March 17th, 2011 by DavidHarlow in Health Policy, Opinion
No Comments »
HealthNet either lost, or had stolen from it, computer hard drives with PHI of 1.9 million subscribers that had been in a California facility. This latest HealthNet data security breach, which may have included names, Social Security numbers, addresses, health information and financial information comes a little over a year after a widely-reported data security breach by HealthNet in Connecticut which resulted in the first state Attorney General action under the HIPAA amendments contained in the HITECH Act. HealthNet is notifying affected individuals and is offering two years of no-cost credit monitoring and fraud resolution services, and credit restoration and identify theft insurance as needed.
It’s both surprising and unsurprising that this has happened again to HealthNet. In these cases, and in recent cases in Massachusetts (Mass General Hospital HIPAA settlement) and Maryland (Cignet HIPAA violations and CMPs), we have seen examples, collectively, of individual sloppiness, of ineffective corporate policies and procedures, and possibly of gross neglect/fraud/incompetence. The question arises: Is HIPAA the right instrument to address all three sorts of problems? Since it seems that it is not having an effect on any of them, I would suggest that the answer is no. Read more »
*This blog post was originally published at HealthBlawg :: David Harlow's Health Care Law Blog*
March 14th, 2011 by DrWes in Health Policy, Opinion
No Comments »
Give me your medication list and I’ll tell you your health problems. It happens every day in emergency rooms across the country as confused elderly patients present for an acute problem unable to describe their past medical history, but equipped with a list of medications in their wallet:
Metformin = Type-2 diabetes
Synthroid = Hypothyroidism
Lipitor + Altace + Lasix + Slo-K = Ischemic cardiomyopathy
Lexapro = A little anxious or depressed
Viagra = Well, you know…
I bet I’d be right better than 90 percent of the time. Now, imagine you’re a pharmaceutical company wanting to target people with those chronic diseases. Where might you find them?
No problem. Just pay the insurers to provide you patients’ drug lists. No names need be exchanged in keeping with HIPAA requirements. But the drugs list attached to folks’ cable TV box? Perfect. You’re in — with no legal strings attached. Then, according to the Wall Street Journal, just fire away with that targeted direct-to-consumer advertising on TV, courtesy of your local healthcare insurance provider.
No wonder our healthcare industry movers and shakers love the electronic medical record. Healthcare privacy? What healthcare privacy?
-WesMusings of a cardiologist and cardiac electrophysiologist.
*This blog post was originally published at Dr. Wes*
January 15th, 2011 by DrWes in Health Policy, Opinion
No Comments »
From CBS News:
President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans, a White House official said here today.
It’s “the absolute perfect spot in the U.S. government” to centralize efforts toward creating an “identity ecosystem” for the Internet, White House Cybersecurity Coordinator Howard Schmidt said.
That news, first reported by CNET, effectively pushes the department to the forefront of the issue, beating out other potential candidates including the National Security Agency and the Department of Homeland Security. The move also is likely to please privacy and civil liberties groups that have raised concerns in the past over the dual roles of police and intelligence agencies.
No, they’re not talking about a national ID card, just an international internet ID. The announcement came at an event today at the Stanford Institute for Economic Policy Research, where U.S. Commerce Secretary Gary Locke and Schmidt spoke. The Obama administration is currently drafting what it’s calling the National Strategy for Trusted Identities in Cyberspace, which Locke said will be released by the president in the next few months. (An early version was publicly released last summer.)
“We are not talking about a national ID card,” Locke said at the Stanford event. “We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.”
Imagine: Anyone registered with such a cyber-ID who conferences with their doctor via a “secure server” can also be tracked by the government with such a mechanism. And the issue of not needing more than one password? While convenient, the ramifications of multiple accounts being compromised if a data leak were to occur remains with such a mechanism. Read more »
*This blog post was originally published at Dr. Wes*
October 31st, 2010 by DavidHarlow in Better Health Network, Health Policy, News, Opinion
No Comments »
I [recently] attended the Connected Health Symposium in Boston. I enjoyed many of the sessions (sometimes wished I could have attended two simultaneously, though the livetweeting — #chs10 — helped on that front), and as usual enjoyed the hallway and exhibit floor conversations too. As is often the case at conferences these days, I had the opportunity to meet several online connections in real life for the first time.
(I will not attempt to give a comprehensive report of the symposium here. Please see the livetweeting archive and other reports to get a sense of the rest of the event.)
This year’s exhibit floor included a diverse mix of distance health tools. Most striking from my perspective was the fact that most of these tools do one of two things: Enable patient-clinician videoconferencing, or upload data from in-home monitoring devices. The best of the second category also trigger alerts resulting in emails or PHR/EHR alerts to clinicians if vital signs are out of whack, or phone calls to consumers or their caregivers if, for example, meds aren’t taken on time (one company had a pill bottle with a transmitter in the cap that signals when it’s opened; another had a Pyxis-like auto-dispenser, that looked like you’d need an engineer — or a teenager — to program it). One tool — Intel’s — seemed to combine most of these functions, and more, into one platform, but it’s barely in beta, with only about 1,000 units out in the real world.
The speakers this year seemed to return again and again to several major themes: (1) Is any particular connected health solution scalable? (2) Who will pay for connected health, or mobile health (mHealth)? and (3) Does it work? Read more »
*This blog post was originally published at HealthBlawg :: David Harlow's Health Care Law Blog*
October 22nd, 2010 by DrWes in Better Health Network, Health Policy, News, Opinion
No Comments »
[Recently] the Wall Street Journal‘s front page story exposed a significant privacy breech of online personal information via the world’s most popular social networking site, Facebook:
Many of the most popular applications, or “apps,” on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.
The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings. The practice breaks Facebook’s rules, and renews questions about its ability to keep identifiable information about its users’ activities secure.
How could they? Imagine the nerve of marketers using Facebook ID’s to develop profiles on people using little socializing games! Facebook has a privacy policy! I was assured that if I set my privacy settings to “maximum,” this would never happen! To which I say: “Duh!” When it comes to money, people get awfully creative.
So while Facebook grapples with its latest public relations nightmare, we should realize our electronic medical record app vendors are doing exactly the same thing. Worse, it’s perfectly legal, even though each of use has been assured our privacy settings are set to “maximum” through the reassurances of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the The Patient Safety and Quality Improvement Act of 2005 (PSQIA). Read more »
*This blog post was originally published at Dr. Wes*