Social Media Leaves HIPAA Irrelevant

In light of the recent recognition that on an almost global basis people’s private information is virtually an open book, one can only wonder if the protection of PHI, (Protected Health Information) that HIPAA meant to protect, is illusory. To the extent that emails and other communications meant for designated recipients are analyzed, scraped, aggregated and stored it is in …

Interoperability

Interoperability – the express lane to nowhere

There are several government mandates dating back to the Obama administration as well as certain initiatives by the Trump administration that seem to place interoperability between medical providers as a priority issue with respect to healthcare reform. Not surprisingly, it has and still remains something of an abstract idea. We can all admit that theoretically if a patient came to …

Cybersecurity Safe Harbor – an Idea Whose Time has Come

Ohio may be ahead of the curve. The Ohio state Senate recently introduced Senate Bill 220 that seeks to create a safe harbor from certain liability provided that various standards of cyber security have been substantially adopted/followed. The reason for this pending statute is to create an incentive for various entitiesto adopt appropriate standards and levels of cybersecurity, with an …

Cloud Cover Obscures Breach Vulnerability

Cloud Cover Obscures Breach Vulnerability

It is almost “old hat” for anyone to address the fact that computer systems and digital networks have inherent breach vulnerability. With the ever-increasing use of the “cloud,” however, there seems to be a certain misapprehension that the cloud is some safe refuge that eliminates the risk of breach. In fact, this false sense of security seems to imply that …

Harvey, Irma, HIPAA & HITECH

Harvey, Irma, HIPAA & HITECH

The United States has recently endured the catastrophic situation brought about by the Harvey and Irma hurricanes. It is unfortunate that we live in a soundbite society where because of access to media, otherwise calamitous situations turn into yesterday’s news in the blink of an eye. For a few days of massive flooding, the many thousands of people whose lives …

Precluding a HIPAA Breach is not enough

A recent settlement between  a Minnesota hospital system, North Memorial Health Care, and the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), is highly instructive with respect to the liability of CE’s (covered entities), BA’s (business associates) and both the liability and interplay between them. Furthermore, it underscores the fact that although the HIPAA Omnibus …

Texas Expands and Redefines HIPAA

The fact that HIPAA traces its origins back to 1996, seems almost insignificant. In fact, in the various presentations I have seen or participated in that begin with the history of HIPAA, my general reaction is – why bother, who cares about its origins. However, I can identify one particular point about HIPAA’s origins that is of current interest. The …

There’s No Such Thing As a Free Lunch Do you think we can run this as is

There’s No Such Thing As a Free Lunch – Especially from your Pharma Rep. While the first part of this title was popularized by the 1975 book authored by economist and Nobel prize winner Milton Friedman, the totality of the title should leave a chilling and lasting impression in light of the following recent release. Department of Justice U.S. Attorney’s …

Cost of Stolen Laptop Hits record High

Massachusetts Lahey Hospital has agreed to pay $850K over a stolen laptop containing the ePHI of 599 individuals. That works out to over $1,400.00 per individual. It goes without saying that the 2011 incident led to an investigation that found numerous instances of noncompliance with HIPAA rules throughout Lahey Hospital, including a failure to conduct a risk analysis on all …

HIPPA Interferes with Parental Rights – a HIPAA Train Wreck

A few months ago, I came across a number of articles regarding Washington state schools placing IUDs in girls as young as the sixth grade without their parents’ knowledge through a Medicaid program known as “Take Charge.” The story received considerable media play. I do not wish to get into either the necessity or the propriety of this story, although …

Encryption – Govt. double standard – or not

The medical community is subject to unprecedented governmental requirements to protect the privacy of patient data – the governmental interest and incentives for digital storage and transmission of ePHI are clear – the safe harbor of encryption has pushed the medical community, and thereby their business Associates to achieve the highest levels of encryption. On the other hand, the United …

The Falling Star of Nursing Homes – or Maybe Not

How accurate is the Five Star rating system in assisting the general public to determine which nursing home to select? The Government Accounting Office (GAO) has accepted a request to investigate the rating system used on the Nursing Home compare website. This request stems from a request by Senators Bob Casey (D-PA) and Ron Wyden  (D-OR) after CMS (this past …

HIPAA- Critical

Hypocrisy or Critical to the Operation of Government   In reviewing the various reports of HIPAA breaches as a subset of the almost every day occurrence of significant data breaches, and the recent reports of significant data breaches of information that is either entrusted to the government (e.g. medical and/or credit information) or information that the government is both logically …

HIPAA and the Law of Unintended Consequences

Identity theft is so prevalent that we are almost desensitized to its effects – unless of course we’re speaking about its victims who are left with the unenviable task of sifting through the rubble and trying to re-create their medical and/or credit identities. What is surprising is that the very laws that were enacted ( HIPAA etc.) to protect patient …

Ashley Madison Writes Rx for Doctors About Safe Sex(curity) and HIPAA

There are many lessons that the Medical Community– Covered Entities, Business Associates and their subcontractors – can learn from the Ashley Madison hack.  Please forgive me if I omit the prurient details and/or any “holier than thou” statements about the AM business, except to say that it was a site that needed security, dealt with highly sensitive and personal matters, …

Will Your Recruitment Initiatives Invite and Welcome Computer Hackers?

It is very clear that the current landscape is replete with stories of improper intrusion and hacking of computer systems leading to improper dissemination of proprietary or other types of protected information. Most organizations try to block the unwanted intruder (hacker) from ever gaining access to their computer systems. A common method utilized by hackers is known as phishing, which …

How Much Does a Data Breach Cost in Dollars and Cents?

In my last few posts, I wrote about causes of HIPAA breaches and the possible course of a compliance agreement. ( “The Most Detailed and Costly Compliance Agreement You Are Ever Likely to See” , “Seven Noteworthy HIPAA Breaches & the Recent Enforcement Actions” , “The Seven Most Likely Causes of Major HIPAA Breaches” , “The Five Most Likely Types of Major HIPAA …