| HIPAAdvisory > HIPAAnews > Archives |  |
|
February 2004 News ArchivesFebruary 25, 2004 Companies Form Computer Security Lobby The Washington Post reports eleven of top computer security companies are forming an organization to lobby on cyber-security issues in Washington. Leaders of the Cyber Security Industry Alliance (CSIA) stress that they remain wary of any government effort to regulate security practices. They are, however, willing to concede that some requirements, perhaps developed under existing federal laws, could improve computer security practices without foisting onerous mandates on businesses. The security alliance said it will seek clarification from Congress on how several recently enacted laws, such as HIPAA and the Gramm-Leach-Bliley Act, would apply to corporate network security. February 16, 2004 TX Says State Public Info Law Overrides HIPAA The Dallas-Ft. Worth Star Telegram reports Texas Attorney General Greg Abbott ruled Friday that the state's public information law takes precedence over the HIPAA Privacy Rule. His decision means Texas media outlets and individuals will have access to public information that some hospitals and authorities have declined to release. "In Texas, government records are presumed open unless a specific exception applies. HIPAA is not an exception to the rule of openness in the state of Texas," said Abbott. February 16, 2004 New Consumer Credit Law Protects Medical Info The Fair and Accurate Credit Transactions (FACT) Act, signed by President Bush on December 4, 2003 (Public Law 108-159), establishes medical privacy provisions as part of consumer credit law. The bill amends the Fair Credit Reporting Act (FCRA) to include improved medical privacy protections, in addition to new protections against identity theft. Credit bureaus and creditors will have to comply with a number of medical privacy restrictions that ban the sharing of medical information. Title IV of the FACT Act limits the use and sharing of medical information in the financial system and provides an updated and more expansive definition of medical information. February
13, 2004 Attack on Atkins: A HIPAA Privacy Breach?
The New York City medical examiner's office has sent a letter to
Nebraska health officials claiming an Omaha doctor inappropriately
obtained and distributed a copy of its report on the death of Dr.
Robert Atkins. According to the report, which was released to the
Wall Street Journal this week, the man behind the Atkins diet was
obese at the time of his death. The Atkins company said yesterday
that Atkins gained more than 60 pounds due to fluid retention while
in a coma for eight days prior to his death last April. In a statement
on the Atkins website Dr. Atkins' medical report was "sent in error" to Dr. Richard Fleming, a member of the pro-vegetarian Physicians Committee for Responsible Medicine. It was later discovered that the doctor was not the treating physician and should not have had access to the report. A spokesperson for Nebraska Health and Human Services said the incident would be investigated as any other complaint against a doctor licensed to practice in Nebraska. If it is determined that a doctor acted inappropriately or unprofessionally, the doctor could face discipline ranging from a reprimand to revocation of his or her license. February 12, 2004 OCR Posts New Privacy FAQs The Department of Health and Human Services' Office for Civil Rights, charged with enforcing the HIPAA Privacy Rule, has posted a couple new FAQs on their site. One question asks if an authorization or business associate agreement is needed to share information with a medical device company. The other asks whether a doctor may disclose a patient's location or condition to a person, such as Red Cross, who can help notify the patient's family. Read
OCR's FAQ on sharing PHI with medical device companies. Read
OCR's FAQ on disclosures to persons, such as Red Cross, to notify
family. February 12, 2004 Groups Say WebMD Not HIPAA Compliant Health Data Management reports the American Medical Association (AMA) and seven other medical societies sent a letter in January to WebMD voicing their concerns about the vendor's claims processing. WebMD has had difficulties handling HIPAA-compliant transactions, according to the physician associations. The letter, sent to WebMD CEO Roger Holstein and HIPAA enforcement staff at the Centers for Medicare and Medicaid Services (CMS), states that claims submitted to WebMD in a HIPAA-compliant format for processing are often resulting in delayed or denied payments to physicians. February 11, 2004 Online Search Engines Help Lift Cover of Privacy The Washington Post reports that a wide assortment of confidential material, such as medical records, bank account numbers, and students' grades, is publicly available on the Internet using a relatively simple search. Though it does not technically trespass, the practice is sometimes called "Google hacking." Cybersecurity experts say that improperly configured servers, holes in security systems, and human error allow Google or other search engines to find the information. "Once it is placed online, it's very hard to get the digital horse back in the electronic barn," said Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC). Since 2001, the FTC has settled cases with Eli Lilly & Co. and Microsoft Corp. for not taking "reasonable" measures to keep medical or financial information secure. Letting customer information reside on an unsecure server can open up a business to such liability. February 10, 2004 NCVHS to Hold Hearing on Privacy Rule's Impact on Banks, Police, and Schools The National Committee on Vital and Health Statistics (NCVHS), an advisory body to the Secretary of Health and Human Services (HHS), will be holding a subcommittee meeting on Feb. 18 and 19 to receive information on the implementation of the HIPAA Privacy Rule. The Subcommittee on Privacy and Confidentiality will hear about the impact of the regulation on banking, law enforcement, and schools. Representatives of affected groups will provide information about how the regulation has affected the level of privacy and confidentiality for protected health information (PHI), best practices for implementation of the regulation, and information that might help to identify and resolve barriers to compliance. Read the
Federal Register Notice of the meeting (PDF). February 10, 2004 Camera Phones Raise Privacy, Security Fears The January 2004 issue of PC World magazine reports that by 2007, it is predicted 51 million out of over 110 million cell phones will have digital camera technology. The same size as regular cell phones, camera phones can snap photos while users appear to make calls. Daniel Solove, a law professor specializing in privacy law, says a camera phone's immediacy alone does not violate privacy laws, but there are limits. Eventually, camera phones may be automatically disabled when owners enter sensitive places, like hospitals or banks. According to Alan Reiter, a wireless computing consultant who follows picture-phone trends in his Camera Phone Report, "corporations and organizations that have legitimate security concerns should ban camera phones as well as other devices that could compromise security." February 4, 2004 CMS Clarifies Use of Provider Identifiers The Centers for Medicare and Medicaid Services (CMS) has posted to its HIPAA site 15 new Frequently Asked Questions (FAQ) related to the National Provider Identifier (NPI). In answer to the question of whether a provider will be able to continue to use other numbers besides the NPI, CMS notes this exception:
Other questions asked include who will assign NPIs to healthcare providers, will a healthcare provider’s NPI ever change, how long will it take to get an NPI, and will there be a crosswalk of Unique Physician Identification Numbers (UPINs) to NPIs. Read
CMS' HIPAA FAQ on the NPI.
February 2, 2004 Healthcare Industry Remains Unready for TCS Compliance The healthcare industry is “far from prepared” to conduct most HIPAA standard transactions, according to preliminary results of the Winter 2004 US Healthcare Quarterly Industry HIPAA Compliance Survey. The survey, co-sponsored by the Healthcare Information Management and Systems Society (HIMSS) and Phoenix Health Systems, polled 631 healthcare executives. Healthcare providers are closer to compliance than other entities, according to the findings of the survey, which were presented on Jan. 27 in testimony before the WEDI Public Hearing on Implementation of HIPAA Regulations in Washington, DC. D’Arcy Guerin Gue, Executive Vice President of Phoenix Health Systems, represented and testified for her organization and HIMSS at the hearing. “The objective of converting to standardized Transactions remains hampered by poor communications between covered entities and their trading partners, confusion over specifications, and inability to complete testing,” said Guerin Gue. “Considering the slow progress reported since the Fall 2003 Survey, it is unlikely that we will see industry-wide compliance within the near future.” The survey results presented as testimony during the WEDI public hearing represent only some of the Winter 2004 US Healthcare Quarterly Industry HIPAA Compliance Survey results. The complete results of the survey will be presented at the Annual HIMSS Conference & Exhibition, taking place February 22-26, 2004 in Orlando, FL. Read Phoenix' & HIMSS' testimony.
|
![[external link]](../../../images/extlink.gif "external link"){kind=small}
![[external link]](../../images/extlink.gif "external link"){kind=small}
,
Dr. Atkins' widow said her husband's medical records were "private
and of no concern or relevance to the media or general public."
