Site moved to www.healthblawg.com, redirecting in 1 second...

143 posts categorized "Privacy"

August 27, 2014

Health Care Conferences This Fall

Friendship Pins No 89 David HarlowYour faithful HealthBlawger will be out and about at a number of conferences and events this fall, speaking, moderating . . . and immoderately disrupting.

I hope to see you at one or more of these. See descriptions below for links to registration.

Keep an eye out for "Friendship Pins" -- my jacket from The Walking Gallery, pictured here -- and I will be in or near it.

If you are organizing a conference a little further down the road, please consider including me as a keynote speaker or otherwise. We should talk.

Here's the rundown:

HIMSS Privacy & Security Forum

September 8-9, 2014, Boston, MA

I'll be one of the general session speakers: Keeping Your Edge: Managing Social Media While Protecting Privacy & Security.

Continue reading "Health Care Conferences This Fall" »

August 22, 2014

Massive data breach. Time for sports analogies?

File3091346979128In reading an account of the recent attack on Community Health Systems that netted the bad guys 4.5 million patient records and earned CHS a prominent spot on the Wall of Shame, I was struck by the notion put across in the article that all we have to do is work harder to patch vulnerabilities, that with a better defense we can win the game against a skilled quarterback.

I think that we have to come to terms with the notion that privacy is a thing of the past, and that it is not a question of if, but a question of when, any particular system may be hacked. As in the case of the Heartbleed exploit, a back door may be propped open for years before anyone notices, and some exploits may leave no fingerprints.

Continue reading "Massive data breach. Time for sports analogies?" »

August 11, 2014

Practice Pointers in the Wake of the Johns Hopkins Hospital Privacy Settlement

Report-on-patient-privacy
An OB/GYN at Johns Hopkins was fired last year after a colleague reported her suspicions about a "pen-like device" that was always around his neck, and that turned out to be a camera. He had secretly photographed 7,000 patients over ten years while conducting pelvic exams. Ten days later he committed suicide. Last month, the hospital agreed to settle the class action lawsuit brought by patients whose privacy had been violated for $190 million.

Continue reading "Practice Pointers in the Wake of the Johns Hopkins Hospital Privacy Settlement" »

July 17, 2014

Health Information Exchange: Meaningful Consent

ME071014 Pg 47Health information exchange is one arrow in the quiver that may lead to promised improvement in the coordination, efficiency and effectiveness of health care services based on the sharing of data contained in individual patients' electronic health records.

An article in the current issue of Medical Economics examines some of the technical, legal and ethical issues around patient consent to the collection and transmission of protected health information by health information exchanges.

Continue reading "Health Information Exchange: Meaningful Consent" »

July 16, 2014

Consumer Generated Data: Your "Data Exhaust"

YourDataItsOutThere_InfographicYou might be surprised to learn how wide your digital footprint is these days.

It is worth getting up to speed on this issue by reading Jane Sarasohn-Kahn's latest report for the California Healthcare Foundation, entitled Here's Looking at You: How Personal Information Is Being Tracked and Used. I enjoyed speaking with Jane about these issues as she was researching and writing the report.

Some highlights:

1.    Most people are unaware that they are leaving their personal data behind and that some of this information is not protected by HIPAA. Data brokers are able to build dossiers on individuals to sell to marketers, while consumers lack recourse to obtain or correct their information.

2.    Clinical researchers, health plans, and others use the information to enhance individuals' health as well as to benefit public health. Larger and speedier clinical trials are made possible by the quantity of data available.

3.    Different types of information — such as historical claims data and consumer-generated data — can be combined and used for statistical modeling for health or financial risk-profiling. Such information is purchased by hedge funds, hospitals, large provider networks, payers, pharmaceutical companies, and others.

Continue reading "Consumer Generated Data: Your "Data Exhaust"" »

July 15, 2014

Health Care Online Marketing, Social Media and HIPAA - Google Hangout on Air

I recently spoke with Jon Schumacher and Michael Bloom on Health Jams -- a Google HOA series on marketing for health care entrepreneurs. This installment is a primer on health care social media, online marketing and use of online tools (including telehealth) by folks in the healthcare space and just over the line in other domains as well.

Please feel free to connect here or elsewhere on line to continue the conversation.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

May 15, 2014

HIPAA for Web and Mobile Developers and Designers (and for everyone, The Data Map)

DatamapI spoke at the HxRefactored conference in Brooklyn this week. The title of my talk was Dancing with HIPAA and it was intended as an introduction to health care data privacy and security regulations, practical concerns and -- most important -- practical solutions to privacy and security issues whether subject to HIPAA or not. Many issues for this audience will be triggered by data not gleaned from a health record maintained by a health care provider or payor. Instead, such data may be released by an individual (and therefore no longer covered by HIPAA) and mashed up with data feeds from personal trackers and manually inputted data, put through a health behavior modification recommendation engine, and -- voila! -- behavior change recommendations are delivered to an individual. In this context, the health data is being held in a special-purpose PHR, not an EHR, so HIPAA rules don't apply and therefore OCR enforcement should not be of concern -- though the FTC breach notification rules apply and, as we know, the FTC asserts broad parallel jurisdiction to enforce HIPAA as well.

Continue reading "HIPAA for Web and Mobile Developers and Designers (and for everyone, The Data Map)" »

May 08, 2014

Medical Groups Need to Focus on HIPAA Compliance

HIPAA-download-button-2Why is it time for a HIPAA reality check? Because (1) Data breaches are a constant threat; (2) OCR audits reveal many health care providers are not in compliance; (3) Workforce members pose a significant risk for HIPAA liability; (4) Patients are aware of their right to file a complaint; (5) OCR is increasing its focus on HIPAA enforcement; and (6) HIPAA compliance is not an option, it’s the law. Read this white paper to learn the facts and understand if you are doing enough to mitigate the risk of a breach or HIPAA violation.

I've written before about the urgency involved in ensuring physician practice HIPAA compliance. The stakes are high, and the time to address the issue is now. Read more about the landscape in this free physician practice HIPAA compliance white paper and -- if you haven't done so already -- start planning for your own group's HIPAA compliance efforts. We have some HIPAA compliance tools that you can use on a DIY basis, or we can help you with a cost-effective customized solution.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

April 29, 2014

The Iceberg Waiting for Your Health Care Data

Iceberg_ccThe Heartbleed web security exploit was first publicized several weeks ago. In the time since then, numerous web-based services have let their users know (some more clearly than others) whether and how their data security was compromised by this OpenSSL flaw that has been open for about two years. This is one flaw, one exploit, but on a scale of 1 to 10, it has registered as an 11 on our collective consciousness. Fred Trotter notes in the MIT Technology Review that other similarly worrisome exploits do not get our attention in the same way, and that more health data leaks are likely in our future. He also cites others' observations that many health IT vendors are not currently equipped to respond effectively to such exploits in a timely manner.

Continue reading "The Iceberg Waiting for Your Health Care Data" »

April 23, 2014

HIPAA Marketing Rule Guidance: Better Than Nothing

61800551_5f5a2485ce_zThe HITECH Act made some significant changes to the HIPAA Privacy Rule, updating some provisions and increasing protections for individuals. Improvement of regulatory schemes that are a little long in the tooth is laudable, since technical and societal changes, of necessity, make for a perpetual game of catch-up. However, it is a challenge for regulators to pick the right battles to fight, and the challenge is made that much more difficult to navigate when, as in the case of the HITECH Act, Congress gets into the weeds with extremely detailed statutory language, thus limiting the regulators' range of discretion. Since it is often difficult for Congress to act, and even more difficult for it to act rationally, the detailed language of the HITECH Act hamstrings the regulators and the regulated community.

Continue reading "HIPAA Marketing Rule Guidance: Better Than Nothing" »