Citing lack of accountability and a reactive methodology for reporting issues, Byte And Switch reports that there’s only been a single conviction since the laws went into effect in 1996. Their article.

Further, scientists are grumbling that all HIPAA does for them is overburden them with needless document wrangling and hoop-jumping, slowing down, and often stopping their progress. The UK online journal, Scientist, reports that the HIPAA regulations are having a direct and immediate negative impact on work in Parkinson’s research, to name just one area. Full article.

I came across this hippablog@blogspot .

A Murder Suspect: A university researcher is killed, and his body is found in the trunk of his burning car in a parking garage near a VA hospital. The police have a hard time solving the crime, so they get the FBI to do a “profile” of the possible killer. The police then ask the VA for information on specific patients who the police think may be suspects, which the VA provides. Apparently, that information was just the name and possibly the time the patient would next be at the hospital, since the police sought DNA evidence from a patient. The patient is now complaining that the VA violated HIPAA.

I doubt it. Under the HIPAA privacy regs,

45 CFR 164.512(f), disclosures for law enforcement purposes, a covered entity can disclose PHI “in response to a law enforcement official’s request for such information for the purpose of identifying or locating a suspect . . . provided that (i) the covered entity may disclose only . . . name and address, date and place of birth, social security number, . . . blood type . . ., type of injury, date and time of treatment, . . . and . . . distinguishing physical characteristice, including height, weight, gender, race, hair and eye color, [etc.] . . . (ii) The covered entity may not disclose for purposes of identification or location . . . any [PHI] related to the individual’s DNA. . . .” It seems to me that the VA met its obligations unser 512(f)

A press release came across the wire recently, put out by Barbara Clark’s people, stating:

Nearly one year ago, Barbara Clark, a former Adventist nurse, filed a complaint with the U.S.
Department of Health and Human Services (DHHS) concerning the breach of confidentiality of her medical records under HIPAA; the federal Health Insurance Portability and Accountability Act of 1996.

Whenever money is at stake, it’s always important to look at all the sides. Clearly we’re only getting one side here, but if the allegations are true, the statements are certainly troubling.

This pdf on Clark’s website explains a bit more of the background in the case.

Children’s Hospital and Health System in Wisconsin has deployed Stealwatch for their HIPAA Compliance. StealthWatch will keep their networks secure, check for anomalies, misconfigured network devices and detect security violations among other things.

Full Story

We know that the only survivor in the West Virginia mine explosion is still in critical condition, he hasn’t awoken and he’s not breathing on his own. Daniel Engber of Slate asks an interesting question. Exactly how much information are the doctors allowed to give the press?

How much detail

If your getting a pounding headache trying to comply with HIPAA Security Rule, head on over to CONQWEST. This company has years of security expertise and will help your company prioritize your compliance work all the while saving you time, money and risk.

Full Story