Domain: hipaa.org
Stories and comments across the archive that link to hipaa.org.
Comments · 10
-
Re:chillaxinate, broheims
Ever heard of HIPPA?
No, but I have heard of HIPAA.
-
Re:Privacy aspect
may have had HIPPA protected data on them.
Is that anything like HIPAA?
http://www.hipaa.org/ -
Re:and just to show what can happen...
Not trying to scare anyone here...but...my wife works in this field (no not stealing identities, helping people resolve issues arising from stolen identities!) and unfortunately it is not just about your credit. If someone gets hold of your SSN together with your name they can 'become you' in many different ways.
One of the scariest things is when your number gets used for reporting income by many people. Even if income tax is withheld on the wages of these imposters guess what happens when you work 20 different $20,000 per year jobs...you end up in the top tax bracket, and of course it looks like you've take the standard deduction 20 times. Guess who the IRS comes after to get all those extra taxes...the actual owner of the SSN of course.
Oh and imagine what happens when someone gets your SSN and other info then applies for a driver's license in your name. Maybe 6 months later you get pulled over for a routine stop and dragged to jail for non-payment of speeding fines or even worse crimes.
Are any of these likely, no...but as with all matters of probability unlikely does not mean never...it does happen to somebody.
And on the topic of companies using SSNs for non-essential situations...someone in that organization needs to look at a few recent laws regarding the correct handling of NPI (non-public information) such as:
- FACTA (Fair and Accurate Credit Transactions Act) (which applies to more than just credit transactions) under that act the loss of unsecured customer OR employee NPI can result in federal and state fines, civil liability and responsibility for any actual losses.(http://en.wikipedia.org/wiki/FACTA/ or http://www.ftc.gov/os/2004/11/041118disposalfrn.p
d f) - If you are a financial organization take a look at the Gramm, Leach, Bliley Safeguard rule. (http://en.wikipedia.org/wiki/Gramm-Leach-Bliley_
A ct/ or http://www.ftc.gov/os/2002/05/67fr36585.pdf) - If you are a medical organization take a look at HIPAA (Health Insurance Portability and Accountability Act), this one is a doozie as it can result in jailtime for executives.(http://en.wikipedia.org/wiki/HIPAA/ or http://www.hipaa.org/)
- FACTA (Fair and Accurate Credit Transactions Act) (which applies to more than just credit transactions) under that act the loss of unsecured customer OR employee NPI can result in federal and state fines, civil liability and responsibility for any actual losses.(http://en.wikipedia.org/wiki/FACTA/ or http://www.ftc.gov/os/2004/11/041118disposalfrn.p
-
Re:From a healthcare perspective
I hear those crazy HIPAA rules have something to do with it, too.
:)
HIPAA -
should read: Consulting Giants Push...
should read: Consulting Giants Push Open Standards for Health Network.
BTW: have fun with hungry-hungry-HIPAA!
-
Re:HIPA
nitpick... it's HIPAA
:)
Sorry... work in regulatory stuff... I just see it misspelled way too much :)
Anyway, this probably has muchly to do with the debate... here's some good information:
http://www.hipaa.org/ -
Privacy = Myth
Yeah... and we've got HIPAA for medical privacy here in the US yet, when I visited the doc's last, I found that he had installed a RF wireless keyboard that uses one of eight selectable encryption keys.
Privacy is impossible if one is to interface with the digital world. -
Re:Ironic
That, and sites that pop-up auto-installs on entry with such software as Bonzi and Gator should be boycotted. Any site that attempts to install without warning or request should be considered an attempted attack.
Not only that, if they collect any data from the computer at all they may very well find themselves in violation of HIPAA regulations. -
DEAD WRONG SENSATIONALISMI'm sorry, but the title and implication of this posting are just dead wrong sensationalism. The federal government is absolutely not trying to create a massive homeless tracking system. HUD is very clear about this, and my daily work on HMIS issues, as a nonprofit consultant to homeless providers, has made me quite confident that HMIS is not a scary Orwelian tactic to disenfranchize the poor, but a valuable tool that can be used to help end homelessness in America.
The truth about HMIS:- The goal of HMIS is not to create a "massive homeless tracking system" but to obtain statistical and demographic data about homeless people to inform federal homeless policy. The aggregate and anonymous data HUD wants is vitally necessary to the goal of ending homelessness.
- The federal HUD office has never expressed any interest whatsoever in collecting client-level data about homeless people on a federal scale. I have written and oral confirmation of this from senior-level policy makers in HUD's DC office. The way HUD has chosen to implement HMIS, by creating an unfunded mandate devolving the ownership, development, and management of HMIS data to local governments, will make it very difficult, if not impossible, for the federal government to collect identifiable client data without a court order.
- HUD wants aggregate, de-identified information about the number of homeless people, their patterns of service usage, their income sources, and the causes and duration of their homelessness. This data is simply necessary to the formation of sound homeless policy, and it does not currently exist. They don't care who is homeless, they just want to know why, so that they can address the underlying causes of homelessness. Having also worked for HUD, I can say with confidence that they have neither the time, the motivation, nor the budget to do anything useful with a nationwide homeless tracking system. HMIS is for policy analysis.
- Clients must be informed that their information is being collected, have access to said information, and have the ability to correct errors. Establishment of consent/assent will vary by locality, though many communities in my area plan to require the written consent of their clients to enter their personal data into an HMIS.
- Local Continuums of Care have full control over the data they collect, how the information is used, and who can access it. Generally, written MOUs are required between any data-sharing organizations, carefully delineating what information is to be shared, who can access it, and for what purposes it may be used. This includes law enforcement agencies; as Chapter 4 of the Draft Data Standards clearly states, "An HMIS user or developer may... disclose protected information for a law enforcement purpose to a law enforcement official... A court order or search warrant may be required for the disclosure of information about an individual in an HMIS." In essence, the accessibility of information by law enforcement will be determined by local HMIS policy.
- HMIS systems must be fully compliant with the Health Insurance Portability and Accountability Act of 1996, which creates very strong privacy safeguards concerning the sharing of personal information.
- Participation in HMIS is only required of agencies receiving federal funding. If they don't like, they can find money elsewhere.
- There is a huge need for accurate information about the homeless population, which simply cannot be generated without an HMIS. Some of the policy goals:
- Produce an accurate, unduplicated count of homeless people so that progress can be accurately measured. I can tell you from personal experience that many communities don't really know how many homeless people they have, and that they often
-
This would violate HIPAAHasn't anyone else noticed that this would violate the Health Insurance Portability and Accountability Act of 1996? For those that haven't heard of HIPAA, let me explain:
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law on August 21, 1996. This law includes important new protections for millions of working Americans and their families who have preexisting medical conditions or might suffer discrimination in health coverage based on a factor that relates to an individual's health. HIPAA's provisions amend Title I of the Employee Retirement Income Security Act of 1974 (ERISA) as well as the Internal Revenue Code and the Public Health Service Act and place requirements on employer-sponsored group health plans, insurance companies and health maintenance organizations (HMOs). HIPAA includes changes that:
limit exclusions for preexisting conditions;
prohibit discrimination against employees and dependents based on their health status;
guarantee renewability and availability of health coverage to certain employers and individuals; and
protect many workers who lose health coverage by providing better access to individual health insurance coverage.
Here are some useful links:
HHS - Office for Civil Rights - HIPAA
What is HIPAA?
HIPAA.ORG
HIPAA - Health Insurance Portability and Accountability Act of 1996
The dissemination of medical information without the explicit permission of subject. I don't have a problem with tracking information about how social services are used; that's expected of any service to maintain reliability. However providing medical information to law enforcement violates even the most basic principles of the doctor/patient privilege.