It's been said, “There's no melon like a snitched melon.”
Is there something about sneaking into someone else's patch and purloining a plump one that makes it taste sweeter?
The pathology of snitched melons came to mind last week while thinking about CVS and the pharmacy chains and why they were squaring off with the Office for Civil Rights at HHS.
The pharmacies have expressed their distaste for a section of the omnibus privacy rule that OCR wrote and released in January and will enforce after its Sept. 23 compliance date.
Read more »
Permalink | Post a Comment
Before the release of the omnibus privacy rule earlier his year, or passage of the more stringent privacy provisions of the American Recovery and Reinvestment Act of 2009, or even the main federal health information privacy law, the Health Insurance Portability and Accountability Act of 1996, there were state, federal and common law provisions in full force about the handling of particularly sensitive patient information.
That special class of patient information includes patient records about treatment for drug and alcohol abuse, mental health, HIV/AIDs and sickle cell.
A workgroup of the federally chartered Health IT Policy Committee spent the better part of an hour Tuesday going over its recommendations on how to handle the legal and ethical privacy concerns over the exchange of digitized patient records. The gnarliest problem, evidenced by the longest discussion, related to the exchange of these particularly sensitive types of patient information, some with unique legal protections that are far more stringent than the rather lax restrictions under the current HHS interpretation of HIPAA.
Recommendations to the HITPC by its privacy and security tiger team, as the workgroup is officially called, were formally accepted for two of three classes of exchange. From there, they will be forwarded to the Office of the National Coordinator for Health Information Technology at HHS. The HITPC was created by the American Recovery and Reinvestment Act of 2009 to give such advice to the ONC.
Approved were recommendations on routine, “targeted” exchanges between providers with established relationships, exchanges in the paper world long since covered by HIPAA. In these transactions, after a 2002 HHS rewrite of the HIPAA privacy rule, patient consent is no longer required when the exchange occurs for treatment, payment and—this is where the laxity comes in—a host of “other healthcare operations.”
Read more »
Permalink | Post a Comment
It was déjà vu for data security expert Michael "Mac" McMillan when he heard a hacker had tried to extort money from an Illinois medical group whose patient records and e-mail messages the intruder had accessed and encrypted.
"This is classic," McMillian said. "We saw this countless times in the 1990s with community banks. They would get access to the accounts with people's data and send the bank director a ransom note."
McMillan is the founder and CEO of CynergisTek, an Austin, Texas-based security consulting firm serving the healthcare industry.
He hasn't heard of another incidence in the healthcare industry in which encryption was used to hold a provider's data hostage—at least not yet—but "it doesn't surprise me that it's happened," he said.
When other industries computerized their business processes, security trailed, McMillan said. "They all went through these phases, where the big guys at the top did it first and the little guys dragged their feet."
In healthcare, "with all this digitization and data-sharing, you become more and more vulnerable to threats from the Internet," he said.
The hack job on the computer system of three surgeons in Libertyville, Ill., a northwest suburb of Chicago, was discovered in June but wasn't publicly revealed until recently. The investigation was turned over to the Secret Service—an agency most widely known for its work protecting the U.S. president, but that possesses other skills, too.
"The Secret Service is the organization within the federal government that has executive agency over computer security crimes," McMillan said. "Typically, when they get involved, there is some form of interstate extortion or threat or something big that can cross state lines or international boundaries."
Read more »
Permalink | Post a Comment
Veteran informaticist Dr. Scott Weingarten took to the podium right after breakfast to announce that the healthcare reform had been upheld.
The Supreme Court decision had hit the media maybe an hour earlier that morning, so it was not breaking news, even in California, where the Zynx Health co-founder and CEO and former director of health services research at Cedars-Sinai Medical Center in Los Angeles, was the day's first speaker at the 21st annual Physician-Computer Connection Symposium, hosted by the Association of Medical Directors of Information Systems in Ojai, Calif.
Read more »
Permalink | Post a Comment
