Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
Encryption and HHS are Taking Hits
[By D. Kellus Pruitt DDS]
It is bad politics for the President’s Department of Health and Human Services to get caught deceiving voters.
Word gets around much faster than it did before transparency sucked the power from the entrenched.
The NoPP
You know those Notice of Privacy Practices (NoPP) forms we are asked to sign in doctors’ offices? Since it makes no difference to anyone whether patients sign them or not, why needlessly waste everyone’s time? The NoPP is not an agreement, and just because virtually everyone is tricked into signing it, does not mean anyone reads it. HIPAA has become a source of danger to patients, with no redeeming value.
HHS Estimates
According to the US Department of Health and Human Services own recent estimate:
“… many centuries of time—nearly 35 centuries, in fact, or just short of 30.7 million hours—will be devoted each year by healthcare providers and patients for the dissemination to patients and their acknowledgement of HIPAA notices of privacy practices [NoPP] for protected healthcare information, HHS estimates. Even at just 3 minutes apiece, with 613 million of these routine privacy notices to be delivered, signed and stored, the time adds up…”
-Joseph Conn
… “HHS estimates 32.8 million hours of interaction required to comply with privacy, security rules” …
-ModernHealtcare.com [September 5, 2013]
Censorship Concerns?
I tried to bring attention to this absurdity over a year ago – back when HHS was still keeping unfavorable news about EHRs hidden from voters using censorship:
… “Put another way, the ONLY reason for a doctor to ask patients if they feel like signing the NoPP is to protect already busy doctors from a HIPAA fine. How is that not senseless, yet admittedly humorous bureaucratic waste?” …
On July 3, 2012, my opinion of the waste that HHS recently confirmed was censored by an HHS employee from the taxpayer-supported Linkedin site, Health IT and Electronic Health Records. If that is not against federal law, it damn sure should be.
Among the items that HHS requires providers include in Notices of Privacy Practice is a one-sentence statement addressing data breaches:
…“We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information [unless it is encrypted]”…
http://www.hhs.gov/ocr/privacy/hipaa/npp_booklet_hc_provider.pdf
Now that it is widely known that encryption is no longer acceptably secure, protection from accountability is encryption vendors’ only remaining selling point. HIPAA stipulates that if breached patient information is encrypted according to standards set forth by the National Institute of Standards and Technology (NIST), doctors are freed from the tremendous cost of notifying (former) patients – even though patients’ privacy and security have been nevertheless compromised.
For example, two weeks ago, the NIST abandoned the very encryption standards that HIPAA demands. Oops! (See: “Government Standards Agency ‘Strongly’ Suggests Dropping its Own Encryption Standard,” by Jeff Larson and Justin Elliott, ProPublica, September 13, 2013).
###
###
NSA Secrets
US spy agency NSA’s secret success at decrypting previously impenetrable codes – which was revealed by former NSA contractor Edward Snowden – proves that today’s best encryption is tomorrow’s crossword puzzle. What’s more, once an individual’s medical identity is lost in the cloud, it can never be reeled back in.
And, when DNA records are included, a breach today could put the welfare of generations of Americans at risk.
A Gut-Check
The ultimate gut-check: If your encrypted identity were fumbled, wouldn’t you want to be notified? Of course you would.
Assessment
In my opinion, the HIPAA Rule should be immediately amended to demand notification of all individuals involved in all data breaches unless they allow opt out. Who knows? Some might prefer not to be bothered.
What is your opinion; doctor, patient and/or consultant?
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- DICTIONARIES: http://www.springerpub.com/Search/marcinko
- PHYSICIANS: www.MedicalBusinessAdvisors.com
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- BLOG: www.MedicalExecutivePost.com
- FINANCE:Financial Planning for Physicians and Advisors
- INSURANCE:Risk Management and Insurance Strategies for Physicians and Advisors
Share this:
Filed under: Information Technology, Op-Editorials, Pruitt's Platform, Risk Management | Tagged: D. Kellus Pruitt DDS, DHHS, HIPAA, Jeff Larson, Joseph Conn, National Institute of Standards and Technology, notice of privacy practices, NSA, US Department of Health and Human Services |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
Privacy Tools: How to Block Online Tracking
Many companies track your behavior and request information about you without explicitly asking for your permission.
http://www.propublica.org/article/privacy-tools-how-to-block-online-tracking?utm_source=et&utm_medium=email&utm_campaign=dailynewsletter
So forget about the NPPs. Here’s how to combat the real trackers.
Aida
LikeLike
Privacy isn’t dead
“PRIVACY ISN’T DEAD — YET – When the head of a large Internet company famously declared the end of privacy in 1999, it first drew outrage. ‘You have zero privacy anyway,’ Sun Microsystems CEO Scott McNealy told a group of reporters more than 15 years ago. ‘Get over it.’ Then it seemed prophetic.” By Rebecca Carol for Nextgov.com, September 9, 2014.
http://www.nextgov.com/cio-briefing/2014/09/privacy-isnt-dead-yet/93605/?oref=ng-dropdown
It would be naïve to think American consumers are going to simply “get over it.” They are more likely to “get around it” by keeping their identities as well as critical health information off of providers’ computers. And there goes any remaining value of EHRs. $26 billion dollars wasted.
D. Kellus Pruitt DDS
LikeLike
Another I-told-you-so?
“CMS finds consumers distrust EHRs enough to withhold information – American consumers have deep enough concerns about the privacy and security of electronic medical records that some even withheld information from care providers. Perhaps even more telling: That’s according to the Centers for Medicare & Medicaid Services.”
Erin McCann
[Contributing Editor]
GovHealthIT.com
November 06, 2014.
http://www.govhealthit.com/news/cms-finds-consumers-distrust-ehrs-enough-withhold-information
This unreliability makes EHRs worse than useless. They are dangerous.
D. Kellus Pruitt DDS
LikeLike