Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
Which One Just Might Work?
[By Darrell K. Pruitt; DDS]
The United States’ advancement in Healthcare Information Technology, which has the potential to lead to wonderful money-saving cures through research using trustworthy interoperable health records, is currently stopped cold by patient security problems that are only getting worse. Our lawmakers cannot get around the security obstacle without resorting to authoritarian means using CMS’s power to withhold providers’ discounted payments and threats of obscene fines from the HHS and the FTC. History shows that tyranny is not tolerated well in this part of the world. Lawmakers can get their butts voted smooth out of office in my neighborhood.
HITECH
Here is something nobody mentions: Despite the current hope in a thick, political fantasy called HITECH, encryption of patients’ Protected Health Information [PHI] is a non-starter in the land of the free. Everyone knows that resourceful, cynical Americans will simply never trust encryption to protect their secrets, and will reliably withhold important information from their eMRs – one way or another. Doctors as well as patients can be expected to go out of their way to sabotage technology they fear. We all intuitively know this is true, don’t we? We aren’t so naïve to think all the players will happily play by the rules, are we? And I think we can all agree that an untrustworthy digital health record in an emergency room is worse than no patient information at all. Security is a grand problem with eMRs that started with HIPAA changes in 2003 that made eHRs so slippery. And the problem is clearly not being resolved. Not yet.
Public Lacks Trust
Regardless of the campaign donations which follow him, there is nothing Newt Gingrich and his entrepreneurial friends in high places can do about the public’s lack of trust in encryption. It gets worse: Encryption hasn’t a chance of isolating PHI from dishonest employees in doctors’ offices, and slippery digital patient data can be moved soo easily. Everyone knows that as well, don’t they? It is estimated that two-thirds of the identities stolen in the nation are lifted from doctors’ offices. That’s us, Doc. HIPAA is not only irrelevant, it is an expensive distraction – it gives future ID theft victims a false sense of security.
HIPAA Approved
De-identifying digital records is not mentioned in HITECH as a HIPAA-approved method of security. Yet it is the ONLY solution that promises to be even more secure than paper records. Because of heavy stakeholder stakes in hospital care, it will take longer for CEO-types to embrace patient-friendly de-identification. Other than identifiers such as names, social security numbers, birthdates, addresses and other items that have street value, NOBODY cares what is in a dental record. I actually think this opens a tremendous opportunity for someone courageous in the Texas Dental Association to discuss the feasibility of de-identification of dental records. Otherwise, instead of leading the nation in solving security problems, the TDA will look just as stupid as the ADA.
Encryption would also provide a dangerous false sense of security in eMRs – that is if it had a chance in the marketplace. But encryption will never go far because consumers simply won’t buy it. That is a marketplace fact that stoically optimistic HIT stakeholders are trying hard to avoid. They also know they are running out of time. Deadlines are quickly approaching for both HIPAA and the Red Flags Rule that providers are far from prepared for.
Former Attorney Speaks
Bill Lappen, a former attorney and author of the ad I copied below, as well as a partner with his brother David in the de-identified health record venture says: “Since no identifying information is ever entered, a hacker can’t determine whose information is shown.”
So in addition to protecting one’s practice against dishonest or vindictive employees, de-identification of dental records would make hacking a dentist’s computer a complete waste of time, and hackers wouldn’t endanger dental patients and bankrupt dentists.
My Confidence
I confidently tell you that soon, someone smart will come upon the unprecedented idea that the ultimate answer to our security problem in healthcare will be de-identification of medical records, not encryption. De-identification allows a compromise of privacy for only a miniscule percentage of physicians’ patients. We cannot allow that to stand in the way of better health for everyone else. Those special cases are so few that I am confident that they can be dealt with individually. We simply must move forward. I’ll have to retire some day. I may need help from Medicare.
Encryption gives us only danger and protects nobody but a thief with a key.
Assessment
We’ve wasted enough time on HITECH and HIPAA, as well as CCHIT. It’s time to say no to stakeholders and pay attention to patients’ needs instead of those who would needlessly increase the cost of their care. Stimulus money attracts cockroaches.
In the name of Hippocrates, disregard the tainted HIPAA mandate. It is dangerous, and especially absurd in dentistry.
Link: http://www.theopenpress.com/index.php?a=press&id=58568
Life-Saving Patient Information can be Online, Anonymous and Usable
Published on: September 26th, 2009 12:19am
By: blappen
Los Angeles, CA (OPENPRESS) September 26, 2009 — Hospital Emergency Rooms need instant access to patient medical information. Allergic reactions and dangerous drug interactions can be deadly. Time is critical. Until now, privacy was a large concern. Two brothers, who have developed medical software over the past 15 years, think they have a simple first step towards moving patient information on to the internet.
“The ER doesn’t need to look up the information by patient name” said Bill Lappen, a former attorney. “We have implemented secure systems in the past, but no matter how secure we make the site, we have to assume that it will be hacked” added David Lappen, a computer design engineer from Stanford. “But providing instant access to life-saving information is too important to ignore”, he added. To protect patient privacy, their system does not know to whom the medical information belongs. Since the person’s identifying information is never on the system, it can’t be stolen. “By enabling anonymous entry, we have protected people’s privacy while allowing them to put their life-saving information in a place where it can be instantly accessed when needed”, added Bill Lappen.
www.AMCC.me is the public service website they created. It allows anyone to enter medical information anonymously. The site provides a random ID which the user carries in his/her wallet. For someone to see that user’s medical information, they merely enter the ID into the site. Unless the user has given them their ID, the information shown is meaningless. That same information, when associated with a patient, can save their life.
Since no identifying information is ever entered, a hacker can’t determine whose information is shown. “Secure patient-controlled Electronic Medical Records are now available on the internet” said David Lappen. A sample ID has been set up on the site to allow users to evaluate the concept before setting up their own free ID.
Contact:
Bill Lappen
(818) 789-6531
Channel Surfing
Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register.
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- FINANCE: Financial Planning for Physicians and Advisors
- INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
- Dictionary of Health Economics and Finance
- Dictionary of Health Information Technology and Security
- Dictionary of Health Insurance and Managed Care
Share this:
Filed under: Ethics, Health Law & Policy, Information Technology, Op-Editorials, Pruitt's Platform | Tagged: ADA, ARRA, Bill Lappen, CCHIT, CMS, Darrell Pruitt, David Lappen, EHRs, electronic medical records, EMRs, encryption, FTC, healthcare information technology, HHS, HIPAA, HIT, HITECH, ID theft, Newt Gingrich, PHI, protected health information, red flag rules, www.AMCC.me |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
CT Podiatrist Concerned About Carrier’s Loss of Data
The Shelton, CT-based insurance carrier HealthNet admitted Thursday that it has lost a hard drive with information on over 440,000 state residents and an unknown number in the Torrington area. According to HealthNet, the hard drive contains private personal and financial information, such as names, addresses, and social security numbers of 446,000 customers in Connecticut as well as customers in Arizona, Connecticut, New Jersey, and New York.
Dr. Robert Crovo, a Torrington based podiatrist with a practice on New Litchfield St., is one of them. Crovo said his own practice, which is largely paid through Medicare, would not be affected but said he was concerned about a possible violation of patient confidentiality.
According to Crovo, a patient typically provides a number of otherwise confidential information to his insurance carrier every time he or she pays for a medical procedure, everything from the patient’s name, address, and date of birth to medical diagnosis, procedure, and treatment. “If nothing else, this is a breach of the HIPAA” Crovo said.
Source: Alex Taylor, The Register-Citizen [11/20/09]
LikeLike
Did you feel the ground shake just a little on Thursday?
From my humble platform, it seems like the breach report relayed by Ann is the first trickle of a predictable avalanche of bad news that will sweep away podiatrists in Connecticut within 60 days – when their once-trusting patients have to be notified. I could be wrong, but I think ARRA/HIPAA/Red Flags/HITECH is functioning exactly like naïve slow-thinking bureaucrats designed them to.
I am happy for podiatrist Dr. Robert Crovo of Torrington, Connecticut who was quoted in Alex Taylor’s article about insurance company Healthnet’s breach of PHI. Dr. Crovo’s patients’ records were fortunately not part of the breach. But what happens to the other podiatrists across the state who treated the 440,000 Connecticut patients whose identities are now at risk? I am sincere when I say I am praying first of all for those who live in Connecticut who suffer from painful, chronic foot problems whether their identities were among those fumbled or not. This one clumsy incident will increase the cost of foot care in Connecticut by making it less available. Way to go, Healthnet.
But then all breaches must be reported. Ethically, patient notification is the only choice a doctor has. And if self-reporting and the resultant bankruptcy is too steep for a doctor’s level of ethics, Sen. Leahy has a pending bill that would make hiding a breach punishable by up to 5 years in prison.
Is there a way out of this mess? Yes, but we must be patient. Ultimately, following some avoidable chaos, someone who is idea-approved will think up an idea that will be called “de-identification” and the nation’s data breach threat will be all but eliminated. Bureaucrats just need more time to think than most people for natural reasons.
D. Kellus Pruitt; DDS
LikeLike
Spearphishing for Patient IDs
If dental staff open emails on the same computer which stores patient records, they should read this article that was posted today on amednews.com. Hackers are personalizing attacks. It’s called “spearphishing.”
http://www.ama-assn.org/amednews/2010/01/25/bil20125.htm
All one has to do is open a legitimate-looking email to be hacked these days. And what are the hackers after? They want patient IDs.
Why can’t the ADA News Online be as useful to dentists as the American Medical Association’s amednews.com is for physicians?
Why do they leave it to me to warn colleagues about the truth concerning HIPAA and digital health records?
ADA members deserve more than what I am capable of providing.
D. Kellus Pruitt; DDS
LikeLike