Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
Affecting 500 or More Individuals
[By Staff Reporters]
As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
The following breaches have been reported to the Secretary of the US Department of Health and Human Services [DHHS].
Full Report
This link was sent in by our own investigative reporter Darrell K. Pruitt, DDS.
Link: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html
Assessment
Shall we await a response from Kathleen Sebelius, who was sworn in as the 21st Secretary of the Department of Health and Human Services (HHS) on April 28, 2009?
Currently, she leads the principal agency charged with keeping Americans healthy, ensuring they get the health care they need, and providing children, families, and seniors with the essential human services they depend on. She also oversees one of the largest civilian departments in the federal government, with nearly 80,000 employees.
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
Share this:
Filed under: Breaking News, Information Technology, Pruitt's Platform, Quality Initiatives | Tagged: Darrell Pruitt, data breach, DHHS, EHRs, electronic medical records, EMRs, health information technology, HIPAA, HITECH Act, Kathleen Sebelius, PHI |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
UPDATE: HHS reports a Missouri dental practice’s data breach
Earlier today [above], I posted a link to HHS’s list of 36 data breaches involving 500 or more individuals’ Protected Health Information.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html
They represent only the breaches that have been reported since September. I’ve read estimates that from 60% to 75% of HIPAA-covered entities have experienced reportable breaches in the last year. So as you can see, under-reporting happens when doing the right thing can bankrupt a practice that has taken decades to build. Surely that doesn’t surprise anyone, does it? I’ve been warning about this for years.
Just yesterday, I scolded 50 TDA leaders for submitting poetry for the February 2010 TDA Journal. It was a special issue dedicated to leadership and cheap words. My challenge is appropriately titled, “Hey you, TDA leaders.” I accused them of being grossly insensitive to the needs of TDA members and our patients concerning data breaches – as a matter of frightening TDA policy.
http://community.pennwelldentalgroup.com/forum/topics/hey-you-tda-leaders
I told them, “You won’t hear Texans complain, but hurt is happening in our profession this week. How many dentists across the state know that they have suffered a reportable breach, yet dread notifying their trusting patients even more than the HHS? As leaders, it would be cruel to ignore the reality that members are silently suffering the pains of ethics that involve possible bankruptcy. From this second on, know that your colleagues who depend on you suffer very, very alone.”
Yesterday’s HHS list includes Ashley and Gray DDS from Missouri who lost 9309 patients’ Protected Health Information on January 10. If anyone thinks my re-posting of this news is in bad taste, you should understand that HITECH-HIPAA also requires that news of their breach be broadcast as a press release in the media that serves the dentists’ neighborhood. In light of that, whatever I reveal about the tragedy hardly makes a difference to Drs Ashley and Gray. I extend my best wishes to them. Maybe their experience will wake up other dentists to this danger.
So what happened? A burglar stole a desktop computer from their dental practice.
I personally warned top ADA leaders about this devastating consequence. Nevertheless, while good ol’ boys dodged accountability, a drug addict (?) stole a computer in Missouri and bankrupted a dental practice. I just have to wonder if the immediate past-president of the ADA, Dr. John S. Findley, remembers me now. When I warned the presidential candidate about stolen computers almost 3 years ago, he evaded me for 7 months. Almost a year later in his inaugural interview by Judy Jakush for the ADA News Online, Findley conceded that dentists will be forced to use digital records whether we want them or not. Dr. John S. Findley is the worst president the ADA Trustees have ever selected.
Do you know what the burglary will cost Ashley and Gray? According to the Ponemon Institute, just to notify their 9000 patients at $50 a person will cost almost half a million dollars. But that’s hardly the end of the hurt. Consider the harm the burglar did to the dentists’ reputations. The Ponemon Institute estimates that the fumbled PHI will cost the dentists $150 x 9000 = $1.35 million in lost production. The Missouri dentists were bankrupt even before HHS inspectors arrived at their office – working on commission. I’m certain they have completed their investigation of proper documentation of HIPAA busywork. The dentists’ level of documentation will be important evidence in determining if the burglary was caused by willful neglect.
It’s my opinion that HIPAA documentation’s ability to deter burglaries of dental offices is over-rated.
D. Kellus Pruitt; DDS
LikeLike
Oh, the Irony
The irony of the Mark Leavitt post on this same day does not escape the astute ME-P subscriber. Thanks for bundling these two contrasing essays together. One is opinion, the other is data driven.
https://healthcarefinancials.wordpress.com/2010/02/24/dr-mark-leavitt-says-%e2%80%9ctrust-me%e2%80%9d/
Kelly
LikeLike
Of Peter Neupert and Alfred Spector
Yesterday, I read an article titled “Adopting electronic health records will cut costs” in the Op-Ed section of The Hill – a Website devoted to the news from the “Washington Scene.”
http://thehill.com/opinion/op-ed/83267-adopting-electronic-health-records-will-cut-costs
It was written by Peter Neupert and Alfred Spector, and as the title suggests, it leans heavily on unproven benefits of electronic health records. Why shouldn’t it? Neupert is the corporate vice president of the Health Solutions Group at Microsoft, and Spector is the vice president of Research and Special Initiatives at Google.
As you can imagine, I couldn’t resist challenging both Microsoft and Google at the same time. Here’s the stinker I submitted to be posted:
“A couple of days ago, HHS posted a list of 36 data breaches involving 500 or more individuals’ Protected Health Information.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html
That won’t make adoption any easier. Breach notification means bankruptcy for doctors.
D. Kellus Pruitt
———————————————————
Later, I found that my comment had been cut in half. Here is what Neupert and Spector allowed their readers to see.
“A couple of days ago, HHS posted a list of 36 data breaches involving 500 or more individuals’ Protected Health Information.”
D. Kellus Pruitt
————————————————–
In response to being censored, here is what I re-submitted to Peter Neupert from Microsoft and Alfred Spector from Google:
“I’m curious, Peter Neupert and Alfred Spector: Why did you post only half of my comment? Perhaps it was an oversight.” Here is my complete comment:
A couple of days ago, HHS posted a list of 36 data breaches involving 500 or more individuals’ Protected Health Information.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html
That won’t make adoption any easier. Breach notification means bankruptcy for doctors.
D. Kellus Pruitt; DDS
—————————————————–
I’ve tried a couple of times, but Peter Neupert, the corporate vice president of the Health Solutions Group at Microsoft, and Alfred Spector, the vice president of Research and Special Initiatives at Google, now block me from posting comments following their article.
How good is that, Microsoft and Google? What are you afraid of? Consumers?
D. Kellus Pruitt; DDS
LikeLike
The five stages of grief are denial, anger, bargaining, depression, and acceptance.
When healthcare finally accepts HIPAA-HITECH there are solutions.
Of course I have a dog in the fight so my perspective is suspect. But, for less than $1,000 invested in privacy and information security software, breaches can be contained or eliminated. If despite these efforts a breach happens, documented efforts to prevent the breach will weigh heavily in the punishment.
Jack Anderson
http://www.compliancehelper.com/blog
LikeLike
Thanks for your opinion, Jack
So, if I’m already at stage II, the anger stage of grief – which it feels like to me – would you agree that Microsoft and Google executives are still in denial? Censorship seems like the classic overt symptom of denial.
Jack, it looks to me that if a practice reports a loss of over 500 individuals’ PHI, fines from HIPAA inspectors will be way down the list of problems.
I don’t know what a thousand dollars can buy, but breaches cannot be eliminated from any system that interfaces with humans, and “containment” is nonsense when it comes to people’s identities.
D. Kellus Pruitt; DDS
LikeLike
A thousand dollars can lead a practice through a process that will make them compliant with HIPAA HITECH. There are ways to prevent computer theft and more importantly to protect the data on the computer. An ounce of prevention is still worth more than a pound of cure.
Protecting patient data should be a high priority. I have been through the grief cycle with three other niches in healthcare as they dealt with new regulations. The quicker they go to acceptance – the easier the transition.
Jack Anderson
http://www.compliancehelper.com/blog
LikeLike
EXTRA! from the event horizon
Within minutes of posting “Branding and otherwise working the biggest,” my Google Alert sent a link to “Google taken to task over its objectivity,” by Richard Waters.
http://www.ft.com/cms/s/0/9c4c6708-230d-11df-a25f-00144feab49a.html?nclick_check=1
It’s a special coincidence that while I was describing my suspicion that Microsoft and Google manually override their search algorithms to respect exclusivity agreements with “Bozos Inc.,” Mr. Waters was describing a growing world-wide suspicion that Google indeed manipulates search results in the favor of Bozos and their friends. He reports that complaints have even been filed in the European Union over Google’s alleged unfair business practices.
“That is set to become one of the main focuses of a preliminary Brussels review into whether Google uses its overwhelming position in the search business to suppress competition,” writes Waters. “Rumours abound of cases in which all the big search engines take similar steps.”
Like T.S. Elliott says, “One can smell good poetry before one understands it.”
D. Kellus Pruitt; DDS
LikeLike
Jack, thanks again for hanging in with me in our line of dialogue that I am already very familiar with. I know all the corners in our classic argument about the value of digital records in dentistry. And I always win.
I claim that the Hippocratic Oath prevents me from needlessly risking harm to my patients through digital data breaches that your Maginot Line will be helpless to prevent. More importantly, unless patients trust eHRs, digital will be dangerous in addition to less than worthless. Did you know that the stimulus money doesn’t apply to electronic dental records?
Another way mandated, non-productive products harm dental care in the nation is that they always cost a thousand dollars. Every dollar it costs me to stay in business means someone in my neighborhood cannot afford relief from pain that I cannot offer for no profit. A week ago, I paid over $500 for my DEA prescription license, and I never charge a thing for prescriptions. Who pays for that? My patients. Now what was it that you want to sell to my patients who trust me more than you?
I say you are misinformed about dentistry, Jack, yet I have to admit that the immediate past-President of the ADA, Dr. John S. Findley, agrees with your prediction that American dentists in the land of the free will not be given a choice, regardless of one or more Amendments to the Constitution.
Good luck with your ADA-approved business plan. I’ll be fighting you all the way.
D. Kellus Pruitt; DDS
LikeLike
The power of social media – What timing!
As I mentioned earlier, Richard Waters posted “Google taken to task over its objectivity” which describes the European Union’s interest in allegations of biased products coming from Google and other search engines. Should I buy a plane ticket to Brussels so I can present the following fresh, indisputable evidence?
Ik spreek ook Vlaams redelijk goed. Veel groenten!
It’s been a few hours since I last invited readers to click on the link to “Peter Neupert and Alfred Spector are Bozos,” let’s take a look at what Neupert discovered this morning while eating Cheerios.
When I search Microsoft’s “Peter Neupert,” my article comes up as his 3rd hit on Google. It moved to his first page from hit 20 since yesterday. (Do you think the command-and-control executive regrets that he censored a common reader? Do you think he is likely to do it again? My pleasure)
On the other hand, when I google “Alfred Spector,” my article which also calls the Google executive a bozo has not moved at all from hit 24. This means that while my stinker moved up 16 spots in the Microsoft executive’s ego search, the rank of the article for the Google’s was not affected. Why the disparity?
With “Peter Neupert” positioned at the start of the title, he’s naturally going to attract more attention for Google’s algorithm – making it more susceptible to a stinker. But why didn’t Alfred Spector’s stinker move forward any at all? Is the uneven pull a manifestation of a pure algorithmic solution? Or does the difference in value reveal Google’s fresh-obsolete attempt to protect one of its own?
I also ran the executives’ names on bing (MSN). My article hasn’t shown up in either one’s first 6 pages. What can that difference mean? Is it the executives’ names that are not weighted as much on Microsoft’s search engine? Or is it my name that is discounted?
I say this is real-time exciting. How’s the weather in Brussels?
Gisteren, mijn vriend Roland vertelde me dat het wordt eindelijk klein beetje warmer.
D. Kellus Pruitt; DDS
LikeLike
My heart is with you in this battle. Are there windmills in Brussels also?
Jack Anderson
http://www.compliancehelper.com
LikeLike
Thanks, Jack. I think.
I assume your reference to windmills means that you still don’t take me seriously. Or am I reading too much into your reply?
D. Kellus Pruitt; DDS
LikeLike
Identity theft and the governor’s race
In the past few days, I posted a question concerning identity theft on all 3 Republican gubernatorial candidates’ Facebooks. The only meaningful response I received was from two of Debra Medina’s fans who suggested I send my question directly to Medina.
Even though I have not received an answer, I cannot discount how much the sincerity of Debra Medina’s fans means to me. They reveal confidence in Medina’s character that only comes with a volunteer’s heartfelt devotion. They weren’t defensive like so many other fans. I felt welcomed.
Being treated with respect is far better than the silence I received from Sen. Kay Bailey Hutchison and Governor Rick Perry. My vote could be determined by even a tiny amount of accountability. It’s so rare these days.
Here is the email I sent Medina on Thursday. For those in contact with Hutchison and Perry, my question is still unanswered – and the voting starts tomorrow. Hutchison and Perry are losing, in my opinion.
——————————————————————————–
From: pruittdarrell [mailto:pruittdarrell@sbcglobal.net]
Sent: Thursday, February 25, 2010 5:57 PM
To: ‘contact@medinafortexas.com’
Subject: What about identity thefts, Debra?
Debra Medina, recently HHS released details of 36 privacy breaches that put healthcare customers at risk of identity theft – including almost 6000 Texans. http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html
If self-reporting a breach means bankruptcy for the doctor, how many did HHS miss?
Among the HIPAA covered entities on the list is a dental practice in Missouri that lost 9300 individuals’ PHI. According to the Ponemon Institute, just to notify their dental patients will cost the practice almost half a million dollars. Later, there will be HIPAA fines on top of a crushed reputation around town.
Here’s my question: In addition to these devastating losses because a computer was taken in an unfortunate burglary, could a dentist also expect prosecution from the Texas Attorney General?
D. Kellus Pruitt; DDS
LikeLike
More bad news about data breaches …. What can we do?
Report: Healthcare organizations may have a false sense of data security – FierceHealthIT: http://bit.ly/beN6hz
“… most of the reported breaches had more to do with carelessness than technology–stolen laptops and back-up tapes…”
19% of healthcare organizations studied had data breaches in the last 12 months. The year before – 13%. What about in dentistry?
How easy would it be to sell eDRs if the vendors had to tell dentists that they can expect a 1 in 5 chance of suffering a data breach?
Let’s play with numbers. Since there’s less exposure of patients’ PHI in a dentist’s office than a physician’s, let’s say it’s a 10% chance.
There are roughly 160,000 dentist offices in the nation – each with approximately 3,000 patients’ PHI on their computers.
Thus, approx 16,000 dental offices had data breaches in ’09. Let’s say each lost only half of the patients’ PHI. How many patients affected?
24 million dental patients suffered the risks of data breaches from dental offices last year. I consider that a conservative estimate.
What are we going to do about this problem? Are we going to continue to ignore it? Or are we going to work around it?
Here’s an idea: Why don’t we simply take the dangerous information out of dental records? Give me one reason de-identification won’t work.
“But what if the key is lost and a dentist suddenly has thousands of records with no idea whose are whose?” one might ask. “What a mess!”
So what does a dentist do? A patient shows up for an appointment, and is one of 3,000 nameless charts, suddenly without reference numbers?
I’m not sure how something like this could happen, but let’s suppose the only thumb drive that holds patients’ PHI is rendered unreadable.
There is a computer program used when dental forensics investigations involve more than 100 corpses. It’s called “WinID.”
Need to find the chart of a patient that just sat down in the chair? Simply start entering the missing and filled teeth into the database.
Within 4 characteristics, the program will ID your patient. By the way, this would be a great way for dentists to catch insurance thieves.
It’s hard to impersonate a root canal on tooth number 12.
Darrell K. Pruitt; DDS
LikeLike
Deadline to Report 2012 Breaches Quickly Approaches
Remember to electronically file reports of all HIPAA breaches (i.e., unauthorized disclosure of patient information involving unsecured protected health information) which occurred in 2012.
The report must be submitted to the U.S. Department of Health and Human Services, Office for Civil Rights by February 28, 2013. The following link will take you to the report form.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html
Hope Rachel Hetico RN MHA
LikeLike