| HIPAAdvisory > HIPAAnews > Archives |  |
|
October 2004 News ArchivesOctober 21, 2004 Computer Data on Home Care Breached About 1.4 million computer files containing the personal data of home care patients may have been stolen from a computer system at the University of California, Berkeley, during a security breach on August 1. Though investigators do not know whether the information was copied, they have determined that someone gained unauthorized access to a computer containing the data that belonged to a university researcher, reports the Sacramento Bee. October 21, 2004 More HIPAA Complaints to Come in 2005 The Southern Healthcare Administrative Regional Process (SHARP) Workgroup has looked at the more than 7,080 Privacy and 147 Transactions and Code Sets (TCS) rule complaints that have been filed up to June 2004 for HIPAA violations and it looks like there are plenty more to come, reports HealthcareITNews. Gloria Steinberg, a member of SHARP Workgroup’s advisory board, said the industry has been focusing on getting the mandatory 837 form in the correct format. However, once enough of the final rules are released and all stakeholders become better educated, she expects a plethora of HIPAA complaints to be filed in 2005. October 20, 2004 CMS Announces Next HIPAA Roundtable Call; Reiterates April 20 is Security Compliance Date The Centers for Medicare and Medicaid Services (CMS) announced today the 18th National HIPAA Implementation Roundtable conference call focusing on the HIPAA National Provider Identifier (NPI) Standard. The call will take place on Wednesday, December 15, 2004 from 2:00 - 3:30 PM EST. The call-in toll-free number is 1-877-203-0044. The conference identification number is 1598382. Due to the volume of callers wishing to participate, CMS requests callers dial in fifteen minutes before the start of the meeting. No registration is required. During the last HIPAA Roundtable call focusing on the Security Standards, CMS reiterated that the compliance date for the Security Rule is April 20, 2005. There has been confusion in the healthcare industry concerning the actual compliance date. The comment section of the Final Security Rule indicates the date as April 21, 2005. However, section 164.318(a)(1) of the regulation text states April 20, 2005, is the compliance date for the initial implementation of the security standards. October 20, 2004 Health IT Experts Urge Investment According to top executives of health IT vendors and hospital CIOs, it will take an investment of $500 billion to $700 billion in healthcare IT systems during the next decade to meet President Bush's goal of using technology to decrease the nation's annual $1.7 trillion healthcare bill by about 20 percent, reports Federal Computer Week. The $500 billion figure represents a 3 percent investment of total industry revenues into IT and the $700 billion figure represents a 4 percent investment. Bush commented during the Oct. 13 presidential debate that healthcare IT is stuck in "the buggy and horse days" with much of the healthcare system running on paper in a digital era. October 14, 2004 FDA Approves Chip Implant for Health Records A computer chip that is implanted under the skin received approval from the Food and Drug Administration (FDA) yesterday for use in helping doctors quickly access a patient's medical history. The VeriChip, about the size of a grain of rice, is placed in the upper arm and contains a patient's identification number that corresponds to health information in a computer database. A handheld scanner can retrieve the patient's number from the chip, which emits radio waves when activated. The chip implants have been used for years for various purposes such as identifying lost pets. Privacy advocates have voiced worry about the speedy transfer of sensitive medical information via computer. Read
iHealthBeat's round up of coverage on radio frequency identification
(RFID) privacy concerns. October 13, 2004 Brailer Reiterates Health IT Implementation Goals At the American Health Information Management Association (AHIMA) National Convention in Washington, DC, National Health IT Coordinator Dr. David Brailer told an audience of health IT executives on Monday he is not bothered by the "underwhelmed" reaction of some in the healthcare industry to the government's plan to build a national health information infrastructure (NHII). "We're here to be a catalyst and to drive things forward," said Brailer according to iHealthBeat. During an interview at the convention with Health Data Management, Brailer said the Bush administration is not worried that Congress has not yet approved all of the funding for HHS' new health IT office. Brailer also said HHS plans to publish in the Federal Register later this year a request for information seeking ideas for the design and deployment of a NHII. "We need a broker – a set of connectivity tools – which is what the NHII will be about, what I call the 'Medical Internet'." The answers that HHS receives from the request for information "will form the next steps we take," Brailer said. October 8, 2004 SANS Releases Top 20 Internet Threats List The SANS Institute today released its fifth annual report on the Top-20 most critical internet security vulnerabilities compiled from recommendations by leading security researchers and companies around the world. The Top-20 listing is actually a list of the top-10 vulnerabilities to Windows Systems, followed by the top-10 vulnerabilities to UNIX Systems:
October 7, 2004 Court Upholds Seizure of Limbaugh's Medical Records, Disappoints ACLU The American Civil Liberties Union (ACLU) of Florida yesterday said that it is disappointed by a state appeals court ruling that state law enforcement officers properly confiscated Rush Limbaugh’s medical records as part of a criminal investigation involving alleged "doctor-shopping." "What’s at stake here is the medical privacy of millions of people in Florida and the need to protect people against unnecessary government intrusion into their medical records," said ACLU of Florida Legal Director Randall Marshall. In a 2-1 decision issued yesterday, the Fourth District Court of Appeal ruled that: " … the constitutional right of privacy in medical records is not implicated by the State's seizure and review of medical records under a valid search warrant without prior notice or hearing." In February, the FL ACLU filed a friend-of-the-court brief in partial support of the conservative radio commentator, arguing that law enforcement officers violated state law by using the more intrusive search warrant process to seize Limbaugh’s medical records, rather than by obtaining a subpoena. "Regardless of which law enforcement tools are used - whether a subpoena or a search warrant - safeguards must be put in place to justify giving the state access to the intensely personal information contained in medical records," Marshall said. October 6, 2004 CMS Announces 17th National HIPAA Roundtable Call The Centers for Medicare and Medicaid Services (CMS) announced today the 17th National HIPAA Implementation Roundtable conference call focusing on the HIPAA Security Standards. The call will take place on Wednesday, November 10, 2004 from 2:00 - 3:30 PM EDT. The call-in toll-free number is 1-877-203-0044. The conference identification number is 1347026. Due to the volume of callers wishing to participate, CMS requests callers dial in fifteen minutes before the start of the meeting. No registration is required. October 6, 2004 GAO Looks at First-Year Experiences Under HIPAA Privacy On Monday, the Government Accountability Office (GAO) released a report on "First-Year Experiences under the Federal Privacy Rule." The GAO issued the report to the Chairman of the Senate Committee on Health, Education, Labor, and Pensions (HELP) to review (1) the experience of providers and health plans in implementation; (2) the experience of public health entities, researchers, and representatives of patients in obtaining access to health information; and (3) the extent to which patients appear to be aware of their rights. GAO recommends that the Department of Health and Human Services (HHS) (1) require that patients be informed of mandatory disclosures to public health authorities in privacy notices and exempt such disclosures from the accounting requirement, and (2) conduct a public information campaign to improve patients’ awareness of their rights. HHS noted that it continues to monitor the public’s experience with the accounting provision to assess the need to modify the rule and described ongoing efforts to educate consumers. GAO remains concerned about the burden of accounting for disclosures to public health authorities and believes it is important that HHS more effectively disseminate information about the Privacy Rule. October 6, 2004 House Passes Prescription Drug Monitoring Bill Last week, the House Energy and Commerce Committee approved a bill (HR 3015) that would create federal funding for states to establish electronic systems for tracking prescription drugs. The Prescription Drug Monitoring Program (PDMP) would provide grants through the Department of Health and Human Services (HHS) to states to establish and operate prescription drug monitoring programs. The Government Accountability Office (GAO) recently declared that the presence of a PDMP helps states reduce illegal usage of prescription drugs. According to Joy Pritts of Georgetown University's Health Policy Institute, in order to receive funding, states would have to require pharmacists to electronically report the names of patients who fill prescriptions for certain controlled substances. States would be required to share their identifiable information with other state monitoring systems, and with state and federal law enforcement officials. For the most part, these state systems will not be subject to the HIPAA Privacy Rule, says Pritts. October 6, 2004 President Bush, Senator Frist Name Health IT Group Members On Friday, President Bush and Senate majority leader Bill Frist (R-TN) named the initial members of the new Commission on Systemic Interoperability, reports Government Computer News. The group, by November of next year, must recommend standards that will serve as the foundation for establishing a system of universal health records. October 5, 2004 Military Cites HIPAA in Limiting Details on Injured Troops HIPAA is making it difficult for military families, veterans groups and even members of Congress to get details about America's mounting war casualties in Iraq, according to the Milwaukee Journal Sentinel. Military officials are citing the law in refusing to identify soldiers wounded in Iraq or disclose details about their injuries. Army spokesman Jaime Cavazos said soldiers have the same privacy rights as civilians under HIPAA. A spokesman for Sen. Edward Kennedy (D-MA), one of HIPAA's chief architects, said the senator never intended the law to keep Americans from learning about casualties in important military missions like the current war on terrorism. October 5, 2004 Governor Terminates Privacy Bill California Governor Schwarzenegger (R) has vetoed legislation based on an issue of interpretation that would restrict the practice of outsourcing in California, reports Health Data Management. Senate Bill 1451, sponsored by state Sen. Liz Figueroa (D-Fremont), would have prohibited a person or entity outside the state that receives protected information – such as health or financial data – from sharing or disclosing the information in violation of California privacy laws. Sen. Figueroa said she will introduce the bill again next year and will ask the governor to make good on his promise to work with her to craft a bill he can support.
|
