| HIPAAdvisory > HIPAAnews > Archives |  |
|
|
October 2002 News Archives:October 31, 2002 Health-Care Groups Push For US Patient Database The Wall Street Journal reports government and private-health groups meeting yesterday at the 2002 Health Legacy Partnership (HELP) Conference at the National Press Club "insist that without jeopardizing privacy, a person's medical history and drug allergies should be accessible from one database." This year's conference featured the work of the eHealth Initiative (eHI), a non-profit consortium of more than 100 organizations whose mission is to drive improvement in the quality, safety and cost-effectiveness of health care through information technology. The goal of the HELP Conference is to develop an interconnected, electronic national health information infrastructure, toward a National Health Outcomes Database. Read more about the National Health Database. Read iHealthBeat's article, "Conference calls for greater use of IT in health care" October 31, 2002 VA Secures, Speeds Access The Department of Veterans Affairs is targeting wireless devices and patient medical data, reports Federal Computer Week. Two new contracts have been awarded to information technology companies for faster and more secure ways to treat patients at VA hospitals across the country. The first contract upgrades the security of wireless devices used at VA hospitals to help administer the right medication to patients. The other contract will provide easier and safer access to patient data stored at VA's medical centers. October 31, 2002 NIST Sets Security Checkup Standards As part of its System Certification and Accreditation Project, the National Institute of Standards and Technology (NIST) has posted Special Publication 800-37, proposed guidelines for performing security checkups. The second set of guidelines, 800-53, will describe the first-ever minimum-security requirements for federal online systems. The third, 800-53A, will detail techniques for measuring a system’s security level. Those two publications will be released next spring. The three-part series is designed to bring consistency to certifying and accrediting systems security. NIST will accept public comments on 800-37 for three months. NIST is gearing the guidelines to federal agencies but hopes they will appeal to state and local governments and private industry, where information security is no less a concern. Read the NIST Security draft guidelines. October 23, 2002 Medical Privacy Bill Would Restore Patient Consent Several House Democrats introduced a bill last week that would restore patient consent provisions in the HIPAA Privacy Rule and require health providers to notify consumers when they receive payment from drug companies to send unsolicited marketing material. The bill would also limit how FDA-regulated companies could use or disclose personal medical information. The bill, called the Stop Taking Our Health Privacy Act, was introduced by Reps. Ed Markey (D-MA), John Dingell (D-MI), Henry Waxman (D-CA), Howard Berman (D-CA) and Michael Capuano (D-MA). Read Rep. Markey's statement introducing the STOHP Act. October
23, 2002 FDA Allows ID Implant Device for Nonhealth Applications
According to iHealthBeat, the FDA ruled that a chip that can be
implanted in humans does not require FDA-approval so long as it
is only used for “security, financial and personal identification
or safety applications.” The agency has not yet ruled on whether
the device can be used for medical purposes, including linking it
to databases containing patients’ medical information, Wired
News reports. The FDA’s “surprise decision” comes
after the agency announced in May that it would review Applied Digital
Solutions’ VeriChip device. The company’s marketing campaign
for the device indicated it could be linked to medical databases
which physicians could access in an emergency to determine an unconscious
patient’s medical history, despite company officials’
assurances to the FDA that VeriChip was only an identification device. Read Wired News' article, "ID Chip's Controversial Approval." October 17, 2002 CMS Logs Half-Million Applications for ASCA Extension AHANews reports the Centers for Medicare & Medicaid Services said yesterday it had received more than 500,000 applications for a one-year extension of the Oct. 15 deadline for complying with HIPAA's transactions and code sets standards. HIPAA-covered entities that did not apply for the extension are now expected to be in compliance with the transactions and code sets regulation. October 17, 2002 Court Ruling Limits Prosecutors' Access to Patient Records The New York Times reports New York State's highest court ruled yesterday that prosecutors cannot demand hospital medical records in their efforts to seek criminal suspects who have been wounded, because doing so infringes on patient confidentiality. The decision affects only cases that involve a doctor's medical judgment. Where information about a possible crime is apparent to anyone prosecutors may enforce a subpoena for records, the court noted in its unanimous decision. October
17, 2002 FTC Investigating Whether Pharmacies' Drug Marketing
Violate Consumer Privacy October 17, 2002 Spate of Snipings Raises Issues of Patient Privacy and Public Security The Washington Post reports today on how a DC area hospital protected the identity of a 13-year-old high-profile patient. The boy, one of two wounded in the sniper attacks that have left nine others dead (one of them a member of the FBI's cybersecurity division) over the past two weeks in the Washington, DC suburbs, was admitted to Children's Hospital as a VOV -- victim of violence. For his protection, he was assigned an alias, which became the name all staffers would use, and which anyone seeking information about him would have to know. A bogus file was created in the computer system to throw potential hackers off the trail. Meanwhile Montgomery County, MD officials said it is too early to know what long-term changes could be made to improve public security, such as expanding Montgomery's state-of-the-art network of traffic cameras or lobbying for a new national fingerprint database, reports the Montgomery Gazette. Read the Washington Post article, "Speed and Skill Saved Boy." Read the Montgomery Gazette article, "String of Crises Prompted County to Plan for Panic, Danger." October 15, 2002 CMS to Enforce HIPAA TCS Standards HHS Secretary Tommy Thompson announced today that the Centers for Medicare & Medicaid Services (CMS) will be responsible for enforcing the HIPAA transaction and code set standards. The HHS Office for Civil Rights (OCR) will enforce the HIPAA privacy standards. CMS and OCR will work together on outreach and enforcement and on issues that touch on the responsibilities of both organizations - such as application of security standards or exception determinations. Ruben J. King-Shaw Jr., CMS deputy administrator and chief operating officer, said CMS will create a new office to bring together its responsibilities under HIPAA, including enforcement. October 15, 2002 Survey: Privacy Rule Top Concern of Compliance Officers A new survey finds HIPAA Privacy Compliance is the biggest issue faced by compliance officers today. The fifth annual “2002 Profile of Health Care Compliance Officers,” released October 1 by the Health Care Compliance Association (HCCA) and Indianapolis-based Walker Information, indicates the top goals are:
According to the survey results, the trend is clear that compliance programs are an accepted part of the health care organization’s framework. The survey also includes data on compensation, benefits, staff size and other issues. Read the survey results (PDF). October 10, 2002 Iowa Officials Yield in Demand for Pregnancy Records The Des Moines Register reports an Iowa County Attorney yesterday asked the State Supreme Court to let him withdraw his subpoena demanding a Planned Parenthood clinic's pregnancy test records, which authorities hoped would lead them to the mother of a dead baby boy. "We don't have the time and resources to continue these legal proceedings," County Attorney Phil Havens said. Still, Planned Parenthood of Greater Iowa's legal fight isn't over, officials warned. Even if District Judge Frank Nelson drops the court orders he initially granted, Planned Parenthood officials must go back to the Supreme Court to ask for a dismissal. "The privacy rights of these patients are still in jeopardy," director Jill June said. October 9, 2002 OCR Releases New Privacy Rule FAQ & Unofficial Version of Modified Privacy Rule Text Yesterday, HHS' Office of Civil Rights released new frequently asked questions about the HIPAA Privacy Rule as well as an unofficial version of the complete regulation text for the privacy rule (Parts 160 and 164), as modified (05/31/02, 08/14/02). Read the new Privacy Rule FAQs. Read the
unofficial version of the Privacy Rule regulation text, as amended
(2.5 MB PDF). October 9, 2002 CMS Introduces Health Privacy Accountability Database IHealthBeat reports the Centers for Medicare & Medicaid (CMS) announced its plans yesterday to implement an electronic record management system as part of its compliance with the HIPAA medical privacy rule and the Privacy Act of 1974. The system, called the Privacy Accountability Database, will track access to CMS’ health care data, which holds information on more than 74 million Americans. The system will help CMS administrators protect health information and monitor disclosure of the information, which is used for reimbursement, regulatory compliance and to support litigation involving CMS. CMS administrators plan to have the system in place by the April 2003 HIPAA privacy rule compliance deadline. Read
the Federal Register announcement. October 8, 2002 House Passes Bill to Review Federal Agencies' Privacy Rules Without dissent, the House passed legislation yesterday to require federal agencies to review the effects on personal privacy of any new regulations that they propose and to let individuals go to court to attack those reviews as inadequate. The bill, originally sponsored by Representative Bob Barr (R-GA) and co-sponsored by Representative Jerrold Nadler (D-NY), was supported by a wide ideological range of interest groups from the American Civil Liberties Union to the National Rifle Association, reports the New York Times. October 8, 2002 NCVHS Alerts Thompson to Covered Entities' Confusion The Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics (NCVHS) heard from witnesses throughout New England on September 10 and 11, 2002 in Boston as part of its duty monitoring covered entities' HIPAA implementation. Although additional hearings are scheduled in late October and early November in Baltimore and Salt Lake City, the NCVHS was so troubled by the Boston testimony that it sent its initial findings and recommendations to HHS Secretary Tommy Thompson in a letter dated September 27, 2002. The witnesses at the Boston hearing expressed widespread support for the goals of the Privacy Rule. Some providers, especially larger ones, reported making progress toward compliance. There was also praise for the guidance provided by the Office for Civil Rights (OCR) in July 2001. Overall, however, the NCVHS was both surprised and disturbed at the low level of implementation and the high levels of confusion and frustration. Some covered entities decided to wait until the final Privacy Rule amendments were published in August 2002, and only now are beginning to think about their compliance duties. Many physicians, dentists, and other health care providers, especially those in small towns and rural areas, have never even heard of HIPAA, do not think it applies to them, or are confused by the various standards. State and local governments reported lacking the budget or personnel to draft their own HIPAA documents and design training programs to comply with the Privacy Rule. NCVHS goes on to state, "The failure of the OCR to make available sample forms, model language, and practical guidance has left covered entities at the mercy of an army of vendors and consultants, some of whose expertise appears limited to misinformation, baseless guarantees, and scare tactics." October 3, 2002 HHS Marketing Guidance Tells Drug Industry to Stop "Switching" The modified final Privacy Rule issued in August drew the wrath of privacy advocates who believe the rule still permits use of identifiable information for marketing purposes without patient consent. A drug company can pay a pharmacist or physician to contact patients and recommend switching to particular drugs, without informing patients that payment is being made for the solicitation. The New York Times reports the government warned pharmaceutical companies this week that they must not offer any financial incentives to doctors, pharmacists or other health care professionals to prescribe or recommend particular drugs, or to switch patients from one medicine to another. The draft guidance from HHS’ Office of Inspector General (OIG) informed the industry that many practices commonly used in the marketing and sale of prescription drugs could run afoul of federal fraud and abuse laws. A practice the government said is suspect is one under which companies pay drugstores or pharmacy benefit managers to contact patients or doctors to encourage them to change from one drug to another. It warned companies that they would run afoul of the law if they rewarded pharmacies and pharmacy benefit managers for "moving market share" from one product to another. The “switching” language, if it remains in the final guidance, won’t change the privacy rule’s marketing provisions, says Joanne Hustead, senior counsel for the Health Privacy Project at Georgetown University in Washington, DC. “It just may mean the victory that some entities got in the privacy rule may be short-lived,” she adds. Read Health Data Management's article, HHS Offers Drug Marketing Guidance." Read the New York Times article, "Drug Industry Is Told to Stop Gifts to Doctors." October 1, 2002 Judge Upholds Patient Privacy for FL Gov. Bush's Daughter A judge ruled today that staff members at a drug rehabilitation center in Orlando cannot be forced to cooperate with an investigation into an accusation that one of its patients, Noelle Bush, daughter of Florida Governor Jeb Bush and President Bush's niece, had possessed crack cocaine. Chief Judge Belvin Perry Jr. of Circuit Court of Orange County in Orlando wrote in his ruling that patient privacy outweighed law enforcement interests in cases in which addicts relapse in treatment. Forcing the institution, the Center for Drug-Free Living, to aid in the investigation would mean that "all patients who suffer relapses could be hauled out of treatment programs and into criminal courts on the whim of a state prosecutor or police officer responding to calls from fellow patients whose motives for reporting the `crimes' might be questionable," Judge Perry wrote. His ruling cited federal and state laws that protect patients' privacy rights. Read the New York Times' article, "Judge Upholds Privacy for Jeb Bush's Daughter." Read the Washington Post's article, "Drug Facility Staff May Remain Silent On Noelle Bush." October 1, 2002 Minnesota Plans to Collect Personal Medical Data A proposed rule before the Minnesota legislature would require Minnesota hospitals, insurers, and health plans to electronically transmit the private individually-identifiable health data of most Minnesota residents to the health department without patient or parent consent. The Minnesota Department of Health informed Citizens' Council on Health Care (CCHC) that enough letters requesting a hearing on the proposed health data collection rule were received to require a hearing this Friday before an administrative law judge.
|
|
Schedule for Reg Publication/
|
