| HIPAAdvisory > HIPAAnews > Archives |  |
|
|
February 2002 News Archives:February 28, 2002 HIPAA Privacy Rule Updates Coming Soon According to HIMSS E-News, updates to HIPAA's Privacy Rule could be issued as soon as next month. That's the word from industry insiders, who say the release could open the floodgates to a host of other long-delayed HIPAA rules - from security to employer identifiers. In the meantime, officials at JCAHO continue to lobby HHS to exempt private accrediting agencies from the business associates rule. As it currently stands, JCAHO - which has no governmental oversight authority - will be forced to sign business associate agreements with the nearly 19,000 hospitals and healthcare facilities it now accredits. February 26, 2002 U of MN Donor Privacy Breach Shows Computer Vulnerability The University of Minnesota recently breached the confidentiality of its organ donors. In a survey mailing sent to 1,200 recipients of kidney transplants, the University accidentally revealed the names of those who donated the kidney to the recipient. For many the name was no surprise, but 410 recipients learned the name of their donor for the first time. Human error was the problem, according to an article in yesterday's Bureau of National Affairs (BNA) Privacy Law Watch. Citizens' Council on Health Care (CCHC), a Minnesota-based health care policy organization disagrees, noting that a software upgrade in the University's database was cited as a key reason for the breach. February 26, 2002 Group Announces Project to Electronically Link Medical Records The nonprofit Patient Safety Institute (PSI) is planning to use the same confidential computer systems that now secure online banking to electronically link certain medical records and enable doctors to access patient information at any time and location. PSI is funded by Hewlett-Packard and seven other information technology companies and governed by the heads of the National Consumers League, the Medical Group Management Association, and other patient advocacy groups. The group's goal is to streamline the nation's tangled maze of health records by linking doctors' offices, hospitals and pharmacies in a given area so that health workers with approved access can find out all of a patient's allergies, medications, vaccinations and diagnoses with the push of a few buttons. While previous attempts to link medical records have failed, PSI marks the first time that consumer advocates, including the huge National Consumers League, have been involved in such an attempt. They have pledged to ensure that the project's technology protects patients' health records as carefully as online banking guards checking accounts. Before any records are linked, patients must consent to having their health information included in the project, and any doctor, hospital and pharmacy used by the patient must also agree to participate. February 26, 2002 Lilly Settles with FTC Over Release of Names Pharmaceutical maker Eli Lilly reportedly has agreed to pay a fine in a settlement with the Federal Trade Commission (FTC) for accidentally releasing a list last summer of patients who used its anti-depressant drug Prozac. The accidental release of the names not only provoked concerns over Internet privacy, but also revealed shortcomings in the HIPAA privacy rule. Legal experts concluded that the drug maker would not have been subject to the Privacy Rule because the company was not engaged in providing healthcare services. At the same time, the prospect of a settlement with the FTC suggests
that the more substantive legal liabilities in the medical privacy
arena may not derive from HIPAA but other laws, such as consumer
protection statutes. February 26, 2002 New Guides Compare CA Privacy Law & HIPAA The California HealthCare Foundation recently released a series of guides designed to help California health plans, providers, and pharmacists understand the requirements of the new Federal Health Privacy Rule. The guides, written by the Health Privacy Project, explain how the Privacy Rule issued under HIPAA interact with existing California privacy law. Three versions of the guide are available, tailored to the needs of different sectors of the health care industry: Health Care Providers (Including Doctors and Hospitals); Health Insurers and Health Care Service Plans; and Pharmacists, Physical Therapists, and Others. February 25, 2002 Bush 2003 Budget Proposes Over $60 Million for HIPAA President Bush's proposed budget for FY 2003 includes $64.1 million for Administrative Simplification activities:
The HIMSS Advocacy Dispatch of February 18, 2002 notes that these dollar amounts are part of a proposal that doesn't yet represent actual funding, but that is proceeding through the Federal budget process. At present, no funding is dedicated to Administrative Simplification activities except for the $44.2 million authorized in the recent Administrative Simplification Compliance Act that allowed for a one-year extension on the Transaction Standards rule. In order to have other dedicated HIPAA funding for the current fiscal year, Congress would need to pass a supplemental appropriations bill. The Coalition for Health Information Policy (CHIP), which HIMSS is a part of, has been asked to help justify the urgent need for those dollars this year. February
25, 2002 HIMSS Leadership Survey Reports HIPAA is Industry's
Highest Priority The Annual HIMSS Leadership Survey for 2002 February
21, 2002 CMS Releases ASCA FAQs The Department of Health
and Human Services' Centers for Medicare and Medicaid Services (CMS)
has prepared a list of 24 frequently asked questions (FAQs) and
answers concerning the recently enacted Administrative Simplification
Compliance Act (ASCA). The act specifies that covered entities may
file a request for an additional year to achieve compliance with
the HIPAA Transactions and Code Sets Rule. The act also specifically
states it does not affect the date of April 14, 2003 that compliance
is required for the Privacy Rule. Read
the ASCA FAQs. February 20, 2002 Autopsy Privacy Request Withdrawn Maryland's medical examiner has withdrawn his request that he be allowed to keep confidential all of the state's autopsy records, the Washington Post reports lawmakers said yesterday. Concern that ghoulish details from autopsy reports could spread across the Internet or onto the pages of newspapers prompted the request by David Fowler, acting chief medical examiner. Legislation on Fowler's proposal had the backing of privacy advocates and outraged auto racing fans who objected when Florida news outlets tried to obtain autopsy photographs of NASCAR driver Dale Earnhardt after he died in last year's Daytona 500. But the measure, which was debated by members of the House of Delegates during a January hearing, faced stiff opposition from media outlets and First Amendment groups that argued that autopsy reports are a key tool for news investigations. February 20, 2002 High-Tech Security Czar Warns of Fragile Infrastructure Much like the airline industry before Sept. 11, high-tech companies, customers and government agencies are well aware of security vulnerabilities but are reluctant to pay to fix them, President Bush's top computer security adviser said Tuesday at a conference of computer security experts in San Jose, CA. It's just a matter of time before terrorists use those flaws to launch a cyberspace equivalent of the Sept. 11 attacks on critical national infrastructure such as the electricity grid, said Richard Clarke, the Bush administration's cyber security czar. Full Story. February 20, 2002 Supreme Court Hears Privacy Cases The Supreme Court ruled unanimously yesterday that the widespread practice of "peer grading" does not violate federal education privacy law. The case, Owasso Independent School District v. Falvo, No. 00-1073, arose in 1998, when an Oklahoma parent, Kristja J. Falvo, sued her suburban Tulsa school district in federal court, seeking an end to peer grading at the school her three children attended. The court rejected the view of some psychologists and conservative privacy rights activists, who had urged the court to give parents the power to combat a commonplace but, to some children, demeaning classroom ritual in which students exchange papers, correct them and then report the grades to the teacher. The court declined to decide a potentially broader issue embedded in the case, however. Falvo had contended that a grade, once marked down on a student's paper, is an "education record" covered by the 1974 Family Educational Rights and Privacy Act (FERPA), which says that student files "maintained" by school administrators may not be released without parental consent. FERPA provides for a cutoff of federal funds to bring noncomplying school districts into line. It says nothing about private suits such as Falvo's. The court noted that it will decide this issue in a separate case, Gonzaga v. Doe, No. 01-679, to be argued April 24. The Reporters Committee for Freedom of the Press and the Student Press Law Center warned the court in a friend-of-the-court brief that recognizing a right to sue under FERPA would bolster ongoing efforts by school administrators to stop publication of newsworthy information about students. Already, they said, invocation of student privacy by administrators "threatens the student media's continued viability." Separately, the court has agreed to hear a case involving whether
lists of registered sex offenders - collected by states under federal
law - can be posted on the Internet, or whether such posting would
violate the offenders' rights to privacy. February 15, 2002 Public Surveillance System in DC Threatens Privacy The Washington Post reports Rep. Constance A. Morella (R-MD), chairman of the House Government Reform subcommittee on the District, expressed alarm at police plans to create a large, government-run network of surveillance cameras from public and private sources. The police department reactivated a command center at its headquarters Tuesday that would serve as the hub for video feeds from more than 200 cameras that will monitor major streets, transit stations, federal landmarks and buildings and schools. The $7 million Joint Operations Command Center was first used Sept. 11. Morella said in a statement that she would call a hearing "out of concern that the pendulum between security and privacy is beginning to swing too far in one direction. These surveillance programs are advancing without the appropriate and necessary public debate about their consequences." On Wednesday, EPIC sent a series of Freedom of Information Act (FOIA) requests to the D.C. Metropolitan Police Department and to federal agencies to obtain records regarding the public surveillance camera system activated in Washington. February 13, 2002 AHA to HHS: Change Privacy Regs & Standardize HIPAA Code Sets AHAnews reports that the American Hospital Assocation (AHA) joined 88 organizations, including physician groups, practitioners, hospitals and other health care providers, to voice concern over what impact that HIPAA's final privacy regs might have on health-related research. In a letter to HHS Secretary Tommy Thompson, the group said the standard for de-identifying medical information would essentially render some data useless for research purposes. They proposed that the standards be modified to limit it to direct identifiers. Read AHA's Feb. 8th letter to Sec. Thompson. AHA also recently recommended to an HHS subcommittee that the medical code sets for transactions under HIPAA be updated no more than annually and on the same date by all covered entities. Testifying yesterday before the National Committee on Vital Health Statistics' Subcommittee on Standards and Security (NCVHS), Nelly Leon-Chisen, AHA director of coding and classification, also recommended HHS clarify in regulations the specific version of the code sets that have been adopted for use and develop transition rules for switching to the newer versions. AHA sent a letter on Jan. 16 to HHS Secretary Tommy Thompson asking for quick publication of the proposed rules for standard claims attachments and health plan identifiers. Read AHA's Jan. 16th letter to Sec. Thompson. February 13, 2002 Maryland, USPS Looking at Permanent, Life-Long Email Addresses The State of Maryland's Information Technology Board (ITB) posted a draft of its Internet Policy Recommendations on January 29th, 2002. The ITB examined how Maryland residents could be assigned an email address almost at birth, which would be a permanent and constant email address, regardless of the Internet service that would be utilized. The US Postal Service (USPS) intends to develop a role in some phase of e-commerce and the movement of documents and messages. Discussions have taken place to assess the appropriateness of Maryland serving as a demonstration site for a USPS initiative aimed at assigning residents a permanent, life-long email address. The ITB recommends that a task force be established to work with the USPS to designate Maryland as a demonstration site for this innovate concept, and that task force members develop the details, logistics, and any associated costs with the USPS, its contractors and consultants. February 13, 2002 Rights Groups Oppose National ID Card Civil-liberties and consumer groups are urging President Bush to oppose efforts to create a national identification system, saying that it would intrude on privacy. The American Civil Liberties Union, the Free Congress Foundation, and more than three dozen other liberal and conservative groups took particular aim at a proposal by the American Association of Motor Vehicle Administrators "to strengthen this nation's driver license and state-issued ID-card system." In a letter sent to Bush on Feb. 7, civil-liberties and privacy groups said the association's plan "would establish a national ID and an unparalleled system of personal information sharing." February 13, 2002 Comcast Stops Tracking Web Users Comcast Corp., the Washington region's dominant cable company, began tracking the Web-browsing activities of its 1 million high-speed Internet subscribers without notifying them. Comcast said that the tracking of each Web page a subscriber visits was part of a technology overhaul designed to save money and improve the speed of cable Internet service to customers, not to infringe on privacy. After privacy advocates protested the company's decision to begin tracking its web users, Comcast subsequently issued a statement saying it would stop storing individual customers' IP and URL information in order to completely reassure its customers that the privacy of their information is secure. February
11, 2002 House Passes Computer Security Bill Congress
overwhelmingly approved a bill Thursday that offers $880 million
in funding to government agencies for researching ways to improve
U.S. computer and network security. The House voted 400-12 in favor
of HR 3394, the Cyber Security Research and Development Act, sponsored
by Science Committee Chairman Sherwood Boehlert, (R-NY). The $880
million would be split between the National Science Foundation (NSF)
and the National Institute of Standards and Technology (NIST) for
use in cybersecurity research efforts. The bill has been referred
to the Senate Committee on Commerce, Science, and Transportation. Read the text of the House bill, engrossed version (PDF). February 11, 2002 Medical Records Privacy Not Assured Last year, Sylvia Marvelli was diagnosed with breast cancer. She didn't want to share that information with Blue Cross and Blue Shield of North Carolina. There was no reason she should since she bought her health insurance from Conseco Medical Insurance Co. of Illinois. But after continued financial losses, Conseco is leaving North Carolina, effective March 1. The company has given its customer information to a competitor, Blue Cross, after Blue Cross agreed to offer coverage to all 26,000 of Conseco's N.C.-covered people. Blue Cross did offer coverage to Marvelli. But instead of the $400 a month she paid to Conseco to cover herself and her family, Blue Cross quoted her a monthly premium of $1,784 -- a 450 percent increase, driven by the insurer's knowledge of her medical condition. "Was it legal for Conseco to allow (Blue Cross) to review our files?" wrote Marvelli's husband, Marshall, in a Dec. 17 letter of complaint to the N.C. Department of Insurance. Yes it was, department officials told them last week, reports the Charlotte Observer. February 6, 2002 Physicians Protest Privacy Rule Loophole New standards would allow use and disclosure of health information for certain marketing purposes without a patient's consent. Physicians and consumer advocates say this is exactly the type of practice that should be prohibited under the federal medical records privacy standards, which are intended to safeguard access to patients' sensitive health information. The American Medical Association has been actively advocating changes to the rule based on current AMA policy, which says that physicians, hospitals and others in the health care system have a duty to keep patient information private. Full Story. February 6, 2002 New HHS Council on Private Sector Innovation to Improve Health Care HHS Secretary Tommy Thompson has set up a new forum, the "Council on Private Sector Initiatives (CPSI) to Improve Security, Safety, and Quality of Health Care." The CPSI will review and refer requests from private-sector companies that want to present to the federal government innovative products that will improve the nation's health care system. The council's membership consists of the heads of agencies within HHS as well as from the departments of Defense, Veterans Affairs and Energy, the FBI, and the EPA. Agency for Healthcare Research and Quality (AHRQ) Director John M. Eisenberg, M.D., chairs the council. For more info on how to submit requests, go to the council's web site: http://www.cpsi.ahrq.gov. February 1, 2002 Former Patient to Appeal Johns Hopkins Hospital Privacy Case A former patient of Johns Hopkins Hospital is appealing a recent court ruling that said the institution did not knowingly give information about his psychiatric troubles to a disgruntled former friend, reports the Baltimore Business Journal. Lawyers for the plaintiff filed the appeal in the Court of Special Appeals in Annapolis, MD on December 27, 2001, questioning whether the judge who heard the original case properly dismissed a negligence claim. In court documents filed last year in Baltimore City Circuit Court, the former patient, referred to as "John Doe," says Johns Hopkins released his medical records in April 1997 to a former friend and business partner who claimed to be him. The former colleague, Dorinda Mae Hughes, gave the information about Doe's former drug abuse problems to his friends, family, business associates and clients. Doe sued Johns Hopkins for $12 million, saying his reputation had been ruined. "A [health care] provider's failure to maintain the privacy of private patient records, [particularly] those involving mental health or drug abuse treatment, results in a chilling effect on patients seeking necessary treatment and care," according to court documents. News ArchivesGo to TOP |
|
Schedule for Reg Publication/
|
