Group items tagged

In May 2008, the Office of the National Coordinator for Health Information Technology (ONC) awarded an approximately $450,000 contract to Booz Allen Hamilton to assess and evaluate the scope of the medical identity theft problem in the U.S. Medical Identity Theft Medical identity theft is a specific type of identity theft which occurs when a person uses someone else's personal health identifiable information, such as insurance information, Social Security Number, health care file, or medical records, without the individual's knowledge or consent to obtain medical goods or services, or to submit false claims for medical services. There is limited information available about the scope, depth, and breadth of medical identity theft. Dr. Robert Kolodner, National Coordinator for Health Information Technology, has noted that medical identity theft stories are being documented at an increasing rate, bringing to light serious financial, fraud, and patient care issues. ONC recognizes that health IT is an important tool to combat the threat of medical identity theft. We are seeking input from the public and other government agencies to better understand how health IT can be utilized to prevent and detect medical identity theft as well as build consumer trust in electronic health information exchange. ONC believes it is imperative to obtain a more comprehensive understanding of this issue from a variety of perspectives, and to create an open forum for dialogue to work proactively to address medical identity theft. Medical Identity Theft final report. The report summarizing health IT and medical identity theft issues raised at the town hall was completed January 15, 2009 and sets forth potential actions the Federal government and other stakeholders can undertake in working toward prevention, detection, and remediation of medical identify theft.

Late last month, the House passed an economic recovery package containing $20 billion for health information technology, which would require the Department of Health and Human Services to develop standards by 2010 for a nationwide system to exchange health data electronically. The version of the recovery package passed by the Senate yesterday contains slightly less funding for health information technology ("health IT"). But as Congress moves to reconcile the two stimulus packages, conservatives have begun attacking the health IT provisions, falsely claiming that they would lead to the government "telling the doctors what they can't and cannot treat, and on whom they can and cannot treat." The conservative misinformation campaign began on Monday with a Bloomberg "commentary" by Hudson Institute fellow Betsy McCaughey, which claimed that the legislation will have the government "monitor treatments" in order to "'guide' your doctor's decisions." McCaughey's imaginative misreading was quickly trumpeted by Rush Limbaugh and the Drudge Report, eventually ending up on Fox News, where McCaughey's opinion column was described as "a report." In one of the many Fox segments focused on the column, hosts Megyn Kelly and Bill Hemmer blindsided Sens. Arlen Specter (R-PA) and Jon Tester (D-MT) with McCaughey's false interpretation, causing them to promise that they would "get this provision clarified." On his radio show yesterday, Limbaugh credited himself for injecting the false story into the stimulus debate, saying that he "detailed it and now it's all over mainstream media."

Last week, the government took another step toward closing a legal loophole in federal privacy and security rules for emerging Health 2.0 information technology applications by issuing proposed rules aimed at covering an estimated 900 companies and organizations offering personal health records and electronic systems connected to them. The Federal Trade Commission was careful to point out its new interim proposed rule on federal breach notification requirements for the developers of electronic PHR systems did not apply to covered organizations or their business associates as defined by the Health Insurance Portability and Accountability Act of 1996, heretofore the key federal privacy and security regulation. The FTC, operating under new authority given it by the American Recovery and Reinvestment Act of 2009, noted that its new rule seeks to cover previously unregulated entities that are part of a Health 2.0 product mix. FTC staff estimates that about 200 PHR vendors, another 500 related entities and 200 third-party service providers will be subject to the new breach notification rule. The staffers estimate that the 900 affected companies and organizations, on average, will experience 11 breaches each per year at a total cost of about $1 million per group, per year. Costs include investigating the breach, notifying consumers and establishing toll-free numbers for explaining the breaches and providing additional information to consumers. Pam Dixon, founder and executive director of the World Privacy Forum, said that this isn't the first involvement of the FTC in healthcare-related regulation, noting the consumer protection agency joined with the Food and Drug Administration in a joint statement on the marketing of direct-to-consumer genetic tests. The FTC also has worked in the field of healthcare competition. She noted the compliance deadline with the FTC's "red flag rules" on provider organizations that provide consumer credit to patients for installment payment

In a study that is unlikely to find favor among privacy advocates, researchers from two academic institutions warned that increased efforts to protect the privacy of health data will hamper the adoption of electronic medical records systems. The study, conducted by researchers at MIT and the University of Virginia, said EMR adoption is often slowest in states with strong regulations for safeguarding the privacy of medical records. On average, the number of hospitals deploying EMR systems was up to 30% lower in states where health care providers are forced to comply with strong privacy laws than it was in states with less stringent privacy requirements. That's because privacy rules often made it harder and more expensive for hospitals to exchange and transfer patient information, thereby reducing the value of an EMR system, the study found.

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

Privacy and civil liberties advocates are urging lawmakers working on the forthcoming economic stimulus package to ensure that any language to spur adoption of electronic medical records includes meaningful security safeguards. The American Civil Liberties Union, Consumer Action, the National Association of Social Workers, Patient Privacy Rights and others sent letters to House Speaker Nancy Pelosi, Senate Majority Leader Harry Reid and President-elect Barack Obama Wednesday asking them to ensure individuals can control the use of their medical records and protect them from what they believe is a thriving industry of firms that share and sell medical data. "We all want to innovate and improve health care, but without privacy our system will crash as any system with a persistent and chronic virus will," Patient Privacy Rights executive director Ashley Katz said at a Capitol Hill briefing. Katz said her group has been pleased with progress that the House Energy and Commerce, and Ways and Means committees made last year.

Healthcare organizations are losing more than just names, addresses and Social Security numbers. When their data gets stolen, patients lose the privacy of their medical conditions, treatments and medications while at the same time falling prey to identity theft, medical billing fraud and other criminal schemes. Theft of electronic medical records is on the rise, and the implications are getting more serious. In a 2008 survey of identity theft victims, the Identity Theft Resource Center found that 67% had been charged for medical services they never received and 11% were denied health or life insurance due to unexplained reasons.

This year was an interesting year in privacy and information security, and by looking back, we can clearly discern trends that will likely be a major part of the security management landscape in 2009. More and more states passed breach-notification laws and several enhanced or extended existing legislation. Software-as-a-Service (SaaS) and virtualization really took off, and compliance's looming presence grew with PCI DSS version 1.2 and some actual enforcement of HIPAA. Of particular note was Massachusetts' data breach law 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. This is to date the most comprehensive law of its kind, setting a new standard for what breach-notification laws should look like; it covers both paper and electronic records, it mandates appropriate security awareness training as well as security and risk assessments and, most importantly, requires companies to make changes to their security programs in accordance with the findings of those risk assessments. Similarly, California enhanced the well-known CA-1386 to include not just traditional financial information, but also health care and health insurance data as well. With new mandates popping up all the time, it's no wonder compliance was one of the biggest focus areas for enterprise information security teams in the past year, and this trend will clearly continue in 2009; there will be more regulation on both the state and federal levels, and stronger enforcement of existing regulations. Fines and other penalties for violations of PCI DSS and HIPAA will continue to rise, along with the inevitable rise in discoveries of malfeasance. As a result, there will be an even larger focus on compliance by upper management, which also means decreased time and budget for necessary security controls that don't clearly fall under a compliance umbrella.

The statement did not indicate whether the information was paper-based or downloaded electronic information, and hospital officials were not immediately available for comment. The information likely was paper-based because "it appears the patients impacted by the incident were limited to individuals born between 1988 and 1992," according to the statement.