Niner Niner, a collaborative weblog network, has over 25 great blogs and this “Best Of” highlights just a few of the posts that were written by some of the Niner authors, in topics that range from High Heels, Ajax, HIPAA Privacy Regulation to gadgets, books and health. 

In Ajax Blog, Sreejith introduces us to a few new things. First is Vox a new blogging service from Six Apart that uses WYSIWYG with a taste of web 2.0. After that we learn about Krun.ch and Wishlistr.

Blogging Naked: Scarification and lip plates are shown to be some of the newest and more popular form of “self-expression” in recent years.

Bookadoodle: Nancy Callahan posted more in her series “Getting Published” and this latest edition was part 5.

Boomer 2.0 had posts that pointed out that boomers can still have that second career and another that shows many are not even planning retirement anytime soon.

In Class Action Questions find out about lawsuits involving pyramid scams, hair raising beauty product claims and why State Farm was penalized.

Credit Cardenza: Unfortunately, millions of people are drowning in  credit card debt, have to worry about credit scams and fraud, and let’s not even talk about the international fees.

Dealsneak managed to sneak more than a few deals pass us this summer including, the Samsonite laptop case, a gorgeous leather bench, and a sweet looking Thermaltake Tsunami computer case.

Feed Money discusses the fact the Ebay has jumped on the contextual ad bandwagon as well as blog feeds and a program called RSS To Blog.

If you need to Fix Your Finances one of the first steps is learning how to save your money. After that you can check out Mvelopes to learn all about budgets.

At Games For Money you can find places to play free online gambling games and also learn some card counting tricks and tips.

The High Heels Blogs show us which killer heels are on sale including boots, sandals, slides and mules. Also take a look at some killer wedding heels for this summers nuptials.

A few notable gadgets that were blogged in the HyperGadget blog were the Kurzweil-National Federation of the Blind Reader, and the jumbled and messy looking organizer.

Over at the Medcare Forum, Kathleen Milazzo tells us more about that scary mad cow disease and our medical privacy laws.

Find out just how much house you can afford before you go running off to get that mortgage. And is the housing bubble really ready to blow? All this and more in Mortgage Updates.

At My Secret Side Biz learn how to make a profit, how to get your own powerwash, and simple business and Ebay tips.

On Healthy Living: Sarah White tells us all about a new study that could help with asthma reduction when it comes to do light exercise that involves stead breathing like yoga.

On Movies has a decade of super heroes list that includes recent and unreleased movies. Leafworks reviewed The Omen and we got to see the trailer for the new Ghost Rider movie.

Powersellers Blog: Ebay has done it. They finally reached 200 million members and they are also expanding into new ideas. Also people are fed up with Paypal while crooks are finding more ways to defraud your account.

Seo Updates: Yahoo one of the biggest email services was hit with a worm and Google expanded into real estate but won’t be making a browser, at least not anytime soon.

Get some free exercise tips from The Diet Logs. You will certainly need them if you plan to take a bite of this $100 burger.

Living the Single life? Well take a look at some great break up lines and if your looking to meet people Leafworks posted a great review of club La Rumba.

Thumb Gods: Nintendo is no, no to the name Wii for their new console a game system that is at the end of this long list containing The Evolution of Video Game Consoles.

Las Vegas Revealed that it was ill prepared for a massive disaster, but til then you can still get married and get comp’d in Vegas.

Wander the World, well the State of Colorado with Leafworks. He takes us to the Cherry Blossom Festival, Gothnic in Denver, Old Colorado City, Plaza del Arte Festival in Downtown Denver and Garden of the Gods.

While some are up in arms about the whole Rush Limbaugh Viagra privacy debacle, I am more interested in all the thefts that been going on. It seems to be a recurring story week after week.

Only recently the Federal Trade Commission had their own breach, which was due to someone stealing a laptop from an employees vehicle. A lot of these problems seem to be happening because employees have laptops and private files with millions of data on hundreds of thousands of people and no one is doing a thing about it.

I really would have thought that companies would take a look at what’s happening and start changing the way information is handled when it comes to employees taking it with them.

I would take a large guess that until some of the information stolen belongs to a celebrity or someone in Congress, not a damn thing is going to be done. If you are one of the people affected I guess they will sing you the tune of too bad, so sad.

In March, the Ohio Supreme Court ruled that Ohio’s open records law overruled the protections for medical records under HIPAA. This decision is “possibly the first regarding a clash between states’ open records laws and HIPAA.”

The court case involved the Cincinnati Enquirer, which wanted the city to “hand over information regarding building owners who’d been cited for lead paint violations.” On March 17th, the Enquirer won: the Ohio Supreme Court “ruled unanimously that the Cincinnati Health Department was in the wrong when it used HIPAA’s privacy protections as an excuse not to provide the Enquirer with information on lead paint violations.”

Because many states have open records laws, so this outcome could “prove to be a landmark ruling should similar situations emerge in other locales.”

For more details, check out CIO Magazine.

A press release came across the wire recently, put out by Barbara Clark’s people, stating:

Nearly one year ago, Barbara Clark, a former Adventist nurse, filed a complaint with the U.S.
Department of Health and Human Services (DHHS) concerning the breach of confidentiality of her medical records under HIPAA; the federal Health Insurance Portability and Accountability Act of 1996.

Whenever money is at stake, it’s always important to look at all the sides. Clearly we’re only getting one side here, but if the allegations are true, the statements are certainly troubling.

This pdf on Clark’s website explains a bit more of the background in the case.

InformationWeek is reporting:

A federal advisory panel on Tuesday issued a 14-point report of recommendations for what’s needed to develop, implement, and foster the secure nationwide exchange of electronic medical information.

The report was issued by the Commission on System Interoperability, which was created by Congress as part of the Medicare Modernization Act of 2003. The commission was charged with developing recommendations, priorities, and a timeline for implementing an electronic health information exchange network.

A nationwide healthcare system would be a ripe target for hackers. Let’s hope these recommendations are heeded by the Federal gov.

Not only could the suggestions reduce security threats, but also help save lives.

As you know, medical mistakes such as prescriptions being filled incorrectly, cost thousands (if not hundreds of thousands) of lives yearly.

The article continues:

Government researchers estimate that health IT, like physician order-entry and standards-based electronic medical record systems, can help reduce tens of thousands of medical mistakes and billions of dollars in health-care costs annually in the U.S. There are already a handful of incentive programs underway by some private insurers, as well as a Medicare pilot program, that reward health-care providers who improve their quality-of-patient care using health IT.

Read more here

Here’s an interesting twist on the old federal vs. state jurisdictional dispute.

First Amendment Center is reporting:

COLUMBUS, Ohio — A newspaper wants to report on homes, many of them rented, where lead paint has harmed children. The city health department fears federal fines and penalties if it complies with the state’s open-records law.

In what attorneys say is one of the first such tests nationwide, the Ohio Supreme Court must decide if state law trumps the federal rule.

The 2-year-old federal Health Insurance Portability and Accountability Act prohibits health insurers, medical care providers and entities that process medical information from releasing any information that identifies the patient. However, the information can be released by a public agency if a state records law mandates it.

This seems like one of those grey areas of the law where the legislature did not fully understand some of the ramifications of HIPAA legislation.

Read more here

The Ohio Supreme Court is going to rule on whether state disclosure laws overrule the federal HIPAA mandates for protecting patient privacy. This may be one of the first rulings on the HIPAA regulations and should help establish precedent for exactly when state laws should rule instead of federal law.

The newspaper’s attorney, Jack Greiner, argues that the open-records law wins. Guidance by federal attorneys says that when a records law mandates disclosure, rather than just permit it, the state law takes precedence.

Are lead paint violation notices really covered by HIPAA?

“The Health Department was concerned about the potential for civil and criminal penalties for the violation of this somewhat vague and confusing … mandate,” Nestor said.

Both sides in the case, and the Reporters Committee for Freedom of the Press, knew of only two similar cases in Texas and Kentucky. Attorneys general in both states said the public-records law takes precedence, but both those cases dealt with records requests to police agencies, which don’t count as health care entities under the federal rule.

Greiner says the records are essential for the public to know where public health hazards are, and whether the Health Department is acting on them.

A ruling to seal the lead citations could hamper investigative reporting, public-records advocates say.

“This would have a chilling effect in the release of more general information, and that would be a shame because it would deny communities information that would clearly be in the public interest,” said Frank Deaner, lobbyist for the Ohio Newspaper Association.

Read the entire article at firstamendmentcenter.org

The privacy spot reports:

According to the Houston Chronicle, Christus St. Joseph Hospital sent approximately 16,000 letters to patients informing them that a computer stolen in a burglary earlier this year may have contained some of their medical records and Social Security numbers. According to the hospital letters, the only patient files affected, to their knowledge, are files for patients treated in the “emergency department in 2004, patients who sought outpatient services in radiology, sports medicine and rehabilitation from August through September 2003 and April through June 2004, and patient charts from 2001.”

Read more here

Well, the deadline to complete the security requirements of HIPAA passed yesterday with little fanfare.

Internet News has the scoop:

“Considering everything that is involved with compliance, there are a lot of factors as to why some companies may not have completed it,” Earl Crane, a senior consultant with Foundstone Professional Services, said. Foundstone, a subsidiary of McAfee, is a leading HIPAA consultant and security software provider.

Some scary compliance stats:

However, a study from Information Technology Solution Providers Alliance shows that only 30 percent of health plans and 18 percent of health care providers in the SMB market are in compliance with the regulations.

“They’ve got their own fires to put out,” Crane said. “It doesn’t happen out of laziness but rather a crunch for resources,” he said.

Read more here

On April 18, 2005, the Federal Register published the proposed rule regarding enforcement of the HIPAA Administrative Simplification Rule. Comments on the proposed rule will be considered by the Department of Health and Human Services if received no later than June 17, 2005.

To read the proposed rule, click here.

(via privacy spot)

The Houston Chronicle is reporting:

DALLAS — A state district court judge rejected a bid by an alternative weekly newspaper to dismiss a lawsuit filed by a church volunteer who said the paper reported without his permission that he was HIV-positive.

The ruling Wednesday could clear the way for a trial. The judge did not set a trial date.

The plaintiff is seeking $550,000 to $1.1 billion in damages against The Dallas Observer, charging that the newspaper violated a Texas confidentiality law. The law forbids disclosing medical test results without a patient’s written consent, except to government health agencies.

The man, named John Doe in the lawsuit, sued the newspaper; its parent company, Phoenix-based New Times Inc.; J.D. Sparks, a freelancer who wrote the article; and Jean Morris, the former church official who told the newspaper that the man was HIV-positive.

Lawyers for the newspaper said the law was intended to apply to hospitals and insurance companies, not news organizations. They also said that the man had already disclosed his HIV status by letting his picture and name appear on a CD by Positive Voices, an openly HIV-positive chorale group.

Read more here

Jeff over at the other HIPAA Blog points out a medblogger who also notes the San Jose computer theft incident.

The only problem? It’s not a HIPAA violation as they claim. (This according to Jeff Drummond, a guy who certainly knows his stuff.)

Jeff Drummond:

Grand Rounds is up, this time at GruntDoc, an ER doc blogging from the other half of the North Texas Metroplex, affectionately known as Foat Wuth. He links to a medblogger who notes the San Jose medical group’s computer theft incident I blogged recently, and says it’s a HIPAA violation; I disagree, at least with the long-distance diagnosis. The fact that something bad happens doesn’t mean there’s a HIPAA violation. The fact that PHI gets improperly disclosed doesn’t mean that there’s a HIPAA violation. HIPAA doesn’t require that PHI never get out wrongly, it just requires that covered entities take reasonable steps to try to prevent that.

There’s the key: ‘The fact that PHI gets improperly disclosed doesn’t mean that there’s a HIPAA violation.’

Your data may be protected from internal tampering and data-snooping of employees… but what if your physical hardware is stolen?

The other ‘HIPAA Blog’ reports:

Sometimes identity theft and potential HIPAA-violating disclosures of PHI are sidelights of simple crime.

You can read the MSNBC article here.

Jeff continues:

Here, theives broke into a medical office and stole the easily-salable valuables (computers and electronic equipment). The problem, of course, is that there is PHI on those computers. Perhaps a lesson in using encryption-at-rest for your databases?

This reminds me of the backdoor ways that hackers often use to compromise computer systems.

Often-times the easiest method to compromise computer systems is not to “crack” the computer code, but rather to use a roundabout method such as “social engineering.” This method involves tricking employees to reveal critical passwords or other secret company data.

Now, stealing an entire computer hardware system is a bit more brute-force, but uses the same techniques. In all actuality, though, the thieves are more interested in the resale value of the machines, not the private data that they’ve come into posession of. (unless they are some really sophisticated thieves)

Just came across this article from Business & Legal Reports.

The initial HIPAA rules were issued in 1997. Well, there have been several modifications since then.

Are you compliant with the 1997 rules, or the latest (including the modifications)? It’s probably best to be on the safe side and review all of the major changes to HIPAA since the initial coding and introduction of the privacy law.

From Business & Legal Reports:

While final portability rules for the Health Insurance Portability and Accountability Act made mostly minor modifications and clarifications to interim rules issued in 1997, employers would be wise to review their plans and notices to ensure compliance before the Department of Labor comes knocking at their doors for an audit, according to Tonie Bisteff and Tiffany Santos, associates at the law firm Trucker Huss in San Francisco.

Bisteff and Santos were speakers during an audio conference Thursday entitled “HIPAA Final Portability Rules: What You Need to Know About the New Regulations,” which was held by the California Employer Advisor, a division of BLR.

They offered tips for complying with the final portability rules published on December 30, 2004. The rules are applicable to plan years beginning on or after July 1, 2005 (that is, January 1, 2006 for calendar-year plans).

The final regulations clarify the definition for a plan provision qualifying as a preexisting condition exclusion (PCE). Under the final rules, a plan provision qualifies as a PCE if it restricts benefits for a condition because it was present before a participant’s effective date of coverage under a group health plan or health insurance coverage.

The finals rules set limitations on preexisting condition exclusions:

• The final rules retain the six-month look-back period, but they clarify that a plan can use a period shorter than 6 months for the purposes of applying the rule.
• The PCE is prohibited from extending for more than 12 months (18 months for late enrollees).
• Cannot be imposed on pregnancy or the on the first 30 days after birth or adoption.

Read more here

A Silicon Valley Business Journal article reports that enforcement of HIPAA regulations may not be enforced with an iron fist.

Well, folks, looks like that’s it for HIPAA Blog. No need to keep updating this site if it’s not going to be enforced.

If you’re not going to be prosecuted (or fined heavily)… why worry about the medical privacy of your patients??

(The above should be said with an extreme sense of sarcasm.)

Here’s more from the article:

The Centers for Medicare and Medicaid Services, the federal agency responsible for enforcing the Health Insurance Portability and Accountability Act security regulations, is likely to take a soft approach when it comes to governing compliance with the rules.

While the agency is still drafting its security enforcement procedures, says Stanley Nachimson, senior technical adviser to CMS’s Office of HIPAA Standards, it is planning to implement a complaint-driven procedure.

This means that persons or entities that discover a security violation must file a complaint with CMS. The agency will conduct an investigation and, if it finds a violation, will work with the violator to correct it, Nachimson says. “We will attempt to get the entity to come up with a corrective action plan. That’s the preferable way to do it.”

Read more here