Niner Niner, a collaborative weblog network, has over 25 great blogs and this “Best Of” highlights just a few of the posts that were written by some of the Niner authors, in topics that range from High Heels, Ajax, HIPAA Privacy Regulation to gadgets, books and health. 

In Ajax Blog, Sreejith introduces us to a few new things. First is Vox a new blogging service from Six Apart that uses WYSIWYG with a taste of web 2.0. After that we learn about Krun.ch and Wishlistr.

Blogging Naked: Scarification and lip plates are shown to be some of the newest and more popular form of “self-expression” in recent years.

Bookadoodle: Nancy Callahan posted more in her series “Getting Published” and this latest edition was part 5.

Boomer 2.0 had posts that pointed out that boomers can still have that second career and another that shows many are not even planning retirement anytime soon.

In Class Action Questions find out about lawsuits involving pyramid scams, hair raising beauty product claims and why State Farm was penalized.

Credit Cardenza: Unfortunately, millions of people are drowning in  credit card debt, have to worry about credit scams and fraud, and let’s not even talk about the international fees.

Dealsneak managed to sneak more than a few deals pass us this summer including, the Samsonite laptop case, a gorgeous leather bench, and a sweet looking Thermaltake Tsunami computer case.

Feed Money discusses the fact the Ebay has jumped on the contextual ad bandwagon as well as blog feeds and a program called RSS To Blog.

If you need to Fix Your Finances one of the first steps is learning how to save your money. After that you can check out Mvelopes to learn all about budgets.

At Games For Money you can find places to play free online gambling games and also learn some card counting tricks and tips.

The High Heels Blogs show us which killer heels are on sale including boots, sandals, slides and mules. Also take a look at some killer wedding heels for this summers nuptials.

A few notable gadgets that were blogged in the HyperGadget blog were the Kurzweil-National Federation of the Blind Reader, and the jumbled and messy looking organizer.

Over at the Medcare Forum, Kathleen Milazzo tells us more about that scary mad cow disease and our medical privacy laws.

Find out just how much house you can afford before you go running off to get that mortgage. And is the housing bubble really ready to blow? All this and more in Mortgage Updates.

At My Secret Side Biz learn how to make a profit, how to get your own powerwash, and simple business and Ebay tips.

On Healthy Living: Sarah White tells us all about a new study that could help with asthma reduction when it comes to do light exercise that involves stead breathing like yoga.

On Movies has a decade of super heroes list that includes recent and unreleased movies. Leafworks reviewed The Omen and we got to see the trailer for the new Ghost Rider movie.

Powersellers Blog: Ebay has done it. They finally reached 200 million members and they are also expanding into new ideas. Also people are fed up with Paypal while crooks are finding more ways to defraud your account.

Seo Updates: Yahoo one of the biggest email services was hit with a worm and Google expanded into real estate but won’t be making a browser, at least not anytime soon.

Get some free exercise tips from The Diet Logs. You will certainly need them if you plan to take a bite of this $100 burger.

Living the Single life? Well take a look at some great break up lines and if your looking to meet people Leafworks posted a great review of club La Rumba.

Thumb Gods: Nintendo is no, no to the name Wii for their new console a game system that is at the end of this long list containing The Evolution of Video Game Consoles.

Las Vegas Revealed that it was ill prepared for a massive disaster, but til then you can still get married and get comp’d in Vegas.

Wander the World, well the State of Colorado with Leafworks. He takes us to the Cherry Blossom Festival, Gothnic in Denver, Old Colorado City, Plaza del Arte Festival in Downtown Denver and Garden of the Gods.

While some are up in arms about the whole Rush Limbaugh Viagra privacy debacle, I am more interested in all the thefts that been going on. It seems to be a recurring story week after week.

Only recently the Federal Trade Commission had their own breach, which was due to someone stealing a laptop from an employees vehicle. A lot of these problems seem to be happening because employees have laptops and private files with millions of data on hundreds of thousands of people and no one is doing a thing about it.

I really would have thought that companies would take a look at what’s happening and start changing the way information is handled when it comes to employees taking it with them.

I would take a large guess that until some of the information stolen belongs to a celebrity or someone in Congress, not a damn thing is going to be done. If you are one of the people affected I guess they will sing you the tune of too bad, so sad.

All of health care was supposed to be following an HIPAA law passed in 1996. The deadline was 2003 and yet in 2006 only 80% of health care is doing what they are supposed to. Even worse, the numbers were the same in 2005 which means that many can’t or won’t make the changes.

Meanwhile, as of April 21, another wave of companies will have the chance to be noncompliant, as the deadline passes for companies with less than $5 million in revenue to meet HIPAA Security standards.

It’s not that health care companies find privacy and security technology hard to manage, said William “Buddy” Gillespie, vice president and CIO at WellSpan Health, which includes two hospitals; a home health care provider; a pharmacy; and about 40 physicians’ offices, managed care plans and other outpatient treatment facilities in Pennsylvania and Maryland.

Source: Eweek

The CalRHIO has put out a list of of recommended data standards that is needed to have everything connected through out the State of California. This map is more like a guide for California health organizations as they move into the latest technology that is needed.

This map shows what the standard is at the moment and what the standard will be in the next six or more.

Nine areas are addressed: administration and finance, allergies, clinical documentation, imaging, immunization, laboratory, medication, services, and vocabulary.

Source: HIPAA Advisory

A Congressional health subcommittee heard testimony on plans to develop a new medical information database in the United States, and experts said a new federal privacy law would be needed to expand HIPPA to cover the database, according to a story by UPI.

HIPPA covers breaches of health privacy by health plans and providers, but doesn’t say anything about other people who might access medical information such as medical transcribers hired by doctors or even hackers.

A new federal law would have to make sharing medical information a crime for anyone with access to that information. Experts urged that passing of a law to cover the database before that system is put in place, instead of trying to write a law to fit the new technology once it is already in place.

Right now there is a patchwork of state laws covering the privacy of medical records in addition to HIPPA. About 17,000 claims have been filed under HIPPA, but action has only been taken against one company.

Privacy advocates warn that a law that does not give patients the right of consent to say who can and cannot access their records will quickly erode the patients’ right to privacy. The right of consent was removed from HIPPA in 2002.

H.R. 4157 in Congress would establish a nationwide health infrastructure. It is much more complicated than the current system for tracking patient records and, as such, Blue Cross and Blue Shield has said the timetable for implementing the system as outlined in the bill is too ambitious.

For more on the bill before Congress, visit Thomas.

Citing lack of accountability and a reactive methodology for reporting issues, Byte And Switch reports that there’s only been a single conviction since the laws went into effect in 1996. Their article.

Further, scientists are grumbling that all HIPAA does for them is overburden them with needless document wrangling and hoop-jumping, slowing down, and often stopping their progress. The UK online journal, Scientist, reports that the HIPAA regulations are having a direct and immediate negative impact on work in Parkinson’s research, to name just one area. Full article.

A press release came across the wire recently, put out by Barbara Clark’s people, stating:

Nearly one year ago, Barbara Clark, a former Adventist nurse, filed a complaint with the U.S.
Department of Health and Human Services (DHHS) concerning the breach of confidentiality of her medical records under HIPAA; the federal Health Insurance Portability and Accountability Act of 1996.

Whenever money is at stake, it’s always important to look at all the sides. Clearly we’re only getting one side here, but if the allegations are true, the statements are certainly troubling.

This pdf on Clark’s website explains a bit more of the background in the case.

Here’s an interesting twist on the old federal vs. state jurisdictional dispute.

First Amendment Center is reporting:

COLUMBUS, Ohio — A newspaper wants to report on homes, many of them rented, where lead paint has harmed children. The city health department fears federal fines and penalties if it complies with the state’s open-records law.

In what attorneys say is one of the first such tests nationwide, the Ohio Supreme Court must decide if state law trumps the federal rule.

The 2-year-old federal Health Insurance Portability and Accountability Act prohibits health insurers, medical care providers and entities that process medical information from releasing any information that identifies the patient. However, the information can be released by a public agency if a state records law mandates it.

This seems like one of those grey areas of the law where the legislature did not fully understand some of the ramifications of HIPAA legislation.

Read more here

The privacy spot reports:

According to the Houston Chronicle, Christus St. Joseph Hospital sent approximately 16,000 letters to patients informing them that a computer stolen in a burglary earlier this year may have contained some of their medical records and Social Security numbers. According to the hospital letters, the only patient files affected, to their knowledge, are files for patients treated in the “emergency department in 2004, patients who sought outpatient services in radiology, sports medicine and rehabilitation from August through September 2003 and April through June 2004, and patient charts from 2001.”

Read more here

A Linux news site is reporting:

Ecora has released Enterprise Auditor version 3.6 that includes its new HIPAA Report Pack, a collection of more than 150 pre-built report definitions that address the technical and administrative safeguards of the HIPAA security standard.

“The manual process of preparing for a HIPAA security audit is time consuming, resource intensive, and prohibits sustainability, said Alex Bakman, founder and CEO of Ecora. “When organizations look at technology for compliance, they need to consider automated solutions such as our Enterprise Auditor that can cost-effectively help them maintain compliance in a repeatable and sustainable manner.”

Read more here

Well, the deadline to complete the security requirements of HIPAA passed yesterday with little fanfare.

Internet News has the scoop:

“Considering everything that is involved with compliance, there are a lot of factors as to why some companies may not have completed it,” Earl Crane, a senior consultant with Foundstone Professional Services, said. Foundstone, a subsidiary of McAfee, is a leading HIPAA consultant and security software provider.

Some scary compliance stats:

However, a study from Information Technology Solution Providers Alliance shows that only 30 percent of health plans and 18 percent of health care providers in the SMB market are in compliance with the regulations.

“They’ve got their own fires to put out,” Crane said. “It doesn’t happen out of laziness but rather a crunch for resources,” he said.

Read more here

The Houston Chronicle is reporting:

DALLAS — A state district court judge rejected a bid by an alternative weekly newspaper to dismiss a lawsuit filed by a church volunteer who said the paper reported without his permission that he was HIV-positive.

The ruling Wednesday could clear the way for a trial. The judge did not set a trial date.

The plaintiff is seeking $550,000 to $1.1 billion in damages against The Dallas Observer, charging that the newspaper violated a Texas confidentiality law. The law forbids disclosing medical test results without a patient’s written consent, except to government health agencies.

The man, named John Doe in the lawsuit, sued the newspaper; its parent company, Phoenix-based New Times Inc.; J.D. Sparks, a freelancer who wrote the article; and Jean Morris, the former church official who told the newspaper that the man was HIV-positive.

Lawyers for the newspaper said the law was intended to apply to hospitals and insurance companies, not news organizations. They also said that the man had already disclosed his HIV status by letting his picture and name appear on a CD by Positive Voices, an openly HIV-positive chorale group.

Read more here

Techweb reports:

Enforcement of the security regulations–like earlier HIPAA rules for privacy–will be complaint-driven, he says. Since the HIPAA privacy regulations, which identify what personal health information needs to be protected, took effect two years ago this month, there have been nearly 11,000 complaints filed to the federal government by patients and others. As of January, about 62% of those privacy-violation complaints had been resolved, according to CMS. The others are still being processed or have been turned over to the Justice Department for criminal investigation.

Interesting survey stats:

A survey conducted earlier this year by Privacy and American Business and Harris Interactive showed that 70% of Americans are concerned that their personal health information could be disclosed because of weak data security, and 69% think electronic health records could result in the sharing of their health information without their knowledge. Sixty-five percent think patients will withhold information from doctors because of those concerns.

Some background on HIPAA, and Bush’s goals for electronic medical records:

HIPAA, which was passed by Congress in 1996, was written before the more recent federal push to have the health industry replace paper-based patient files with digital records. The Bush administration last year set a goal for most Americans to have electronic health records by 2014. The government estimates that billions of dollars can be saved annually in the United States by widespread IT deployments that can help reduce medical errors, costs, and waste.

Jeff over at the other HIPAA Blog points out a medblogger who also notes the San Jose computer theft incident.

The only problem? It’s not a HIPAA violation as they claim. (This according to Jeff Drummond, a guy who certainly knows his stuff.)

Jeff Drummond:

Grand Rounds is up, this time at GruntDoc, an ER doc blogging from the other half of the North Texas Metroplex, affectionately known as Foat Wuth. He links to a medblogger who notes the San Jose medical group’s computer theft incident I blogged recently, and says it’s a HIPAA violation; I disagree, at least with the long-distance diagnosis. The fact that something bad happens doesn’t mean there’s a HIPAA violation. The fact that PHI gets improperly disclosed doesn’t mean that there’s a HIPAA violation. HIPAA doesn’t require that PHI never get out wrongly, it just requires that covered entities take reasonable steps to try to prevent that.

There’s the key: ‘The fact that PHI gets improperly disclosed doesn’t mean that there’s a HIPAA violation.’

Your data may be protected from internal tampering and data-snooping of employees… but what if your physical hardware is stolen?

The other ‘HIPAA Blog’ reports:

Sometimes identity theft and potential HIPAA-violating disclosures of PHI are sidelights of simple crime.

You can read the MSNBC article here.

Jeff continues:

Here, theives broke into a medical office and stole the easily-salable valuables (computers and electronic equipment). The problem, of course, is that there is PHI on those computers. Perhaps a lesson in using encryption-at-rest for your databases?

This reminds me of the backdoor ways that hackers often use to compromise computer systems.

Often-times the easiest method to compromise computer systems is not to “crack” the computer code, but rather to use a roundabout method such as “social engineering.” This method involves tricking employees to reveal critical passwords or other secret company data.

Now, stealing an entire computer hardware system is a bit more brute-force, but uses the same techniques. In all actuality, though, the thieves are more interested in the resale value of the machines, not the private data that they’ve come into posession of. (unless they are some really sophisticated thieves)