Tag: Privacy

HIPAA’s Broken Promises

SFox - LgIf you hate HIPAA, it’s your lucky day. Paul Ohm is handing you ammunition in his article, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization.” His argument: our current information privacy structure is a house built on sand.

“Computer scientists…have demonstrated they can often ‘reidentify’ or ‘deanonymize’ individuals hidden in anonymized data with astonishing ease.”

Ohm’s article describes HIPAA, in particular, as a fig leaf – or worse, as kudzu choking off the free flow of information.

“[I]t is hard to imagine another privacy problem with such starkly presented benefits and costs. On the one hand, when medical researchers can freely trade information, they can develop treatments to ease human suffering and save lives. On the other hand, our medical secrets are among the most sensitive we hold.”

Continue reading…

Social Media: Disruptive Force in Medicine

Before the Obama administration set aside billions to accelerate the dissemination of EHRs, providers were slow to adopt them. As recently as 2 years ago for example, a study published in the NEJM revealed that only 4% of non-hospital based providers had fully implemented an EHR, and only 13% more had a partial installation.

By contrast, the growth of social media including Facebook, Twitter, YouTube, blogs and virtual communities like Sermo and Physician Connect, has been explosive.Enterprising providers have already deployed sophisticated social media strategies to extend their brand around the world. The Mayo Clinic for example, maintains several blogs, a Facebook fan page (which has 8,800 fans), a library of YouTube videos and a Twitter page (7,120 followers).Continue reading…

KP lawsuit doesn’t sniff quite right

It’s about time we had a fun Kaiser Permanente scandal, as it’s been a while, and it appears that they’re having some influence on the side of the angels in DC these days. And tracking vis HISTalk apparently there is one. You can wonder over to this blog to get the full rhetoric but basically it comes down to KP being sued by a former relatively senior techie in the Northern California region who has had a big time falling out with his boss.He has three main accusations.

1. KP kept a registry of dementia patients on an open internal network2. KP employees were dumping personally identified data in the trash3. KP was and is not tracking deductibles and was forcing their members to count up to them—presumably costing their members money for those who were paying cash when they’d already met their deductible.

So let’s parse these apart.

Continue reading…

The Red Flags Rule

HalamkaYou may have seen the recent headlines “FTC delays Red Flags Rule
implementation until August 2009”. What is the Red Flags Rule and how
does it relate to healthcare?

The FTC has a great website that it explains it all in detail.

the FTC requires most clinical offices, hospitals, and other health
care providers to develop a written program to spot the warning signs
of identity theft – “red flags”  If a patient’s name on a photo ID and on their insurance card do not match, that’s a red flag. If a patient visited last week as John Smith but today is Fred Jones, that’s a red flag. If patient seems to travel from provider to provider seeking numerous expensive treatments, that’s a red flag.

law was initially designed to cover creditors and it seems odd for
healthcare providers to be considered creditors. The FTC defines a
creditor as anyone who enables the customer to carry a balance after
services are rendered. Unless a clinician asks for payment upfront (all
balances not covered by insurance), the clinician is a creditor.

Continue reading…

Consumers Need All of the Facts in the Privacy Debate

The economic stimulus package that President Obama has signed contains upwards of $20 billion to create electronic health records for most Americans within five years. The president has been very outspoken in his belief that EHRs are essential to health care reform and that the subsequent savings they’ll generate will help to strengthen the larger overall economy.

Whenever the subject of proliferating EHRs catches the national spotlight, you can bet that debates about privacy aren’t far behind. Indeed the privacy issue has already started to gain some traction in the media. In this video clip, CNN’s Campbell Brown and Elizabeth Cohen examine how easy it is for someone to obtain private medical information online by simply using someone’s Social Security number and date of birth.

While this assessment may be accurate, it’s a bit light on the fairness
scale. Brown and Cohen only make a very brief mention of facts like
President Obama’s plan to appoint a chief privacy officer and to
implement unprecedented privacy controls to safeguard the EHR
transformation. Instead they emphasize the more sensational angle
implying that electronic health information just isn’t safe. They also
seem to downplay the fact that a simple thing like creating a password
can protect one’s private information.

Continue reading…

A new national privacy and security framework for HIT

The Office of the National Coordinator for Health Information Technology (ONCHIT) issued a paper Monday called The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. The summary states that the framework creates a set of consistent principles to:

. .address the privacy and security challenges related to electronic
health information exchange through a network for all persons,
regardless of the legal framework that may apply to a particular
organization. The goal of this effort is to establish a policy
framework for electronic health information exchange that can help
guide the Nation’s adoption of health information technologies and help
improve the availability of health information and health care quality.
The principles have been designed to establish the roles of individuals
and the responsibilities of those who hold and exchange electronic
individually identifiable health information through a network.”

Along with the Nationwide Privacy and Security Framework the Department of Health and Human Services (HHS) has issued The Health IT Privacy and Security Toolkit. The Toolkit includes new HIPAA Privacy Rule guidance documents developed by the ONCHIT and the Office for Civil Rights (OCR) to help facilitate the electronic exchange of health information.

Continue reading…

Make your voice heard!

For the next week, you have a unique opportunity to make your voice heard on health information privacy issues, their impact on the Health 2.0 movement, and how best to build public trust in these technologies.

The National Academy of Public Administration (with funding from the Office of Management & Budget) is hosting a unique "national dialogue" on the intersection of health IT and privacy, which will take place on the Web beginning yesterday, October 27, and lasting through November 3.

They are seeking to gather feedback from the public on the important privacy issues that confront all of us as we promote the movement to e-health. A report will be generated based on the responses, so it is important that a broad range of stakeholders participate. Go to to find out more and to log on!

Hat tip to: The Health 2.0 social network

Google Health: Is It Good For You?


Note: Amy Tenderich, who writes and maintains the wonderful Diabetes Mine,
just did this very illuminating interview with Google Health’s Missy
Krassner.  As you’ll see, she doesn’t slow-pitch to Missy. This is a
sure-footed, tough-minded exchange about the real issues that are on
the table now in Health 2.0. – Brian Klepper

Slowly but surely, using the Internet for your health needs is
becoming as mainstream as shopping on the web: no longer futuristic,
but is it for everyone?  And perhaps more importantly, are mainstream
commercial health platforms from companies like Google and Microsoft
really useful for people with specific chronic illnesses?  I thought it
would be interesting to hear their side of the story.

So please welcome Missy Krasner, Product Marketing Manager for Google Health, whom I was lucky enough to catch up with for an interview last week.

Missy, shortly after Google Health launched last Spring, David Kibbe, former Director of Health IT for the AAFP, noted
that most of its services were “only mildly useful and sort of
‘toyish.’” How have these services evolved to be more useful to people
with health conditions?

Continue reading…

Consumer genetic movement: Cease and desist? How about understand and resist!

I have been following health care consumerism for several years now. Particularly, the “Direct Access” or “Direct To Consumer” laboratory testing market. While analytic lab testing has led out in this area, genetic testing has received all the regulatory attention, national press, and policy efforts (GINA).So it is no surprise that consumer genetic movement would be the first legal test of the Health 2.0 movement. As reported by Matthew Holt here on THCB, and a host of national outlets (Wired has had extensive coverage here, here, and here), there seems to be quite a hornets nest unleashed by our friends at the California and New York Departments of Health who are attempting to prevent consumers from accessing their own genetic information.

Thanks to some transparency efforts of the blogosphere, you can read the actual cease and desist letter written by Karen Nickels, the California Department of Pubic Health Chief of Laboratory Field Services. I actually know Karen Nickels personally. She has been a long time steward of ensuring regulatory exactness of all things laboratory within the State of California for 30+ years. She has a well deserved reputation as one tough cookie for the “precision” with which she carries out her dutiesUltimate Genetic Fighting – Which Genetic Variation Wins?

Continue reading…

Snooping at Britney’s Chart: Why Should Docs and Nurses Have Different Rules?

Robert_wachterShould doctors and nurses be subject to different penalties for
precisely the same infraction? Of course not. Are they? Sure. Just ask
Britney Spears.Britney was hospitalized at UCLA at least
twice in the past few years –
once when she gave birth to her first son in 2005, and again in early
2008 for psychiatric care. Both times, dozens of UCLA staff members
peeked at her medical records, despite having no clinical reason to do

This voyeurism, of course, is hard wired into our DNA, and
we aren’t about to purge our inner paparazzis any time soon. But even
celebs have a right to keep their medical records private. Although the
Health Insurance Portability and Accountability Act
(HIPAA) has caused some real mischief, one of its beneficial effects is
that it put the issue of medical record snooping on our radar screen.
Whether the victim is a Hollywood starlet or your next-door neighbor,
it is just plain wrong.

Most organizations have hired HIPAA
police and done extensive HIPAA training with their staff.
Nevertheless, all the UCLA snoops were documented to have passed an
on-line HIPAA tutorial. When Britney hit the door, Inquiring People
just wanted to know.

Lest you think this is a UCLA thing, we had
a similar situation (with another famous actress) a few years ago, as
have dozens of other hospitals. In fact, human nature being what it is,
I can’t imagine this not happening – unless the rules are clear, widely disseminated, and strictly enforced.

Continue reading…


Forgotten Password?