Free Healthcare IT Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Get all the latest Health IT updates from Neil Versel for FREE!

Australia considers huge fines for EHR snooping

How’s this for a deterrent against unauthorized snooping into patient EHRs? Australian Health Minister Nicola Roxon recently proposed whopping fines of A$13,200 for individuals and A$66,000 for companies that illegally access patient records. The Aussie dollar is nearly on par with the greenback these days, so the numbers are virtually equal when you convert to U.S. currency. That’s a lot of money.

Now, Australia doesn’t actually have much in the way of EHRs just yet, so this is somewhat speculative, but I think those numbers will get people’s attention. At least it will make records clerks think twice before peering at the records of people like Hugh Jackman or Nicole Kidman, right? The celebrity snooping at UCLA Health System cost the organization $865,000 in a legal settlement, and two employees were convicted of crimes, but I’m not aware of an individual being fined more than $2,000.

Would the threat of automatic big-dollar fines prevent unauthorized peeking at EHRs, or are lawsuits like the one the HHS Office for Civil Rights filed against UCLA more of a deterrent?

October 11, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

‘Five rights’ for data administration

You know about the “five rights” for medication administrations: the right drug, for the right patient, in the right dosage, on the right route, at the right time.

More recently we’ve seen “five rights” for effective clinical decision support: the right information, to the right stakeholder, at the right point in workflow, through the right channel, in the right format.

Now, security vendor Symantec brings us the “five rights” for data administration: Read more..

September 21, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Health Wonk Review: Could meaningful use be outdated already?

There’s a fresh edition of Health Wonk Review up at the Health Business Blog, hosted by David E. Williams. My post on the new Care About Your Care campaign merits a mention, but I have to say it’s far from the most intriguing commentary in the blogosphere over the past two weeks. I direct you to another post that made Health Wonk Review, namely one from Dr. Jaan Sidorov, author of the Disease Management Care Blog.

Sidorov wonders if “meaningful use” of EHRs isn’t designed for a PC-centric world, even though tablets and cloud computing have started to assert themselves:

It’s too early to assess the implications of this generational shift away from the PC for the Feds’ efforts to digitalize the practice of medicine.  The provider community is still coming to grips with information technology and meaningful use” (MU). Hopefully EHRs won’t share the fate of “shovel ready” and clean energy loan guarantees.

Upon review, the MU criteria may still ultimately apply, but the shift away from PCs may require some changes in how they are implemented.

I’m sure policymakers who are writing future MU rules are aware of this sea change, but the federal government moves slowly, and one never knows what will happen when lobbyists get involved. HIPAA privacy and security rules, first drafted during the Clinton administration, were practically obsolete by the time they took effect halfway through Bush’s first term.

 

September 15, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

A vendor’s view on selling of data

As long as there have been EMRs, there have been vendors selling aggregated, de-identified data. And there have been people worried about privacy.

That issue came up last week AHIMA Legal EHR Summit right here in Chicago, during a session exploring issues related to data ownership and stewardship in the era of cloud computing. (I’ll have a more complete rundown of the session Monday in InformationWeek Healthcare.)

Near the start of the panel, Daniel Orenstein, senior VP and general counsel of Athenahealth tried to put any lingering questions to rest right away. “I think data monetization is kind of a red herring,” Nussbaum said of people who criticize vendors for selling sensitive patient information. According to Nussbaum, de-identified data no longer includes any protected health information as defined by HIPAA, and only has value in the aggregate.

What he didn’t mention—and what nobody on the panel or in the audience brought up— is the possibility that data that supposedly were de-identified could be re-identified to a reasonable degree of precision. I’ve heard this for years, but I don’t know if anyone’s actually re-identified patient data outside of academia. Is this a real threat, or is Nussbaum right about it being a red herring?

UPDATE, August 22, 4:25 pm CDT: Here’s the InformationWeek story I referenced.

 

August 21, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Facebook + health data = all sorts of HIPAA questions

“Time’s Person of the Year is Mark Zuckerberg. Sorry, Julian Assange, I guess you didn’t violate enough people’s privacy.” — Stephen Colbert, Dec. 15, 2010.

Yes, Facebook has issues with privacy. Just Monday, the Electronic Privacy Information Center, the Center for Digital Democracy, Consumer Watchdog and the Privacy Rights Clearinghouse formally asked the Federal Trade Commission to stop Facebook from launching a facial-recognition feature. Last week, European regulators said they would investigate Facebook after it came out that Facebook’s 500 million to 700 million users were automatically opted in to facial recognition.

And now we hear that Microsoft is adding Facebook authentication to its HealthVault health information platform.

Let me repeat: You can now sign in via Facebook to a HealthVault personal health record.

Though I’m not a lawyer, I’m wondering if Microsoft might not be treading in some dangerous territory. What if it’s possible to link HealthVault updates to Facebook so your entire social network knows that you just got a lab test result back? What if the Facebook location tagger indicates that you’ve just visited an STD clinic? Yeah, sometimes discretion is in order, and Facebook generally isn’t the place to be discreet.

According to Healthcare IT News’ MobileHealthWatch blog, Microsoft’s Sean Nolan was practically giddy about this arrangement helping HealthVault go mobile. I think mobility will help make PHRs a bit more attractive to patients, but I still think PHRs are DOA if they don’t link to EHRs.

I just don’t see a lot of medical practices being willing to send electronic data back and forth to HealthVault accounts if Facebook is handling the security, making MobileHealthWatch’s claim that, in wake of the supposed demise or at least de-emphasis of Google Health, HealthVault is now “more or less unchallenged as the PHR of record” a joke. There’s no such thing as a PHR of record, and there won’t be as long as authentication passes through Facebook.

 

June 13, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

My week in review

Since I’m starting to write a lot of daily/breaking news, I’m going to try something new today that might become a regular Friday feature: posting my week in review. It will consist of a quick rundown of stories I’ve written this week. Here goes:

Monday

“Patient Safety Initiative To Leverage Health IT: The $1 billion federal Partnership for Patients initiative aims to cut $35 billion in healthcare costs, save 60,000 lives, and decrease hospital-acquired conditions by 40% by 2013.” (InformationWeek)

Tuesday

“Medicare Opens EHR ‘Meaningful Use’ Attestation” (InformationWeek)

“How mobile health can abide by HIPAA” (MobiHealthNews)

“State of mobile and wireless healthcare” (video/slides of my recent presentation to Meharry Medical College)

Wednesday

“CMIOs to begin testing BlackBerry PlayBook” (MobiHealthNews)

Thursday

“More Unrealistic Expectations From the Public, This Time Involving CDS” (EMR and HIPAA)

 

I’ve got another InformationWeek story to crank out this afternoon that may or may not get posted until Monday, and a podcast in the works, too. Bring on the weekend!

 

April 22, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Healthcare Scene is on LinkedIn

As you may know, this site is part of John Lynn’s new Healthcare Scene blog network. In the spirit of building a community, John has started a Healthcare Scene LinkedIn group to promote the network and his flagship EMR and HIPAA blog. Join up and start networking with us.

Last week on that EMR and HIPAA blog, John ran a poll asking readers about their experiences with personal health records. (I’ve long been a critic of the “untethered” PHR that’s not connected to a specific healthcare organization or EMR. An empty PHR doesn’t help patients, while physicians aren’t likely to use one not directly tied to an EMR because it doesn’t fit their workflow and they often can’t trust the data inside.)

Not surprisingly, 60 percent of the 53 respondents had never started a PHR. Another 17 percent had created one but haven’t added much data to it. Just 13 percent say they have PHRs that are mostly updated.

It’s an unscientific survey, but I’m sure usage among readers of a health IT blog are far more likely than the general public to have or use a PHR. Despite what some vendors or consumer-facing publications might have you believe, PHRs are a tiny, almost insignificant segment of health IT right now.

March 9, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Nitpicking? Nah, the legal technicalities are important here

I received an e-mail this week about “a mobile technology platform that just announced its full HIPAA/HITECH compliancy.”

I’d like to know, how exactly can technology be HIPAA-compliant? Technology can’t be a covered entity or a business associate, and therefore isn’t subject to HIPAA, right?

April 16, 2010 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Podcast: HIMSS CEO Steve Lieber, 2010 edition

Last Thursday, for the fourth consecutive year, I sat down with HIMSS CEO H. Stephen Lieber for an interview ahead of the opening of the annual HIMSS conference. For the third consecutive year, the recording actually worked. And for the second consecutive year, I went to HIMSS headquarters in downtown Chicago for the interview, rather than waiting for the conference itself. Unfortunately, the HVAC system in the conference room was rather noisy, so there is some background noise. Still, the voices come through loud and clear.

I wrote a story based on this interview in Monday’s FierceHealthIT, but here is the world premiere of the full recording.

Podcast details: Interview with HIMSS CEO H. Stephen Lieber on the 2010 HIMSS conference, recorded Feb. 18, 2010. MP3, stereo, 128 kbps, 31.7 MB, running time 34:36.

1:00 State of the HIT industry a year after ARRA
2:20 HIMSS10 registration patterns
5:00 Types of vendors exhibiting this year
6:30 Mobile applications
8:20 HIPAA, 5010 and ICD-10
10:15 Health IT’s role in healthcare reform
13:45 Health IT alone can’t fix healthcare
15:40 Getting the word to physician practices about meaningful use
17:55 Hospital-based physicians and meaningful use
19:15 Pressure to achieve meaningful use
20:15 Why HIMSS doesn’t support weakening of requirements
21:40 Health IT workforce issues
25:10 Hiring IT professionals laid off from other industries
26:40 The future of certification
30:00 Clinical decision support comes of age
31:55 Focus of the 2010 conference

February 22, 2010 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

IT staffing issues

The newly published July issue of Hospitals & Health Networks includes a story I wrote about the worsening staffing crunch in health IT.

Between the rush to install EMRs by January 2011, tighter HIPAA privacy and security requirements and the transition to ICD-10 coding and ANSI X12 5010 transactions, it could be a tough next few years for IT departments. But you probably already knew that.

July 13, 2009 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.