• Recently Written

  • Software update prevents users Brabeion RoHS
  • If our government to give free insurance?
  • Patient data are never really safe?
  • Importance of dog insurance in the life of your pet
  • Drug HIPA A friendly service Transcript
  • The importance of life insurance for your pet dog
  • If our government is giving away free insurance?
  • If our government is giving away free insurance?
  • Label
  • Health cards

• Categories

  • Healthcare Industry News
  • HIPAA
  • HIPAA (General)
  • HIPAA Compliance
  • HIPAA Compliant Software
  • HIPAA Enforcement
  • HIPAA Jobs
  • HIPAA Law
  • HIPAA Lawsuits
  • HIPAA News
  • HIPAA Privacy
  • HIPAA Regulation
  • HIPAA Security
  • HIPAA Technology
  • HIPAA Training
  • Medical Privacy
  • Privacy News
  • Sarbanes-Oxley

• Archives

  • August 2010
  • July 2010
  • October 2009
  • September 2009
  • July 2009
  • June 2009
  • May 2009
  • January 2009
  • September 2008
  • June 2008
  • April 2008
  • August 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006
  • May 2006
  • April 2006
  • March 2006
  • February 2006
  • January 2006
  • November 2005
  • October 2005
  • May 2005
  • April 2005
  • March 2005
  • January 2005
  • December 2004
  • November 2004
  • October 2004
  • September 2004

• Admin

  • Log in
  • Wordpress
  • XHTML

• Search

As of April 14, 2003, covered entities are expected to be in compliance with the HIPAA Secrecy Rule and the April 21, 2005 deadline for Safety is quickly approaching. Healthiness care providers and their attorneys are this moment left questioning where the responsibility risks lie and how to perfect mitigate these risks.

Governmental Enforcement of the Secrecy Rule

The Interim Ultimate Enforcement Rule, published on April 17, 2003, reaffirms the government’s preceding statements that HIPAA enforcement will be first and foremost protest driven. In accordance with the Office of Social Rights, as of early September, the office has gotten over 1760 HIPAA protests. Of these 1760 protests, 500 have been closed and 1260 stay open for examination. That number is comparatively low in light of the number of covered entities that are expose to HIPAA and, consequently, appears to propose that the chance of governmental examination is additionally comparatively low.

The Interim Ultimate Enforcement Rule additionally reaffirms the Subdivision of Healthiness and Human being Services’ obligation to supply technical help and advance voluntary compliance when investigating HIPAA protests. Additionally, covered entities have legal defenses accessible to keep away from imposition of social monetary punishment where the covered entity didn’t realize of the breach, or via the exercise of sensible carefulness wouldn’t have recognized of the breach. Additionally, in case a breach is because of “reasonable cause” and not “willful neglect” and the breach is adjusted in 30 days, social monetary punishment won’t be imposed. The DHHS has discretion to expand that 30 day amendment period or to decrease or waive a social monetary punishment in case the “payment of such punishment could be undue relative to the compliance fiasco involved.” This way, even though a protest was to happen, major covered entities won’t be faced with social monetary punishment in case they have acted in fine faith.

In accordance with the Office of Social Rights, as a minimum a number of the protests acknowledged so far have been forwarded to the Subdivision of Fairness for illegal examination. However, illegal punishment will be reserved for knowing violations. Punishment boost for such violations committed under fake pretenses, for commercial benefit, private acquire or malicious damage.

Personal Causes of Action for Break of Secrecy

With respect to neglectful disclosures of defended healthiness data, personal court case may be the largest chance that covered entities will face. Even prior to the deadline for compliance with the Secrecy rule, plaintiffs’ attorneys have successfully brought suits in opposition to healthiness care providers for breaches of patient confidentiality via a variety of causes of action. Even though the HIPAA statute doesn’t make a personal cause of action, major attorneys approve that it’ll probably be utilized to make a duty to safeguard medicinal data and to set up a nationwide standard of care amongst the medicinal community.

A new Michigan case shows the way in which a confidentiality statute could be utilized to set up a personal cause of action. In Doe v. American Medicinal Pharmacies, Incorporated. a pharmacy worker noisily blurted a patient’s HIV status in a congested waiting room. The court of appeals upheld a jury a verdict of $ONE HUNDRED, 000 for slander, invasion of secrecy, intentional infliction of emotional trouble, and breach of a Michigan statute that defends the confidentiality of HIV outcome. Like HIPAA, the confidentiality statute allows for fines and/or illegal sanctions, but doesn’t make a personal cause of action. Equally, a 1991 case from Michigan comprehended that the psychiatrist/patient privilege statute and the confidentiality portions of the medicinal licensing statute make a lawful duty. Even though the statutes don’t make a personal cause of action, the fiasco of a psychiatrist to fulfill with these statutes was thought about by the court to be a break of the lawful duty, and, consequently, actionable as medicinal malpractice.

A cerebral healthiness confidentiality statute was additionally utilized in a West Virginia case in opposition to West Virginia Institution Medicinal Organization causing a 2.3 million dollar jury verdict. Once more, the statute didn’t make a personal cause of action, but was successfully utilized to set up a provider’s lawful duty. The plaintiffs in that case were 3 cerebral healthiness patients whose data was disclosed in a bar by a records clerk.

Different courts have found a duty of confidentiality even in the nonattendance of a legal obligation. For instance, a Washington, D.C. Jury entered a $250, 000 verdict in opposition to a clinic for failing to satisfactorily safeguard a patient’s medicinal records when a short-term receptionist accessed the record and well-versed the patient’s co-employees of the patient’s optimistic HIV status. In that case, the court comprehended a healthiness care providers’ lawful duty to defend secret data, basing that duty on the usual law tort of “breach of secret relations.” The court further noted that the clinic-patient relations were customarily realized to carry an obligation of certainty.

Additionally to neglect and medicinal malpractice actions, different courts have utilized statutorily made causes of action, for example the tort of invasion of secrecy. For instance, in the Wisconsin case of Pachowitz v. LeDoux, a volunteer fire subdivision was held answerable when an urgent situation medicinal technician talked about a patient’s medicinal data with one of the patient’s co-employees. The plaintiff relied upon a statute that makes a cause of action for compensative damages and attorney charges where the plaintiff verifies that a defendant acted unreasonably or recklessly in making a public disclosure of personal facts about the plaintiff that could be extremely unpleasant to a sensible individual of regular sensibilities.

These cases show the willingness of the courts to award damages for breaches of patient confidentiality. That willingness, together with the capability to utilize HIPAA as a nationwide standard of care, will probably make it more uncomplicated for plaintiff’s attorneys to get such cases in the prospect.

Personal Causes of Action for Safety Breaches

Even though compliance with the Safety Rule isn’t technically needed till April 21, 2005, the Secrecy Rule needs covered entities to keep up “appropriate administrative, technical, and physical safeguards to defend the secrecy of defended healthiness data.” Safety breaches are particularly dangerous for the reason that one break could influence multiple patients. For instance, in December 2002, computers containing healthiness data on 562, 000 persons were stolen from TriWest Healthcare Association, a healthiness care contractor for military workers. The robbery caused a class action court case in opposition to TriWest.

Reducing Risks

Even though it’s impossible to totally remove the chance of secrecy or safety breaches, there are steps that attorneys could take to help covered entities with reducing risks of responsibility from all a governmental enforcement and a personal court case standpoint. A lot of the cases talked about over resulted from the neglectful or intentional acts of the covered entities’ staff members. An efficient worker training program and disciplinary policy could aid to decrease the chance of these kinds of occurrences. For that purpose, the aim of worker training programs should come beyond the HIPAA training demands, which are fairly indistinct. Attorneys should help their purchasers in setting up complete and continuing training programs that will in fact carry out compliance with secrecy policies. Additionally, it’s essential that staff members be disciplined suitably for noncompliance.

Documentation of the evaluation making procedure is additionally quite essential for chance reduction. All the secrecy rule and the safety rule permit covered entities to make evaluations regarding which safeguards are “reasonable and appropriate” for their surroundings. In case a specific safeguard isn’t put into practice for the reason that it could impede patient care or could make an unreasonable financial burden for the company, the purpose for the evaluation should be well documented. That documentation may be required to defend a authority’s enforcement action or a personal court case and should be cautiously drafted with counsel’s help in a manner that could be useful in that background.

Particular documentation may harm a provider’s capability to defend court case, but is nonetheless needed by the HIPAA Secrecy Rule or Safety Rule. For instance, the Secrecy Rule needs covered entities to inspect and document the outcome of all patient protests and worker disciplinary actions connected to HIPAA. The Safety Rule needs covered entities to conduct a chance analysis, documenting all potential risks and vulnerabilities of its electronic defended healthiness data. That data should be disclosed to the authorities upon demand and should be drafted with that in mind. In a court case, that data can be utilized to show that a provider knew of a chance or a pattern of conduct by its staff members and not succeeded to take satisfactory actions. Attorneys who stand for covered entities should discover ways of defending drafts of reports to the amount practicable under either the attorney purchaser privilege or as attorney work production.

Attorneys can additionally help covered entities with HIPAA compliance by performing interior “audits” of the covered entity’s secrecy and safety policies and practices. For the reason that such interior audits aren’t needed by HIPAA, the findings wouldn’t have to be disclosed to the authorities and can be defended by the attorney purchaser privilege. The audit can be utilized as a worthwhile instrument to alert purchasers of potential troubles prior to they’re faced with a patient protest, authority’s examination, or court case.

There are so many rules that involve HIPPA. Whether you go to a doctor’s office, a hospital or in the medical facility you are given a HIPPA form that states how your medical records are confidential. Ever sense HIPPA was established. I have always wondered how safe my medical records are. Recently, I watched Michael Jackson’s doctor state the disease that he was diagnosed with on national television.

I have read up on HIPPA and from the information that I have received HIPPA is supposed to be enforced whether you are alive or deceased. If this is a fact how can doctors or any medical staff speak about your medical condition without your consent? Obviously, he could not have given his consent knowing that he is no longer with us. This brings up huge red flags for me.

For someone who has severe medical conditions. I have always wondered what if I went into a doctors office and knew the person behind the front desk or the nurse. And one night, that person is speaking to someone else in a related medical issue comes up with someone they know. Will that person forget for a second that my medical is confidential?

For the most part, I believe HIPPA is a good program that does try to keep your records confidential. Still, as we have seen with the Michael Jackson situation there a kinks that need to be sorted out.

Niner Niner, a collaborative weblog network, has over 25 great blogs and this “Best Of” highlights just a few of the posts that were written by some of the Niner authors, in topics that range from High Heels, Ajax, HIPAA Privacy Regulation to gadgets, books and health. 

     

In Ajax Blog, Sreejith introduces us to a few new things. First is Vox a new blogging service from Six Apart that uses WYSIWYG with a taste of web 2.0. After that we learn about Krun.ch and Wishlistr.

   

Blogging Naked: Scarification and lip plates are shown to be some of the newest and more popular form of “self-expression” in recent years.

Bookadoodle: Nancy Callahan posted more in her series “Getting Published” and this latest edition was part 5.

Boomer 2.0 had posts that pointed out that boomers can still have that second career and another that shows many are not even planning retirement anytime soon.

In Class Action Questions find out about lawsuits involving pyramid scams, hair raising beauty product claims and why State Farm was penalized.

Credit Cardenza: Unfortunately, millions of people are drowning in  credit card debt, have to worry about credit scams and fraud, and let’s not even talk about the international fees.

  

Dealsneak managed to sneak more than a few deals pass us this summer including, the Samsonite laptop case, a gorgeous leather bench, and a sweet looking Thermaltake Tsunami computer case.

Feed Money discusses the fact the Ebay has jumped on the contextual ad bandwagon as well as blog feeds and a program called RSS To Blog.

If you need to Fix Your Finances one of the first steps is learning how to save your money. After that you can check out Mvelopes to learn all about budgets.

At Games For Money you can find places to play free online gambling games and also learn some card counting tricks and tips.

  

The High Heels Blogs show us which killer heels are on sale including boots, sandals, slides and mules. Also take a look at some killer wedding heels for this summers nuptials.

 

A few notable gadgets that were blogged in the HyperGadget blog were the Kurzweil-National Federation of the Blind Reader, and the jumbled and messy looking organizer.

Over at the Medcare Forum, Kathleen Milazzo tells us more about that scary mad cow disease and our medical privacy laws.

Find out just how much house you can afford before you go running off to get that mortgage. And is the housing bubble really ready to blow? All this and more in Mortgage Updates.

At My Secret Side Biz learn how to make a profit, how to get your own powerwash, and simple business and Ebay tips.

On Healthy Living: Sarah White tells us all about a new study that could help with asthma reduction when it comes to do light exercise that involves stead breathing like yoga.

On Movies has a decade of super heroes list that includes recent and unreleased movies. Leafworks reviewed The Omen and we got to see the trailer for the new Ghost Rider movie.

Powersellers Blog: Ebay has done it. They finally reached 200 million members and they are also expanding into new ideas. Also people are fed up with Paypal while crooks are finding more ways to defraud your account.

Seo Updates: Yahoo one of the biggest email services was hit with a worm and Google expanded into real estate but won’t be making a browser, at least not anytime soon.

Get some free exercise tips from The Diet Logs. You will certainly need them if you plan to take a bite of this $100 burger.

Living the Single life? Well take a look at some great break up lines and if your looking to meet people Leafworks posted a great review of club La Rumba.

Thumb Gods: Nintendo is no, no to the name Wii for their new console a game system that is at the end of this long list containing The Evolution of Video Game Consoles.

Las Vegas Revealed that it was ill prepared for a massive disaster, but til then you can still get married and get comp’d in Vegas.

 

Wander the World, well the State of Colorado with Leafworks. He takes us to the Cherry Blossom Festival, Gothnic in Denver, Old Colorado City, Plaza del Arte Festival in Downtown Denver and Garden of the Gods.

While some are up in arms about the whole Rush Limbaugh Viagra privacy debacle, I am more interested in all the thefts that been going on. It seems to be a recurring story week after week.

Only recently the Federal Trade Commission had their own breach, which was due to someone stealing a laptop from an employees vehicle. A lot of these problems seem to be happening because employees have laptops and private files with millions of data on hundreds of thousands of people and no one is doing a thing about it.

I really would have thought that companies would take a look at what’s happening and start changing the way information is handled when it comes to employees taking it with them.

I would take a large guess that until some of the information stolen belongs to a celebrity or someone in Congress, not a damn thing is going to be done. If you are one of the people affected I guess they will sing you the tune of too bad, so sad.

All of health care was supposed to be following an HIPAA law passed in 1996. The deadline was 2003 and yet in 2006 only 80% of health care is doing what they are supposed to. Even worse, the numbers were the same in 2005 which means that many can’t or won’t make the changes.

Meanwhile, as of April 21, another wave of companies will have the chance to be noncompliant, as the deadline passes for companies with less than $5 million in revenue to meet HIPAA Security standards.

It’s not that health care companies find privacy and security technology hard to manage, said William “Buddy” Gillespie, vice president and CIO at WellSpan Health, which includes two hospitals; a home health care provider; a pharmacy; and about 40 physicians’ offices, managed care plans and other outpatient treatment facilities in Pennsylvania and Maryland.

Source: Eweek

The CalRHIO has put out a list of of recommended data standards that is needed to have everything connected through out the State of California. This map is more like a guide for California health organizations as they move into the latest technology that is needed.

This map shows what the standard is at the moment and what the standard will be in the next six or more.

Nine areas are addressed: administration and finance, allergies, clinical documentation, imaging, immunization, laboratory, medication, services, and vocabulary.

Source: HIPAA Advisory

A Congressional health subcommittee heard testimony on plans to develop a new medical information database in the United States, and experts said a new federal privacy law would be needed to expand HIPPA to cover the database, according to a story by UPI.

HIPPA covers breaches of health privacy by health plans and providers, but doesn’t say anything about other people who might access medical information such as medical transcribers hired by doctors or even hackers.

A new federal law would have to make sharing medical information a crime for anyone with access to that information. Experts urged that passing of a law to cover the database before that system is put in place, instead of trying to write a law to fit the new technology once it is already in place.

Right now there is a patchwork of state laws covering the privacy of medical records in addition to HIPPA. About 17,000 claims have been filed under HIPPA, but action has only been taken against one company.

Privacy advocates warn that a law that does not give patients the right of consent to say who can and cannot access their records will quickly erode the patients’ right to privacy. The right of consent was removed from HIPPA in 2002.

H.R. 4157 in Congress would establish a nationwide health infrastructure. It is much more complicated than the current system for tracking patient records and, as such, Blue Cross and Blue Shield has said the timetable for implementing the system as outlined in the bill is too ambitious.

For more on the bill before Congress, visit Thomas.

Citing lack of accountability and a reactive methodology for reporting issues, Byte And Switch reports that there’s only been a single conviction since the laws went into effect in 1996. Their article.

Further, scientists are grumbling that all HIPAA does for them is overburden them with needless document wrangling and hoop-jumping, slowing down, and often stopping their progress. The UK online journal, Scientist, reports that the HIPAA regulations are having a direct and immediate negative impact on work in Parkinson’s research, to name just one area. Full article.

A press release came across the wire recently, put out by Barbara Clark’s people, stating:

Nearly one year ago, Barbara Clark, a former Adventist nurse, filed a complaint with the U.S.
Department of Health and Human Services (DHHS) concerning the breach of confidentiality of her medical records under HIPAA; the federal Health Insurance Portability and Accountability Act of 1996.

Whenever money is at stake, it’s always important to look at all the sides. Clearly we’re only getting one side here, but if the allegations are true, the statements are certainly troubling.

This pdf on Clark’s website explains a bit more of the background in the case.

Here’s an interesting twist on the old federal vs. state jurisdictional dispute.

First Amendment Center is reporting:

COLUMBUS, Ohio — A newspaper wants to report on homes, many of them rented, where lead paint has harmed children. The city health department fears federal fines and penalties if it complies with the state’s open-records law.

In what attorneys say is one of the first such tests nationwide, the Ohio Supreme Court must decide if state law trumps the federal rule.

The 2-year-old federal Health Insurance Portability and Accountability Act prohibits health insurers, medical care providers and entities that process medical information from releasing any information that identifies the patient. However, the information can be released by a public agency if a state records law mandates it.

This seems like one of those grey areas of the law where the legislature did not fully understand some of the ramifications of HIPAA legislation.

Read more here

The privacy spot reports:

According to the Houston Chronicle, Christus St. Joseph Hospital sent approximately 16,000 letters to patients informing them that a computer stolen in a burglary earlier this year may have contained some of their medical records and Social Security numbers. According to the hospital letters, the only patient files affected, to their knowledge, are files for patients treated in the “emergency department in 2004, patients who sought outpatient services in radiology, sports medicine and rehabilitation from August through September 2003 and April through June 2004, and patient charts from 2001.”

Read more here

A Linux news site is reporting:

Ecora has released Enterprise Auditor version 3.6 that includes its new HIPAA Report Pack, a collection of more than 150 pre-built report definitions that address the technical and administrative safeguards of the HIPAA security standard.

“The manual process of preparing for a HIPAA security audit is time consuming, resource intensive, and prohibits sustainability, said Alex Bakman, founder and CEO of Ecora. “When organizations look at technology for compliance, they need to consider automated solutions such as our Enterprise Auditor that can cost-effectively help them maintain compliance in a repeatable and sustainable manner.”

Read more here

Well, the deadline to complete the security requirements of HIPAA passed yesterday with little fanfare.

Internet News has the scoop:

“Considering everything that is involved with compliance, there are a lot of factors as to why some companies may not have completed it,” Earl Crane, a senior consultant with Foundstone Professional Services, said. Foundstone, a subsidiary of McAfee, is a leading HIPAA consultant and security software provider.

Some scary compliance stats:

However, a study from Information Technology Solution Providers Alliance shows that only 30 percent of health plans and 18 percent of health care providers in the SMB market are in compliance with the regulations.

“They’ve got their own fires to put out,” Crane said. “It doesn’t happen out of laziness but rather a crunch for resources,” he said.

Read more here

The Houston Chronicle is reporting:

DALLAS — A state district court judge rejected a bid by an alternative weekly newspaper to dismiss a lawsuit filed by a church volunteer who said the paper reported without his permission that he was HIV-positive.

The ruling Wednesday could clear the way for a trial. The judge did not set a trial date.

The plaintiff is seeking $550,000 to $1.1 billion in damages against The Dallas Observer, charging that the newspaper violated a Texas confidentiality law. The law forbids disclosing medical test results without a patient’s written consent, except to government health agencies.

The man, named John Doe in the lawsuit, sued the newspaper; its parent company, Phoenix-based New Times Inc.; J.D. Sparks, a freelancer who wrote the article; and Jean Morris, the former church official who told the newspaper that the man was HIV-positive.

Lawyers for the newspaper said the law was intended to apply to hospitals and insurance companies, not news organizations. They also said that the man had already disclosed his HIV status by letting his picture and name appear on a CD by Positive Voices, an openly HIV-positive chorale group.

Read more here

Techweb reports:

Enforcement of the security regulations–like earlier HIPAA rules for privacy–will be complaint-driven, he says. Since the HIPAA privacy regulations, which identify what personal health information needs to be protected, took effect two years ago this month, there have been nearly 11,000 complaints filed to the federal government by patients and others. As of January, about 62% of those privacy-violation complaints had been resolved, according to CMS. The others are still being processed or have been turned over to the Justice Department for criminal investigation.

Interesting survey stats:

A survey conducted earlier this year by Privacy and American Business and Harris Interactive showed that 70% of Americans are concerned that their personal health information could be disclosed because of weak data security, and 69% think electronic health records could result in the sharing of their health information without their knowledge. Sixty-five percent think patients will withhold information from doctors because of those concerns.

Some background on HIPAA, and Bush’s goals for electronic medical records:

HIPAA, which was passed by Congress in 1996, was written before the more recent federal push to have the health industry replace paper-based patient files with digital records. The Bush administration last year set a goal for most Americans to have electronic health records by 2014. The government estimates that billions of dollars can be saved annually in the United States by widespread IT deployments that can help reduce medical errors, costs, and waste.

Next Page →

• Featured Links

Resources

Lasoo Online Catalogues

Asbestos Compensation

wholesale beauty

Links

• HIPAA Book
• HIPAA Jobs
• HIPAA News
• HIPAAClicks.com
• HIPAAdvisory
• The HIPAA Summit
• US Gov’s HIPAA Site

Meta

• Log in
• Entries RSS
• Comments RSS
• WordPress.org