Group items tagged

The recent U.S. stimulus bill includes $18 billion to catapult the health industry toward the world of electronic health records. This is sure to light a fire under every hungry security vendor to position itself as the essential product or service necessary to achieve HIPAA compliance. It should also motivate healthcare IT professionals to learn where their sensitive data is located and how it flows. To be sure, with federal money allocated through 2014 for the task of modernizing the healthcare industry there will be many consultant and vendor businesses that will thrive on stimulus money. Healthcare is unique in that storage of electronic health records is highly distributed between primary care physicians, specialist doctors, hospitals, and insurance/HMO organizations. Information has to be efficiently shared among these entities with great sensitivity towards patient privacy and legitimate claims processing. Patients want to prevent over zealous employers from performing unauthorized background checks on medical history; claim processors want to prevent paying fraudulent claims arising from targeted patient identity theft. The bill has two provisions which turn this into a tremendously challenging plan, and a daunting task for securing patient data: * Citizens will have the right to monitor and control use of their own health data. This implies a large centralized identity and access control service, or perhaps a federated network of patient registration directories. Authenticated users will be able to reach into the network of health databases audit use of their data and payment history. * Health organizations suffering loss of more than 500 patient records must publicly disclose the breach, starting with postings on the government's Health and Human Services website. This allows related organizations to trace the impact of the breach throughout the healthcare network, but care must be taken not to disclose vulnerabilities in the system to intruders

The US government has now adopted a policy of fostering the adoption of electronic medical records (EMR). The policy is intended to increase the efficiency of the US healthcare system, thereby lowering costs and reducing the incidence of preventable errors. At the same time, through its The Health Insurance Portability and Accountability Act (HIPAA) privacy rules, the government has set minimum standards for the security of those records. These two goals-privacy and security of these records, along with their free interchange among medical providers-can easily wind up at odds with each other. A recent study that looked at the role of state privacy laws in EMR adoption suggests that the problem is very real, as state privacy laws seem to inhibit the use of EMR by hospitals located there. The authors, based at MIT and the University of Virginia, line up a variety of data that validate their suggestion that privacy and the use of EMR may require a careful balance. So, for example, they cite some highly publicized lapses when it comes to the maintenance of patient privacy: someone once offered the records of 200,000 patients for sale on Craigslist, while hospitals have seen their own employees attempt to get at the electronic files of famous patients. Perhaps more significantly, the authors suggest that the public, as represented by their legislators, has concerns about the privacy of EMR. They found that states that have passed their own privacy laws to supplement the HIPAA rules tend to have a higher percentage of their populace signed up for the Do Not Call Registry, indicating a corresponding individual-level interest in maintaining privacy. So, they looked at whether these laws had any impact on the adoption of EMR by hospitals located in each state.

making best indexing in goggle and bing. RADJASEOTEA is a master of backlinks. You want indexing in goggle and bing. LOOK THIS www.fiverr.com/radjaseotea/making-best-super-backlink-143445

Last week, the government took another step toward closing a legal loophole in federal privacy and security rules for emerging Health 2.0 information technology applications by issuing proposed rules aimed at covering an estimated 900 companies and organizations offering personal health records and electronic systems connected to them. The Federal Trade Commission was careful to point out its new interim proposed rule on federal breach notification requirements for the developers of electronic PHR systems did not apply to covered organizations or their business associates as defined by the Health Insurance Portability and Accountability Act of 1996, heretofore the key federal privacy and security regulation. The FTC, operating under new authority given it by the American Recovery and Reinvestment Act of 2009, noted that its new rule seeks to cover previously unregulated entities that are part of a Health 2.0 product mix. FTC staff estimates that about 200 PHR vendors, another 500 related entities and 200 third-party service providers will be subject to the new breach notification rule. The staffers estimate that the 900 affected companies and organizations, on average, will experience 11 breaches each per year at a total cost of about $1 million per group, per year. Costs include investigating the breach, notifying consumers and establishing toll-free numbers for explaining the breaches and providing additional information to consumers. Pam Dixon, founder and executive director of the World Privacy Forum, said that this isn't the first involvement of the FTC in healthcare-related regulation, noting the consumer protection agency joined with the Food and Drug Administration in a joint statement on the marketing of direct-to-consumer genetic tests. The FTC also has worked in the field of healthcare competition. She noted the compliance deadline with the FTC's "red flag rules" on provider organizations that provide consumer credit to patients for installment payment

Patients' advocates claimed victory in a battle over the privacy of health records as the U.S. Congress approved the economic stimulus bill, which contains $19 billion for health-care information. U.S. House and Senate negotiators' compromise reflects stricter standards that privacy advocates wanted for marketing, selling and disclosing health data. Both houses approved the $787 billion stimulus plan today and sent it to President Barack Obama for his signature. The legislation contains $2 billion in grants to create a national system of computerized health records and $17 billion in higher Medicare and Medicaid reimbursements for doctors and hospitals to adopt the technology. Electronic records will improve care and reduce costs, Obama said. The legislation also will boost the health-records industry, led by Allscripts-Misys Healthcare Solutions Inc., Quality Systems Inc. and Athenahealth Inc. "We've dramatically improved on the status-quo, wholly unregulated system where private patient data was bought and sold like any commodity," Caroline Fredrickson, director of the American Civil Liberties Union's Washington legislative office, said in an interview today.

Do you know where your electronic health information is tonight? Here's a reader challenge: I'll pay $10 to the first adult who has had at least five encounters with the private-sector healthcare system in the past 10 years to come up with a complete map of where all his or her electronic health records have traveled, who has seen them and where they are now.

URAC, the leading health care accreditation and education organization, announced today the recent Healthcare Information and Management Systems Society (HIMSS) annual conference raised important questions about consumer privacy and security around electronic health records (EHR). (Logo: http://www.newscom.com/cgi-bin/prnh/20030501/URACLOGO ) "There is no doubt that electronic health records are coming. The question is whether or not consumers' privacy is a key issue or an afterthought," said Alan P. Spielman, President and CEO of URAC. "A lot of forces are driving the push for EHR. However, it is important that standards go hand-in-hand with policy so that it doesn't become the Wild West with every vendor and health care provider using different terms." The rules set by the Health Insurance Portability and Accountability Act (HIPAA) are integral to the widespread adoption of EHR. However, the rules can be confusing for consumers and providers. URAC was the first organization to offer HIPAA Privacy Accreditation. The organization now offers comprehensive standards for both HIPAA Privacy and HIPAA Security accreditation. These standards are applicable to all personal health information storage formats and exchanges claims transactions and are designed for many different types of health care organizations including both Covered Entities (CE) and Business Associates (BA). They also require an ongoing compliance program that identifies, tracks and makes the necessary changes in response to a federal or state regulatory change.

As health care providers determine how they will take advantage of the $19 billion allocated in the stimulus package to help jumpstart advances in health information technology (HIT), consumer appetite for electronic health records (EHRs), online tools and services is also growing, according to the results of the 2009 Deloitte Survey of Health Care Consumers (www.deloitte.com/us/2009consumersurvey). While only 9 percent of consumers surveyed have an electronic personal health record (PHR), 42 percent are interested in establishing PHRs connected online to their physicians. Fifty-five percent want the ability to communicate with their doctor via email to exchange health information and get answers to questions. Fifty-seven percent reported they'd be interested in scheduling appointments, buying prescriptions and completing other transactions online if their information is protected. Technologies that can facilitate consumer transactions with providers and health plans, like integrated billing systems that make bill payment faster and more convenient, are also appealing to nearly half (47 percent) of consumers surveyed. The survey of more than 4,000 U.S. consumers 18 and over was released today at the Healthcare Information and Management Systems Society (HIMSS) Annual Conference held in Chicago. It is the second annual study examining health care consumers' attitudes, behaviors and unmet needs conducted by the Deloitte Center for Health Solutions offering health care industry leaders and policymakers a timely look at how health care consumerism is evolving. "Consumers are increasingly embracing innovations that enhance self-care, convenience, personalization and control of personal health information," said Paul H. Keckley, Ph.D., executive director, Deloitte Center for Health Solutions. "Consumers want a bigger say in their health care decisions. Consumer demand for HIT and its potential impact on reforming the system has never been stronger." Despite strong con

California regulators have fined Kaiser Permanente Bellflower (Calif.) Medical Center $250,000 for failing to keep workers from peeking at the electronic health records of Nadya Suleman, who gave birth to octuplets at the hospital in January. The fine is the first under a new state law, which took effect in January, aimed at protecting patient medical records at hospitals and carries the maximum penalty allowable. Twenty-three unauthorized staff and physicians accessed the medical records, including some at other Kaiser facilities. Seven people viewed the records more than once, according to the California Public Health Department, which licenses hospitals in the state. Kaiser fired one person who peeked at Suleman's records, 14 others resigned and eight were disciplined.

Bring up the subject of digitizing medical records and you're likely to get a paradox of a discussion. Everyone thinks it will help save money and improve health care, and everyone has grave reservations. Get ready to hear more as a massive economic stimulus bill works its way through Congress, which includes IT health care spending measures. Although lawmakers are close to pulling the trigger. ensuring the privacy of patients' electronic health records (EHR) remains a top concern. "I very firmly believe that the Achilles heel of health IT is privacy," said Sen. Jim Whitehouse, a Rhode Island Democrat who chaired a hearing this morning examining the appropriate safeguards government should insist on before it doles out billions of dollars to help providers computerize patients' records. Champions of health IT argue that EHRs and interoperable systems to integrate data among providers would drive down healthcare costs while greatly reducing medical errors. Just 17 percent of physicians currently have even basic EHRs. The Center for Disease Control has estimated that as many as 98,000 preventable deaths occur in U.S. hospitals each year, many of which could presumably been avoided with more accessible patient data. "If 100,000 Americans were being killed by anything else, we'd be at war," Whitehouse said.

Hospital CIOs, chief information security officers, and privacy officers are working diligently to keep their names off that wall. But they are dealing with a regulatory environment that is still in flux. A final rule that will strengthen HIPAA privacy and security safeguards is due out before the end of the year. HHS also has proposed a rule for the accounting of disclosures from electronic records. The biggest shift under way may be a new enforcement regime as the HHS Office for Civil Rights (OCR) shifts gears from only reacting to data breach reports to begin random audits of the privacy and security safeguards of large and small providers and their business associates. Another new wrinkle under the HITECH Act is that state attorneys general can file civil lawsuits for HIPAA violations.

Privacy and civil liberties advocates are urging lawmakers working on the forthcoming economic stimulus package to ensure that any language to spur adoption of electronic medical records includes meaningful security safeguards. The American Civil Liberties Union, Consumer Action, the National Association of Social Workers, Patient Privacy Rights and others sent letters to House Speaker Nancy Pelosi, Senate Majority Leader Harry Reid and President-elect Barack Obama Wednesday asking them to ensure individuals can control the use of their medical records and protect them from what they believe is a thriving industry of firms that share and sell medical data. "We all want to innovate and improve health care, but without privacy our system will crash as any system with a persistent and chronic virus will," Patient Privacy Rights executive director Ashley Katz said at a Capitol Hill briefing. Katz said her group has been pleased with progress that the House Energy and Commerce, and Ways and Means committees made last year.

Healthcare organizations are losing more than just names, addresses and Social Security numbers. When their data gets stolen, patients lose the privacy of their medical conditions, treatments and medications while at the same time falling prey to identity theft, medical billing fraud and other criminal schemes. Theft of electronic medical records is on the rise, and the implications are getting more serious. In a 2008 survey of identity theft victims, the Identity Theft Resource Center found that 67% had been charged for medical services they never received and 11% were denied health or life insurance due to unexplained reasons.

Both panels that advise the national coordinator for health IT plan to focus on privacy and security standards needed to support meaningful use of electronic health records when they meet later this month, according to notices in today's Federal Register. The Health IT Policy Committee, led by Dr. David Blumenthal, the national coordinator for health IT, will direct more of its discussion at its upcoming Sept. 18 meeting on health information privacy and security as it makes progress in defining meaningful use under the stimulus law, according to the notice. Likewise, the companion Health IT Standards Committee, which meets Sept. 15, will concentrate on refining standards recommendations made by its privacy and security work group. At the Standards Committee's previous meeting Aug. 20, its privacy and security workgroup presented standards for authentication, authorization, auditing and secure data transmission of health information in EHR products as well as the infrastructure that hosts them. The work of the panel includes protecting data inside an enterprise as well as data exchange between enterprises, "because security is an end to end process," noted Dr. John Halamka, the committee's chairman in a post on his blog, "Life as a Healthcare CIO."