| HIPAAdvisory > HIPAAnews > Archives |  |
|
|
September 2001 News Archives:September 27, 2001 AHA, Others Now Oppose Efforts to Delay Transaction Standards AHA and other national hospital organizations have urged the DHHS not to support, and several House and Senate committees not to enact pending legislation that would delay indefinitely transaction standards and other non-privacy related provisions of HIPAA. The organizations said in a letter today that the delay would unfairly penalize hospitals and health systems that have made significant financial and staff resource commitments to meet the compliance date. The letter also says that because of the potential for long-term efficiencies and cost savings, Congress should not delay the electronic transactions standards indefinitely beyond the October 2002 compliance date. While recognizing that some facilities may need time beyond October 2002 to bring themselves up to full compliance, the letter states that those concerns are best addressed by having DHHS grant hospitals flexibility in complying with these HIPAA regulations. Read the Letter. September 26, 2001 New Transactions Delay Tactics Underway - But Roadblocks Abound Key Senate staffers agreed September 25 to draft a new legislative proposal that, if enacted, would extend the Transactions Standards compliance deadline from October 2002 to October 2003. The proposal would not contain any "intermediate deliverables" or "milestones to ensure timely compliance." Read more. September 26, 2001 Push for Increased Surveillance Powers Worries EPIC & Other Privacy Advocates Arguing that the country is under a continuing threat from terrorists equipped with technology never envisioned in existing law, the Washington Post reports Attorney General John Ashcroft has asked Congress for broader surveillance powers in all criminal investigations. Privacy advocates worry that the measure might short-circuit constitutional safeguards. The Electronic Privacy Information Center (EPIC) on Monday urged careful consideration of proposals that could significantly erode Internet privacy and constitutional rights. Read more. September 25, 2001 Medicare Contractors Put On Notice to Meet Transactions Rule Deadline Tom Scully, Administrator of the Centers for Medicare & Medicaid Services (CMS), formerly known as HCFA, testified today (September 25, 2001) that CMS will meet the Transactions Standards deadline of October, 2002. In a hearing of the House Ways and Means Health subcommittee on Medicare Regulatory relief, Scully began his testimony by saying that CMS not only expects to be compliant with the Transaction Standards rule by October 2002, but also expects entities that contract or work with CMS to be compliant by the deadline. As reported by the Coalition of Health Information Policy (CHIP), Health Subcommittee staff described Scully's announcement "as a very clear challenge to the proponents of a delay on this and other HIPAA rules." CHIP represents an array of healthcare information systems professionals and organizations, including AHIMA, AMIA,CHIM, and HIMSS. September 25, 2001 New Virus Alert: 'Vote Virus' Poses as Plea for Peace Warnings of a new computer virus, the "W32.Vote Virus" should be taken seriously. Eric Maiwald, CISSP, CTO of Fortrex Technologies and a Phoenix security partner, has reconfirmed with security industry sources that the W32.Vote Virus is real. Here is the information HIPAAdvisory has received: "Vote" arrives as an email with the subject heading: “Peace BeTweeN AmeriCa And IsLaM! and a message body: Hi iS iT A waR Against AmeriCa Or IsLaM!? Let’s Vote to Live in Peace!" with an attachment named WTC.exe. Do NOT open this attachment! Upon execution the malicious attachment drops a number of text and VBS files, attempts to overwrite html files with a specific text message, and modifies the Windows Registry. Additionally, if the infected computer is rebooted, the virus attempts to delete all the files in the Windows directory. Inoculation is available from the large antivirus companies. Read more on ZDNet. September 24, 2001 In Times Like These, Security Trumps Privacy In the wake of the Sept. 11 terrorist attacks on New York's World Trade Center and the Pentagon, the Bush Administration has moved quickly to ratchet up the powers of law-enforcement officials. A bill dubbed the Mobilizing Against Terrorism Act (MATA), introduced in the House and Senate on Sept. 19 and quickly wending its way through Congress, would give police investigators more leeway for electronic surveillance and searches, as well as strengthen their ability to confiscate the property of suspected terrorists. The hastily written bill has privacy advocates in a tizzy. But according to Business Week Online, a close look reveals that many of the proposals, especially those involving broader electronic surveillance, make sense. Full Story. September 19, 2001 Nimda Worm Hard to Fight, but Patches are Available The multiple ways in which the Nimda worm is able to propagate makes it that much harder to defend against than other recent worms and viruses, security analysts said. But corporations that apply the latest Microsoft Corp. patches and use updated virus-protection software from antivirus vendors appear to be reasonably well protected against it. Since the worm is capable of spreading via client PCs, corporations should also ensure that they disable the Java script functionality on end-user desktop machines and caution users about opening any unfamiliar e-mail. And users will need to disconnect all infected servers from the network, reformat their hard drives and reinstall all the software from a secure source, according to ComputerWorld. Full Story. September 18, 2001 U.S. Citizens Back Encryption Controls According to CNET News.com, a poll in the United States has found widespread support for a ban on "uncrackable" encryption products, following proposals in Congress to tighten restrictions on software that scrambles electronic data. The survey, conducted by Princeton Survey Research Associates on Sept. 13 and 14, found that 72 percent of Americans believe that anti-encryption laws would be "somewhat" or "very" helpful in preventing a repeat of last week's terrorist attacks. Full Story. September 18, 2001 Public Interest Groups Unite to Stop Anti-Terror Effects on Privacy The Washington Post reports a coalition of public interest groups from across the political spectrum has formed to try to stop Congress and the Bush administration from rushing to enact counterterrorism measures before considering their effect on Americans' privacy and civil rights. Tentatively named In Defense of Freedom, the group is concerned about everything from expanded electronic surveillance measures sought by the Justice Department to possible ethnic profiling in the wake of last week's terrorist attacks. Full Story. September 17, 2001
Senator Calls for Encryption Crackdown ZDNet reports Sen. Judd
Gregg (R-NH), speaking in the U.S. Senate on Thursday, proposed
tighter restrictions on software that scrambles electronic data
and often hinders a government's ability to obtain valuable criminal
intelligence. It has been suggested that the FBI believes sophisticated
encryption techniques were used to coordinate the terrorist attacks
on the World Trade Center and the Pentagon. Gregg is now calling
for "backdoors" in encryption products, proposing that
U.S. government officials have access to decryption tools when the
case is deemed to be a matter of national security.
Full Story. September 17, 2001 Reg Delays Cause Insurers to Reduce 2001 HIPAA Spending According to a report this month by Managed Care Week, many insurers have decreased their 2001 HIPAA compliance budgets, saying they'll increase spending next year and in future years as the last final regs are promulgated. In second quarter SEC financial filings, publicly traded health insurers PacifiCare Health Systems, Inc and RightChoice Managed Care, Inc., reported cuts by one third in their initial 2001 spending estimates for HIPAA compliance as a result of regulatory delays. Other insurers reportedly made more general comments on the "considerable expense" associated with HIPAA compliance efforts. Managed Care Week noted that past delays have given organizations time they need to meet HIPAA requirements, but have offered other organizations an excuse to put off compliance activities. In addition, the article warned that delays can not only eat away at the momentum a health organization has gained thus far in achieving compliance, but also make it more difficult to justify an adequate compliance budget. September 17, 2001 Disaster Recovery Front and Center in Security As reported in the Health Information Privacy Alert, the tragic events of last week are prompting companies to take a closer look at disaster recovery systems. The pending HIPAA security rule mandates that covered entities have disaster recovery systems, particularly as healthcare moves to electronic records. Consequently, healthcare executives can expect security services vendors to focus their presentations toward this and other operational issues. September 17, 2001 Security Measures Should be Based on Real Threats Also according to the Health Information Privacy Alert, the terrorist attacks on the World Trade Centers and the Pentagon have changed the business and political climate in the U.S. in regard to security issues. While the tragic events are not expected to have much of an effect specifically on HIPAA compliance, privacy experts are concluding that healthcare will feel the effects of a more security-conscious country. Cautioning that the federal government should be careful in balancing the needs for security with privacy, some privacy experts also suggest that organizations should ensure that security measures address specific problems. The concern is that organizations will adopt a host of security measures that may be of little value but are adopted in the heat of the moment. September 13, 2001 New rules: HHS says parts of HIPAA privacy regulations will be modified According to Modern Physician Magazine, the Bush administration says it will change some of the HIPAA privacy standards before the end of the year as it braces for an expected flurry of lawsuits challenging various parts of the HIPAA transaction and privacy rules. Donna Eden, senior attorney in the HHS Office of General Counsel, last month said the department would issue unspecified modifications to the privacy rules in November or December. Input from the medical community and the prospects of litigation have prompted HHS to clarify the regulations, she says. Full Story. September 13, 2001 Some Fear Fight Against Terror Will Imperil Privacy In the aftermath of this week's terrorist attacks, civil liberties groups, privacy advocates and scholars are bracing for demands seeking antiterrorist measures that might end up jeopardizing personal privacy and other freedoms. Authorities quickly turned their attention in this latest investigation to the Internet, in addition to their on-scene efforts. Full Story. September 13, 2001 Senate Committee Looks into IT Vulnerabilities Not wasting any time, the U.S. Senate Governmental Affairs Committee today held a hearing on a key question in the wake of yesterday's attacks in New York and Washington: whether computer networks that run vital services are vulnerable to terrorism. Full Story. September 13, 2001 Health Information Groups Voice New Opposition to Transactions Delay In a September 6th letter to Senate Ways and Means Chairman William Thomas and House Ways and Means Health subcommittee Chair Nancy Johnson, a coalition of health information associations urged that there be no delays in HIPAA Transactions compliance. The Coalition for Health Information Policy (CHIP), representing AHIMA, AMIA, CHIM and HIMSS, wrote "to express opposition to proposals that would delay the compliance deadline for the Transaction Standards regulation, which is scheduled to be fully effective in October 2002." Read the letter. September 13, 2001 The Elusive CPO Last December, as part of HIPAA regulations, a provision was issued requiring that every patient care organization designate a chief privacy officer (CPO) to safeguard patients' personal health information--both paper and electronic. Most organizations are pondering the implications of the regulations but have done little to actually prepare for compliance by April 2003. Full Story. September 13, 2001 So many choices: HIPAA fuels the practice management software market PPMs were all the rage in the 1990s. But the PPM business model proved flawed, and the industry is gone save for a few single-specialty management companies. Stepping in to fill the void have been hundreds of practice management software vendors. Full Story in HIPAAzine. September 13, 2001 Insurance Industry Risks Major Losses from Web Security Breaches The somewhat laggard entry of many insurers into "online" distribution of policies and services now may be exposing their customers, business partners and themselves to massive losses caused by breaches in security, according to the Conning study, "Cyber-Security for Insurers: The Virtual Fortress?" The study observes that too great a focus on the security-related privacy provisions of the Gramm-Leach-Bliley Act of 1999 (GLBA) or HIPAA may actually result in reduced security. The difficulty in concentrating on complying to external standards is that those standards can be ambiguous, subject to change and may actually distract the company from its true internal cyber-security objectives. Full Story. September 13, 2001 New Bill Drafted to Delay Privacy Rule Compliance According to a September 7 report from AHIMA's Washington, DC office, Congressman Charlie Norwood (R-GA) has opened a second HIPAA front in Congress by drafting legislation to delay the compliance date for the final HIPAA Privacy Rule. The bill has not yet been introduced. The Norwood draft legislation would delay compliance with the privacy rule before May 1, 2005 for healthcare providers, health plans, and healthcare clearinghouses. Small health plans would not be required to comply with the final privacy rule before May 1, 2006—nearly a decade after adoption of the HIPAA legislation (PL 104-191) on August 21, 1996. Prospects for the legislation's success in Congress draft are considered "slim" by AHIMA's Capitol Hill-watchers. September 12, 2001 Privacy Bills May Drive Up Insurance Costs At a Capitol Hill briefing on August 29th sponsored by the American Academy of Actuaries, experts warned that pending privacy bills define genetic testing so broadly that health insurers will not have enough information to set appropriate prices for coverage. They also warned that restricting their access to such information could drive up insurance premiums and price some consumers out of the market. Full Story. September 12, 2001 Privacy Fears May Deter HIV Patients From Treatment According to a report published in the August issue of AIDS Care, some HIV-infected patients are so worried about the confidentiality of their HIV-positive status, that they will actually forgo treatment to prevent the release of this information. Dr. Kathryn Whetten-Goldstein and colleagues from Duke University in Durham, North Carolina studied the confidentiality issues of 15 HIV-infected patients from rural North Carolina. "The fear of a breach in confidentiality is definitely affecting the care that HIV-infected patients receive. Most study patients had experienced or knew someone who had experienced a breach in confidentiality," stated Dr. Whetten-Goldstein. Full Story.
September 10, 2001 Privacy Legislation will Harm Consumers, Study Says As Congressional leaders return to Washington this week, San Francisco-based Pacific Research Institute (PRI) released a new study today that warns that much of the privacy legislation pending in Congress and state legislatures nationwide will harm, rather than help, consumers. The study cautions that new laws may lull consumers into feeling safe, but the only way to guarantee protection is to safeguard themselves. The study highlights over a dozen software products and technologies currently available to consumers that protect personal information from being tracked by potential privacy invaders, including the federal government. Full Story. September 10, 2001 Privacy Rules Offer Little Guidance for Employers According to Employee Benefit News, employment law specialists are fretting over recent federal guidance on medical records privacy. They say it skimps on practical advice for employers, whose health plans must comply with the privacy regulations of HIPAA by April 14, 2003. The question-and-answer style guidance's 34 pages are "somewhat helpful for health care providers, but not a great deal of help for employers," observes John Hickman, partner in the Employee Benefits Practice Group with Atlanta-based Alston & Bird. Full Story. News ArchivesGo to TOP |
|
Schedule for Reg Publication/
|
