Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
Essay on eDR and eHR Data Integrity
By D. Kellus Pruitt DDS
“ADA Tip: Password protection is the responsibility of each workforce member. Strong alphanumeric passwords provide a strong defense against unauthorized electronic system intrusion. Passwords that cannot be guessed, that are not publicly posted, and that are changed on a regular basis will help your practice avoid the occurrence of security incidents.”
– 2010 ADA Practical Guide to HIPAA Compliance, Chapter 4, page 26.
Not So Fast, ADA
I read a recent article on lifehacker.com titled “How to Break into a Windows PC (And Prevent It from Happening to You).” The unnamed author tells a different story.
http://lifehacker.com/5674972/how-to-break-into-a-windows-pc-and-prevent-it-from-happening-to-you
Running on Windows®
Apparently, if a healthcare provider’s office computer runs on Windows and it is not encrypted, password protection is worse than ineffective security. Passwords are false security. If lifehacker.com is correct, all a dishonest employee needs to download thousands of patient identities to sell for a few hundred bucks is a Linux CD and 10 minutes of snuggle-time with an office terminal.
What’s more, it is unlikely that if the thief will ever be caught if he or she sports common sense. Months or years following the silent heist, the doctor could learn of a rash of neighborhood identity thefts from a federal investigator with a badge – waiting in the reception room for the doc’s next break between patients. Please remember this gaping hole in security the next time a HIT stakeholder like the ADA assures Americans that HIPAA is swell protection from identity theft. HIPAA empowers identity theft. The amendments to the 1996 Rule in 2002 gave too much away to campaign contributors, in my opinion.
About De-identification
Now then; since you’ve made it this far, is anyone ready to consider a different path to the benefits of electronic dental records? It’s called de-identification. My goal has always been to stimulate open discussion of de-identifying dental records because it is so common sense to remove fuses from bombs. In 5 years, I’ve had very little success attracting sincere discussion about de-identification other than privately. Nevertheless, over the years I entertained an adequate amount of ridicule that stopped a few months ago. Like Charlie Brown and his persevering faith in the Great Pumpkin, I’m resolute.
HIPPA Data-Breach Liability
Physicians might not be able to get away with sidestepping HIPAA and data-breach liability using de-identification because it is so easy to re-identify owners of medical records. And insurance company CEOs who don’t know the difference between cost control and quality control will fight de-identification of dental records before giving up the exclusive right to bend proprietary algorithms toward bonuses.
Here Comes the Pitch!
Is America interested in better dental care through a transparent 2.0 platform that incentivizes value-based competition for dental patients instead of paid ads? I have a better solution than HIPAA: Drop the PHI identifiers from dental records and store volatile health histories on one or two well-guarded flash drives. It’s that simple. Want to see miracle discoveries in dentistry? Offer the boring but safe raw, de-identified dental data to anyone who cares to perform Evidence-Based Dental research. Interoperability will still be incredibly tedious and expensive, but at least the effort won’t be doomed by dangerous and expensive HIPAA regulations.
Assessment
So how about it? Imagine the incentives for self-improvement if dentists could privately compare their treatment results with competitors’ – without risk of harming their patients or practices – on an “opt-in” basis rather than a mandated fantasy of a “pay-for-performance” [P4P] model run by stakeholders with investors to answer to. If our grandchildren are to benefit from unbiased Evidence-Based Dental research mined from facts rather than manicured dental claims, passwords won’t allow them a return on ARRA investment and encryption is just one more layer of expensive and futile complication.
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- DICTIONARIES: http://www.springerpub.com/Search/marcinko
- PHYSICIANS: www.MedicalBusinessAdvisors.com
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- BLOG: www.MedicalExecutivePost.com
- FINANCE: Financial Planning for Physicians and Advisors
- INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
Share this:
Filed under: Information Technology, Op-Editorials, Practice Management, Pruitt's Platform, Risk Management | Tagged: ADA, D. Kellus Pruitt, eDRs, EHRs, EMRs, HIPAA, HIT, HIT security, lifehacker.com, P4P, password protection PCs, PHI |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
Darrell,
Good post, and NO they do not!
Look; the US Federal Government and Secretary of State Hillary Clinton could not keep 250,000 classified State Department documents secure from whistleblowers like Wikileaks, but we are told that Obama Care and the heath insurance companies will keep our eMRs secure.
So, what’s wrong with this philosophy?
Dr. Elliott
LikeLike
Rule Would Allow Access to Medicare Data for Reports on Providers
The CMS has proposed a new rule (PDF) that would allow organizations that meet certain qualifications access to patient-protected Medicare data to produce public reports on physicians, hospitals and other healthcare providers. According to the agency, these reports would combine Medicare claims data with private-sector claims data to identify which physicians and hospitals provide the highest quality, most cost-effective care to patients.
In this initiative, the CMS would provide standardized extracts of Medicare claims data from Parts A, B and D for a fee to qualified entities that have the capacity to process the data accurately and safely. The data could then be used only to evaluate provider and supplier performance and generate public reports detailing those results.
Source: Jessica Zigmond, Modern Healthcare [6/3/11]
LikeLike
Encryption Security Lags In Healthcare?
Dr. Elliott – Tech leaders warn policymakers that even as more electronic health records flood health IT systems, more encryption is needed.
http://www.informationweek.com/news/security/encryption/231902950
What do you think?
Gary
LikeLike
The first task in stopping medical identity theft is acknowledging it
“If an unconscious person is admitted to an emergency room, contaminated electronic medical records could quickly kill the patient, and nobody would know why.” – Darrell Pruitt DDS, guest columnist, WTN News, October, 18, 2006.
http://wtnnews.com/articles/3407/
“One of the more serious aspects of medical identity theft, unlike traditional financial identity theft crime, is that in the extreme, this could lead to your death, because your medical file could change on blood type, on allergy, on previous procedures” – Larry Ponemon MD, Chairman and Founder of the Ponemon Institute to Healthcare IT News, September 12, 2013.
http://www.healthcareitnews.com/news/medical-identity-theft-numbers-grow
Ponemon studies also suggest that stolen financial identities sell for $10 each, while medical identities bring $50. What’s more, credit card numbers come and go, but one’s blood type stays the same for a lifetime. Here is an excerpt from the most recent article posted about medical identity theft:
“Federal medical-privacy law frustrates ID theft victims – Linda Weaver had two good feet when she opened her mailbox one day in 2005. So she was surprised to find a bill for the amputation of her right foot. Weaver, who runs a horse farm in Florida, soon discovered that it wasn’t just a mix-up. According to the Los Angeles Times, her stolen identity and insurance information had been used to get surgery. She was stuck with the bill—and with a medical record full of incorrect, potentially dangerous information.” By Lorelei Laird for ABA Journal, September 1, 2014.
http://www.abajournal.com/magazine/article/federal_medical-privacy_law_frustrates_id_theft_victims/
Laird: “Medical identity theft creates some of the same financial complications as identity fraud. After Weaver convinced her insurance company that an imposter had the amputation, the insurer wouldn’t cover it. So the hospital socked Weaver with the whole bill, even after she sent a notarized photo of her feet. Collection agencies weren’t interested in Weaver’s story, so the debt kept getting resold, creating multiple false entries on her credit report. Clearing this up became a 40-hour-a-week job, Weaver told the newspaper.”
Apart from the mortal danger of an imperceptively altered digital medical history, HIPAA only complicates resolution. Laird writes: “Providers have been known to deny patients access to records under their names because the information belongs to the thief.” Laird continues, “That’s why Weaver was denied a chance to view and correct her files at the hospital that performed the amputation. It wasn’t until she marched into the emergency room, shouting that the hospital didn’t know who its own patients were, that she got access.”
Closer to home: Since EHRs increasingly endanger patients’ welfare, at some point, ethics as well Hippocratic obligations require that the dental profession formally recognize that Americans should not unknowingly and needlessly risk medical identity theft for dental work – when their identities simply do not have to be put on dentists’ computers. In addition, it has yet to be proven that electronic dental records even offer savings over paper. To be fair and balanced, I should point out that both the American Dental Association and Dr. Gordon Christensen’s widely respected Clinicians Report continue to claim that paperless is cheaper. (See “EHRs provide long-term savings and convenience,” no byline, ADA News, December 6, 2013, and “Digital dentistry: Is this the future of Dentistry?” by Paul L. Child Jr., DMD, CDT, CEO CR Foundation, for DentistryIQ, undated).
http://www.ada.org/en/publications/ada-news/2013-archive/december/ehrs-provide-long-term-savings-convenience
CR CEO Dr. Child tells DentistryIQ that EDRs offer dentists a “high return on investment.”
http://www.dentaleconomics.com/articles/print/volume-101/issue-10/features/digital-dentistry-is-this-the-future-of-dentistry.html.
Nevertheless, repeated requests for data supporting the savings claims have gone unanswered by both the ADA and Clinicians Report. In addition, since 2006, both institutions have failed to respond to questions about medical identity theft as well.
D. Kellus Pruitt DDS
LikeLike
AHIP, Blues Push Congress to Lift Ban on Patient Identifier
The leaders of nearly two dozen healthcare industry organizations want Congress to continue to push for lifting an 18-year-old ban that prevents HHS from developing a national patient identifier. The Healthcare Information and Management Systems Society, payers such as America’s Health Insurance Plans (AHIP) and the Blue Cross and Blue Shield Association were among the 22 groups to sign a letter sent to the chairs and ranking members of the House Appropriations Committee and its Labor, Health and Human Services, Education and Related Agencies Subcommittees.
The letter asks the committee to “develop a coordinated national strategy that will promote patient safety by accurately identifying patients to their health information.” Providers and other users of electronic health records now often use a technique called probabilistic matching. It matches patients to their electronic records using mathematical algorithms that take basic demographic data in those records, such as first and last names, date of birth and sex, and calculates the probability that the patient’s records being queried belong to the patient seeking care.
Critics of existing patient-matching techniques allege they add costs and patient safety risks and hinder effective health information exchange.
Source: Joseph Conn, Modern Healthcare [10/6/16]
LikeLike