Domain: healthdatamanagement.com
Stories and comments across the archive that link to healthdatamanagement.com.
Comments · 6
-
Lame
*yawn* Because paper records are sooper seekrit secure?
http://www.healthdatamanagemen...
http://www.ydr.com/local/ci_25...
http://www.hartfordbusiness.co...
http://www.fiercehealthcare.co... -
Re:Any actual prosecutions for violating HIPA? ANY
http://www.renalandurologynews.com/Staff-Nurse-Faces-Jail-Time-for-HIPAA-Violations/article/119854/ http://www.healthcareguy.com/index.php/archives/483 http://www.healthdatamanagement.com/news/HIPAA-38694-1.html Go ahead... take the time and spend the money to get a license to practice. Then go mess around with private information. See what happens.
-
Clearinghouses are covered.I believe there is a loophole in this, where it is the individual who is in possession of the data not a health provider (i.e. The end user sets up this vault not the health provider). This releases the 'vault' from complying with HIPAA because of SEC. 1172. (a) APPLICABILITY. I have heard this from more than one company trying to accomplish the same thing. This scheme would be covered for several reasons; most importantly because the vault owner would need a HIPAA mandated BA (business agreement) in order to traffic data with HIPAA regulated entities such as hospitals, doctors, and insurance companies.
The companies you've been hearing from are barking up the wrong tree. If they do find a way to subvert the intent of the law the Secretary of Health and Human Services will simply issue a statement invalidating whatever loophole they thought they had. The legislation is set up that way, so that it can be effectively amended without the hassles of representative government. -
There's no excuse any more
You can lock down your servers, your network, etc. But as you imply, insiders are the big threat.
To avoid insider abuse at hospitals, doctors' offices, etc., you need to let insiders you're watching everything they do. This isn't "big brother", it's common sense. You can't necessarily lock everyone out of everything, but if they know you're looking they'll more likely play by the rules.
An article about the Michigan health system (they use the P2 Sentinel product from Cerner and SenSage) was informative, a useful case study. They monitor insiders, and everybody's happier.
-
You got that right
Paranoid? I think not. You can't be too careful who has access to your private medical information. Notice elsewhere in Health Data Management the article GAO Report Rips HHS for Lack of I.T. Security says:
HHS has not consistently implemented effective electronic access controls designed to prevent, limit and detect unauthorized access to sensitive financial and medical information at its operating divisions and contractor-owned facilities," the report states. "Numerous electronic access control vulnerabilities related to network management, user accounts and passwords, user rights and file permissions, and auditing and monitoring of security-related events exist in controls designed to physically secure computer resources, conduct suitable background investigations, segregate duties appropriately, and prevent unauthorized changes to application software. -
Relevant Article
Funny this question should come up now.. Just 10 minutes ago I finished reading an article in Health Data Managment about hardware maintenance. In the paper version they had a special sidebar about leasing vs buying. In the electronic version, it's at the bottom.
In short, they found that if you want to turn over your computers frequently and on schedule, and were good at asset managment, leasing was generally favorable. But if you decide you want to turn them over ahead of schedule, make changes to the systems during their use (like add memory), or aren't amazing at tracking assets, then the administrative burden could be really heavy.
They also had a neat description of a procurement system that facilitated the vendor bidding process.
Overall, the article is a nice balanced look at the topic.