Encryption is a standard security procedure for moving patient information over the Internet, but not so much for patient records just sitting there on a computer not going anywhere.
So one thing that jumps out in the CMS' new Stage 2 meaningful-use rule is the increased emphasis on encryption for so-called data at rest—that is, patient-identifiable records on servers, hard drives and portable devices.
Under Stage 1 rules, providers are required to perform a risk assessment, as they are required to do under the security provisions of Health Insurance Portability and Accountability Act.
Now under Stage 2, they must give serious consideration to encrypting that data (PDF, see pages 132-136).
Why the change in emphasis?
Read more »
Permalink | Post a Comment
Readers here yesterday will recall the first half of the story of Julie, the pseudonym of a Boston-area lawyer who spoke at a healthcare privacy conference in Washington this month.
Julie said she began psychotherapy sessions in 2002. At the time, she was assured records of those sessions would be kept private.
But Julie said she learned in 2008 that a primary-care physician she was seeing for a stomachache had read notes from her years of psychotherapy.
Here's the rest of her story:
Julie said she first appealed to authorities at the big-name healthcare organization where she received care, seeking what she thought would be a quick fix: segregation of her therapist's notes from the rest of her records.
"There is supposed to be protection for what's called psychotherapy notes," she said. "Those are not allowed to be in the record."
Instead, someone at the big-name healthcare organization blithely told her it had "interpreted that what was in my record were not psychotherapy notes; those were psychiatric records. They said they were not going to segregate psychiatric records. It's a disservice to their patients."
Disservice?
Read more »
Permalink | Post a Comment
She was using the name Julie, but it wasn't her real name, she said. She is a lawyer, but she doesn't practice law anymore. She is employed in the public sector, near Boston, where she had sought treatment from a big-name healthcare organization.
The reasons for these obfuscations were made plain to attendees of the 2nd Annual International Summit on the Future of Health Privacy this month in Washington.
Julie had spoken there, serving as a star witness as to just how contemptuous our healthcare system can be of patients and their rights and their needs to keep some or all of their medical records private.
I interviewed Julie after her talk.
Read more »
Permalink | Post a Comment
