Site moved to www.healthblawg.com, redirecting in 1 second...

184 posts categorized "HIPAA"

April 13, 2015

Get Social Health: David Harlow Podcast Interview with Janet Kennedy

GetSocialHealthImage

I recently had the pleasure of speaking with Janet Kennedy of Get Social Health about health care uses of social media, with a focus on HIPAA and other privacy concerns and other legal issues that may apply to uses of social media by health care organizations for marketing purposes and otherwise.

Check out her post, and her entire podcast: David Harlow IS @Healthblawg. Stick around and listen to some of the other interviews she has conducted, too.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

March 18, 2015

HIPAA Audits: The Latest Oracular Prognostications

1024px-Delphi_tholos_cazzulOMB cleared the HIPAA pre-audit survey late last week. (H/T LifeHealthPro.) That is one crucial prerequisite to OCR's initiation of the new round of HIPAA audits that have been the subject of all the Delphic prophecies we keep hearing (the survey is required to collect information about covered entities and their business associates, since this round of audits is supposed to include a look at business associates . . . and OCR won't know who's a business associate unless they ask covered entities).

OCR has apparently already identified "several hundred" covered entities (see "OCR supporting statement A") to which it would like to administer the questionnaire this time around (out of an estimated 3 million covered entities).

Continue reading "HIPAA Audits: The Latest Oracular Prognostications" »

February 06, 2015

Lessons from the Anthem breach

King_Henry_V_at_the_Battle_of_Agincourt,_1415
Into the Breach

Anthem experienced a major data breach last week, and reportedly some records (Social Security Numbers and other identifying information, but not health data) of up to 80 million members and employees were obtained by hackers.

There is much to be said (and much has already been said) about the need for privacy and security and protections in the case of Anthem, just as "helpful hints" have been provided after the fact to victims of all significant data breaches. My reaction, when reading about the unencrypted SSNs that were accessed in this attack, was: Why in the world are we using social security numbers as ID numbers? It doesn't have to be this way.

Continue reading "Lessons from the Anthem breach" »

February 03, 2015

ONC, Interoperability, and the 2/6/2015 #HITsm Tweetchat

HITsmI am pleased to be moderating the weekly #HITsm tweetchat this Friday, February 6, 2015 -- Beyond Meaningful Use: What’s next for ONC … and the rest of us. Join us at 12 noon Eastern Time.

Top of mind for the #HITsm twitterati this week are the ONC interoperability roadmap released at the end of last week, and the ONC conference taking place this week in DC. Check out the ONC liveblogging from Mark Scrimshire (aka @ekivemark), and the #ONC2015 tweetstream at large.

Here are the topics for this week's chat. I look forward to discussing them with you.

Continue reading "ONC, Interoperability, and the 2/6/2015 #HITsm Tweetchat" »

January 30, 2015

Privacy and Security and the Internet of Things

E._M._Forster_von_Dora_Carrington,_1924-25
"Only Connect"

In the future, everything will be connected.

That future is almost here.

Over a year ago, the Federal Trade Commission held an Internet of Things workshop and it has finally issued a report summarizing comments and recommendations that came out of that conclave.

As in the case of the HITECH Act's attempt to increase public confidence in electronic health records by ramping up privacy and security protections for health data, the IoT report -- and an accompanying publication with recommendations to industry regarding taking a risk-based approach to development, adhering to industry best practices (encryption, authentication, etc.) -- seeks to increase the public's confidence, but is doing it the FTC way: no actual rules, just guidance that can be used later by the FTC in enforcement cases. The FTC can take action against an entity that engages in unfair or deceptive business practices, but such practices are defined by case law (administrative and judicial), not regulations, thus creating the U.S. Supreme Court and pornography conundrum -- I can't define it, but I know it when I see it (see Justice Stewart's timeless concurring opinion in Jacobellis v. Ohio).

Continue reading "Privacy and Security and the Internet of Things" »

November 14, 2014

HIPAA: Liability to Private Parties for Violations

Judge flickr ccThis week, Connecticut joined at least nine other states (DE, KY, ME, MN, MO, NC, TN, UT, WV -- see cases cited in the opinion, linked to below) in recognizing that, while HIPAA does not create a private right of action for violation of privacy, it does constitute a standard against which the actions of a defendant in such a case will be judged. In other words, if a covered entity or business associate or downstream contractor releases PHI other than in accordance with HIPAA (i.e., for treatment, payment or health care operations purposes, or to or at the direction of the data subject or his or her legal representative), the breach of the HIPAA rule may be the basis for a finding of a breach of a duty of care in a state court negligence action.

As the Connecticut Supreme Court observed in its opinion in Byrne v. Avery Ctr. for OB GYN, which was released earlier this week:

[A]ssuming, without deciding, that Connecticut's common law recognizes a negligence cause of action arising from health care providers' breaches of patient privacy in the context of complying with subpoenas, we agree with the plaintiff and conclude that such an action is not preempted by HIPAA and, further, that the HIPAA regulations may well inform the applicable standard of care in certain circumstances . . . .

Continue reading "HIPAA: Liability to Private Parties for Violations" »

October 14, 2014

Apple HealthKit - Epic Integration at Ochsner Health System - David Harlow Interviews Dr. Richard Milani

Apple-healthkitThe first health system to announce that it had integrated HealthKit into its Epic EHR is Ochsner Health System in Louisiana. It is a 12-hospital, 40-clinic operation with over 900 physicians. I spoke recently with Dr. Richard Milani, Ochsner's Chief Clinical Transformation Officer. He was enthusiastic about the improvements in clinical outcomes realized to date through homegrown integrations of things like Withings scales, and sees significant expanded potential using the Epic-HealthKit integration including dissemination of data to clinicians for more efficient and effective management of care and presentation of data to patients in a way that may motivate behavior change to improve health status.

Continue reading "Apple HealthKit - Epic Integration at Ochsner Health System - David Harlow Interviews Dr. Richard Milani" »

October 02, 2014

mHealth Fitness Trackers Have a Long Way to Go

10123541544_80f31e218d_oA report on a survey regarding wearable fitness trackers arrived in the HealthBlawger's mailbox this week. An interesting dose of reality, after spending a few days in Silicon Valley recently with a cadre of early adopters.

Here are the highlights:

>> 74.9 percent of adults do not track their weight, diet, or exercise using a fitness tracking device or app
>> The most commonly cited reason for not tracking fitness or health is a general lack of interest (27.2 percent), followed by concerns over device cost (17.7 percent)
>> 43.7 percent respondents did not have a specific reason for not tracking their fitness
>> 57.1 percent of non-tracking adults said that the possibility of lower health insurance premiums would make them more likely to use a fitness tracking device
>> Less than half of respondents (44.3 percent) said that better healthcare advice from their physician would be an incentive to use a fitness tracker

Continue reading "mHealth Fitness Trackers Have a Long Way to Go" »

October 01, 2014

HealthCamp Boston, November 3, 2014 - Register Now For The Health Innovation Unconference

HCBOS-logo-sqHealthCamp is heading back to Boston. Once again we will be at the Microsoft NERD in Cambridge, MA. This was the venue for the inaugural HealthCamp Boston in 2009 and for the second edition in 2012. We are excited to be returning to this fabulous facility.

Register now!

Our date is set. HealthCamp Boston will take place on Monday November 3, 2014.

This is the day before the Digital Healthcare Innovation Summit. So come a day early and really turbocharge your conference experience by joining other passionate healthcare innovation people at Health Care’s leading unconference – HealthCamp.

Continue reading "HealthCamp Boston, November 3, 2014 - Register Now For The Health Innovation Unconference" »

September 17, 2014

Waiting for HIPAA Clarity? Who Has Time?

VaultI recently read that the App Association (aka ACT) is lobbying Congress to promote clarity in HIPAA regulations for app developers, based in part on the experience that health care systems "don’t understand the intersection of HIPAA and mobile, and their reaction is to say ‘no’, [which means that] apps that improve outcomes don’t make it through the front door.”

Blaming the government for a regulated industry's failure to understand regulations, and suggesting that the government should publish its regulations through channels other than the official channels are interesting strategies. It seems to me that there are more productive ways of engaging with the issues.

Continue reading "Waiting for HIPAA Clarity? Who Has Time?" »