From HIPAABook.com:

These are the top 10 essential HIPAA books for IT managers to read. Each of these popular titles was rated most highly useful by the cutomers at Amazon.

Read article: Top 10 highest-rated HIPAA books for IT Managers

Niner Niner, a collaborative weblog network, has over 25 great blogs and this “Best Of” highlights just a few of the posts that were written by some of the Niner authors, in topics that range from High Heels, Ajax, HIPAA Privacy Regulation to gadgets, books and health. 

In Ajax Blog, Sreejith introduces us to a few new things. First is Vox a new blogging service from Six Apart that uses WYSIWYG with a taste of web 2.0. After that we learn about Krun.ch and Wishlistr.

Blogging Naked: Scarification and lip plates are shown to be some of the newest and more popular form of “self-expression” in recent years.

Bookadoodle: Nancy Callahan posted more in her series “Getting Published” and this latest edition was part 5.

Boomer 2.0 had posts that pointed out that boomers can still have that second career and another that shows many are not even planning retirement anytime soon.

In Class Action Questions find out about lawsuits involving pyramid scams, hair raising beauty product claims and why State Farm was penalized.

Credit Cardenza: Unfortunately, millions of people are drowning in  credit card debt, have to worry about credit scams and fraud, and let’s not even talk about the international fees.

Dealsneak managed to sneak more than a few deals pass us this summer including, the Samsonite laptop case, a gorgeous leather bench, and a sweet looking Thermaltake Tsunami computer case.

Feed Money discusses the fact the Ebay has jumped on the contextual ad bandwagon as well as blog feeds and a program called RSS To Blog.

If you need to Fix Your Finances one of the first steps is learning how to save your money. After that you can check out Mvelopes to learn all about budgets.

At Games For Money you can find places to play free online gambling games and also learn some card counting tricks and tips.

The High Heels Blogs show us which killer heels are on sale including boots, sandals, slides and mules. Also take a look at some killer wedding heels for this summers nuptials.

A few notable gadgets that were blogged in the HyperGadget blog were the Kurzweil-National Federation of the Blind Reader, and the jumbled and messy looking organizer.

Over at the Medcare Forum, Kathleen Milazzo tells us more about that scary mad cow disease and our medical privacy laws.

Find out just how much house you can afford before you go running off to get that mortgage. And is the housing bubble really ready to blow? All this and more in Mortgage Updates.

At My Secret Side Biz learn how to make a profit, how to get your own powerwash, and simple business and Ebay tips.

On Healthy Living: Sarah White tells us all about a new study that could help with asthma reduction when it comes to do light exercise that involves stead breathing like yoga.

On Movies has a decade of super heroes list that includes recent and unreleased movies. Leafworks reviewed The Omen and we got to see the trailer for the new Ghost Rider movie.

Powersellers Blog: Ebay has done it. They finally reached 200 million members and they are also expanding into new ideas. Also people are fed up with Paypal while crooks are finding more ways to defraud your account.

Seo Updates: Yahoo one of the biggest email services was hit with a worm and Google expanded into real estate but won’t be making a browser, at least not anytime soon.

Get some free exercise tips from The Diet Logs. You will certainly need them if you plan to take a bite of this $100 burger.

Living the Single life? Well take a look at some great break up lines and if your looking to meet people Leafworks posted a great review of club La Rumba.

Thumb Gods: Nintendo is no, no to the name Wii for their new console a game system that is at the end of this long list containing The Evolution of Video Game Consoles.

Las Vegas Revealed that it was ill prepared for a massive disaster, but til then you can still get married and get comp’d in Vegas.

Wander the World, well the State of Colorado with Leafworks. He takes us to the Cherry Blossom Festival, Gothnic in Denver, Old Colorado City, Plaza del Arte Festival in Downtown Denver and Garden of the Gods.

Wireless LAN’s are convenient and allows for portablity. However they are very dangerous when it comes to security because even with a password, some technical individuals can still break their way through the encryption.

Siemens Communications Inc. has announced today that they have released a modular extention called HiPath Wireless Manager Advanced (HWMA) that will improve wireless security with intrusion detection and prevention.

“The Siemens HiPath Wireless Manager Advanced platform helps enterprises improve network efficiencies, prevent network attacks and respond to security challenges,” said Stefan Miesbach, CEO of the HiPath Wireless Division at Siemens. “The HWMA solution is also an important part of Siemens’ vision to make enterprise mobility easy - including enterprise data networking as well as the emerging need for unified on-the-go communication across all mobile and vertical business applications.”

Via Wireless IQ

Brabeion Software has updated their products with a new software called Brabeion Compliance Center 6.0. It allows users to keep up with regulatory compliance.

“With the addition of these regulatory modules, Chevron is better positioned to more proactively manage, deploy, and mitigate ongoing compliance efforts for SOX, HIPAA and other global regulatory requirements,” said Jay White, Global Information Protection Architect, Chevron. “Never before have we been able to implement easily and quickly such a comprehensive solution across our widely distributed information assets for compliance with external and internal regulations and security protocols.”

Brabeion Compliance Center is designed to significantly decrease the time and cost of implementing an IT compliance program, while providing unparalleled support for specific government and industry regulations. The solution includes modules for Sarbanes-Oxley (SOX), the Healthcare Information Privacy and Accountability Act (HIPAA), the Federal Information Systems Management Act (FISMA), the Gramm-Leach Bliley Act (GLBA), California SB 1386 and NIST 800-53. Brabeion Software plans to launch additional modules later this year.

Source: Thomas Net

Configuresoft makes software that helps clients manage their technology and privacy concerns. This software can audit and monitor both your hardware and software allowing you to spend your time elsewhere. Configuresoft has now updated this already impressive software.

Colorado Springs-based ConfigureSoft has upgraded its Enterprise Configuration Manager (ECM) software. The firm said yesterday that its latest version, 4.8, of its software tool adds a new dashboard capability, better support for operating system platforms, including new 64-bit Windows, and cross-platform toolkits for various compliance regulations. Configuresoft’s software is used for monitoring IT infrastructure for compliance with Sarbanes-Oxley (SOX), HIPAA, and other regulations.

Source: Tech Rockies

The CalRHIO has put out a list of of recommended data standards that is needed to have everything connected through out the State of California. This map is more like a guide for California health organizations as they move into the latest technology that is needed.

This map shows what the standard is at the moment and what the standard will be in the next six or more.

Nine areas are addressed: administration and finance, allergies, clinical documentation, imaging, immunization, laboratory, medication, services, and vocabulary.

Source: HIPAA Advisory

Congress is trying to look toward the future and become more technology minded by building a national electronic health system. A group of 26 national groups however are asking that at the middle of any such system they add a patients privacy rights to protect patients.

“Patients own their health data and should control who has access to their personal health records. Privacy violations will exponentially increase if patients cannot limit which health care businesses and government agencies can access our personal health data over an electronic network,” said Deborah C. Peel, MD who is chairman for the Patient Privacy Rights Foundation (PPRF).

Tim Sparapani, Legislative Counsel of American Civil Liberties Union has also said, “The intentions of the proposed health information technology legislation are to improve healthcare, reduce medical errors, and save money, but we believe that those benefits will be realized only if there are ironclad privacy protections. Guaranteeing privacy will generate public acceptance, trust and participation in these networks.”

Critics fear that if people are forced to reveal their medical records over electronic networks that they will be less than honest about embarrassing symptoms,  avoid getting treated and even leave out important medical problems.

From PRweb

The 20 nationally recognized organizations are urging Congress to:

•    Restore the patient’s right of consent
•    Give patients the right to opt-out of having their records in any national or regional electronic health system
•    Give patients the right to segregate their most sensitive medical records
•    Require audit trails of all disclosures
•    Deny employers access to medical records
•    Require that patients be notified of all suspected or actual privacy breaches
•    Preserve stronger privacy protections in state laws
•    Enact meaningful enforcement and penalties for privacy violators

The organizations making up the coalition are the following:

American Civil Liberties Union
American Conservative Union
Asian American Justice Center
California Consumer Health Care Council
Christian Coalition of America
Common Cause
Computer Professionals for Social Responsibility
Consumer Action
Electronic Privacy Information Center
Fairfax County Privacy Council
Family Research Council
Free Congress Foundation
National Asian Pacific American Families Against Substance Abuse
National Center for Transgender Equality
National Health Law Program
Patient Privacy Rights Foundation
Population Research Institute
Privacy Activism
Privacy Rights Now
Privacy Rights Clearinghouse
Republican Liberty Caucus
Right March.com
Thoughtful House Center for Autism
U.S. Bill of Rights Foundation
U.S. Public Interest Research Group
U.S. Public Policy Committee for the Association for Computing Machinery

InformationWeek is reporting:

A federal advisory panel on Tuesday issued a 14-point report of recommendations for what’s needed to develop, implement, and foster the secure nationwide exchange of electronic medical information.

The report was issued by the Commission on System Interoperability, which was created by Congress as part of the Medicare Modernization Act of 2003. The commission was charged with developing recommendations, priorities, and a timeline for implementing an electronic health information exchange network.

A nationwide healthcare system would be a ripe target for hackers. Let’s hope these recommendations are heeded by the Federal gov.

Not only could the suggestions reduce security threats, but also help save lives.

As you know, medical mistakes such as prescriptions being filled incorrectly, cost thousands (if not hundreds of thousands) of lives yearly.

The article continues:

Government researchers estimate that health IT, like physician order-entry and standards-based electronic medical record systems, can help reduce tens of thousands of medical mistakes and billions of dollars in health-care costs annually in the U.S. There are already a handful of incentive programs underway by some private insurers, as well as a Medicare pilot program, that reward health-care providers who improve their quality-of-patient care using health IT.

Read more here

Jeff over at HIPAA Blog has some Wi-Fi and HIPAA Integration guidelines, courtesy of Hospital Compliance Wire:

1. Make sure the wi-fi access for your patients is separate from your clinical information systems. It should operate as if the wi-fi access route was operated by the business next door. Remember, even if your clinical systems aren’t wireless now, they may be in the future, so you definitely want to keep “customer” access separate from “employee” access.

2. Use a static portal as your log-in rules of the road. Have wi-fi access go through that portal page first, and include on it your rules for patient access. Remind patients to respect others in the waiting room and be considerate about what they are accessing (porn, gambling, rap music, you get the idea). When listing terms and conditions, give examples.

3. Make sure your signal isn’t so strong that it allows access to people outside your office. You may find some big bandwidth costs if someone camps onto your wi-fi from your parking lot.

4. Monitor wireless use. The worst thing you could do is install wi-fi and not monitor it, only to find that a patient or visitor has used your wi-fi to hack into your systems. Look for loopholes and trouble spots. Malicious visitors are always looking for weak spots, and technology constantly changes to invent new ways to breach old security measures.

I wouldn’t be surprised if there were many doctor’s offices around the country who have installed Wi-Fi networks but failed to secure them.

Hackers beware though - the fines / penalties for violating medical privacy rights could be much stiffer than your average hack target.

Just catching up on a bit of HIPAA / Healthcare / Privacy news of late.

Seems IBM announced that it was acquiring Healthlink, the largest U.S. consulting firm dedicated to the health-care industry.

Rochelle Garner of CRN reports:

IBM announced Tuesday that it will buy Healthlink, the largest U.S. consulting firm dedicated to the health-care industry. The acquisition gives IBM Global Services the domain expertise of Healthlink’s 550-person professional organization, including 300 physicians, nurses and pharmacists. Terms of the deal were not disclosed.

The acquisition is the second in one week in which a large IT consulting company acquired the health-care expertise of another. Last week, Accenture paid $175 million to buy the U.S. health-care practice of Capgemini. The 600 North American employees of Europe’s largest consulting company will join Accenture’s Health and Life Sciences practice in North America, the companies said. Paris-based Capgemini will retain its outsourcing contracts with U.S. health-care clients as well as continue health-care consulting in the federal public sector.

A Linux news site is reporting:

Ecora has released Enterprise Auditor version 3.6 that includes its new HIPAA Report Pack, a collection of more than 150 pre-built report definitions that address the technical and administrative safeguards of the HIPAA security standard.

“The manual process of preparing for a HIPAA security audit is time consuming, resource intensive, and prohibits sustainability, said Alex Bakman, founder and CEO of Ecora. “When organizations look at technology for compliance, they need to consider automated solutions such as our Enterprise Auditor that can cost-effectively help them maintain compliance in a repeatable and sustainable manner.”

Read more here

Techweb reports:

Enforcement of the security regulations–like earlier HIPAA rules for privacy–will be complaint-driven, he says. Since the HIPAA privacy regulations, which identify what personal health information needs to be protected, took effect two years ago this month, there have been nearly 11,000 complaints filed to the federal government by patients and others. As of January, about 62% of those privacy-violation complaints had been resolved, according to CMS. The others are still being processed or have been turned over to the Justice Department for criminal investigation.

Interesting survey stats:

A survey conducted earlier this year by Privacy and American Business and Harris Interactive showed that 70% of Americans are concerned that their personal health information could be disclosed because of weak data security, and 69% think electronic health records could result in the sharing of their health information without their knowledge. Sixty-five percent think patients will withhold information from doctors because of those concerns.

Some background on HIPAA, and Bush’s goals for electronic medical records:

HIPAA, which was passed by Congress in 1996, was written before the more recent federal push to have the health industry replace paper-based patient files with digital records. The Bush administration last year set a goal for most Americans to have electronic health records by 2014. The government estimates that billions of dollars can be saved annually in the United States by widespread IT deployments that can help reduce medical errors, costs, and waste.

From the Chicago Tribune:

“Despite advancing technology, medical practices have proven remarkably resistant to embracing e-mail as a tool to correspond with patients.”

Jeff of the other HIPAA Blog says:

It makes some sense, since doctors may be slightly more resistant than other professionals to any change from the way they’ve done things in the past (if their patients have lived with what they did to them previously, why risk that success?), but it’s also counterintuitive in that doctors tend to be technology-adapters. Perhaps physicians like technology when they can use it on their side of the patient-encounter fence, but don’t like anything that messes with that fence.

Doctors and email do seem like a dangerous combination… but only due to the fear of lawsuits.

I can envision a day when doctors use email as much as CEOs. Remember reading some of those Bill Gates email memos during the Microsoft trial days? We’d probably also get a glimpse into the ‘email lives’ of doctors if they started using email en masse with patients.

Jeff over at the other HIPAA Blog points out a medblogger who also notes the San Jose computer theft incident.

The only problem? It’s not a HIPAA violation as they claim. (This according to Jeff Drummond, a guy who certainly knows his stuff.)

Jeff Drummond:

Grand Rounds is up, this time at GruntDoc, an ER doc blogging from the other half of the North Texas Metroplex, affectionately known as Foat Wuth. He links to a medblogger who notes the San Jose medical group’s computer theft incident I blogged recently, and says it’s a HIPAA violation; I disagree, at least with the long-distance diagnosis. The fact that something bad happens doesn’t mean there’s a HIPAA violation. The fact that PHI gets improperly disclosed doesn’t mean that there’s a HIPAA violation. HIPAA doesn’t require that PHI never get out wrongly, it just requires that covered entities take reasonable steps to try to prevent that.

There’s the key: ‘The fact that PHI gets improperly disclosed doesn’t mean that there’s a HIPAA violation.’

Your data may be protected from internal tampering and data-snooping of employees… but what if your physical hardware is stolen?

The other ‘HIPAA Blog’ reports:

Sometimes identity theft and potential HIPAA-violating disclosures of PHI are sidelights of simple crime.

You can read the MSNBC article here.

Jeff continues:

Here, theives broke into a medical office and stole the easily-salable valuables (computers and electronic equipment). The problem, of course, is that there is PHI on those computers. Perhaps a lesson in using encryption-at-rest for your databases?

This reminds me of the backdoor ways that hackers often use to compromise computer systems.

Often-times the easiest method to compromise computer systems is not to “crack” the computer code, but rather to use a roundabout method such as “social engineering.” This method involves tricking employees to reveal critical passwords or other secret company data.

Now, stealing an entire computer hardware system is a bit more brute-force, but uses the same techniques. In all actuality, though, the thieves are more interested in the resale value of the machines, not the private data that they’ve come into posession of. (unless they are some really sophisticated thieves)