Patients Don’t Trust EHR, Survey Says

Wednesday, May 26, 2010

Experts emphasize balance between patient care and privacy. Personal health data is less secure now than it was a year ago, according to a recent online survey by nCircle, an IT solutions provider. Almost half of the 257 people who participated in the survey said they are anxious about the fact that multiple partners of their health care providers (i.e., such as EHR vendors and insurers) have access to personal electronic information — increasing the risk of security breaches.

For PHI Peace of Mind, Be Kind & Remind

Wednesday, May 12, 2010

0 Comments

Crafting log-on banners helps staff safeguard protected info. Don’t have the time or energy to tie strings around your workforce’s fingers to remind them about the importance of safeguarding the privacy of protected health information (PHI)? Well, here’s a far more practical and effective way to remind your staff to be on guard when it comes to handling PHI.

Will You De-Identify Your Patients’ PHI?

Wednesday, April 7, 2010

0 Comments

De-identification safe harbors in the new HIPAA Privacy rule may be tempting: The new penalty provisions of the rule do not apply – nor does HIPAA in general – to the loss or disclosure of protected health information that has been “de-identified,” or, so to speak, “cleaned.” If your practice or organization is interested in learning how to de-identify health information so that you don’t have to worry quite so much about the new penalties – which can now reach $1.5 million – read on for a primer, along with the possible downsides.

80 Percent of Americans Believe EHRs Are Unsecure

Wednesday, February 3, 2010

0 Comments

The feds are pouring billions into the EHR implementation, but the majority of Americans — 80 percent — feel their electronic medical records are at risk when they’re in the hands of private industry or the government, Forbe s reports. (Thanks to Fierce Healthcare’s Neil Versel for the heads up.) The Ponemon Institute survey found that for 71 percent of respondents, it is okay for hospitals, clinics or physicians to store their health records. Likewise 99 percent believe a patient’s doctor should have access to his or her digital health records stored in a national system. However only 38 percent said that a federal government agency should be able to access those records, and only 11 percent thought that private businesses should have access. It may be a good thing that the U.S. Department of Health is not keen on centralizing health records in a single database but…

Remote Workers? Protect PHI With This Sample Document

Wednesday, January 13, 2010

1 Comment

Don’t have a policy for employees who work with PHI? We’ve got what you need to write one quickly. Your practice has tough decisions to make when allowing employees to handle patients’ private health information (PHI) while working from offsite locations. You may require encryption, you may prohibit them from working on their personal laptops when dealing with PHI, or you may even only allow remote work when it’s done for emergency reasons. But no matter what, you need to communicate your privacy expectations to your employees. Consider this sample document as a guide, contributed by Glenn Allen, information security director with Fairview Health Services in Minneapolis, Minn:

Your Hospital’s Quick Start Guide to Information Security Management

Wednesday, December 9, 2009

0 Comments

Do you have a security compliance plan? Take these 5 steps first. Hospitals are understandably spending much time and money these days trying to prepare or go live with an electronic medical records system, but don’t forget that interconnected health records bring a new threat to data security. If you don’t want your facility in tomorrow’s headlines, make sure you have an information security process in place that will guide you if and when you experience data breaches. “In the future, with interconnected health records, when you can go into hospital and they can call up your records from across country, what if a chunk of it is fraudulent?” asked Jim Sheldon-Dean, director of compliance services with Lewis Creek Systems LLC, in a recent audio conference. “The importance of getting this right cannot be overstated.” The possible…

Quick Study: Health Reform Legislation Word Cloud

Monday, November 9, 2009

1 Comment

Want a quick way to skim the Health Care Reform Bill in Congress? Here’s help. HR 3962: Affordable Health Care for America Act is 1,990 pages long, says attorney Bob Coffield a recent Health Care Law Blog post. To help you grasp the major themes quickly, Coffield has made a word cloud that captures words the bill mentions most frequently. Let’s hear it for a lawyer who actually likes to make things simple for the rest of us. Of interest to HIT types: The bill mentions the word ‘privacy’ 28 times, Coffield points out. ‘Insurance’ is mentioned 552 times, and ‘consumer’ crops up 36 times. Guess we know who has the most lobbyists. Access of larger version of Coffield’s word cloud here. Recent audio conference available on CD: Healthcare Reform — An Insider Discussion for Healthcare Professionals.

HHS OCR Is New HIPAA Security Regulator

Tuesday, August 4, 2009

0 Comments

You’ve got a new sheriff in town for HIPAA enforcement. The Department of Health and Human Services is handing over the administration and enforcement of the Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to the HHS Office for Civil Rights. CMS formerly oversaw enforcement of the rule. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic-protected health information. OCR has enforced HIPAA’s Privacy Rule since 2003. CMS hopes the Security’s Rule’s move to OCR will trim some administrative inefficiency and improve regulation, given that privacy and security are so closely connected. “The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (ARRA), mandated improved enforcement of the Privacy Rule and the Security Rule,” points out

Your Quick Start Guide to ARRA

Tuesday, June 16, 2009

0 Comments

ARRAAAAAGH! New law gives HIPAA sharper teeth. You’ve got some new things on your to-do list, HIT pros. The byzantine stimulus package passed earlier this year has some new HIPAA requirements tucked away here and there. Here’s what our technology & attorney experts are saying about the American Recovery and Reinvestment Act (ARRA). Wake-up call: You bear the IT compliance burden even if a third party installs and maintains your system. Even smaller health care organizations are responsible for ensuring the same privacy protections as larger places that have their own IT departments, says Jim Sheldon-Dean, founder and director of compliance services at Lewis Creek Systems in Vermont. Stricter notifications: Under ARRA, you must notify patients “without unreasonable delay” and in no case later than 60 calendar days after you discover that unsecured electronic health information was improperly “accessed, acquired or disclosed.”

Healthcare IT Update

Tag Archive | "privacy"