoint prescription drug side effects. Kansas City Business Journal.

U.K. Information Group Urges NHS To Overhaul Data Security Measures

Tue, 26 May 2009 07:00:00 GMT

The United Kingdom's information watchdog has urged the National Health Service to review its security measures after the health department confirmed that 140 security breaches occurred between January and April 2009. Authorities plan to investigate the lapses. Independent et al.

Government Still Lags in Information Security, GAO Report Finds

Fri, 22 May 2009 07:00:00 GMT

A draft report from the Government Accountability Office finds that while federal agencies, including HHS, have made some improvements in information security, significant weaknesses still exist. The report comes as the federal government pushes for digital health records. Healthcare IT News.

Drug Czar To Push for More States To Create Rx Monitoring Databases

Thu, 21 May 2009 07:00:00 GMT

Gil Kerlikowske, director of the White House Office of National Drug Control Policy, wants more states to implement prescription monitoring databases to help curb prescription abuse. However, the recent hacking of Virginia's prescription monitoring database has raised concerns. USA Today.

Report Identifies Gaps in Protection of Health Information in California

Wed, 20 May 2009 07:00:00 GMT

California has some of the most stringent state privacy laws in the country, but there still are significant gaps in protection of patient information even after provisions of the economic stimulus package expanded federal privacy protections, according to a report. Modern Healthcare.

Senator's Push for EHRs Undeterred by Recent Health Data Breach

Tue, 19 May 2009 07:00:00 GMT

Just two-and-a-half weeks after a hacker accessed millions of Virginians' prescription drug records that were stored in a state computer database, Virginia Sen. Mark Warner convened a conference to stump for the benefits of electronic health records. AP/Washington Times.

California Regulators Issue First Fines Under New Medical Privacy Law

Mon, 18 May 2009 07:00:00 GMT

A Kaiser Permanente hospital was fined $250,000 for not doing enough to stop employees from improperly accessing the electronic health record of a woman who delivered octuplets at the hospital this year. The fines come under a new California law that took effect Jan. 1. Modern Healthcare et al.

McGraw Advises Against Separate Health IT Privacy Work Group

Fri, 15 May 2009 07:00:00 GMT

Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology, recommended that the Health IT Policy Committee's three established work groups address privacy and security issues as they arise, rather than in a separate group. Modern Healthcare.

Identity of Hackers Who Accessed Virginia Health Data Remains Unknown

Wed, 13 May 2009 07:00:00 GMT

The FBI and Virginia authorities have not identified the hackers who broke into the state's Prescription Monitoring Program. Florida lawmakers are asking Gov. Charlie Crist to veto a bill to create a similar database because of concerns stemming from the incident. Richmond Times-Dispatch et al.