• Recently Written

  • Software update prevents users Brabeion RoHS
  • If our government to give free insurance?
  • Patient data are never really safe?
  • Importance of dog insurance in the life of your pet
  • Drug HIPA A friendly service Transcript
  • The importance of life insurance for your pet dog
  • If our government is giving away free insurance?
  • If our government is giving away free insurance?
  • Label
  • Health cards

• Categories

  • Healthcare Industry News
  • HIPAA
  • HIPAA (General)
  • HIPAA Compliance
  • HIPAA Compliant Software
  • HIPAA Enforcement
  • HIPAA Jobs
  • HIPAA Law
  • HIPAA Lawsuits
  • HIPAA News
  • HIPAA Privacy
  • HIPAA Regulation
  • HIPAA Security
  • HIPAA Technology
  • HIPAA Training
  • Medical Privacy
  • Privacy News
  • Sarbanes-Oxley

• Archives

  • August 2010
  • July 2010
  • October 2009
  • September 2009
  • July 2009
  • June 2009
  • May 2009
  • January 2009
  • September 2008
  • June 2008
  • April 2008
  • August 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006
  • May 2006
  • April 2006
  • March 2006
  • February 2006
  • January 2006
  • November 2005
  • October 2005
  • May 2005
  • April 2005
  • March 2005
  • January 2005
  • December 2004
  • November 2004
  • October 2004
  • September 2004

• Admin

  • Log in
  • Wordpress
  • XHTML

• Search

A Linux news site is reporting:

Ecora has released Enterprise Auditor version 3.6 that includes its new HIPAA Report Pack, a collection of more than 150 pre-built report definitions that address the technical and administrative safeguards of the HIPAA security standard.

“The manual process of preparing for a HIPAA security audit is time consuming, resource intensive, and prohibits sustainability, said Alex Bakman, founder and CEO of Ecora. “When organizations look at technology for compliance, they need to consider automated solutions such as our Enterprise Auditor that can cost-effectively help them maintain compliance in a repeatable and sustainable manner.”

Read more here

Looks like Senator Clinton and Congressman Markey have introduced federal legislation to prevent offshore outsourcing of personal data:

Senator Hillary Rodham Clinton and Representative Edward J. Markey announced that they would introduce the Safeguarding Americans from Exporting Identification Data (SAFE ID) Act in the United States Senate and House today, legislation that would protect the privacy of consumers’ most sensitive personal information. This legislation would close gaps in U.S. privacy laws that leave consumers vulnerable when American businesses and healthcare organizations send accounting and medical information overseas for processing, often without consumers’ knowledge. As Americans prepare to file their taxes, Senator Clinton and Representative Markey underscored the urgent need to make sure that personal information is safeguarded.

Link: Legislation PDF

Brokerage company Ameritrade is warning 200,000 former and current customers about the loss of a backup tape containing sensitive personal information.

Jim Wagner of Internet News reports:

The company discovered the loss in February when it received a damaged package containing a number of backup tapes shipped from its secure facilities in the U.S. Katrina Becker, an Ameritrade spokeswoman, said the shipping company caused the damage to the package.

Ameritrade immediately launched an investigation and learned four tapes were missing, three of which were subsequently recovered at the shipper’s facility. The fourth, containing personal information on customers who used the company’s service between 2000 and 2003, hasn’t been recovered, she said.

“Those tapes were all found within the shipper’s facility, which was also secure, so it is highly likely that the remaining tape was lost or destroyed within that facility, but we are still monitoring it,” she said. “We do not believe foul play was involved.”

Company officials started contacting customers last week, Becker said. She would not name the shipping company responsible for the lost tapes, saying only that it is a global, reputable shipping company with its own secure facilities.

Read more here

Well, the deadline to complete the security requirements of HIPAA passed yesterday with little fanfare.

Internet News has the scoop:

“Considering everything that is involved with compliance, there are a lot of factors as to why some companies may not have completed it,” Earl Crane, a senior consultant with Foundstone Professional Services, said. Foundstone, a subsidiary of McAfee, is a leading HIPAA consultant and security software provider.

Some scary compliance stats:

However, a study from Information Technology Solution Providers Alliance shows that only 30 percent of health plans and 18 percent of health care providers in the SMB market are in compliance with the regulations.

“They’ve got their own fires to put out,” Crane said. “It doesn’t happen out of laziness but rather a crunch for resources,” he said.

Read more here

On April 18, 2005, the Federal Register published the proposed rule regarding enforcement of the HIPAA Administrative Simplification Rule. Comments on the proposed rule will be considered by the Department of Health and Human Services if received no later than June 17, 2005.

To read the proposed rule, click here.

(via privacy spot)

The Houston Chronicle is reporting:

DALLAS — A state district court judge rejected a bid by an alternative weekly newspaper to dismiss a lawsuit filed by a church volunteer who said the paper reported without his permission that he was HIV-positive.

The ruling Wednesday could clear the way for a trial. The judge did not set a trial date.

The plaintiff is seeking $550,000 to $1.1 billion in damages against The Dallas Observer, charging that the newspaper violated a Texas confidentiality law. The law forbids disclosing medical test results without a patient’s written consent, except to government health agencies.

The man, named John Doe in the lawsuit, sued the newspaper; its parent company, Phoenix-based New Times Inc.; J.D. Sparks, a freelancer who wrote the article; and Jean Morris, the former church official who told the newspaper that the man was HIV-positive.

Lawyers for the newspaper said the law was intended to apply to hospitals and insurance companies, not news organizations. They also said that the man had already disclosed his HIV status by letting his picture and name appear on a CD by Positive Voices, an openly HIV-positive chorale group.

Read more here

The NY Times has a piece on rising corporate backlash over Sarbanes-Oxley:

Last week, business representatives gathered in Washington at an all-day roundtable discussion held by federal regulators and complained about the cost of complying with a provision of the Sarbanes-Oxley corporate reform law. Not one business leader asked to repeal the law, which was passed in 2002 after a wave of financial scandals, or to gut it. Nearly every executive, however, lamented the costs of compliance.

Read more here

Techweb reports:

Enforcement of the security regulations–like earlier HIPAA rules for privacy–will be complaint-driven, he says. Since the HIPAA privacy regulations, which identify what personal health information needs to be protected, took effect two years ago this month, there have been nearly 11,000 complaints filed to the federal government by patients and others. As of January, about 62% of those privacy-violation complaints had been resolved, according to CMS. The others are still being processed or have been turned over to the Justice Department for criminal investigation.

Interesting survey stats:

A survey conducted earlier this year by Privacy and American Business and Harris Interactive showed that 70% of Americans are concerned that their personal health information could be disclosed because of weak data security, and 69% think electronic health records could result in the sharing of their health information without their knowledge. Sixty-five percent think patients will withhold information from doctors because of those concerns.

Some background on HIPAA, and Bush’s goals for electronic medical records:

HIPAA, which was passed by Congress in 1996, was written before the more recent federal push to have the health industry replace paper-based patient files with digital records. The Bush administration last year set a goal for most Americans to have electronic health records by 2014. The government estimates that billions of dollars can be saved annually in the United States by widespread IT deployments that can help reduce medical errors, costs, and waste.

So here’s another good HIPAA news site: HIPAA News – HIPAA News – up to the minute news about HIPAA, HIPAA compliance and medical privacy issues.

HIPAA News is a next-generation experimental automated news gathering system. It uses the power of RSS feeds plus some cron job magic to enable up-to-the-minute coverage of important topics

They’ve got HIPAA news from Feedster, Technorati, HIPPAClicks.com and us! Check them out.

From the Chicago Tribune:

“Despite advancing technology, medical practices have proven remarkably resistant to embracing e-mail as a tool to correspond with patients.”

Jeff of the other HIPAA Blog says:

It makes some sense, since doctors may be slightly more resistant than other professionals to any change from the way they’ve done things in the past (if their patients have lived with what they did to them previously, why risk that success?), but it’s also counterintuitive in that doctors tend to be technology-adapters. Perhaps physicians like technology when they can use it on their side of the patient-encounter fence, but don’t like anything that messes with that fence.

Doctors and email do seem like a dangerous combination… but only due to the fear of lawsuits.

I can envision a day when doctors use email as much as CEOs. Remember reading some of those Bill Gates email memos during the Microsoft trial days? We’d probably also get a glimpse into the ‘email lives’ of doctors if they started using email en masse with patients.

Note: this is slightly off-topic, though we reserve the right to discuss all kinds of governmental compliance, medical privacy, and identity theft issues here!

Investor’s Business Daily has an article talking about how firms are struggling with Sarbanes-Oxley:

Business executives are lined up to give government regulators an earful about their struggles and costs in trying to comply with strict new accounting rules, at a public hearing set for Wednesday in Washington, D.C.

The Securities and Exchange Commission called the meeting to gather feedback on Section 404 of the Sarbanes-Oxley Act of 2002, the toughest part of that landmark law. Congress passed the law after accounting scandals erupted at Enron, WorldCom and elsewhere.

The first phase of Section 404 took effect in November. The mandate requires that managers vouch for the accuracy of their financial results and for the “controls” or systems put in place to assure such accuracy. Chief executives and chief financial officers who fail to adhere to these new rules could face stiff fines or even prison terms.

Many companies say they’ve had troubles complying, and that might be an understatement.

If you are new to the Sarbanes-Oxley legislation, here is a great summary to get you started.

Jeff over at the other HIPAA Blog points out a medblogger who also notes the San Jose computer theft incident.

The only problem? It’s not a HIPAA violation as they claim. (This according to Jeff Drummond, a guy who certainly knows his stuff.)

Jeff Drummond:

Grand Rounds is up, this time at GruntDoc, an ER doc blogging from the other half of the North Texas Metroplex, affectionately known as Foat Wuth. He links to a medblogger who notes the San Jose medical group’s computer theft incident I blogged recently, and says it’s a HIPAA violation; I disagree, at least with the long-distance diagnosis. The fact that something bad happens doesn’t mean there’s a HIPAA violation. The fact that PHI gets improperly disclosed doesn’t mean that there’s a HIPAA violation. HIPAA doesn’t require that PHI never get out wrongly, it just requires that covered entities take reasonable steps to try to prevent that.

There’s the key: ‘The fact that PHI gets improperly disclosed doesn’t mean that there’s a HIPAA violation.’

Link: Addressing IT Security Issues in the Era of Regulations (ie HIPAA)

Paul B. Kurtz, Former Special Assistant to the President for Critical Infrastructure Protection, and Ron Moritz, Senior VP and Chief Security Strategist For Computer Associates, to Provide Keynote Addresses

Morristown, NJ April 12, 2005 – IP Events, the producer of the Security Leadership Council (SLC), announced today that its next live, non-commercial e-Conference will focus on emerging new threats in IT security and the role of recent government legislation such as Sarbanes-Oxley, HIPAA and GLBA. This online e-Conference will map the latest security threats and challenges, available solutions, and how to strike a healthy balance between government regulations and business prerogatives.

“We are honored to continually bring the world’s top industry leaders to share their views and address questions of security professionals and corporate executives. This two-day e-Conference along with our new online resource center, is an efficient way to keep on top of trends, stay informed on industry products, and interact with peers,” said Ido Ganor, Editor-in-Chief & Publisher of IP Events.

Your data may be protected from internal tampering and data-snooping of employees… but what if your physical hardware is stolen?

The other ‘HIPAA Blog’ reports:

Sometimes identity theft and potential HIPAA-violating disclosures of PHI are sidelights of simple crime.

You can read the MSNBC article here.

Jeff continues:

Here, theives broke into a medical office and stole the easily-salable valuables (computers and electronic equipment). The problem, of course, is that there is PHI on those computers. Perhaps a lesson in using encryption-at-rest for your databases?

This reminds me of the backdoor ways that hackers often use to compromise computer systems.

Often-times the easiest method to compromise computer systems is not to “crack” the computer code, but rather to use a roundabout method such as “social engineering.” This method involves tricking employees to reveal critical passwords or other secret company data.

Now, stealing an entire computer hardware system is a bit more brute-force, but uses the same techniques. In all actuality, though, the thieves are more interested in the resale value of the machines, not the private data that they’ve come into posession of. (unless they are some really sophisticated thieves)

Great article in the Lansing State Journal about the confusion among patients over medical privacy.

Nicole Jacques reports:

At Lansing dermatologist Gregory Messenger’s office, patients sign in by handing in a discreet slip of paper.

Office workers shred any document with patients’ full names and Social Security numbers.

And a few times every week, staff members have to turn down spouses or other relatives calling for basic patient information.

“They get angry,” office manager Beth Nathan said of telling the callers they don’t have written consent.

Complying with the 2003 patient-privacy rule of the federal Health Insurance Portability and Accountability Act has profoundly changed how doctors and staff talk to and about patients, as well as how patients themselves negotiate the health care system.

Those whose daily jobs hinge on HIPAA, as it’s known, handle a longer paper trail and constant emphasis on strict confidentiality.

There still is confusion about who can give what medical information to whom and grumbling about bureaucracy and weak enforcement.

Read more here

Next Page →

• Featured Links

Resources

Lasoo Online Catalogues

Asbestos Compensation

wholesale beauty

Links

• HIPAA Book
• HIPAA Jobs
• HIPAA News
• HIPAAClicks.com
• HIPAAdvisory
• The HIPAA Summit
• US Gov’s HIPAA Site

Meta

• Log in
• Entries RSS
• Comments RSS
• WordPress.org