From HIPAABook.com:

These are the top 10 essential HIPAA books for IT managers to read. Each of these popular titles was rated most highly useful by the cutomers at Amazon.

Read article: Top 10 highest-rated HIPAA books for IT Managers

HIPAA was passed in 1996 to help protect a patients privacy and private medical files. However when it comes to patient cancer trials, even when the doctors have a patients approval to get their records, the hospitals are reluctant to release the information. This has caused less cancer patients to be accepted in trial studies and has also raised cost.
Clinical trials hurting for help

Niner Niner, a collaborative weblog network, has over 25 great blogs and this “Best Of” highlights just a few of the posts that were written by some of the Niner authors, in topics that range from High Heels, Ajax, HIPAA Privacy Regulation to gadgets, books and health. 

In Ajax Blog, Sreejith introduces us to a few new things. First is Vox a new blogging service from Six Apart that uses WYSIWYG with a taste of web 2.0. After that we learn about Krun.ch and Wishlistr.

Blogging Naked: Scarification and lip plates are shown to be some of the newest and more popular form of “self-expression” in recent years.

Bookadoodle: Nancy Callahan posted more in her series “Getting Published” and this latest edition was part 5.

Boomer 2.0 had posts that pointed out that boomers can still have that second career and another that shows many are not even planning retirement anytime soon.

In Class Action Questions find out about lawsuits involving pyramid scams, hair raising beauty product claims and why State Farm was penalized.

Credit Cardenza: Unfortunately, millions of people are drowning in  credit card debt, have to worry about credit scams and fraud, and let’s not even talk about the international fees.

Dealsneak managed to sneak more than a few deals pass us this summer including, the Samsonite laptop case, a gorgeous leather bench, and a sweet looking Thermaltake Tsunami computer case.

Feed Money discusses the fact the Ebay has jumped on the contextual ad bandwagon as well as blog feeds and a program called RSS To Blog.

If you need to Fix Your Finances one of the first steps is learning how to save your money. After that you can check out Mvelopes to learn all about budgets.

At Games For Money you can find places to play free online gambling games and also learn some card counting tricks and tips.

The High Heels Blogs show us which killer heels are on sale including boots, sandals, slides and mules. Also take a look at some killer wedding heels for this summers nuptials.

A few notable gadgets that were blogged in the HyperGadget blog were the Kurzweil-National Federation of the Blind Reader, and the jumbled and messy looking organizer.

Over at the Medcare Forum, Kathleen Milazzo tells us more about that scary mad cow disease and our medical privacy laws.

Find out just how much house you can afford before you go running off to get that mortgage. And is the housing bubble really ready to blow? All this and more in Mortgage Updates.

At My Secret Side Biz learn how to make a profit, how to get your own powerwash, and simple business and Ebay tips.

On Healthy Living: Sarah White tells us all about a new study that could help with asthma reduction when it comes to do light exercise that involves stead breathing like yoga.

On Movies has a decade of super heroes list that includes recent and unreleased movies. Leafworks reviewed The Omen and we got to see the trailer for the new Ghost Rider movie.

Powersellers Blog: Ebay has done it. They finally reached 200 million members and they are also expanding into new ideas. Also people are fed up with Paypal while crooks are finding more ways to defraud your account.

Seo Updates: Yahoo one of the biggest email services was hit with a worm and Google expanded into real estate but won’t be making a browser, at least not anytime soon.

Get some free exercise tips from The Diet Logs. You will certainly need them if you plan to take a bite of this $100 burger.

Living the Single life? Well take a look at some great break up lines and if your looking to meet people Leafworks posted a great review of club La Rumba.

Thumb Gods: Nintendo is no, no to the name Wii for their new console a game system that is at the end of this long list containing The Evolution of Video Game Consoles.

Las Vegas Revealed that it was ill prepared for a massive disaster, but til then you can still get married and get comp’d in Vegas.

Wander the World, well the State of Colorado with Leafworks. He takes us to the Cherry Blossom Festival, Gothnic in Denver, Old Colorado City, Plaza del Arte Festival in Downtown Denver and Garden of the Gods.

It seems that only after a major disaster happens that problems are then addressed and sometimes fixed. That is especially true in the world of security and HIPAA.

As director of technology for Kettering Medical Center Network, Burritt is in charge of the technology infrastructure for a group of five hospitals and 51 medical facilities in the Dayton, Ohio area, all within 40 miles of each other. The network supports some 10,000 users and 6,000 connected devices, ranging from servers to notebook computers and PDAs.

He estimates that if the network ever failed, it could cost his organization a million dollars a day.

Locking down the network can be especially tough for health-care organizations, with their typical mix of paper and electronic records, the need for long record retention, and the move to digital imaging. With the passage of the Health Insurance Portability and Accountability Act (HIPAA) security rule last April, protection of electronic records has been shoved to the forefront. (HIPAA’s privacy rule has been in effect for several years, depending on the size of the organization.)

Source

We all overhear confidential conversations we probably shouldn’t in various medical settings.

Sometimes, it’s inadvertent: through thin examination-room walls, through flimsy curtains between hospital beds.

Sometimes, it’s downright impossible *not* to hear details you shouldn’t. We’ve all seen those doctors who waltz into waiting rooms to divulge (very personal) information to a pateint’s family …and everyone else within earshot.

How is all this possible in the age of HIPAA and its many privacy provisions?

The answer lies here.

Basically, “the HIPAA Privacy Rule…does not require that all risk of incidental use or disclosure be eliminated to satisfy its standards.”

So, instead of trying to battle this problem, HIPAA simply concedes that it exists (”the potential exists for an individual’s health information to be disclosed incidentally”) and says, oh, well, can’t do anything about that…

I understand it’s a hard thing to fix, but still, shouldn’t HIPAA at least attempt to decrease the amount of incidental disclosure going on?

Source: PhillyBurbs

The deadline is looming, according to Business & Legal Reports:

The deadline for small [health] plans to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) security standards is drawing near. The security standards are a corollary to the HIPAA Privacy Rule, which created national standards to protect individuals’ medical records and other personal health information and give to patients more control over their health information.

[…]

HIPAA’s security standards specify a series of administrative, technical, and physical security procedures for covered entities to use to ensure the confidentiality, integrity, and availability of PHI in electronic format. The security standards for all but small plans had to be in place by April 25, 2005. Small plans have until April 21, 2006, to comply. A small health plan is defined as a plan with annual receipts of $5 million or less. (Group health plans with fewer than 50 participants and that are administered by the employer are exempt from the HIPAA privacy, electronic transaction, and security standards.)

The standards require covered entities to implement basic safeguards to protect electronic PHI from unauthorized access, alteration, deletion, and transmission. The various standards may have either required or addressable implementation specifications.

A Congressional health subcommittee heard testimony on plans to develop a new medical information database in the United States, and experts said a new federal privacy law would be needed to expand HIPPA to cover the database, according to a story by UPI.

HIPPA covers breaches of health privacy by health plans and providers, but doesn’t say anything about other people who might access medical information such as medical transcribers hired by doctors or even hackers.

A new federal law would have to make sharing medical information a crime for anyone with access to that information. Experts urged that passing of a law to cover the database before that system is put in place, instead of trying to write a law to fit the new technology once it is already in place.

Right now there is a patchwork of state laws covering the privacy of medical records in addition to HIPPA. About 17,000 claims have been filed under HIPPA, but action has only been taken against one company.

Privacy advocates warn that a law that does not give patients the right of consent to say who can and cannot access their records will quickly erode the patients’ right to privacy. The right of consent was removed from HIPPA in 2002.

H.R. 4157 in Congress would establish a nationwide health infrastructure. It is much more complicated than the current system for tracking patient records and, as such, Blue Cross and Blue Shield has said the timetable for implementing the system as outlined in the bill is too ambitious.

For more on the bill before Congress, visit Thomas.

A press release came across the wire recently, put out by Barbara Clark’s people, stating:

Nearly one year ago, Barbara Clark, a former Adventist nurse, filed a complaint with the U.S.
Department of Health and Human Services (DHHS) concerning the breach of confidentiality of her medical records under HIPAA; the federal Health Insurance Portability and Accountability Act of 1996.

Whenever money is at stake, it’s always important to look at all the sides. Clearly we’re only getting one side here, but if the allegations are true, the statements are certainly troubling.

This pdf on Clark’s website explains a bit more of the background in the case.

It looks like our good neighbors across the pond have vetoed an all-in-one ID card proposal by the British government.

The BBC reports:

Plans to combine new compulsory identity cards with passports and driving licences have been dropped by Home Secretary David Blunkett.

The UK Home Office’s official response: “When cost, implementation and risk considerations are assessed together, we now think the option of a free-standing card is more attractive.”

Similar efforts have failed here in the states as well. Right after September 11th, I would have been much more inclined to support a national ID card system here in the US. These days, it would take a seriously uptick in terrorism here in the states for something like this to gain acceptance.

Here’s an interesting twist on the old federal vs. state jurisdictional dispute.

First Amendment Center is reporting:

COLUMBUS, Ohio — A newspaper wants to report on homes, many of them rented, where lead paint has harmed children. The city health department fears federal fines and penalties if it complies with the state’s open-records law.

In what attorneys say is one of the first such tests nationwide, the Ohio Supreme Court must decide if state law trumps the federal rule.

The 2-year-old federal Health Insurance Portability and Accountability Act prohibits health insurers, medical care providers and entities that process medical information from releasing any information that identifies the patient. However, the information can be released by a public agency if a state records law mandates it.

This seems like one of those grey areas of the law where the legislature did not fully understand some of the ramifications of HIPAA legislation.

Read more here

Jeff over at HIPAA Blog has some Wi-Fi and HIPAA Integration guidelines, courtesy of Hospital Compliance Wire:

1. Make sure the wi-fi access for your patients is separate from your clinical information systems. It should operate as if the wi-fi access route was operated by the business next door. Remember, even if your clinical systems aren’t wireless now, they may be in the future, so you definitely want to keep “customer” access separate from “employee” access.

2. Use a static portal as your log-in rules of the road. Have wi-fi access go through that portal page first, and include on it your rules for patient access. Remind patients to respect others in the waiting room and be considerate about what they are accessing (porn, gambling, rap music, you get the idea). When listing terms and conditions, give examples.

3. Make sure your signal isn’t so strong that it allows access to people outside your office. You may find some big bandwidth costs if someone camps onto your wi-fi from your parking lot.

4. Monitor wireless use. The worst thing you could do is install wi-fi and not monitor it, only to find that a patient or visitor has used your wi-fi to hack into your systems. Look for loopholes and trouble spots. Malicious visitors are always looking for weak spots, and technology constantly changes to invent new ways to breach old security measures.

I wouldn’t be surprised if there were many doctor’s offices around the country who have installed Wi-Fi networks but failed to secure them.

Hackers beware though - the fines / penalties for violating medical privacy rights could be much stiffer than your average hack target.