In Defense of the eDR Industry

Posted on November 3, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

One Dentist Consultant’s Opinion

By Paul L. Child Jr, DMD, CDT
CR Foundation
3707 North Canyon Road, Building 7
Provo, UT 84604

Three days ago, I shared the email I sent to Dr. Paul Child and Kathleen Noll concerning their claims that electronic dental records offer dentists a return on investment (ROI). Dr. Child responded yesterday.

Darrell K. Pruitt DDS

———————————————

Dear Dr. Pruitt,

Thank you for your recent communication and questions regarding my recent article in Dental Economics, specifically your question: Does the ROI for Practice Management systems include the cost of HIPPA compliancy?

In regards to your communications with QSI, I cannot comment as I do not represent them. Unfortunately, I too am not able to give you the “proof” you are seeking, as I do not have a specific chart nor do I plan on fabricating one to “prove” the efficacy of computers in the dental office (although a controlled study would be interesting, I’m not sure it would be an effective use of funds to prove something that is already proven in every other industry).

However, I will provide you with information from thousands of our readers at CR as well as many more in our lectures worldwide.

The section of the article to which you are referring is under the title of: Practice and patient records management and patient education. Specifically, the paragraph states:

“Implementation of computers into each operatory and throughout the practice is the first and most frequent adoption of digital dentistry. In North America and most developed countries, this has reached the “early majority” stage as all of the criteria for being an advantage have been met. Dentists who have not yet adopted this prerequisite for digital dentistry should do so now! Daily advances and improved software adapted from other industries allow this technology to be affordable, attain the fastest adop¬tion rate, and offer a high return on investment. Current and highly effective systems include Eaglesoft (Patterson), Dentrix (Schein), PracticeWorks (Carestream Dental), and Web-based software such as Curve Dental” (underlines added for emphasis).

Please note that the sentence in which “high return on investment” is mentioned is referring to “advances and improved software adapted from other industries”. As such, other industries (too many to count) have proved without a doubt, the massive improvement in return on investment in the following areas: improved efficiency (eg. Legible records vs. scribbles, or worse off, incomplete records), improved accuracy of records, use of computers for rapid recollection of stored data, rapid recording of data, time savings, standardization, and many more. A brief look at the medical industry and literature (our closest industry – of which we are a part of) can demonstrate the above. In addition, the observations I made are directed to the use of computers in a practice.

Finally, proper implementation of practice and patient management systems can easily improve ROI, via better record taking, accurate financial statements that can be easily generated daily for better practice management, treatment planning with all options, benefits, and risks recorded – then printed for the patient, and most of all – time savings. What is a dentists time worth? My time is priceless (as is most dentists I know). Yes, there are clearly unknown aspects of this digital transformation from paper to digital. Government and controlling organizations may make new rules and regulations that can positively or negatively affect this process.

But, from our observations of thousands of other dentists that have made this transition, very few – if any, would even think about reverting back to paper.

To your question regarding HIPPA compliance, YES, the overall ROI would include even this. HIPPA compliance is still relatively new to many dentists, even though it has existed for years. This compliance in important for all the reasons you already know. As dentistry evolves and new technologies are introduced (and ruling bodies continue to make new rules and regulations), this digital evolution will continue to prove itself an EXCELLENT ROI for today’s and tomorrow’s dentists.

Best regards,

Paul L. Child Jr., DMD, CDT

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

Filed under: Information Technology, Pruitt's Platform | Tagged: , , , , , , , , | 10 Comments »

On Practice-Based Research Networks

Posted on October 2, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

In Dentistry – if only it were that easy

By D. Kellus Pruitt DDS

I like the concept of a Practice-Based Research Network for teasing out latent miracles from dentalcare data, but I’m afraid any hope of networking success is limited by insurmountable cost and safety concerns of EDRs that few in the dental industry are yet willing to recognize.

Dr. Schleyer 

Titus Schleyer, DMD, PhD, Associate Professor and Director, Center for Dental Informatics, University of Pittsburgh published “The feasibility of an electronic dental practice-based research network” a few days ago.

“The long-term goal of our research is to use data from EDRs to improve patient care and its outcomes. The objective of this project is to develop a generalizable method for extracting EDR data for practice-based clinical research, using Dentrix as the test system.

In our first specific aim, we will determine the utilization of clinical data elements useful for research by practitioners by mining the electronic dental records of 100 Dentrix users and generating summary statistics about patient documentation patterns by data field.

The second specific aim will develop a technical Infrastructure for extracting data from Dentrix and integrating them with manually collected research data. The main outcome of this project will be the electronic Dental Practice-Based Research Network (ePBRN), a generalizable method for extracting clinical data from EDRs and reusing them for practice-based research. This project is a first step in making the increasing amount of electronic clinical data available for improving research, clinical care and patient outcomes.”

-Abstract: September 30, 2011

http://halley.exp.sis.pitt.edu/comet/presentColloquium.do?col_id=2348

I agree with Dr. Schleyer. However, until dentists perceive value in EDRs instead of liabilities, the dreams that he and I share about real-time, evidence-based research on an internet platform will be nothing more than just a cool-sounding fantasy of a handful of geeky dentists hoping to get a better peek at an obscure healthcare niche.

On Transparency 

Transparency in dentistry, rather than NPI numbers, has a better chance of revealing cost-effective solutions for painful and even life-threatening health problems. In addition, nothing is holding down the cost of HIPAA compliance, and data breaches from healthcare facilities – including dental offices – are only becoming more common.

Assessment 

Sidestep liability. De-identify now. If a dentist’s EDR system is breached, yet it contains no Protected Health Information [PHI], who cares?

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Product Details  Product Details

   Product Details 

Filed under: Information Technology, Practice Management, Pruitt's Platform, Quality Initiatives | Tagged: , , , , , , , , , , , | Leave a comment »

OCR Imposes Penalties for Employee’s Unauthorized Viewing of PHI

Posted on August 19, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

By Garfunkel Wild, PC

Join Our Mailing List 

Early in July, the Department of Health and Human Services Office of Civil Rights (“OCR”) entered into a settlement for $865,500 with UCLA Health System (“UCLAHS”) as a result of complaints alleging that UCLAHS employees repeatedly and without permissible reason looked at the electronic protected health information (“ePHI”) of celebrity patients.

Initial Complaints

Although the complaint was initially made by only two patients, in its investigation OCR determined that from 2005-2008 unauthorized employees of UCLAHS repeatedly looked at the ePHI of numerous other patients as well. In addition to paying the settlement, UCLAHS committed to a correction action plan that includes (1) implementation of policies and procedures; (2) robust training for employees; (3) a commitment to sanction offending employees; and (4) designation of an independent monitor to assess compliance over 3 years.

Assessment

This settlement is the fourth settlement in a year and highlights OCR’s increasing enforcement of violations to HIPAA Privacy and Security Rules. Failure to have an effective HIPAA compliance program can result in significant monetary penalties, and therefore, providers and business associates alike should be evaluating their HIPAA compliance programs to ensure that appropriate safeguards are in place.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Filed under: Health Law & Policy, Information Technology | Tagged: , , , , , , , , | 3 Comments »

Can Americans Trust the ADA?

Posted on July 13, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

Trusting the American Dental Association?

[By D. Kellus Pruitt DDS]

In January 2011 – the same month a new Minnesota law demanded dentists purchase e-prescription software whether they want it or not – the ADA Standards Committee on Dental Informatics published White Paper No. 1070: “Implementation of the Electronic Prescription Standard for Dentistry.”

Minnesota lawmakers who logically turned to the respected ADA for what they expected to be reliable and unbiased professional advice, were assured by the Committee that e-prescribing  will not only “insure the elimination of illegible prescriptions” but it will also “reduce preventable errors such as drug to drug interactions, drug-allergy reactions, dosing errors, therapeutic duplication, and other error types.”

http://www.ada.org/sections/scienceAndResearch/pdfs/ADA_White_Paper_No._1070.pdf

Really, ADA? On what evidence did the ADA Department of Dental Informatics base their self-serving claims?

This week, MedicalNewsToday.com reporter Christian Nordqvist posted “11.7% Medication Error Rate In E-Prescribing,” which directly contradicts the ADA’s advice to trusting Minnesota lawmakers and ADA members. Nordqvist writes: “The chances of mistakes occurring in prescriptions sent electronically are no lower than in those written out by hand, a researcher from Massachusetts General Hospital in Boston wrote in the Journal of American Medical Information Association. This will be a disappointment for health reform experts and policymakers [and ADA officials] who assured that E-prescribing would have fewer medication errors, as well as saving the government billions of dollars.”

http://www.medicalnewstoday.com/articles/230296.php

If one considers the JAMIA a credible Journal, research clearly suggests that e-prescribing is a bust for physicians who write many more prescriptions than dentists. Yet ADA officials continue to encourage dentists to adopt paperless practices without mentioning that e-prescriptions not only produce just as many errors as paper, but that they are hundreds of times more expensive because of the cost of computers, software and HIPAA requirements.

In addition, if a dentist’s computer is stolen or hacked – even if he or she properly reports a breach of e-prescription records – the tragedy can easily bankrupt a practice between the HIPAA fines, state attorneys general lawsuits, patient notifications and local media coverage of the breach (as required by HIPAA/HITECH). The Ponemon Institute estimates the cost to be over $200 per dental patient. And the price is only increasing. I just read that HHS is to conduct 150 HIPAA audits in 2012. Ka-ching!!!

https://www.fbo.gov/index?s=opportunity&mode=form&id=9e045aa4f7e6f8499c5b6f74d5b211e9&tab=core&_cview=0

That announcement from HHS should also conveniently boost sales of “The ADA Practical Guide to HIPAA Compliance” (on sale now at ADA.org for $220 while supplies last).

Sounding the Alarm

I personally started warning ADA leaders about this over 5 years ago. Yet as far as I can tell, they continue to blissfully ignore the IT disaster in dentistry. They don’t have to listen to nobody. And it shows.

As illogical as it sounds for an organization whose only purpose is to serve the interests of dues-paying members, the ADA hasn’t a single “vetted” EDR expert who will allow him or herself to be accessed on the internet. One such rumored expert is long-time ADA Trustee Dr. Robert Faiella. Since the Osterville, Massachusetts periodontist is so secretive with the ADA members he serves, like Soviet leaders of the 1970s, it’s hard to tell for sure if he is still in power or even alive.

Suspiciously, in these days of rapidly-expanding openness through social networks, the ADA cannot even contribute experts’ answers to Sharecare.com as promised – much less open a Facebook with over 12,000 waiting fans. So instead of ADA members’ questions about e-prescribing being answered by ADA experts on a convenient venue like a Facebook, ADA members must turn to irrelevant, Committee-approved publications… just like the Soviet Union of the 1970s.

I have personally found it is easier to obtain responses from my US Senator John Cornyn than from shy ADA officials. But then, I’ve discovered that Senator Cornyn is a remarkably caring individual. Not an evasive not-for-profit apparatchik with nice teeth.

Assessment

How long before dentistry’s handful of entrenched ADA leaders apologize for the harm they’ve caused and stop deceiving Americans about electronic dental records? It’s the least Dr. Robert Faiella could do before resigning his ADA position.

As long as obsolete ADA officials wink at a bankrupt policy of deception, can the reclusive not-for-profit organization ever regain America’s trust?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

   Product Details 

Filed under: Ethics, Information Technology, Pruitt's Platform | Tagged: , , , , , | 13 Comments »

Proposed Regulations on HIPAA Accounting of Disclosures

Posted on June 22, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

New Rules and Regulations for Covered Healthcare Entities

ADVERTISEMENT

Join Our Mailing List 

By HCR@garfunkelwild.com

Proposed regulations regarding HIPAA accounting of disclosures have been recently published and are open for public comments.  If enacted in their current form, the new regulations will require Covered Entities to make significant revisions to their current HIPAA procedures and may require modifications to current computer systems.  

The HI-TECH Act

Under the HITECH Act, regulations must be enacted that allow individuals to receive a much expanded accounting of disclosures of electronic health information, including disclosures made for treatment, payment and health care operations. 

In order to accomplish this, the proposed regulations differentiate between “accountings of disclosures” and “access reports.”  Accountings will continue to be a list of certain limited types of disclosures.  Access reports will be similar to “audit trails” and must include information regarding each access to an individual’s electronic health information.  Covered Entities must be able to provide, upon request, both accountings and access reports.

Covered Entities

The proposed regulations also include specific requirements, including the following:

  • Accountings and access reports must be available in regard to disclosures or access, as applicable, for 3 years and must be provided within 30 days of the request. 
  • Accountings and access reports will be required only for health information maintained in designated record sets (e.g., medical records, billing records).
  • Accountings and access reports must include information about disclosures of, and access to, information maintained by business associates.
  • There are additional exceptions to the types of disclosures that must be included on an accounting (e.g., exceptions will include disclosures about abuse and to medical examiners).

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product Details 

Filed under: Health Law & Policy, Information Technology | Tagged: , , , , | 9 Comments »

A Review of HIPAA EHR Security Regulations

Posted on June 17, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

Focus on the Hospital Industry

Carol S. MillerBy Carol S. Miller BSN MBA

With the implementation of EMRs, Internet access, intranet availability throughout the hospital and physician complexes, as well as from home or any virtual site, the potential for security violations and associated vulnerabilities may have already caused serious harm to many hospitals and to the IT community in general.  Implementation of HIPAA security standards across the United States at hospitals, clinics, medical complexes, universities, federal facilities such as the VA, DoD or IHS and others have been inconsistent.  In addition, the HIPAA privacy regulations have given the responsibility for the patient health record to the patient — the impact of which has not been fully addressed nor is it supported by healthcare IT rules and regulations.

In Control?

Throughout the entire healthcare industry, there are concerns over who has access, who is in control, and whether the release of information impacts the privacy and security of the patient medical information or presents a risk to patient well-being, the quality of patient care, compliance issues, and potential fines to the hospital community.

The simple fact is that security is a problem that could have a catastrophic effect on any hospital.  Most Chief Information Officers have increased their “security-related” and “computer specialist” staff to address security issues, but most believe that their security is still vulnerable and needs to be improved.  Understanding a complex group of technologies and processes that have been built and modified many times over the years, especially at a large university or medical center complex, will be not only time-consuming, but also costly.  Security, like complex IT systems, was never designed in any organized manner.  It simply expanded as more and more access was made available, patient rights were defined, technology capabilities expanded, and more Internet-related communications and document-sharing occurred.

Hospital Security Concerns

Further, HIPAA security requirements were thrown into the mix in an era when hospital budgets were shrinking, and hospitals were trying to meet their costs through consolidation or reduction of programs and staff.

The prime concerns for information security are:

  • confidentiality – information is accessible only by authorized people and processes;
  • integrity – information is not altered or destroyed; and
  • availability – information is there when you need it.

Hospitals will continue to review, update and further document their security issues, monitor changes, and develop processes to mitigate the problems.  Gap analyses will continue to determine where vulnerabilities are or potentially could occur.  This process will be time consuming, but will enable the hospitals to determine how each system is integrated into their portfolio of systems and applications, and how it will be integrated with new technology.  Most importantly, it will facilitate identification of the detailed process of requesting, securing, and approving access to confidential patient records, systems, or applications.  It will enable hospitals to move forward with other technology enhancements in a secure manner.

Patchwork Security Quill

As stated previously, security has grown piecemeal as needs have been integrated with system, application, and software program growth.  It is literally a patchwork of various security functions and restrictions that may just be applicable to a certain application or software product or may be applicable to several applications but not all.  Various security software or SaaS packages have been deployed at different facilities across the United States that provide firewalls, access controls, tracking systems, and various other HIPAA security compliant capabilities; however, even with all these controls no one person within a hospital environment is fully aware of all the security requirements, security structures, the integration of the security network or whether any of the security network works efficiently and effectively.  Building a basic understanding of the entire network is the basis for developing and improving the entire HIPAA-related security process.  Besides the security involved within the hospital systems and through the Internet, there is still the issue of physical security, security theft or inappropriate access to patient information.

Typical Security Queries

The following list provides examples of typical questions related to security of information stored either on the laptop or on an accessible Intranet site from the laptop that should be addressed. All of these questions relate to additional time and expense in having an assigned individual monitor all aspects of this tracking process:

  • Is there an accurate record or log of each piece of equipment referenced at the hospital?
  • Do I know how many of the laptops are portable and used at home?
  • Are personal digital assistants (PDAs) and laptops encrypted and is the employee required to change passwords frequently?
  • Do I know how many of these portable systems are used for personal services?
  • Do I know how many of these laptops are used by family members?
  • Do I know how secure the portable systems are?
  • Do I know if they are just password protected or whether other security measures are in place?
  • Is every piece of equipment accounted for when employees leave, including PDA, laptop, CD, DVD, or other storage devices?
  • Do I know who can access confidential patient information from a remote office or home?
  • Is there a defined process for discarding old computers and old media?
  • Do employees know the hospital’s reporting process if their laptop is stolen or hacked?
  • Is virus and spyware software continually updated?
  • Are employees provided with information on how to secure their laptops or blackberries?
  • Do employees know what to do when attachments from unknown sources are sent and/or downloaded?
  • Does the employee use home-burned CDs/DVDs on their laptop?
  • Is system backup maintained by every employee?
  • Do employees know to “log off” when leaving their desktop or is there an automatic “log off” capability built within the system?

Security Administrators and Managers

Hospitals are employing security administrators and security staff to identify potential risks, vulnerabilities, risk scenarios, and develop policy and procedures to address all of these issues.  HIPAA compliance reviews and approval processes from HIPAA officers or legal counsel will be an added process for the hospital as part of any security consideration.  All of these security review processes, requirements, and staffing represent new and most likely unbudgeted costs with higher-than-anticipated associated costs to the hospital.  Costs need to be based on the affiliated risk, and the associated manpower or technical systems/software required to fix the risk; these indirect costs (i.e., not direct labor costs related to patient care) are being met from the hospital profits.

Risk Assessment Queries

Every covered entity should complete a risk assessment and review it periodically.  Focus areas that need to be addressed in the risk plan include the following:

  • workforce clearance (does the job require access to patient information and is it documented in the job description);
  • training (ongoing awareness and reminders); and
  • termination (what are the processes and procedures for assuring that a terminated employee does not have future access to any confidential patient information).

Today it is important for all hospitals to focus on contingency plans and disaster recovery to prevent any arbitrary loss of patient information.  Hospitals need to plan for and demonstrate that disasters such as Katrina or 9/11 or Japan or Alabama will not affect the security of the systems or access to patient information.

Many hospitals provide routine reviews, and system maintenance and updates to combat potential security problems or concerns with regard to confidential patient information.  However, inadvertent or even intentional changes to systems can cause serious data problems as the data integrates throughout the hospital IT environment.  Security breaches at this level can come from inside or outside the hospital.  They can be malicious or accidental and they can be related to system function disruption or data degradation.  They can relate to potential failures to properly share data and coordinate information.  They can also be the cause of major patient clinical errors, physician dissatisfaction, inaccurate record information, duplication of records, and as always, additional cost to the hospital that must identify the potential breach, develop a solution, and correct the issue at hand.

Main Concern

Direct access to information is probably the biggest security issue.  It affects personnel access to the systems they need in their daily jobs and tends to be poorly controlled.  Because hospitals need to provide access to information, they are sometimes lax about who has that access.  As an example, ask any hospital to not only identify each access user on the system, but also identify who uses each specific application.  Few hospitals have that capability. They would require additional resources to develop not only a major computerized index, but also the time and attention to monitor and to change users’ rights to access.  Many hospitals routinely request that the business or IT manager provide access for new employees that is similar to what another comparable staff person has — not really addressing the particular “right to know” or determining whether the new employee really needs a particular level of access.  Experience within the hospital environment also shows that many of the staff still have the same access to systems that they have had for years, even though they may have changed positions several times.

Finally, many staff have access to confidential patient information, yet few of the hospitals have ever linked this “right of access” to a background check.  Access to the hospital system is given to employees to perform a job.  In turn, the hospital is widely opening its doors to access a wide range of financial or confidential information, or even competitive information.  Many of these hospitals have employed designated staff to change and delete access rights, or allow read-only access, or read/write access; however, vulnerability still can exist.  Security is a trade-off between control and flexibility and there will always be weak points.  For those hospitals that have in place a comprehensive security review process, policy and procedures, and a contingency plan, the risks and liability can be limited.

Assessment

Regardless of the cost, HIPAA security and privacy regulations have changed the hospital environment.  The hospital and its IT and security staff need to be proactive.  There is simply too much at stake and potentially too many issues where mistakes could cause the hospital a serious system problem or result in a large fine.  HIPAA and the responsibility to provide reasonable patient care risk reduction mandate secure healthcare IT operations.  To do less simply allows patient care and healthcare delivery outcomes to be exposed to unacceptable levels of unnecessary risk.

About the Author

Carol S. Miller has an extensive healthcare background in operations, business development and capture in both the public and private sector. Over the last 10 years she has provided management support to projects in the Department of Health and Human Services, Veterans Affairs, and Department of Defense medical programs. In most recent years, Carol has served as Vice President and Senior Account Executive for NCI Information Systems, Inc., Assistant Vice President at SAIC, and Program Manager at MITRE. She has led the successful capture of large IDIQ/GWAC programs, managed the operations of multiple government contracts, interacted with many government key executives, and increased the new account portfolios for each firm she supported.

She earned her MBA from Marymount University; BS in Business from Saint Joseph’s College, and BS in Nursing from the University of Pittsburgh. She is a Certified PMI Project Management Professional (PMP) (PMI PMP) and a Certified HIPAA Professional (CHP), with Top Secret Security clearance issued by the DoD in 2006. Ms. Miller is also a HIMSS Fellow, Past President and current Board member and an ACT/IAC Fellow.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Filed under: Health Insurance, Health Law & Policy, Information Technology | Tagged: , , , , | 14 Comments »

Search Guidance for a Chief Medical Security Officer

Posted on March 22, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

A Business Case Model

By Richard J. Mata MD MS CIS

Dr. Mata

Join Our Mailing List

The Mighty-Soft Hospital is a futuristic 1,500 bed fortress-like facility operating with a state-of-the-art dual wired-wireless infrastructure complete with computerized physician order entry  system, radio frequency inventory device (RFID) control tags, and integrated electronic medical records (EMRs) that are the envy of its competitors and vendors, and offer a formidable strategic competitive advantage in the marketplace.

Now, imagine the potential liability, PR disaster and chagrin when its enfant terrible CEO is told of a massive security breach similar to the ChoicePoint and Lexis-Nexis fiascos.  The ID theft involves release of critically protected healthcare financial, employment, clinical, and contact information for all of its patients, employees, physicians, business associates, and affiliated medical personnel.

Suddenly, senior management is charged with the task of establishing the new position of Chief Medical Security Officer (CMSO) for Mighty-Soft, and navigating a crisis management dilemma never previously faced by the formerly HIPAA-compliant electronic giant.

The CMSO is to be a senior level management position responsible for championing institutional security.  Awareness of electronic and HIPAA policy and procedure developments, while working to ensure compliance with internal and external standards related to information security, is vital.  The CMSO is to report directly to the CEO and the CIO.

The Search Committee developed the following list of CMSO duties and responsibilities:

  • Chair the hospital’s Information Security and Privacy Committee in its policy development efforts to maintain the security and integrity of information assets in compliance with state and federal laws, and accreditation standards.
  • Provide project management and operational responsibility for the administration, coordination, and implementation of information security policies and procedures across the enterprise-wide hospital system.
  • Perform periodic information security risk assessments including disaster recovery and contingency planning, and coordinate internal audits to ensure that appropriate access to information assets is maintained.
  • Work with the financial division to coordinate a business recovery plan.
  • Serve as a central repository for information security-related issues and performance indicators.  Research security or database software for implementing the central repository, and note that a server based system could be useful for a Wide Area Network (WAN), so this information can be shared with the enterprise-wide hospital system.  Develop, implement, and administer a coordinated process for response to such issues.
  • Function when necessary as an approval authority for platform and/or application security and coordinate efforts to educate the hospital community in good information security practices.
  • Maintain a broad understanding of federal and state laws relating to information security and privacy, security policies, industry best practices, exposures, and their application to the healthcare information technology environment.
  • Make recommendations for short- and long-range security planning in response to future systems, new technology, and new organizational challenges.
  • Act as an advocate for security and privacy on internal and external committees as necessary.
  • Develop, maintain, and administer the security budget required to fulfill organizational information security expectations.
  • Demonstrate effectiveness with consensus building, policy development, and verbal and written communication skills.
  • Possess the clear ability to explain information technology concepts to audiences outside the field.
  • Become the public face for the Mighty-Soft Hospital’s legacy security system.

Minimum Qualifications:

  • MD, DO, DPM, DDS, DMD, with bachelor’s/master’s degree in computer science or related field or equivalent experience.
  • Three or more years of experience in the healthcare industry.
  • Five or more years of experience in information security.
  • Eight or more years of experience in information technology.
  • In-depth understanding of network and system security technology and practices across all major computing areas (mainframe, client/server, PC/LAN, telephony) with a special emphasis on Internet related technology.

Preferred Qualifications:

  • Experience with electronic medical devices.
  • Specific experiences in the healthcare industry.
  • Familiarity with legislation and standards for PHI and patient privacy.
  • Demonstrated successful project management expertise.
  • Professional certification, e.g., CISSP, CISA, PMP.
  • Experience with student record/higher education laws.

Key Issues:

  • What is your IT hardware infrastructure and how are security-related devices deployed?
  • What security requirements are imposed by federal and state authorities on your institution?
  • What would you consider the most important criteria for choosing a CMSO?
  • What relationship will the CMSO have with the CIO, CMIO and CEO?
  • What level of security education/training do you consider necessary for your hospital community?
  • What are the key security issues your CMSO will have to address?
  • What are the key privacy issues?
  • What are the key risk management issues?
  • What are the pros and cons of EHRs for your institution?
  • What do you see as the EHR priorities for your CMSO?
  • What are the security issues of EHRs for your institution?

Assessment

How would you select a CMSO?

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Filed under: "Doctors Only", Career Development, Experts Invited, Information Technology | Tagged: , , , , , , , , , | 2 Comments »

Protecting Personal Health Information [PHI on Talk Radio]

Posted on March 5, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

Check out the Xerox Blog Talk Radio

By Staff Reporters

Join Our Mailing List 

Federal regulations require that healthcare organizations put new safeguards be put in place to protect a person’s personal health information, also known as PHI. This means new challenges for anyone who handles sensitive data [covered entities]. And, there are also severe penalties if the guidelines aren’t followed.

From ACS

Mark Tripodi, chief innovation officer for ACS’ government healthcare solutions group will explain why data can easily be put at risk and what can be done to ensure organizations meet privacy standards.

Assessment

You can access the recording here: http://bit.ly/eyv65U.

For more on Xerox: http://xrx.sm/news.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product Details 

Filed under: Health Law & Policy, Practice Management | Tagged: , , , , , | 3 Comments »

“Journal of Financial Management Strategies” for Healthcare Organizations

Posted on February 28, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

ADVERTISEMENT

Hospitals and Healthcare Organizations

[A Textbook of Financial Management Strategies]

Buy from Amazon

 

Filed under: Book Reviews, Glossary Terms, Health Economics, Health Insurance, Health Law & Policy, Healthcare Finance, iMBA, Inc., Information Technology, Practice Management, Practice Worth, Professional Liability, Risk Management | Tagged: , , , , , , , , , , , , , | 2 Comments »

ICD-10 is Not an Airplane

Posted on February 11, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

It’s Another Part of HIPAA the ADA Won’t Discuss

By D. Kellus Pruitt DDS

A couple of days following the heads up I posted concerning the imminent upgrade from the tedious ICD-9 coding system to the ICD-10 that is said to be exponentially more complicated, informatics specialist Tom Sullivan posted a signal to fellow coders nationwide: “7 tactics for making ICD-10 urgent.”

http://www.healthcareitnews.com/blog/7-tactics-making-icd-10-urgent 

If you are fed up with unfunded, non-productive and ineffective mandates like I am, I imagine an alert to coders to create urgency in your practice makes your ear lobes burn bright red as well.

Tedious Administrative Tasks 

According to Sullivan, the ICD-10 presents providers with new requirements for “care management protocols, clinical and financial databases and reports, reimbursement, registries, quality management and research.” These requirements do not promote patients’ best interests. These tedious administrative tasks only enable HIPAA-covered entities to get paid.

ADA

If you are a HIPAA-covered dentist with a voluntary but permanent 10-digit NPI number which is required for ICD-10 compliancy, are you aware if ADA leaders have yet described the ICD-10 coding system any better than they described the NPI number that Delta Dental, BCBSTX, as well as the ADA aggressively promoted years ago?

Who knows? The ICD-10 may not even apply to dentistry. Somewhere deep in the HIPAA Rule, there might be a footnote that says “except in dental practices.”

Department of Dental Informatics

This isn’t the first time I’ve heard rumors about HIPAA’s nasty surprises for dentists. Five years ago this month, “quality” control through dental informatics was enthusiastically but perhaps prematurely revealed to me by an excited spokesman for the ADA Department of Dental Informatics. It was his email that equipped me with everything I needed for this 5 year adventure.

Shortly afterwards, the topic of HIPAA became so poisonous for ADA officials to discuss that the misled leaders who unwittingly signed on to promote digital fantasies in dentistry only rarely appeared in print and never on the internet – leaving the responsibility of informing naïve and trusting ADA members about the downsides of EHRs to those who sell EHRs.

Nevertheless, following three years of official silence about HIPAA from the ADA, in the last 14 months there have been two commentaries published in the JADA which promote quality control in dentistry. The first was written by James Bader DDS and appeared in the December 2009 edition of the JADA titled “Challenges in quality assessment of dental care.”

http://jada.ada.org/cgi/content/full/140/12/1456  

Quality Control 

The second commentary concerning quality control was written by Editor Michael Glick DMD titled ““When good may not be good enough — The need for clinical performance measures in dentistry.” (I’m no longer able to access JADA online).

EBD 

HIT stakeholders Bader and Glick, who are both fervent supporters of Evidence Based Dentistry as well as paperless dental practices, carefully tiptoe around what looks to me like an oppressive, micromanaged future for dentists. They both argue what must be a desperate committee-approved talking point – that quality assessment is critically important for ADA members so that fully-licensed dentists will have digital, Evidence-Based proof that their care is better than dental therapists’ who work for much less money.

Are ADA leaders sitting around a big table in ADA Headquarters when they think up this crap?

In addition, the cloistered committee concludes that patients’ opinions of their dentists is too difficult to collect and less reliable than algorithms based on dental claims and other data provided by the ICD-10 (?).

In fact, Dr. Bader is so confident in Evidence-Based digital results, he dismisses the need for any patient involvement in quality assessment: “Patient satisfaction has been shown to be associated only weakly with other assessments of quality of care, which means that it cannot be used as a surrogate for measures of technical quality.” Try telling that to a formerly satisfied dental patient who suddenly must pick his or her next dentist from a “preferred” provider list of strangers.

Assessment 

You mean like Ingenix’s measures of technical quality, Dr. Bader? In 2008, NY Attorney General Andrew Cuomo spanked the UnitedHealth subsidiary for selling algorithmic excuses to insurers to be used to cheat out-of-network physicians.

Conclusion

If you are a small business owner who reasonably asks to be paid no more and no less than what one is owed as quickly as possible – if not immediately like all other businesses in the land of the free – I’m pretty sure Sullivan’s 7 pearls intended to make ICD-10 more urgent for doctors will light up the lobes again. And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com and http://www.springerpub.com/Search/marcinko

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product Details 

 

Filed under: Information Technology, Practice Management, Pruitt's Platform | Tagged: , , , , , , , , , | 13 Comments »

Has the HIT Bubble Already Popped?

Posted on February 2, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

Long Before Reaching … Dentistry

[By Darrell K. Pruitt DDS]

HCPlexus recently partnered with Thompson Reuters to conduct a nationwide survey of almost 3,000 physicians about their opinions of the quality of health care in the near future considering the Patient Protection and Affordable Care Act (PPACA), Electronic Medical Records, and their effects on physicians and their patients. (See “5-page Executive Summary”)

http://www.hcplexus.com/PDFs/Summary—2011-Thomson-Reuters-HCPlexus-National-P

Results:

“Sixty-five percent of respondents believe that the quality of health care in the country will deteriorate in the near term. Many cited political reasons, anger directed at insurance companies, and critiques of the reform act – some articulating the strong feelings they have regarding the negative effects they expect from the PPACA.”

What’s more, one in four physicians think eHRs will cause more harm than help. So what’s the accepted threshold for the Hippocratic Oath to come into play?

Do you also find excitement in healthcare reform’s surprises? Experiencing the sudden, last minute turns healthcare reform has taken lately is like riding shotgun with Mayhem behind the wheel, texting. Here’s other discouraging news from the same HCPlexus-Thompston Reuters survey: “A surprising 45% of all respondents indicated they did not know what an ACO is, exposing a much lower awareness of ACOs versus the broader implications of PPACA. It appears there has been a lack of physician education in this area.”

ACOs Defined 

Since I also had no idea what an ACO is, I searched the term and came across a timely article that was posted on NPR only days ago titled, “Accountable Care Organizations, Explained.”

http://www.npr.org/2011/01/18/132937232/accountable-care-organizations-explained

Author Jenny Gold writes: “ACOs are a new model for delivering health services that offers doctors and hospitals financial incentives to provide good quality care to Medicare beneficiaries while keeping down costs.” Does that remind anyone of insurance HMO promises just before the bad idea collided with surprisingly intelligent consumers in the early 1990s? Kelly Devers, a senior fellow at the nonprofit Urban Institute, is quoted: “Some people say ACOs are HMOs in drag,” There’s a sharp turn nobody warned us about.

HMO Differentiation 

Further blurring the difference between ACOs and HMOs, Gold adds “An ACO is a network of doctors and hospitals that shares responsibility for providing care to patients. Under the new law, ACOs would agree to manage all of the health care needs of a minimum of 5,000 Medicare beneficiaries for at least three years.” I wonder if we’ll see a resurrection of HMO gag orders preventing physicians from discussing effective but expensive treatment alternatives not offered by the ACO.

As expected, not only are hospitals and doctors competing for the opportunity to run ACOs, but so are former HMO insurance agents. Devers explains, “Insurers say they can play an important role in ACOs because they track and collect data on patients, which is critical for coordinating care and reporting on the results.” As a provider, do you trust UnitedHealth’s Ingenix data mining tendencies? A few years ago, NY State Attorney General Andrew Cuomo spanked the company for selling insurers pseudo-scientific excuses to cheat out-of-network physicians.

Just like Health Maintenance Organizations don’t maintain health, insurer-based Accountable Care Organizations will not bring accountability to care any more than the Patient Protection and Affordable Care Act provides patient protection and affordable care. And since I’m exposing blatant bi-partisan deceptions, there is no privacy or accountability in the Health Insurance Portability and Accountability Act, and the “HIPAA Administrative Simplification Statute and Rules Act” doesn’t.

HITECH Funding

Gold suggests that because HITECH rules were written intentionally vague in order to push the envelope of stakeholders’ imaginations, similar to HIPAA’s ineffective security rules I suppose, the doctors’ predictable ignorance of ACOs is understandable.

But then again, all this may not even matter in a few months. According to Howard Anderson, Executive Editor of HealthcareInfoSecurity.com, HITECH funding itself is threatened. He recently posted “GOP Bill Would Gut HITECH Funding – Unobligated HITECH Act Funds Would be Eliminated.”

http://www.govinfosecurity.com/articles.php?art_id=3306

Assessment

While Obama’s healthcare reform teeters between two houses, I encourage consumers to plead with their lawmakers to stop being suckered in by cheap, meaningless buzzwords sprinkled in the titles of bills. I’m hoping we can at least get them to read a little deeper. Be on your toes. Mayhem is “recalculating.”

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Filed under: Information Technology, Practice Management, Pruitt's Platform | Tagged: , , , , , , , , , , , , | 3 Comments »

About the CDT Health Privacy Project

Posted on January 30, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

Survey of Concerns about Health 2.0 and HIPAA

By Staff Reporters 

The Center for Democracy and Technology is a non-profit public interest organization working to keep the Internet open, innovative, and free.

A Civil Liberties Group

As a civil liberties group with expertise in law, technology, and policy, CDT works to enhance free expression and privacy in communications technologies by finding practical and innovative solutions to public policy challenges while protecting civil liberties.

Assessment

The CDT is dedicated to building consensus among all parties interested in the future of the Internet and other new communications media. 

http://cdt.org/about

Health 2.0 / HIPAA Survey

Submit your questions on Health 2.0 / HIPAA here:

Link: http://cdt.org/blogs/cdt/submit-questions-health-20hipaa

Deven McGraw is Director of the Health Privacy Project for the CDT.

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Filed under: Ethics, Health Law & Policy, Information Technology, Surveys and Voting | Tagged: , , , , | 3 Comments »

About Cyber Insurance for Doctors

Posted on January 24, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

What it is – How it works?

By Staff Reporters

All medical practitioners and ME-P readers and subscribers are aware that there are stiff penalties for protected health information [PHI] data breaches. And, the HIPPA policies and laws are legendary.

Security Standards

Cyber security standards are standards which enable healthcare and other organizations to practice safe security techniques to minimize the number of successful cyber security attacks and HIPPA information breaches.

Assessment

These guides provide general outlines as well as specific techniques for implementing cyber security. For certain specific standards, cyber security certification by an accredited body can be obtained. There are many advantages to obtaining certification including the ability to get cyber security insurance.

Link: ISA – Cyber-Insurance Metrics and Impact on Cyber-Security

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Filed under: "Doctors Only", Information Technology, Insurance Matters, Risk Management | Tagged: , , | 10 Comments »

Understanding Client Engagement Letters for Financial Advisors

Posted on January 21, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

Review the Basics to Protect Yourself from Liability

By Dr. David Edward Marcinko MBA CMP™

http://www.CertifiedMedicalPlanner.org

[Publisher-in-Chief]

According to the Professional Liability Agents Network (PLAN), a nonprofit association of insurance agencies specializing in risk management and loss prevention, there are two things that FAs should remember about engagement letters: have them and revise them. In fact, according to iMBA Inc’s Dr. Gary L. Bode CPA MSA – an accountant, financial advisor and board certified doctor – not all financial advisors and financial planners use engagement letters. “And, I think they are making a big mistake.”

www.MedicalBusinessAdvisors.com

Moreover, merely having a standard engagement letter is not enough: The changing scope of client service requires advisors and planners to review and update their engagement letters annually. Engagement letters should be updated to reflect changes in the engagement’s scope or timing. Many attorneys also recommend using a separate engagement letter each year to avoid problems of continuous representation and to establish the date of the statute of limitations before the engagement begins (thereby limiting the time period in which a client can file a claim).

The 10 Essential Elements

Even short, simple engagement letters are binding contracts. When creating or updating your engagement letters, make sure several essential provisions are included. Although additional clauses may be necessary, these basic provisions are the framework of your engagement letter.

1. Scope of Services and Limitations

Many doctors and lay professionals think of financial planning as a comprehensive analysis. If your engagement is limited, you must state that clearly in your engagement letter. Courts have held that it is reasonable for a client to expect a comprehensive analysis unless you state otherwise.

2. Client Responsibilities

The client’s role in an engagement is to provide the advisor or planner with certain data and to verify its accuracy. An engagement letter should contain a provision identifying the assistance you expect from your client in providing information and verifying its accuracy. The engagement letter should also specify any timetables applicable to this information.

3. Fees and Billing Procedures

Fee collection suits by advisors and planners against clients can result in professional liability counter-suits. You can prepare for this problem by specifying fees and billing procedures. An important part of this provision is your right to suspend work in progress until unpaid balances are brought current.

4. SEC Provisions for Investment Advisors

Planners who serve in investment advisory roles are required by the SEC to add several clauses to their engagement letters. First, if you collect any part of your fee in advance, you must explain in your engagement letter how a refund of the advance fee will be calculated if the client decides to stop the relationship before you have finished your work.

Second, you must state that you will not assign your responsibilities as a planner to a third party without the written consent of the client.

Finally, you can avoid regulatory responsibilities resulting from your possessing discretionary authority to act on behalf of your client by including in your engagement letter a disclaimer that says you will not exercise your discretionary authority without the client’s express written consent.

5. IRS Requirements

The IRS requires financial advisors and financial planners to have written consent to use a client’s tax return for purposes other than preparing a tax return. Thus, to protect yourself from liability, it’s important to add a “consent to use tax return information” clause in engagement letters.

6. Sharing of Information

Many financial advisors and planners recommend including in engagement letters a clause that allows the planner to receive information from and share information with their client’s other advisors. But, if you’re going to exchange information about a client, you’d better have the client’s affirmation; much like the HIPAA Statutes [business associates agreement].

7. Dispute Resolution

Include an arbitration clause in every engagement letter – arbitration is much faster and cheaper than taking a case through the court system. This theory is supported by PLAN, which recommends including in every engagement letter details about the type of dispute resolution to be used in the case of a disagreement.

8. Limitation of Liability

PLAN recommends that client service professionals require clients to either indemnify them from certain types of claims or establish a dollar limit on their liability. Although this provision has been used successfully in other professions, the SEC position on such clauses seems unclear. So, before adding a limitation of liability or indemnification clause, then, check with your state and federal regulatory agencies about standard procedure.

9. Good Will

Many firms conclude an engagement letter with a “good will” provision that thanks the client for his or her business and offers to discuss the letter and its provisions if the client has questions. While this provision may appear gratuitous, PLAN believes this can be critically important to a defense if a client claims to not know what he or she was signing.

10. Signature

As mentioned above, your engagement letter becomes your contract for professional service. As such, it is important to have it signed by your client http://www.plan.org

Assessment

Much like medical and surgical consent forms, or even treatment plans, client engagement letters for financial services professionals now seem the norm.

Note: Julie Schaeffer, a Chicago-based freelance writer, assisted in the original version of this essay.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

Filed under: "Advisors Only", Financial Planning, Risk Management | Tagged: , , , , , | 4 Comments »

Has the ADA Ever Mentioned Quality Control?

Posted on January 17, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

About My Tell-All Book?

By D. Kellus Pruitt DDS

One day, I’m going to write a tell-all book about quality control dentistry …  But, for all I’ve been told, it might be fiction.

The Quality Mandate 

Here’s something I find entertaining about the “quality” reporting mandate that was quietly written into HIPAA about the time President Clinton amended the 1966 Freedom of Information Act – making doctors’ records no longer proprietary business information. The 1996 HIPAA Rule is modular, and around every corner, we’ve learned there is an exploding surprise that was slipped into a thick bill long ago. The bolus technique of passing difficult legislation is not unlike the way the 2000 page healthcare reform bill was handled. It gets crap through the system too quick to be read, understood and debated by principals in healthcare who aren’t paying attention anyway. It’s a rule-making policy that simply favors stakeholders rather than doctors and patients. Depending on the campaign contributions, silliness can catch fire like a Madoff investment.

Dental Quality Compliance 

I don’t know about physicians, but dentists have never been warned about the quality control part of compliance. Now that it’s an integral part of healthcare reform’s imaginary funding, it’s a sure bet that no ADA official is willing to discuss the egregious blunder even anonymously.

ADA Department of Informatics

Soon enough, ADA members will learn about the clandestine quality control efforts of the ADA Department of Informatics – the brainchild of former ADA Sr. Vice President Dr. John Luther, who I hear is no longer part of the organization. Although I’m a persistent, nosey outsider peeking into a secretive not-for-profit organization (?), from what I can tell, the ADA’s interest in quality control began about 6 years ago following a visit to the ADA Headquarters by Newt Gingrich – which evidently favored the ADA Department of Dental Informatics with federal funding to replace dependence on finicky members’ dues. Had ADA members who were busy treating dental patients actually known the directions the ADA took the ADA’s mission statement for easy money, Dr. Luther’s career with the organization would have been even shorter.

Anonymous ADA Leaders 

Knowing that anonymous ADA leaders’ blunders no longer stay hidden forever, don’t you find the shyness of today’s dental leaders amusing? Don’t you just know the trusting early-adopters of interoperable eDRs will be pissed off when they discover that long ago, the ADA could have warned them about ambitious stakeholders’ plans for the profession?

Assessment

Who’s going to break the sweet news to dues-paying members before CMS, insurers, and quality control consultants (today’s dental insurance consultants), are granted a back door to HIPAA-compliant dentists’ interoperable computers allowing access for real-time quality control authorities, as well as fraud, HIPAA, FTC and other inspectors working on commission? It’s a dark tale.

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Filed under: Information Technology, Practice Management, Pruitt's Platform, Quality Initiatives | Tagged: , , , , , | 8 Comments »

Do Patients Really Believe in eMRs?

Posted on January 11, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

Not Necessarily

By Dr. David Edward Marcinko MBA CMP™

[Publisher-in-Chief]

A NPR / Kaiser / Harvard School of Public Health patient opinion poll of more than a year ago [Aril 2009], demonstrated that for the most part, patients believed that just spending money on eMR’s was not going to improve their health or bring down health care costs.

The Personal Touch

In fact, the most important part, it seems, is their relationship with their doctor [ie, trust].

Link: Harvard

Assessment

So, how does this square with the following tends?

  • Patient-Doctor face time is decreasing.
  • Doctors avoid eye contact because of poor keyboarding computer input skills.
  • Some medical schools may abandon courses in physical diagnosis.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Filed under: Information Technology, Surveys and Voting | Tagged: , , , , | 3 Comments »

Looking to Convert to a Paperless Dental [Medical] Practice?

Posted on January 10, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

Why Does the ADA Promote eDRs?

By Darrell K. Pruitt DDS

Not so Fast!

Before a dentist trustingly accepts the recommendation of the American Dental Association and unwittingly converts his or her practice to paperless, one should read the story I copied below which was posted on VillageSoup.com yesterday.

Unlucky dentist loses everything …

http://waldo.villagesoup.com/business/brief/business-services/unlucky-dentist-loses-everything/373672

Worst Way to Start Off the Year

I have been on my own for last 7 yrs. We have a small business server (windows 2003) 6 work stations, completely paperless using Dentrix 11 and Vixwin platinum. One morning, when we returned to work, we could not access the server. Went into panic mode! Not able to get anything! Not knowing the schedule. Who is coming what they are coming for, etc. It was decided that my server crashed. It was set up w/2 hard drives to mirror each other and also had an external drive back up (Seagate). We ended up rushing the drives to a data recovery company in (data doctors). They sounded very promising claim 90% success). I agreed to pay additional $4100 to rush case! We were led to believe all is well once they diagnosed case. A few hrs later every thing changed. We got the bad news that both drives are not recoverable since they found a minute scratch on one of the plates. Also we are not able to recover anything from the external drive.

At this point I have lost all patient records including x rays going back 7 yrs. I have no access to schedule, ledgers, notes, insurance, X-rays, anything. This is leading both me and my wife into depression. We are very stressed, at a loss. This is a catastrophic loss. Not sure how to move forward?

I am worried about the liability on top of everything else. How do I tell my patients? How do I know who paid for what balances on work that needs to be done, etc. I keep waking up at night thinking of all the possible problems.

This is the lowest point in my career. I don’t even want to go into the office from stress. If any one can offer any advice I would really appreciate it. I know in the past you guys lifted me up. I love forum name.

Thank you.

Assessment

On top of the anguish this person already suffers, the HIPAA violation must be reported to the Department of Health and Human Services. Thanks to HITECH, an expensive inspection is likely to follow. The dentist’s letter reminds me of a desperate private note from a dentist a few months ago describing his HIPAA violation. He lost a laptop computer he was using as a daily backup device. Since there were thousands of his patients’ unencrypted PHI on the computer, he was similarly paralyzed by the same cold and lonely panic a professional feels when optimistic career plans suddenly crumble into a dark void that includes abject business failure. People sometimes hurt themselves and others when even choosing to do the right thing leads to ruin. A person with any compassion can tell from reading the dentist’s plea for help that the newer harsher penalties from HHS and state Attorneys General for data breaches will only further destroy the lives of innocent dentists and their families. HITECH is cruel nonsense in dentistry and ADA leaders are stone-cold heartless.

Although encryption is strongly advised in the “ADA Practical Guide to HIPAA Compliance,” If ADA officials dared to keep track of their failure in promoting safe digital dental records, I bet their own data would show that less than 3% of US dental patients’ PHI is encrypted. Yet proud leaders in my profession remain stoically unresponsive to members’ and patients’ concerns about risks of data breaches. They call their aloofness “professionalism.” It infuriates me that shy ADA officials hide from personal accountability for the careless harm they cause dentists and dental patients.

“Image is everything” ADA/IDM slogan

The nation’s ambulatory healthcare providers – including dentists, podiatrists, chiropractic doctors and physicians – cannot continue to blindly trust our professional organizations to protect our practices from the dangers of the electronic health records they promote for their personal benefit. We’ve been sold out.

Assessment

As far as I can tell, selfish ADA leaders with careers invested in dental informatics just can’t tolerate truth. When I consider the pain they cause at no risk to themselves, I say the parasites should be encouraged to move on down the road and look for their power in a field where they won’t endanger others.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Product DetailsProduct DetailsProduct Details

***

Filed under: Information Technology, Op-Editorials, Practice Management, Pruitt's Platform | Tagged: , , , , , , | 10 Comments »

PhysAssist Scribes for eMRs [Necessity or Frivolity?]

Posted on January 5, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

On Human eHR Input Devices [aka Personal Secretaries]

By Dr. David Edward Marcinko MBA CMP™

[Publisher-in-Chief] www.CertifiedMedicalPlanner.org

What it Is – How it Works?

According to their website, PhysAssist Scribes provide turn-key solutions, recruits, interviews, trains and certifies staff, schedules and maintains highly-trained human eHR input scribes for their clients [$8-10/hour wages]. Emergency room departments and physicians were an initial target market.

Data Input Services

Scribes provide real-time charting for physicians by shadowing them throughout their shifts and performing a variety of tasks including recording patients’ history and chief complaints, transcribing the physical exam, ordering x-rays, recording diagnostic test results, and preparing plans for follow-up care, etc.

Typical Clients

Clients are mostly hospital based physicians, but one can imagine progressing down the food chain to large medical practices and even to solo practitioners as technology advances and HR costs are reduced. So, give em’ a click, and tell us what you think.

http://iamscribe.com

Reported Benefits

  • Increase physician performance
  • Increase physician job satisfaction
  • Increase overall patient satisfaction
  • Improve chart accuracy
  • Decrease patient length of stay
  • Increase communication among ED staff
  • Improve physician recruiting and [retension] retention.

Related story: http://www.hhnmag.com/hhnmag_app/jsp/articledisplay.jsp?dcrpath=HHNMAG/Article/data/12DEC2010/1210HHN_FEA_staffingissues&domain=HHNMAG

Assessment

  • It seems implausible to me that in order to facilitate the widespread use of eMRs, one has to hire another layer of bureaucracy in order to input the patient encounter. Is this an indictment of the various speech recognition systems or physician keyboarding ability? I am not a technophobe but eHRs are not yet up to pragmatic-use snuff. This is reminiscent of jeweled encrusted “buggy-whips” of the 1850’s. They were expensive, cumbersome and added no utility; but were “nice-to-have” devices for the affluent until the internal combustion engine came along [i.e. non-solo or small group medical practitioner].
  • Of course, injecting another human resource [i.e. personal secretary] into the data input equation increases privacy breach possibilities for this protected health information [PHI]. And, it is not exactly the model of a contemporary and lean micro-medical office.
  • Does a secretary-scribe really have to be “certified”? Won’t a good typist do just as well? Is this an example of vertical integration in the PhysAssist business model?  How long till the scribes join the labor-union movement and seek employment benefits?
  • What happens to the doctor, patient and data input chain when a scribe quits, or is a no-show for work?
  • What ever happened to Occam’s razor (or Ockham’s razor), often expressed in Latin as the lex parsimoniae (translating to the law of parsimony, law of economy or law of succinctness), which is a principle that generally recommends selecting a hypothesis that makes the fewest new assumptions. IOW: KISS
  • Of additional interest to note is the misspelling of the word retention, as “retension” on the www.IAmScribe.com website. Not a very good impression for a transcribing firm; or am I just an aging editorial curmudgeon?
  • Are e-MR scribes a necessity or mere frivolity?

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Are such secretary scribes a “covered entity” or “business associate” under the HIPAA laws with the needed paperwork, etc? Or, is this an Obama administration job creation initiative?

And, feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Filed under: CMP Program, Information Technology, Op-Editorials, Practice Management | Tagged: , , , , , , , , | 15 Comments »

eMR Privacy versus Healthcare Efficiency [A Voting Opinion Poll]

Posted on December 24, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

The Electronic Controversy Continues

By Anonymous

Medicine may be the last industry to resist the digital revolution as many doctors still use paper medical records.

Framing the Debate

Privacy advocates worry that if the move to eMRs is rushed, patient privacy will suffer. Supporters, on the other hand, argue that health information technologies have advanced to the point that such concerns are vastly overblown. Any loss of privacy will, they insist, be more than offset by efficiency gains. Who is right?

Link: http://www.economist.com/debate/debates/overview/189

Assessment

Will any privacy loss from eMRs be compensated for by commensurate welfare gains from increased medical delivery efficiency?

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com and http://www.springerpub.com/Search/marcinko

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Product Details  Product Details

   Product Details 

Filed under: Information Technology, Practice Management, Voting Polls | Tagged: , , , , | 4 Comments »

Grading Texas Lawmakers on Patient Privacy

Posted on December 13, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

Grade Spread Runs Gamut from F to A+

[By D. Kellus Pruitt DDS]

Are the interests of my dental patients in Fort Worth, Texas being adequately represented by their elected officials in Austin and Washington DC? Starting a few months ago, I’ve sent multiple emails concerning patient privacy and identity theft to my elected government officials on state and national levels; as a test of responsiveness.

The Elected Officials

These include:

  • Texas US Senators John Cornyn and Kay Bailey Hutchison
  • US Representatives Joe Barton and Michael Burgess
  • Texas State Senators Wendy Davis and Chris Harris
  • Texas State Representatives Diane Patrick and Marc Veasey.

Of the 8 lawmakers I contacted through their Websites, I received no response from state officials Davis, Harris, Patrick and Veasey. However, from my national representation, only Joe Barton failed to reply. I simply have to give those 5 a grade of F. I assumed my state representatives would be more patient-friendly than members of the US Congress. But, I was wrong.

Texas US Senators 

US Senator Cornyn has responded twice: Once in September and again on December 6. In both emails he says,

“Dear Darrell Pruitt,

Thank you for contacting my offices. Your correspondence has been received, and we will respond to you as quickly as possible.”

I suppose there’s still hope for a response, but he also failed. Cornyn also earned an F.

On the other hand, I’m more disappointed with Kay Bailey Hutchison’s staff than John Cornyn’s. In all 3 of her identical responses to my emails, she addresses me as “Dear Friend,” before wasting my time with a vanilla lecture about the origin and intention of the HITECH Act that I can get from HHS:

“The HITECH Act includes privacy and security provisions to expand current requirements under the Health Insurance Portability and Accountability Act (HIPAA) and strengthens the HIPAA privacy rule, blah, blah, blah.”

If Hutchison’s staff member had read the first paragraph of any of the three emails I sent before he or she assigned me the same canned response all three times, the bonehead would have recognized that an explanation of HIPAA was not what I needed from his or her boss. I’m pretty sure I know more about HIPAA than the Senator, and that is the reason I wrote her in the first place.

Senator Hutchison closed all three emails with,

“I appreciate hearing from you, and I hope that you will not hesitate to contact me on any issue that is important to you. Sincerely, United States Senator Kay Bailey Hutchison”

Then she added,

“PLEASE DO NOT REPLY to this message as this mailbox is only for the delivery of outbound messages, and is not monitored for replies.”

Although I should have known better, following her dead-end reply, I returned to her Website and complimented the Senator for being my patients’ first elected official to respond to my emails. I told Kay Bailey how special her personal attention made me feel as an American… which attracted the same response, which quickly stopped that special feeling. Compared to Hutchison’s predictable responses, Senator Cornyn’s thin promises of a meaningful response some day don’t look so bad. Hutchison gets an F, but I’ll upgrade Cornyn to a D for incomplete.

Enter Dr. Michael Burgess 

And then there is Michael C. Burgess. Compared to this man, everyone else is just a failing politician, in my opinion. Dr. Burgess gets an A+.

In response to both emails I sent to US Representative Michael Burgess MD in the last few weeks, I received sincere, personalized responses. This week, I sent Dr. Burgess a copy of the timely comment I posted Tuesday on this Medical Executive-Post, “Is ‘encryption of PHI’ discussed in dentistry?”

https://medicalexecutivepost.com/2010/12/07/%e2%80%9cthe-ada-practical-guide-to-hipaa-compliance%e2%80%9d/#comment-9242

While Senator Hutchison is unaware that her staff is asleep, and while I’ve been waiting for John Cornyn to get back in touch with me for months, Congressman Burgess’ meaningful and personalized response arrived within 48 hours on Thursday:

Dear Dr. Pruitt:

Thank you for your continued correspondence regarding your concerns for privacy as it relates to health information technologies (HIT). I appreciate hearing from you on this matter.

I assure you that I understand the concerns you have that the implementation of HIT will have harmful effects on patients’ privacy, specifically as it relates to dentistry. As problems arise, I will work closely with the Department of Health and Human Service as well as organized dentistry to make sure that these problems are dealt with quickly and efficiently so that patients continue to receive the rights guaranteed to them in HIPAA.

As one of the few Members of Congress who have run a medical practice and been required to meet HIPAA, I take your concerns to heart and will be vigilant in my oversight.

Again, thank you for taking the time to contact me. I appreciate having the opportunity to represent you in the U.S. House of Representatives. Please feel free to visit my website (www.house.gov/burgess) or contact me with any future concerns.

Sincerely,

Michael C. Burgess, MD

[Member of Congress]

—————————–

So of those 8 elected officials from the Dallas /Ft. Worth area, who you think, I should trust with my patients’ interests next time I vote?  As for my state representatives whom I could run into almost anywhere in my community, they never bothered responding at all.

For months, I’ve emailed Diane Patrick more times than any other lawmaker. Long ago, I assumed that since she is married to a dentist, she might have natural interest in the welfare of dental patients. I was wrong. Even though the Fort Worth District Dental Society supports her campaigns, I have to wonder why?

Assessment 

And as for Marc Veasey, I met the man once, but I don’t think he remembers me. His campaign office is four doors down the hall from me as I type Tip O’Neal’s quote. “All politics is local.”

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Filed under: Health Law & Policy, Information Technology, Op-Editorials, Pruitt's Platform | Tagged: , , , , , , , , , , , , , | 2 Comments »

“The ADA Practical Guide to HIPAA Compliance”

Posted on December 7, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Book Review – Dark, Dark Reading

By Darrell K. Pruitt DDS

Complying with HIPAA is an investment in the future of your dental practice. HIPAA Privacy sets forth requirements regarding the proper protection, use, and disclosure of patient information. HIPAA Security addresses using and protecting electronic patient information and the electronic technology that can save time, increase revenues, and improve workflow.” So are those evidence-based claims or an advertisement in the $250 ADA publication I purchased?

On Being Leary 

I’ve learned to be wary when dentalcare stakeholders like authors Ed Jones and Carolyn P. Hartley call HIPAA an “investment in the future of your practice” much like I would advise people to be wary of a dentist who sells cosmetic veneers by calling it an “investment in your smile!” All too often it turns out to be an investment in the dentist’s smile.

Unsupported Claims

Contrary to the authors’ unsupported claims in the Introduction of “The ADA Practical Guide to HIPAA Compliance,” there is no evidence that electronic technology saves time, increases revenues or improves workflow in dental offices. And even though Jones and Hartley mention “investment” numerous times in their HIPAA guide, how smart is it for a dentist to sink money into expensive electronic technology that demands mind-numbing documentation (even if it’s done on a computer); that exposes a practice to government inspections which carry liabilities up to $1.5 million even before state attorneys general get involved; that endangers the long-term welfare of both the dental practice as well as dental patients, and that promises no financial return? So just how smart is a HIPAA investment in the future of one’s practice?

Disaster Recovery 

I wasn’t far into Jones and Hartley’s imaginative guide to HIPAA compliance before reading other long-since rejected selling points that are so lame that even rookie eDR vendors know better than to attempt them. The authors’ naïve claim of the digital advantage of easier “disaster recovery” from a fire or hurricane is a good example of ADA-approved HIT fiction. Just ask yourself why disaster recovery was hardly a concern throughout the history of dentistry until the ADA leadership mindlessly bought in to promoting paperless practices and suddenly needed selling points in the worst way.

ADA Slogan

“Dentistry is healthcare that works”.

Beware

Any time dentalcare stakeholders trot out solutions, before asking the price, dentists should determine that there is indeed a corresponding problem that needs to be solved. Here is a simple marketplace test of Jones and Hartley’s disaster recovery claim: Which is cheaper: Disaster recovery insurance or data breach insurance? Common sense says that dentists’ offices are much more likely to be hit by burglars than fires and hurricanes. When burglars break into dentists’ offices, they don’t go for filing cabinets and ledger cards. They steal computers that can contain thousands of patients’ identities. As for the small percentage of US dentists whose offices are located in coastal cities and vulnerable to hurricanes, perhaps those dentists should maintain both digital and paper patient records. After all, which kind is easier to read during power failures that are common with hurricanes as well as ice storms – which occur much more frequently and throughout the nation?  What’s more, pegboards and ledger card boxes in a paper-based practice are not only hack-proof, but their use is unaffected when Internet servers go down, or are hacked. Confused yet? 

“You may decide to engage a technology consultant at some point, but after reading this book, you’ll have specific reasons for that engagement.”

Still Not a Fan

I’m not a fan of creative writers Ed Jones and Carolyn P. Hartley’s style of humor, but I needed a few continuing education credits and decided to pick up 8 easy hours through the ADA by purchasing their HIPAA guide and accompanying test. After finally conquering the first 2 bureaucratic-tedious chapters, it’s a pretty sure bet that I’ll try to wing it on the test long before getting through all 360 pages – many with footnotes even.

In the Minority 

I think studying for a CPA exam would be more riveting reading for me, as well as perhaps more meaningful for my dental patients – even if I were a HIPAA-covered entity. But since I’m one of the 4% of dentists in the nation who still doesn’t store or transmit patients’ protected health information (PHI) in slippery digital form, I never have to worry about attracting a subjective inspection because of my highly visible opinions about the absurdity of HIPAA in dentistry. Fines for being “willfully negligent” start at $50,000, and my transparent lack of respect for the Law would understandably trigger an inspection if I were a HIPAA-covered entity.

Join Our Mailing List 

HIPAA Flexibility 

On the other hand, since the HIPAA Rule is “flexible” by design, and HIPAA-covered dentists can be charged with huge fines – the other 96% of dentists in the nation who use computers in the business office have good reason to be careful about exercising their basic freedoms in the land of the free. It’s easy to see why covered entities aren’t complaining. Not to worry. As always, Proots has your six, good buddy. Are flexible laws really in American citizen’s best interest?

Although authors Jones and Hartley repeatedly point out that the HIPAA Rule’s flexibility is its beauty – even to the extent of allowing dentists to decide whether or not to notify their patients of a breach – dentists simply must be warned of the dangers that are inherent in vague laws: Flexibility for the dentist always means subjectivity for the inspector. History has shown us that subjectivity is dangerous in the hands of poorly-trained people with badges working on commission. The odds of fair treatment following even a self-reported data breach are not in a dentist’s favor. Even the simplest investigation by HHS representatives will cost a dentist at least $100 – even if the dentist is determined to be innocent of a baseless complaint – perhaps filed by a disappointed patient or employee.

Investigations and Violations 

“Violation Category (A) Did Not Know:  For a violation in which it is established that the Covered Entity did not know and, by exercising reasonable diligence, would not have known the Covered Entity violated such provision [$100-$50,000 per violation]. Chapter 2, page 20. HHS Secretary Kathleen Sebelius promised Congress that she intends to efficiently investigate every complaint against providers and vows to stop data breaches through stricter enforcement of the (hazy) HIPAA Rule – starting real soon. How is that not tyranny?

HITECH Subjectivity?

The ADA’s guide to HIPAA compliance has reaffirmed to me that HITECH HIPAA is a subjective law designed for abuse by those who created it. What’s more, eDRs provide NOTHING to dental care that has not been adequately and safely handled by conventional means of communication for decades at far lower costs. Sooner or later, the sudden news about HIPAA’s absurdity in dentistry is going to hit the HIT market like a brick. Following that flash of honesty, anyone who doesn’t agree that HIPAA is absurd in dentistry will do so at risk of snickers. So how complicated is compliance?

Chapter One: Dentist’s Obligations 

Chapter 1, page 1: “This book is concerned with only a portion of [Public Law 104-191]: Subtitle F — Administrative Simplification, hereinafter referred to as ‘HIPAA.’” Later in Chapter 1, Jones and Hartley use a paragraph to describe dentists’ obligations.

“Adopting Health IT presents challenges as well. For example, a dental practice must research and evaluate available systems, assess the current and foreseeable needs of the practice, negotiate the terms of the contract for the system and related services, including items such as the cost and availability of tech support, the number of licenses and authorized users that the contract will include, and the hardware and software features that enable HIPAA and HITECH compliance. Time and energy must be devoted to training staff to use the electronic health record system. A dental practice adopting an electronic health record should consult its attorney both with regard to the acquisition itself (including any contracts, licenses, and other legal documents) as well as with regard to the legal implications of using an electronic health record (for example, the dental practice should understand what will constitute the legal record and how the electronic health record would affect document retention requirements). A dental practice that intends to take advantage of the HITECH Act Medicare or Medicaid reimbursement incentives must understand and stay abreast of developments regarding the incentives, such as the qualifications of an “eligible provider,” how to demonstrate compliance with the “meaningful use” criteria,  how reimbursement incentives will be structured, and certification criteria of dental information systems.” 

Now do you see why the name “HIPAA” works better for stakeholders than “Administrative Simplification”?

HIT Rot 

As another illustration of how effectively stakeholders have hidden rot in HIT, the most common misspelling of HIPAA is “HIPPA,” and most consumers trustingly assume at least one of the Ps stands for “Privacy.” HIPAA hasn’t been about patient privacy since it was amended 8 years ago, and the P stands for “Portability.” And boy-howdy are digital records ever portable! HIPAA has ceased to be a benevolent law for Americans. It’s become instead a bi-partisan plan to take control of healthcare from healthcare principals and award it to healthcare stakeholders such as the HIT industry.

Assessment

You’ll spend a good amount of time implementing the Security Rule in your dental practice, but it’s the maintenance measures that will keep you in compliance.” This is a beautiful, meaningless point, Ed Jones and Carolyn P. Hartley.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Filed under: "Doctors Only", Book Reviews, Health Law & Policy, Information Technology, Pruitt's Platform | Tagged: , , , , , , | 39 Comments »

Of WikiLeaks, Politics and eMRs [A Voting Opinion Poll]

Posted on December 6, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Is Reporting for “Accidental” Political Downloads a HIT Security Game-Changer?

By Dr. David Edward Marcinko MBA CMP™

[Publisher-in-Chief]

Recently, I read in The New York Times that Federal workers are being told to avoid the website WikiLeaks and stay away from those classified cables leaked from the US State Department! Classified information, whether or not already posted on public websites or disclosed to the media, remains classified, and must be treated as such by federal employees and contractors”,  the Office of Management and Budget [OMB] said in a notice sent out last Friday.

Link: http://www.msnbc.msn.com/id/40512200/ns/us_news-wikileaks_in_security

Of Advice … Not Threats?

According the release, The New York Times was told by a White House official that it does not advise agencies to block WikiLeaks or other websites on government computer systems. Nor does it bar federal employees from reading news stories about the leaks! But – and this is a big one – if they “accidentally download” any leaked cables, they are being told to notify their “information security offices.”

Too Many Conflicting Questions 

  • Is document leaker PFC Bradley Manning a hero and a real patriot – not the mislabeling of an ACT as THE PATRIOT ACT – or traitor goat? What about Julian Assange – is he a full-disclosure hero or guilty of treason – should he be treated as an enemy combatant of the US Government?
  • How could a mere PFC download a quarter million classified documents without raising a red flag? Is the government incompetent? Has it just issued a not so thinly veiled threat to its own citizens with this admonishment? Are we becoming more like China in our use and restrictions of the Internet? Was the big brother prescience of George Orwell’s 1984, correct?
  • Is the admonishment of security officer notification following “accidental download” akin to the “don’t ask – don’t tell” policy on gays in the armed forces? So much for the transparency we were told our current administration wanted.
  • Should we forget about, or modify, the eMR privacy debate and/or should HIPAA be modernized?
  • Should Hillary Clinton resign?

Health Care Security Questions

  • Who exactly is a government employee anyway? And, does this include workers in the VA system, prison health system, Indian Health Service, postal workers, Medicare and Medicaid recipients, school kids with government meal subsidies and/or independent contractors and recipients of budgetary pork projects, US tax credits or federal unemployment benefits, etc?
  • Have these employed folks signed a HIPAA-like “business associate agreement” with Uncle Sam? Should government workers close their eyes and ears, too! And, with the expansion of federal government, does this mean that even more folks will have access to classified information [and more accidental downloads] than ever before? Who is left and allowed to read WikiLeaks and who is actually immune, or not?
  • If government can not protect its own data, records, confidential information or websites with certainty, how does it expect a solo medical professional [DPM, DO, DDS, DC, etc] to do the same with eMRs, and at what cost! HIPAA rules and regulations spell ou very specific health policy mandates and onerous legal punishments and fines for protected health information [PHI] data breach don’t they; not just the notification of a Chief Medical Information Security Officer [CMISO]. Is this a federal double standard?

Historical Re-Do

Federal employees were told to not read the Pentagon Papers. The leaker, economist Daniel Ellsberg PhD, precipitated a national controversy in 1971 when he released them. The right of the press to publish the papers was upheld in New York Times Co. v. United States. As a response, the Nixon administration began a campaign against further leaks – and  a smear campaign against Ellsberg personally – by creating the White House “plumbers”, which in turn led to the Watergate burglary of the LA office of Dr. Lewis Fielding MD [Ellsberg’s psychiatrist] in an effort to discredit him. According to Ellsberg;

“The public is lied to every day by the President, by his spokespeople, by his officers. If you can’t handle the thought that the President lies to the public for all kinds of reasons, you couldn’t stay in the government at that level, or you’re made aware of it, a week … The fact is Presidents rarely say the whole truth—essentially, never say the whole truth—of what they expect and what they’re doing and what they believe and why they’re doing it and rarely refrain from lying, actually, about these matters.”

Note: “Presidential Decisions and Public Dissent”, Conversations with History, July 29, 1998].

Now … Four Decades Later

Has anything changed since the above scandal? Almost forty years later, those with security clearance across the board were given this same directive about WikiLeaks. Will they comply; nope! Did little Johnny refrain when his mother told him not to read Playboy magazine; of course not! The surest way to perusal, or unwanted behavior, is prohibition. Just tell someone NOT to do something, and watch that activity increase.  Human nature is human nature. Recall, the 18th. amendment [1919-1933] was repealed by the 21st. amendment whose 77th. anniversary is celebrated just this week.  

Assessment

Look, like most traditional news organizations and journalists, we at the ME-P fiercely advocate for our First Amendment Rights. Anyone looking at classified information without clearance, while not necessarily illegal when posted by a media organization, is considered to be making an “ethics” violation of the rules of secrecy as established by the intelligence community. And, we always strive to be ethical as part of our Judeo-Christian heritage.

But, citizens and members of the fourth estate are not in the intelligence community. What does this mean for average citizens and private doctors … nothing at all. What a HIPAA breach means to a medical professional however, is another serious matter! Fear the government’s admonition: Do as I say – Not as I do. Use paper medical records; eschew eMRs?

Voting Poll and Survey

Conclusion

Is reporting for “accidental” downloads, or security breaches, an HIT security game-changer? Your thoughts and comments on this ME-P are appreciated. Is WikiLeaks like eMR security; more potentially legal and economically damaging to the leaker than the outed? What about Julian Assange and the need to revise the HIPAA statutes? Is there an analogy here; or not?Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com and http://www.springerpub.com/Search/marcinko

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Product Details  Product Details

   Product Details 

 

Filed under: Breaking News, Ethics, Health Law & Policy, Information Technology, Op-Editorials | Tagged: , , , , , , , , , , , | 15 Comments »

Do Passwords Protect the Identity of Patients?

Posted on November 27, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Essay on eDR and eHR Data Integrity

By D. Kellus Pruitt DDS

“ADA Tip: Password protection is the responsibility of each workforce member. Strong alphanumeric passwords provide a strong defense against unauthorized electronic system intrusion. Passwords that cannot be guessed, that are not publicly posted, and that are changed on a regular basis will help your practice avoid the occurrence of security incidents.”

– 2010 ADA Practical Guide to HIPAA Compliance, Chapter 4, page 26.

Not So Fast, ADA 

I read a recent article on lifehacker.com titled “How to Break into a Windows PC (And Prevent It from Happening to You).” The unnamed author tells a different story.

http://lifehacker.com/5674972/how-to-break-into-a-windows-pc-and-prevent-it-from-happening-to-you

Running on Windows®  

Apparently, if a healthcare provider’s office computer runs on Windows and it is not encrypted, password protection is worse than ineffective security. Passwords are false security. If lifehacker.com is correct, all a dishonest employee needs to download thousands of patient identities to sell for a few hundred bucks is a Linux CD and 10 minutes of snuggle-time with an office terminal.

What’s more, it is unlikely that if the thief will ever be caught if he or she sports common sense. Months or years following the silent heist, the doctor could learn of a rash of neighborhood identity thefts from a federal investigator with a badge – waiting in the reception room for the doc’s next break between patients. Please remember this gaping hole in security the next time a HIT stakeholder like the ADA assures Americans that HIPAA is swell protection from identity theft. HIPAA empowers identity theft. The amendments to the 1996 Rule in 2002 gave too much away to campaign contributors, in my opinion.

About De-identification 

Now then; since you’ve made it this far, is anyone ready to consider a different path to the benefits of electronic dental records? It’s called de-identification. My goal has always been to stimulate open discussion of de-identifying dental records because it is so common sense to remove fuses from bombs. In 5 years, I’ve had very little success attracting sincere discussion about de-identification other than privately. Nevertheless, over the years I entertained an adequate amount of ridicule that stopped a few months ago. Like Charlie Brown and his persevering faith in the Great Pumpkin, I’m resolute.

HIPPA Data-Breach Liability 

Physicians might not be able to get away with sidestepping HIPAA and data-breach liability using de-identification because it is so easy to re-identify owners of medical records. And insurance company CEOs who don’t know the difference between cost control and quality control will fight de-identification of dental records before giving up the exclusive right to bend proprietary algorithms toward bonuses.

Here Comes the Pitch!  

Is America interested in better dental care through a transparent 2.0 platform that incentivizes value-based competition for dental patients instead of paid ads? I have a better solution than HIPAA: Drop the PHI identifiers from dental records and store volatile health histories on one or two well-guarded flash drives. It’s that simple. Want to see miracle discoveries in dentistry? Offer the boring but safe raw, de-identified dental data to anyone who cares to perform Evidence-Based Dental research. Interoperability will still be incredibly tedious and expensive, but at least the effort won’t be doomed by dangerous and expensive HIPAA regulations.

Assessment

So how about it? Imagine the incentives for self-improvement if dentists could privately compare their treatment results with competitors’ – without risk of harming their patients or practices – on an “opt-in” basis rather than a mandated fantasy of a “pay-for-performance” [P4P] model run by stakeholders with investors to answer to. If our grandchildren are to benefit from unbiased Evidence-Based Dental research mined from facts rather than manicured dental claims, passwords won’t allow them a return on ARRA investment and encryption is just one more layer of expensive and futile complication.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Product DetailsProduct DetailsProduct Details

   Product Details 

Filed under: Information Technology, Op-Editorials, Practice Management, Pruitt's Platform, Risk Management | Tagged: , , , , , , , , , , , | 5 Comments »

Should Doctors Make the Patient Internet Portal Leap?

Posted on November 23, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

An ME-P Readers Survey

By Staff Reporters

Join Our Mailing List 

Patient Portals

In healthcare, for example, the use of patient website portals is a hotly debated topic. These are [should be]  sophisticated HIPPA compliant and secure Web sites offered by medical practices to help engage patients electronically, with the promise of better service and care for patients — and less hassle for the medical practice, doctors and nurses. Often clinical, insurance and financial data gathering and scheduling functions are included, along with separate patient log-in, e-prescribing, and laboratory result features, etc. The promise of eMRs only increases the sophistication of these burgeoning sites.

Use Still in Infancy

But, according to www.MedicalBusinessAdvisors.com unscientific sampling of our clients and technically sophisticated practices [skewed cohort], physicians note that the uptake of portal use by patients outside of tech savvy urban centers is still small, although use by senior citizens is rapidly increasingly. And, tech savvy youngsters are typically not in need of healthcare.

The Survey Question

So, this raises the question, unanswered by other professionally focused websites like Physicians Practice, should you make the patient portal leap?

Definitions

Before we answer that question, let’s provide a bit more historical detail on this technology. In contrast to a traditional [first generation – health 1.0] practice Web site, which provides smiling pictures of the physicians, directions, hours of operation, policies, and maybe a smattering of educational materials, a patient portal is designed for active interaction between patient and practice [second generation – health 2.0].

Example:

As an example, a patient portal typically provides secure e-mail, allowing the patient to make a quick query of the physician (and presumably receive a reasonably quick response) without the delay and inconvenience of attempting to catch the physician on the phone between visits or after hours. Patient portals can also be used for open-source scheduling, allowing patients to make requests for particular times and days.

Assessment

Finally, the newest and most sophisticated patient e-MR engaged portals will allow patients to take a peek inside their patient record, giving them online (and secure) access to their medication list, recent labs, and other data that might be useful in self management, or if the patient is seeing another provider, etc. 

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Should doctors and medical clinics make the patient portal leap? Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com and http://www.springerpub.com/Search/marcinko

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Product Details  Product Details

   Product Details 

Filed under: iMBA, Inc., Information Technology, Surveys and Voting | Tagged: , , , , , , , | 3 Comments »

eHRs by 2014?

Posted on November 17, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

How’s the $19-B eHR Mandate Going?

By D. Kellus Pruitt DDS

In 2004, President Bush declared that all Americans’ health records will be digital by 2014. Upon taking the office 2 years ago, President Obama also adopted the popular, HIT industry-supported bi-partisan goal. Will the mandate make a difference – even if we kick in our grandchildren’s money?

Not without the cooperation of doctors and patients. What were you thinking, Mr. Presidents?

Looking Pretty Doubtful

Yesterday, even FierceHealthIT editor Neil Versel declared,

“It’s looking pretty doubtful that the Bush/Obama goal of 2014 will happen, whether you’re shooting for ‘most’ or ‘all’ Americans.”

http://www.fiercehealthit.com/story/amia-2010-five-10-years-away-always-seems-five-10-years-away/2010-11-15#ixzz15TianByl

My Two Cents

In my opinion, the eHR mandate was doomed on delivery when the consumer-friendly 1996 HIPAA Rule was amended in 2003 – taking control of healthcare from patients and doctors and granting it to reckless healthcare stakeholders who cannot be held accountable for harming Americans.

Assessment

In 2003, our privacy was sold for bi-partisan contributions. If Americans don’t trust digital health records, they’ll be worse than worthless. They’ll be dangerous.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Filed under: Information Technology, Op-Editorials, Pruitt's Platform | Tagged: , , , , , | 7 Comments »

An Open Letter to the TDA Council on Ethics

Posted on August 15, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

And … Judicial Affairs

By Darrell K. Pruitt DDS

Dear Dr. Roy N. Burk – Chairman

In your email to me on Thursday, you informed me that you would call my office this week at your convenience to discuss the as yet to be defined complaints about my “unprofessional conduct” from unnamed origins – some of which are rumored to be as old as three years. Also in your reply that was days late, you confirmed my suspicion that you rarely check your email (even though you provided your address). That is why I asked the manager of the TDA Twitter account to send you the message not to call my office. I’ve given her another message today to tell you to check you email. You said you prefer to have a phone conversation with me. However, I naturally decline because of obvious reasons such as inconvenience, misinterpretations and limited exchange of information.

Foundation of our Nation

The foundation of our nation was defined in carefully chosen words written by Thomas Jefferson, Thomas Paine and others. You have to admit that writing is a much more meaningful and efficient way to resolve the TDA’s mistake than with a 5 minute phone conversation. In addition, by working out our misunderstanding in meaningful sentences that can be viewed by all, both of us are much less likely to say something we might regret if our conversation gets heated… which it will. After all, you threatened my reputation in my community, Dr. Roy Burk. And for that reason, I intend to hold you personally accountable in your community if Judicial Case No. 12-2010-3 is not dismissed. Fair is fair.

Let’s Talk 

Things said in anger help nobody, and can be completely avoided with the written word. In short, there is no reason for either our phone conversation or the meeting you have planned for me on September 18. We can all do something else on that Saturday rather than waste the morning in an Omni Fort Worth hotel room. That is, if you are more interested in resolution than punishment. So let’s negotiate this mistake quickly and quietly, but in a transparent manner, Dr. Burk. As Dr. David May said (but did not mean) when he took over as TDA President in 2007, “Let’s talk.”

TDA Censorship? 

The issue at hand is clearly TDA censorship for political reasons rather than “unprofessionalism.” Trust me when I tell you that nobody who is following us is fooled by the kangaroo court you propose. Considering the recent NLRB decision against the TDA for mistreating employees, the TDA is no longer considered an ethically run organization by many. That means your credibility is shot from the beginning. This week, Jan Jarvis, whom I’m sharing this email with, published “Fort Worth medical clinic spends $15,000 notifying patients of theft” in the Fort Worth Star-Telegram.”

http://www.star-telegram.com/2010/08/06/2389717/fort-worth-medical-clinic-spends.html#ixzz0wIaU5AQa

My Community 

This is my community. Some of my patients are (or rather were) also patients of the local allergy clinic where computers containing 25,000 patients’ PHI were stolen in a burglary. In the end, the data breach will cost the clinic hundreds of thousands of dollars in lost customers because of the bad publicity, in addition to possible HIPAA fines and perhaps a lawsuit from Texas Attorney General Gregg Abbott. Yet, the TDA has still failed to warn members of the liability of their computers. There is simply no excuse for the TDA’s neglect, and punishing me for revealing the truth will not help anyone, and it aggravates me. That said, please allow me to show you exactly how the TDA’s censorship is hurting dentists as well as endangering their patients in Texas – even as we speak: One year ago today, I posted the following article concerning the liabilities of data breaches on the TDA’s Facebook. It is one of many cautionary articles I contributed about data breaches, electronic dental records and HIPAA. However, the TDA as well as the ADA has ignored the exploding identity theft problem because of undisclosed allegiances to entities other than dentists and patients. The behavior of my professional organization is counter to the Hippocratic Oath and indefensible.

In October, an unnamed person in the TDA determined that TDA members should be prevented from reading the following information.

TDA Facebook, August 11, 2009

HITECH/HIPAA Breach notification

On August 18, American dentists will hear from HHS that HITECH-empowered HIPAA now requires that patients be notified if a breach includes their identifiers. Most will be surprised to learn that the notification requirement is nothing new. The law has been there for years. Besides the law, everyone has to admit that notifying those whose welfare is at risk is the only ethical thing to do, even if it bankrupts a practice. And that is the problem. Breach notification will bankrupt a dental practice. The law has been around for years. It simply never was enforced by either HHS or CMS because it would be so devastating to small medical and dental practices. I assume that the shoddy enforcement is why the ADA did not see a need to distribute discouraging information about the HIPAA requirement. For some reason, the ADA supported the adoption of HIPAA. Some day we’ll know why.  This is not the first time I’ve brought up the breach notification topic on a TDA publication. At the first of 2007, the TDA ventured into the blogosphere with “Ask a Colleague” Forum as part of the TDA’s Website. I began to take over the forum with a contribution posted on January 13, 2008 which I copied below. It is a snail-mail letter I received from President-elect Dr. John S. Findley, describing for the only time in ADA history, the ADA’s Data Breach protocol.

ADA Resources? 

As you can see from the hard work put into the letter, it took a considerable amount of ADA dues to produce this response for only one ADA member. Nevertheless, my question was not taken lightly because they probably assumed it would show up again. And, they were correct. Even though the leaders failed to share it with other ADA members, before it was forgotten, it was cc’d to

  • Dr. S. Jerry Long, trustee, Fifteenth District
  • Dr. James Bramson, executive director
  • Ms. Mary Logan, chief operative officer
  • Ms. Tamra Kempf, chief legal counsel
  • Ms. Mary Kay Linn, executive director, Texas Dental Association

Two and a half years later, Findley’s letter is current enough to be posted with only minor changes. For example, Dr. James Bramson and Ms. Mary Logan no longer work for the ADA.

One more note about Dr. Findley’s response to my question, I did not misrepresent myself in my email to him that I had a computer stolen. He knew from six months earlier when I first emailed him my question that it was a hypothetical question about an obscure topic that ADA leaders did not want to talk about.

Posted: 13 Jan 2008 10:05 AM on the TDA.org Forum

Data breach protocol announced

On January 8th, Dr. John S. Findley, President-elect of the American Dental Association, signed the letter below which defines a data breach, describes a dentist’s obligation under the law in Texas to notify patients involved and the penalty for failing to do so. This is the first time this information has been made available to dentists anywhere in the nation in the 12 years of the HIPAA rule. Dr. Findley and his team are to be congratulated for working through an arduous and unpopular task. It demanded courage.

Darrell

ADA

American Dental Association

http://www.ada.org

John S. Findley, D. D. S. President-Elect

January 8, 2008

Dr. Darrell Pruitt

6737 Brentwood Stair Rd., Ste. 220

Fort Worth, Texas 76112-3337

Dear Doctor Pruitt:

I received your email of December 26th and regret to learn of the loss of your computer. I did inquire as to appropriate procedures upon the occurrence of such an event and am copying below an excerpt from the response of out legal department. “It appears that under these circumstances the dentist may wish to notify affected patients that their information may have been compromised so that they can take necessary steps to protect themselves (i.e. cancel credit cards, notify social security about potentially stolen social security numbers…). (This communication is informational and personal consultation between the dentist and his or her attorney is recommended.) They should also check their state breach notification laws to determine if there is anything else that is required. In this case, the Texas Identity Theft Enforcement and Protection Act (Texas Code Sec. 48 et seq) (the “Act”) covers data breach notification. The Act protects both “Personal Identifying Information,” which is defined as any information that alone, or in conjunction with other information, can be used to identify an individual and an individual’s:

A) name, social security number, date of birth, or government-issued identification number;

B) mother’s maiden name;

C) unique biometric data, including the individual’s fingerprint, voice print, and retina or iris image;

D) unique electronic identification number, address, or routing code; and

E) telecommunication access device.

The Act also protects “Sensitive Personal Information,” which is defined as an individual’s first name or first initial and last name in combination with any one or more of the following items, if the name and the items are not encrypted:

i) social security number;

ii) driver’s license number or government-issued identification number; or

iii) account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

Sec. 48.102 of the Act creates a duty for businesses to protect and safeguard information through creating and implementing procedures for such purpose. If there is a breach in the security of information, the Act requires a business that maintains ‘Sensitive Personal Information” to notify the owners of such information as soon as possible that a breach has occurred. The Act specifies one of the following modes of notice to be provided:

1) written notice;

2) electronic notice, if the notice is provided in accordance with 15 U.S.C. Section 7001 (which basically requires that a consumer must consent to receiving such notice in electronic form); or

3) notice as provided by Subsection (f) (see below).

(f) If the person or business demonstrates that the cost of providing notice would exceed $250,000, the number of affected persons exceeds 500,000, or the person does not have sufficient contact information, the notice may be given by:

1) electronic mail, if the person has an electronic mail address for the affected persons;

2) conspicuous posting of the notice on the person’s website; or

3) notice published in or broadcast on major statewide media.

Violations

“A person who violates the Act is liable to the state for a civil penalty of at least $2,000 but not more than $50,000 for each violation.” The information pertaining to your question was found in the Identity Theft Enforcement and Protection Act, Chapter 48 of the Business and Commerce Act of Texas.

We hope this information helps.

Sincerely,

John S. Findley, D.D.S.

President-elect

JSF:cac

cc: Dr. S. Jerry Long, trustee, Fifteenth District

  • Dr. James Bramson, executive director
  • Ms. Mary Logan, chief operative officer
  • Ms. Tamra Kempf, chief legal counsel
  • Ms. Mary Kay Linn, executive director, Texas Dental Association

Assessment

Dr. Findley’s letter to me was also deleted from the now closed TDA.org Forum.  The TDA’s actions are a lot like burning books, Dr. Roy Burk.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Filed under: "Doctors Only", Ethics, Information Technology, Pruitt's Platform | Tagged: , , , , , , , , , , , , , , , , , | 37 Comments »

How Expensive are Healthcare Data Breaches?

Posted on August 13, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

Estimating Financial Damage Often Difficult 

By D. Kellus Pruitt DDS

Dom Nicastro just posted an article on HealthLeaders Media titled “HITRUST: HIPAA Breaches Near $1 Billion.”

http://www.healthleadersmedia.com/content/TEC-255015/HITRUST-HIPAA-Breaches-Near-1-Billion##

“Covered entities and business associates reporting breaches of unsecured personal health information (PHI) affecting 500 or more individuals to the Office for Civil Rights (OCR) together could spend nearly $1 billion because of those breaches.”  Nicastro continues:

“HITRUST used the 2009 Ponemon Institute study that found the average cost for a compromised record to be approximately $144 in indirect costs and $60 of direct costs, for a total cost of $204.”

Fort Worth Star-Telegram

Just days ago, Jan Jarvis described a data breach in the Fort Worth Star-Telegram titled “Fort Worth medical clinic spends $15,000 notifying patients of theft.”

http://www.star-telegram.com/2010/08/06/2389717/fort-worth-medical-clinic-spends.html#ixzz0wIaU5AQa

Jarvis writes,

“In June, employees at a Fort Worth allergy clinic discovered that the office door had been kicked in and four computers containing patients’ personal information including Social Security numbers and birth dates had been stolen.”

Jarvis reports that 25,000 records were involved, and it only cost $15,000 to notify them. That’s only 60 cents per record instead of 60 dollars each as estimated by the Ponemon Institute. Instead of it costing the clinic $1.5 million for direct costs, it only cost them $15,000. That’s a savings of 99%.

Assessment

So what’s the deal? Is the Ponemon Institute that far off in their estimates?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product Details

Filed under: Information Technology, Practice Management, Pruitt's Platform, Research & Development | Tagged: , , , , , , , , , , | 11 Comments »

Understanding HIT Security Risks – The Ugly Truth!

Posted on July 15, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

On the Privacy and Security of Healthcare Records

Dr. Mata

[By Richard J. Mata, MD, CIS]

There is no privacy …  get over it.

Scott McNealy, Former Sun Microsystems CEO

Storing and transmitting health information in electronic form exposes it to risks that do not exist, or exist to a lesser extent, when the information is maintained in paper.  For example, although both paper-based and electronic systems need protection from fire, water, and wear and tear because of aging, electronic data is also vulnerable to hardware or software malfunctions that can make data inaccessible or become corrupt, and to non-secure policies that can make data vulnerable to illegal access.  In addition, cyber-crimes, and unauthorized intrusions originating both internally and externally, are increasing dramatically every year, costing companies millions of dollars.  Nonetheless, electronic medical records (EMRs) are usually considered more secure than paper patient charts because paper records lack an audit trail, papers are easily lost, and their contents can be illegible.

Take Care the Risks

Healthcare organizations must take the new risks seriously, however, because health information is a vital business asset, and protecting it preserves the value of this asset.  In addition, securing patients’ information protects their privacy and enhances the organization’s reputation for professionalism, patient well-being, and trustworthiness.  Hospitals, emerging healthcare organizations (EHOs), physicians, and healthcare entities long ago recognized the value of health information, and implemented security policies and procedures, but as they move more into the electronic arena, it is vital to revise and update policies and procedures to acknowledge the different risks inherent in the digital age.

Three Components of Security

The three classic components of information security are confidentiality, integrity, and availability.  Donn B. Parker, a pioneer in the field of computer information protection,[1] added possession, authenticity, and utility to the original three.  These six attributes of information that need to be protected by information security measures can be defined as follows:  

  • Confidentiality: The protection and ethics of guarding personal information — for example, being cognizant of verbal communication leaks beyond conversation with associated healthcare colleagues.
  • Possession: The ownership or control of information, as distinct from confidentiality — a database of protected health information (PHI) belongs to the patients.
  • Data integrity: The process of retaining the original intention of the definition of the data by an authorized user — this is achieved by preventing accidental or deliberate but unauthorized insertion, modification or destruction of data in a database.  Make frequent backups of data to compare with other versions for changes made.
  • Authenticity: The correct attribution of origin — such as the authorship of an e-mail message or the correct description of information such as a data field that is properly named.  Authenticity may require encryption.
  • Availability: The accessibility of a system resource in a timely manner — for example, the measurement of a system’s uptime.  Is the intranet available?
  • Utility: Usefulness; fitness for a particular use — for example, if data are encrypted and the decryption key is unavailable, the breach of security is in the lack of utility of the data (they are still confidential, possessed, integral, authentic and available).

Ethics

When these attributes are considered in the healthcare context, another factor comes into play: ethics.  According to Dr. J. A. Magnuson, professor of public health informatics at Oregon Health Science University’s Medical Informatics Program, privacy,[2] security, and ethics are inextricably intertwined, and all are critical to public health’s role as a trustee of the public’s data.  As public health becomes increasingly involved in Electronic Data Interchange (EDI;[3]), the information aspects of privacy, security, and ethics become ever more critical.  All doctors take an ethical oath to protect the patient, and the obligation to uphold this oath extends to health data management, even for employees who do not take an oath.

The fields of medicine and information technology (IT) each have separate and related ethical considerations.  Ethics may prohibit technology, for example, when using a specific application that would make a security breach likely.  However, ethics may also demand technology.  Suppose that a new surveillance application would improve public health — is it not ethically imperative to utilize it to save countless lives?  But suppose it also almost guarantees a security breach — what does the ethical position on use of the application become then?  That is an extreme example, though not completely unrealistic.

FISA

Varied Uses

Complicating the picture is the fact that IT in the healthcare arena has so many and varied uses.  For instance, office-, clinic-, and hospital-based medical enterprise resource planning (ERP) is based on the same back-end functions that a company requires, including manufacturing, logistics, distribution, inventory, shipping, invoicing, and accounting.  ERP software can also aid in the control of many business activities, like sales, delivery, billing, production, inventory management, quality management, and human resources management.  However, other applications particular to the medical setting include the following:

  • The EMR, which has the potential to replace medical charts in the future, is feasible.[4]
  • Healthcare application service providers (ASPs)[5] are available via Internet portals.
  • Custom software production may produce more solution-specific applications.
  • Medical speech recognition systems and implementation are replacing dictation systems.
  • Healthcare local area networks (LANs), wide area networks (WANs), voice-over Internet protocol (IP) networks, Web and ATM file servers are ubiquitous.
  • The use of barcodes to monitor pharmaceuticals is decreasing the chance of medication errors and warns providers of potential adverse reactions.
  • Telemedicine and real-time video conferencing are already a reality.
  • Biometrics will be used more often for data access.
  • Personal digital assistant (PDA) wireless connectivity, which relies on digital or broadband technology including satellites, and radio-wave communications are increasingly common.
  • The use of wireless technology in medical devices will be increasing.

No Healthcare Standardization

All of these applications offer advantages, but the security of these IT methods and devices is not yet fully standardized or familiar to health professionals; despite the CCHIT, Office of the National Coordinator for Health Information Technology, etc.  They all involve inherent security and privacy risks, and the prudent healthcare organization will want to ensure that these risks are identified and contained.  For instance, a single firewall or intrusion detection system (IDS) may not be enough.

The process must begin by conducting a security risk assessment — that is, doing a thorough assessment of current systems and data, and performing checks such as real-time intrusion testing, validation of data audit trails, firewall testing, and remediation when gaps or failed systems are exposed.  These activities are part of developing a healthcare security plan, including disaster recovery.

Privacy Officers

To ensure that the risk assessment is thorough, hospital network administrators and Privacy Officers should have a working knowledge of federal regulations and of the following security mechanisms:

  • vulnerability assessment;
  • security policy development;
  • risk management;
  • firewall assessment;
  • security application assessment;
  • network security assessment;
  • incident response and recovery assessment;
  • authentication and authorization systems;
  • security products;
  • firewall implementation;
  • public key infrastructure (PKI) design;
  • virtual private network (VPN) design and implementation
  • intrusion detection systems;
  • penetration testing;
  • security program implementation;
  • security policy assessment; and
  • security awareness training.

The federal government has recognized the importance of health information security by establishing regulatory guidance with its Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The International Standards Organization

Join Our Mailing List 

IT system managers in healthcare settings are also familiar with the comprehensive security model offered by the International Standards Organization (ISO).  For instance, using ISO’s 17799 Code of Practice for Information Security Management, versions 2000, 2005, or 2010 information security is achieved by implementing a suitable set of controls to govern policies, processes, procedures, organizational structures and software and hardware functions.  The Code requires the IT manager to establish, implement, monitor, review, and where necessary, improve these controls to ensure that the specific security and business objectives of a healthcare organization are met.

Assessment

The work of the National Institute of Science and Technology (NIST) in developing innovative technology for the healthcare sector is also of interest to IT system managers.  For instance, research on a computer note-writing system that captures clinical data automatically and a data repository system that captures patient data and integrates it with clinical decision support and knowledge bases are two of the initiatives that have originated with NIST.  In addition, the organization publishes numerous Special Publications that provide guidance on how to establish and maintain IT security.

CASE MODEL: HIT Security

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

References:

[1]   Donn B. Parker developed the so-called Parkerian Hexad Principles, which discuss the attributes of information security.

[2]   Privacy generally refers to a ‘people’ context, a state of being free from unauthorized intrusion or invasion.  This concept is as applicable to medical records as it is to your own house.  Confidentiality is viewed more in the context of information, usually dealing with accessing and sharing information or data.

[3]   EDI involves electronic transmission methods, often utilizing networks or the Internet.[3]  The benefits of EDI include speed, data entry savings, and reduction of manual errors; the risks are legion.

[4]   Terms used in the field include electronic medical record (EMR), electronic patient record (EPR), electronic health record (EHR), computer-based patient record (CPR), etc.  These terms can be used interchangeably or generically, but some specific differences have been identified.  For example, an EPR has been defined as encapsulating a record of care provided by a single site, in contrast to an EHR, which provides a longitudinal record of a patient’s care carried out across different institutions and sectors.  However, such differentiations are not consistently observed.

[5]   An application service provider (ASP) is a business that provides computer-based services to customers over a network.

Buy from Amazon

Filed under: "Doctors Only", Information Technology, Risk Management | Tagged: , , , , , , , , , , , , , , , , , , , , | 10 Comments »

Health Information Privacy Breaches

Posted on July 10, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Breaches Affecting 500 or More Individuals

By Staff Reporters

Join Our Mailing List

As required by section 13402(e)(4) of the HITECH Act, the DHHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. The following breaches have been reported to the Secretary.

www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Filed under: Health Law & Policy, Information Technology, Risk Management | Tagged: , , , , , , | 6 Comments »

On HIT Continuity Planning

Posted on June 28, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

Setting Up Your HIT Security System

Dr. MataBy Richard J. Mata, MD, CIS, CMP™ [Hon]

In order for a healthcare organization to thrive, it must be able to continue to function no matter what the circumstances are.

When disaster strikes, the organization must mobilize all the talent and resources needed to continue their operations and return to a normal state as soon as possible.

Time is money, and in today’s economy, an hour could be worth thousands of dollars.  Every department in an organization has responsibilities during a disaster.  Planning for a disaster and then dealing with it is a team effort by all parts of an organization.

Phases of Healthcare Business Continuity Planning

A system is required to realize this objective, and part of this system is healthcare entity business continuity planning (BCP).

Phase One: Set up a BCP Project

The first step is to set up a BCP project, which includes feedback from key members from all departments.  Appoint a project manager who has a solid background in the clinical and financial systems and functions that the organization deploys or services it provides.  The project manager can work with business and system analysts to document business flow and interactions with computerized systems that may go down, and how the organization will function on a manual system until service returns.

Phase Two: Review Emergencies and Assess Business Risk

The second phase involves reviewing the different types of emergencies that can arise and assessing the risks to the various business processes already documented.  This is accomplished following a system or service function.

Phase Three: Prepare for Emergencies

The third phase includes identifying of back-ups and recovery strategies to mitigate the effects of an emergency.  A storage area network (SAN) or redundant server could be used as back-ups.

Phase Four: Plan for Disaster Recovery

The fourth phase involves the development of procedures to be followed by a Disaster Recovery Team where human life may be at risk.  A disaster might be caused by weather, sabotage, or electrical power and be specific to the particular organization and its business and IT infrastructure.

Phase Five: Plan for Business Recovery

The fifth phase is critical, and involves developing detailed procedures for the recovery of the business.  Again, the BCP project manager could use each business or service procedure that was documented in phase two and detail which financial or clinical systems are involved, what would be done if the systems were down, and what the plan for recovering the system might be.

Phase Six: Test Business Recovery Procedures

The sixth phase involves simulating authentic emergencies and testing of the business recovery phase.  For example, how would business processes or services be affected by an electrical outage?  How fast can a power generator pick up the outage – and what might happen after a timely pause?  How would patients who were receiving mechanical support be affected?  What would happen to the clinical laboratory?

Phase Seven: Train the Staff

Phase seven covers the training of all employees in the procedures necessary to manage the business recovery process.  These are the procedures tested in phase six, which may require modification.

Phase Eight: Maintain the Currency of the Plan

Phase eight includes treating BCP as a dynamic project to be kept up to date to reflect all changes to business processes and employee structure.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Filed under: Information Technology, Practice Management, Professional Liability | Tagged: , , , , , , , , , , , | Leave a comment »

Is the Texas Dental Association too Authoritarian?

Posted on June 18, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

About Employee Mary Kay Linn

[By Darrell Kellus Pruitt; DDS]

Texas Dental Association Executive-Director Mary Kay Linn seems to think that TDA members owe her respect for some reason. I don’t see it. You get what you give TDA employee Mary Kay Linn.

Link: TDA response to Pruitt

I’ve attached the partially answered, authoritarian response from the TDA. I think it speaks for itself. And, I posted the following Twitterpoem today.

Mary Kay Linn, the executive director of the TDA just doesn’t get it.

@theTDA, I received the responses to some of the 30+ questions that were invited by the TDA. Linn’s evasion is transparent and regrettable.

@theTDA, when a Judicial Committee member delivered the PDF, he said Linn told him to tell me that “This is it. No more questions.”

Assessment

He added that: “There will be no follow up responses and that the very busy TDA staff spent far too much time on my questions already.” 

TDA Executive Director Mary Kay Linn, this will not end well for you.

Assessment

How responsive was the TDA; just right, under or overwhelming when pushed? Or, was Dr. Pruitt over-the-top? Does he expect too much from his professional association? Does almost every DDS except him know that the “emperor has no clothes?” Or, is he one member with critical thinking skills instead of blind [misplaced] faith?

Finally, is there an analogy here for the AMA, ADA, APMA, ANA, AOA, etc? Are the aging command-control medical association monopolies crashing down in the era of internet connectivity and professional networking? Do we need new norms and etiquette models of communication? Please opine.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product Details

Filed under: Career Development, Health Law & Policy, Information Technology, Pruitt's Platform | Tagged: , , , , , , , | 29 Comments »

Do We Have A False Sense of HIT Security?

Posted on April 17, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Data Breaches More Common than Realized

By Darrell K. Pruitt; DDS

Here is an article titled “Report: Healthcare Organizations may have a False Sense of Data Security,” written by Neil Versel for FierceHealthIT.

http://www.fiercehealthit.com/story/report-healthcare-organizations-may-have-false-sense-data-security/2010-04-12?sms_ss=twitter#ixzz0kzNS6lq

Versel describes the results of a study commissioned by Nashville, Tenn-based Kroll Fraud Solutions. Kroll estimates that 19% of healthcare organizations in the nation suffered a data breach in the last 12 months. That number is up from 13% a year ago. It is based on this information that I estimate that in the last year, at least 24 million dental patients in the nation have been unknowingly exposed to the danger of identity theft. Everyone agrees that the only ethical thing for a dentist to do if he or she knows that patients’ identities have been exposed is to notify the patients and HHS. The shameful fact is, data breaches in dentistry are not being reported.

Enter the Dentists  

But, who can blame American dentists for underreporting breaches without first blaming the heavy-handed, stakeholder-friendly system that forces honest professionals to be dishonest? If a dentist self-reports a breach of 500 or more patients’ Protected Health Information (PHI) it can easily bankrupt a practice. The harm to one’s reputation in the community is just too great a disincentive for even the best of us, even without the added expense of patient notification, subsequent fines and lawsuits. It’s ugly, but that’s the hard, hidden truth about HITECH-HIPAA in dentistry – a piece of lame, one-sided “feel good” legislation that rather than preventing data breaches in dentists’ offices, it drives them underground. As healthcare providers, we should have warned our patients about the growing danger from electronic dental records long ago. Besides me, there are no practicing dentists discussing the topic. Why?

Accepting Ownership of the Dilemma  

Would anyone like to argue that the bi-partisan federal mandate for an interoperable, national eHR system relieves dentists of their obligations to the Hippocratic Oath? Let’s face it: Dentists’ computers continue to threaten up to 20% of dental patients in the nation. We cannot ignore it any longer, doctors.  Once we finally accept ownership of our problem, what are we going to do about it? I’ve suggested that we use common sense and simply remove the dangerous information from dental patients’ files. Anyone see any problem with this idea? Anyone have a better solution?

Assessment 

So what do the leaders of the ADA think of de-identification?

 

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe. It is fast, free and secure.

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Filed under: Information Technology, Pruitt's Platform | Tagged: , , , , , , , , | 7 Comments »

Dr. Deborah Peel vs. Ms. Mary Grealy on Patient Privacy

Posted on April 6, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Physician versus Lobbyist

By Darrell K. Pruitt; DDS

On March 23, 2010 Dr. Deborah Peel, a psychiatrist in private practice and the founder of Patient Privacy Rights (www.patientprivacyrights.org) posted an opinion piece titled: “Your Medical Records Aren’t Secure” in the Wall Street Journal.

http://online.wsj.com/article/SB10001424052748703580904575132111888664060.html

Her still popular article soon picked up 217 comments – reflecting respectable interest in the conundrum. Since then, her message of caution has gained momentum on the Internet in the security industry, and has even spilled over into appearances on Fox News, MSNBC and PBS in the last week.

Dr. Peel’s Case

Dr. Peel argues that even though the President claims digital health records will reduce costs and improve quality, they could undermine safe and effective care if patients become afraid to confide in their doctors.

“The solution is to insist upon technologies that protect a patient’s right to consent to share any personal data. A step in this direction is to demand that no federal stimulus dollars be used to develop electronic systems that do not have these technologies.”

It is easy to understand why Dr. Peel’s opinions draw the ire of HIT stakeholders both inside and outside government.

Dr. Peel concludes:

“Privacy has been essential to the ethical practice of medicine since the time of Hippocrates in fifth century B.C. The success of health-care reform and electronic record systems requires the same foundation of informed consent patients have always had with paper records systems. But if we squander billions on a health-care system no one trusts, millions will seek treatment outside the system or not at all. The resulting data, filled with errors and omissions, will be worth less than the paper it isn’t written on.” 

Dr. Peel is currently on a campaign to encourage Americans to sign her “Do not disclose” petition.

http://patientprivacyrights.org/do-not-disclose/

HIT Stakeholders Speak Up

Recently, the Wall Street Journal featured an opposing opinion to Dr. Peel’s in an article titled “Industry Rep Calls Patient Privacy ‘Overblown’ Worry”

http://online.wsj.com/article/SB10001424052748704094104575144110418562490.html?mod=googlenews_wsj#articleTabs%3Darticle

Ms. Grealy’s Case

Mary R. Grealy, President of the Healthcare Leadership Council, a coalition of chief executives from the health-care industry, posted her objections to Dr. Peel’s warnings about the dangers of digital records versus paper:

“Dr. Peel seeks to frighten people into believing electronic health records are more vulnerable than paper ones, which is not the case. She fails to acknowledge the important role of the HIPAA in protecting health information, or the extraordinary steps hospitals, health plans and physicians have taken to assure confidentiality. Building upon HIPAA, federal laws adopted this year strongly encourage encryption of data included in electronic health records and have imposed new criminal and civil penalties for violating an individual’s privacy.” 

“More importantly, though, if Dr. Peel’s prescription for this hyperbolic problem were to be followed, it’s actually our health that will be less secure. Burdening patients with the responsibility of deciding what health information should be divulged and what should be shielded from medical professionals brings an infinite array of possible consequences. Would the average patient know what information a surgeon needs in order to perform a complex procedure? It’s highly doubtful”.

“In a broader sense, draconian restrictions on the essential flow of medical information would have society-wide repercussions. It would affect the ability of public health officials to report and track incidences of disease. It would undermine the Food and Drug Administration’s capability to monitor the quality and safety of medical products, and product recalls would be hampered”.

“Perhaps most importantly, medical research into lifesaving cures and treatments would be severely hindered by restricted access to health information. Stymieing the necessary transfer of data contained in one diagnosis, one prescription or one lab test could mean the difference between life and death. That is a very high price to pay in order to address overblown privacy concerns”.

Mary R. Grealy

[Washington]

_____________________________________

Assessment

Mary Grealy doesn’t have a petition to sign.

Whereas Dr. Peel turns to patients for support, Ms. Grealy, President of the Healthcare Leadership Council, a coalition of chief executives from the health-care industry, turns to Washington.

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details

Filed under: Ethics, Health Insurance, Health Law & Policy, Information Technology, Point-Counter Point, Pruitt's Platform, Risk Management | Tagged: , , , , , , , , | 12 Comments »

Need a New Career in Dentistry – Become a Consultant

Posted on March 26, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Or – Maybe Just a Hobby

By Darrell K. Pruitt; DDS

One might ask how much knowledge of dentistry is required before a person is qualified to call oneself a “dental practice management consultant” – beyond maybe being able to spell HIPAA with only one P, and Hippocrates with two.

Meet Jill Coon, Inc

An anonymous management consultant who works for Jill Coon, Inc of Florida posted this brave suggestion on the company Facebook today:

“Why not take 3 max anterior PA’s and 1 mandibular PA once a year with bitewings to check for caries in front teeth? We actually bill insurance for 3 PA’s not 4. Hygiene production just increased!”

My Translation 

Here is a translation of her question from dental-speak to English:

“Why don’t dentists take routine x-rays of front teeth like they do for back teeth, when doing so increases hygiene production and payments from the insurance companies?”

[Dental team members, please sit on your hands for this one].

Bonus Round 

Bonus question: Can anyone think of any reason why one might not want additional routine x-rays – even if insurance pays for it at 100% (of usual and customary fees)?

Hint: It can be trickier to avoid irradiating the thyroid when taking anterior x-rays than while taking routine bitewing x-rays.

Assessment 

I’ll be back soon with the tricky opinion I will have posted on Jill Coon, Inc Facebook. It will be her first if nobody beats me to it.

http://www.facebook.com/home.php#!/pages/West-Palm-Beach-FL/Jill-Coon-Inc/125510596754?v=wall&ref=mf

Conclusion

Is there anyone out there with almost no knowledge of dental care who wants to match wits with a sales rep for a consulting company that “specializes in dental insurance billing and treatment planning for dental practices”?

Industry Indignation Index: 47

How about it – HHS Secretary Kathleen Sebelius, JD?

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Filed under: Career Development, Ethics, Health Insurance, Industry Indignation Index, Practice Management, Pruitt's Platform | Tagged: , , , , , , , , , , , | 5 Comments »

eHRs and Clinical Trials

Posted on March 20, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

An Oft Neglected Topic

By Chris Thorman

I wanted to give the ME-P a heads up on an article I just finished about a neglected topic in the eHR debate concerning clinical trial participation.

It’s called: Electronic Health Records and Clinical Trials: An Incentive to Integrate.

The Argument

In the article, I make the argument that clinical trials should play a bigger role in whether or not to purchase eHR software because:

  • The potential profit from participating in clinical trials is so large that it dwarfs the HITECH Act incentives;
  • eHRs make clinical trial participation much easier than in the past; and,
  • eHR software has the potential to solve many of the problems that clinical trials face.

Editors Note: So, let’s try to spark some discussion on this oft-ignored topic. And, feel free to contact the author.

Chris Thorman
Senior Marketing Manager
Software Advice
(512) 364-0118
chris@softwareadvice.com

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Check out the essay and tell us what you think. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Filed under: Information Technology, Practice Management, Research & Development | Tagged: , , , , , , , | 2 Comments »

Ease Up – Managing Editor Bob Mitchell

Posted on March 18, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

By Darrell K. Pruitt; DDS

[picapp align=”none” wrap=”false” link=”term=doctors+computers&iid=131173″ src=”0127/4caf5e52-a89a-4ddb-a0b2-bf4b6789c92b.jpg?adImageId=11344576&imageId=131173″ width=”414″ height=”413″ /]

Two days ago, ADVANCE for Health Information Executives’ managing editor Bob Mitchell publicly criticized the author of last week’s Parade Magazine article, “Electronic Health Records Face Critics.” Personally, I thought it was cowardly for the editor to accuse Drew Jubera of journalistic recklessness without mentioning his name.

http://community.advanceweb.com/blogs/hx_1/archive/2010/03/16/critics-ehrs-don-t-save-money.aspx

According to Jubera

Jubera wrote:

“A new Harvard Medical School study suggests that electronic health records do not save hospitals money—and in fact often end up increasing costs. The Obama Administration has allocated $19 billion in federal stimulus funds to facilitate the shift from paper to electronic records – a move the Rand Corporation has projected could save up to $80 billion a year. Yet the Harvard study found no evidence of savings so far and little evidence that electronic records improve care.”

http://www.parade.com/news/intelligence-report/archive/100314-electronic-health-records-face-critics.html

Dis-Respects Harvard

Incredibly, Bob Mitchell discounts the Harvard Medical School study as being dated research – even though it is less than 5 months old. “I did some research and found that this study was released back in November 2009, even before meaningful use of an eHR had been defined by [ONCHIT] – or the Office of National Coordinator of Health IT.” As if defining meaningful use was meaningful! That’s humor.

Dis-Respects Parade

Furthermore, editor Mitchell has taken on the responsibility to shield his readers from harm caused by Parade Magazine authors whose ethics fall short of acceptable.

He writes:

“I’m concerned that the public is not being served and they will get the wrong impression of computers in health care, especially if it’s being reported by Parade, which reports celebrity, entertainment and health news.”

Of Healthcare Providers

Not so fast with those tricky pronoun phrases, Bob. Rather than being merely a healthcare stakeholder like you, I’m actually the healthcare provider whom you would have fund your enthusiasm. I think your broad statement that “all of us in healthcare know that digital is much better than paper” is journalistically foolish. In addition, your creativity threatens society much more than alleged exaggerations in Parade Magazine. You not only write about HIT as a career, but people generously call you a managing editor.

eMRs in Dentistry 

The next time you feel important enough to quietly insult writers on behalf of providers like me, remember that eMRs in dentistry will not save money over paper records and will unnecessarily increase the risk of identity theft for my patients … unless you disagree.

It would thrill me if you want to publicly debate the value of electronic dental records (How much do you know about dentistry?)

Assessment

For example, do you realize that if a computer containing thousands of patients’ identifying data is stolen in a burglary, and the dentist, or physician, does the right thing and reports the data breach, he or she will likely be bankrupt even before the HIPAA inspections and lawsuits?

The Ponemon Institute estimates that it will cost about $50 per record just to notify affected patients. A few weeks ago, the HHS was obligated to release information that a burglar stole a computer containing more than 9,000 records from a Missouri dental practice. Just to notify the affected patients will cost the practice almost half a million dollars. But wait. That’s not all. Since the loss involves over 500 individuals, news of the breach must be provided as a press release to the local media. As goes the dentist’s reputation, so goes the dentist’s career – all because of a simple burglary.

Conclusion

So what were you saying about dangerous, biased articles in Parade Magazine? The author whose ethics you criticize has a name. It is Drew Jubera. He’s an award-winning staff member of the Atlanta Journal-Constitution, in Atlanta GA – home of this ME-P.  I’ll make sure he also gets this message.

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Donate: www.e-junkie.com/ecom/gb.php?c=cart&i=641232&cl=109140&ejc=2

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Filed under: Ethics, Information Technology, Op-Editorials, Pruitt's Platform, Quality Initiatives | Tagged: , , , , , , , , , , , , , , , | Leave a comment »

Are You Prepared for a HIPAA Dental Audit?

Posted on February 26, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Why – or Why Not?

By D. Kellus Pruitt; DDS

If you are a dentist and pay ADA dues year after year to be kept better informed about protecting your patients as well as your practice, your ignorance of HIPAA is not entirely your fault. The ADA clearly dropped the ball. Nevertheless, you could still suffer fines as high as $1.5 million for what our leaders failed to emphasize.

It’s time members accept the shameful truth about the ADA Department of Dental Informatics, headed by Ms. Jean Narcisi. Narcisi, working under the direction of ADA Sr. Vice President Dr. John Luther, has been abysmally negligent in preparing members for HITECH HIPAA, and now the compliance deadline is only days away. It’s been months since any information about HIPAA has been published in any ADA publications. Why?

HIPAA Avoidance 

Why do ADA leaders avoid discussing HIPAA? They are ashamed, not unlike embarrassed scam victims. About six years ago, Newt Gingrich visited ADA Headquarters and “lied” to ADA Delegates about the future of eHRs in the US. Then he bribed the ambitious career bureaucrats in the crowd with millions of dollars in federal grants to play along with the scam. I can only imagine that the Delegates must have been star-struck by the former Speaker of the House, because nobody dared asked the tough questions.

Newt’s Slick

So here I am, Ms. Jean Narcisi. I’m again doing your job because your mistakes I pointed out years ago now have you frozen in shame. If you disagree, and consider self-respect as something worth defending, let’s discuss your innocence in front of everyone – including the ADA members who pay your salary. Or, you can continue to hide from your responsibilities. This crap will catch up with you soon enough, Ms. Narcisi, and Dr. Luther no longer has the courage to stick his neck out to protect you. He’s also scared of me. You are alone.

Newsletters 

Dom Nicastro, senior managing editor at HCPro, edits the Briefings on HIPAA and Health Information Compliance Insider newsletters. He posted an informative article on HealthLeadersMedia.com today titled “HIPAA Compliance Questions to Ask as HITECH Date Nears.”

http://www.healthleadersmedia.com/page-1/TEC-246514/HIPAA-Compliance-Questions-to-Ask-as-HITECH-Date-Nears

The article features Chris Apgar, CISSP, president, Apgar & Associates, LLC, in Portland, Oregon. Mr. Apgar notes that “many covered entities and business associates have consistently failed to comply with the HIPAA Security Rule.” Apgar adds, “I find this over and over when conducting compliance audits.”

The lack of compliance described by Apgar is consistent with the results from my study in 2008, “HIPAA Rules and Dentistry.”

https://medicalexecutivepost.com/wp-content/uploads/2008/08/hipaa-survey-dentists4.pdf

Study Abstract

A survey of 18 dentists was performed using the Internet as a platform. The volunteer dentists’ anonymity was guaranteed. The dentists were presented with ten HIPAA compliancy requirements followed by a series of questions concerning their compliancy as well as the importance of the requirements in dental practices.

The range of compliancy was found to be from 0% for the requirement of a written workstation policy to 88% for that of password security. The average was 49%, meaning that less than half of the requirements are being respected by the dentists in this sample.

Frustrated at Mandates

Frustration with the tenets of the mandate, as well as open defiance is evident by the written responses. In addition, it appears that a dentist’s likelihood of satisfying a requirement is related to the dentist’s perceived importance of the requirement. Even though this is a limited pilot study, there is convincing evidence that more thorough investigation concerning the cost and benefits of the requirements need to be performed before enforcement of the HIPAA mandate is considered for the nation’s dental practices. 

HIPAA

Questions to Consider

Apgar says that the security rule requires covered entities to consider these questions:

  • Has a risk analysis been conducted lately? Was it properly documented? Were damages mitigated and were the risks acceptable?
  • Is privacy/security training current? Have new workforce members who will have access to personal health information (PHI) been adequately trained? Has refresher training for all staff been accomplished? Have security reminders been provided?
  • Are the office policies and procedures complete, current and enforceable? Are workforce members trained on the policies and procedures they are required to respect?
  • Has a comprehensive audit program been implemented? (The security rule requires three periodic audits and an “evaluation” or compliance audit). Are evaluations current? Have audit findings been addressed and documented?
  • Have up to date disaster recovery and emergency mode operations plans been communicated and recently tested?
  • Are CMS’ remote access guidelines being followed? (These are not part of the rule, but CMS earlier indicated remote access management would be included as audit criteria).
  • Are data in transit and data at rest encrypted? Are non-electronic PHI being protected?

Office of Civil Rights

Mr. Apgar adds that even though the Office of Civil Rights isn’t saying when audits will start, if a complaint is filed with OCR alleging ”willful neglect,” OCR is mandated by statute to investigate. The fines for “willful neglect” are much more devastating than fines for simple carelessness. And “willful neglect” is a subjective judgment call made by inspectors … who work on commission.

Assessment

Unfortunately for the nation’s dentists, the statute invites disgruntled patients and employees to celebrate revenge via federal inspectors. And, the more dentists are fined, the more the inspectors make. That can’t end well. Where are you hiding, Jean Narcisi? You’ve been silent far too long. Let’s talk. Don’t make me come get you.

Editor’s Note: The applicability of this post to all medical specialties is obvious.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product Details 

Filed under: Health Law & Policy, Information Technology, Practice Management | Tagged: , , , , , , , , , , , , , , , , , , | 14 Comments »

Protected Health Information Data Breaches

Posted on February 24, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Affecting 500 or More Individuals

[By Staff Reporters]

As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.

The following breaches have been reported to the Secretary of the US Department of Health and Human Services [DHHS].

Full Report

This link was sent in by our own investigative reporter Darrell K. Pruitt, DDS.

Link: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html

Assessment

Shall we await a response from Kathleen Sebelius, who was sworn in as the 21st Secretary of the Department of Health and Human Services (HHS) on April 28, 2009?

Currently, she leads the principal agency charged with keeping Americans healthy, ensuring they get the health care they need, and providing children, families, and seniors with the essential human services they depend on. She also oversees one of the largest civilian departments in the federal government, with nearly 80,000 employees.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct Details

Product Details

Filed under: Breaking News, Information Technology, Pruitt's Platform, Quality Initiatives | Tagged: , , , , , , , , , , | 14 Comments »

The Time Costs of Internal HIPAA Complaints

Posted on February 21, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

On Hospital Compliance

By Staff Reporters

The privacy regulations of HIPAA require that each hospital have an internal process to allow an individual to file a complaint concerning the covered entity’s compliance with privacy policies and procedures. This requires hospitals to designate a contact person to be responsible for receiving and documenting the complaint as well as the disposition.

A formal response to the person is not required as part of this rule; therefore it is estimated that each complaint, even though rare, will take ten minutes to document.

Recent Data

Recent data reveals that the most frequent complaints received either by hospitals or ultimately by DHHS include the following:

  • impermissible use or disclosure of individual PHI (most occurrences were curiosity or accidental, yet were reported);
  • lack of safeguards to protect PHI;
  • refusal or failure to provide an individual with access to or a copy of his or her record;
  • disclosure of more information than is minimally necessary; and
  • failure to have the individual’s valid authorization for a disclosure that requires one.

Assessment

Most hospitals have documented and logged such complaints; have reviewed the situation; and have resolved the problem internally.

Conclusion

And so, your thoughts and comments on this ME-Pare appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Physician Advisors: www.CertifiedMedicalPlanner.org

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details

Product Details

Filed under: Health Law & Policy, Sponsors | Tagged: , , , , , | 7 Comments »

Sales of Dental Equipment and eDRs Down

Posted on February 20, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Peterson Dental Supply Reveals a Decline

By Darrell K. Pruitt; DDS

Yesterday, Kevin Henry posted “Dental news of the day for Thursday, Feb. 18” on the DentistryiQ Blog.

The source for the day’s dental news was a sales report provided by Patterson Dental Supply.

http://community.pennwelldentalgroup.com/profiles/blogs/dental-news-of-the-day-for

Soft Sales

“Sales of dental equipment and software declined 10% from the year-earlier level, which was consistent with Patterson’s forecast for this period.”

If one remembers the economy at the last of 2008, it is not difficult to understand why Patterson’s analysts forecast that sales of dental equipment would drop. But, how did they know that sales of Patterson EagleSoft, their clinical and practice management software would also fall by 10%? I find it interesting that their accurate prediction was made shortly after Patterson announced the release of EagleSoft Version 15.00 on October 10, 2008. That must have been discouraging to EagleSoft employees.

When is the last time you’ve heard of a company roll-out of a new version of software – expecting it to be even less successful the previous version? That’s interesting.

Health Policy and Politics 

What makes Patterson’s valiant prediction of a decline in software sales even more remarkable is that a year ago, President-elect Barack Obama was giddy enthusiastic for digital health records, which includes Patterson’s EagleSoft. Not to say I told you so [maybe-a-little], but Patterson’s analysts obviously recognized what I did long before: Digital dental records are losing popularity among dentists. What’s more, none of my patients have ever said that they wish I had digital dental records. Dental patients simply do not desire them.

As a matter of fact, some have expressed relief that my paper records are more secure than anyone’s digital records. They also like not having to sign HIPAA forms – a meaningless waste of trees and appointment time.

Insightful or clueless dentist?

Assessment 

A year after Patterson privately admitted doubt about paperless dental practices, the slow-moving ADA House of Delegates met in Hawaii in October ‘09 and officially encouraged ADA members to adopt eDRs. Why doesn’t the American Dental Association know at least as much about dentistry as Patterson Dental?

This is an intriguing time in dental history. I can’t wait until the ADA opens up about their mistakes in dental informatics. One of these days we’ll all have a good laugh about their lame, expensive shenanigans.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct Details

Filed under: Information Technology, Practice Management, Pruitt's Platform | Tagged: , , , , , , , , , , , , | 7 Comments »

Access Management in the Hospital Check-In and Admissions Setting

Posted on February 5, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

The Role of Operational Activity Based Cost Management

By Dr. David Edward Marcinko; MBA, CMP™

[Editor-in-Chief]

www.HealthcareFinancials.com

In order to be paid and maintain cash flow, hospitals and clinics set up levels of specialization. The result is usually more handoffs, delays, eroding financial positions, and a frustrated set of patients and physicians. Much seems out of control. When you factor in the maze of Health Insurance Portability and Accountability Act (HIPAA) technologies, it becomes overwhelming. Now, consider these operational inefficiencies in light of Obama Care?

Access Management

At the hub of the patient hospital or clinic experience is admitting or registration. This department collects information for clinicians treating the patient, meets Joint Commission standards and other requirements, facilitates medical record documentation, patient flow, revenue capture, billing and collections, and ultimately begins to settle accounts. The access management area has numerous customers in addition to the doctor, patient, or family member sitting across from them.

Increasing HR Complexity

Without the benefit of relevant information, managers attempt to staff access management departments based on past history — namely, if patient and physician complaints are not too high, there is probably enough staff. However, staffing in access management has not kept up with the increased demands and complexity of the process, and other hospital areas often suffer. Clinicians and medical records personnel must often deal with incomplete or incorrect information, and take up the slack.

Beware Un-Happy Stakeholders

All of these deficits make for an unhappy set of customers (physicians and patients) as they continually live with the repercussions of inaccurate and incomplete information. This does not go unnoticed by patients and physicians, as these situations erode confidence in the hospital’s ability to get things done correctly.

Emotional Touch Points

Access Management is the clinic or hospital’s first chance to create an “emotional contract” with the customer. It is here that the tone is set for the patient on the issues with respect to his or her hospitalization. And it is here that the provider has the chance to begin working on the patient’s behalf so that clinical outcomes are appropriate. All of this must happen in an environment that minimizes the likelihood of an unfavorable occurrence, and outside the realm of the complex legal requirements established by state and federal officials.

Tips from the Manufacturing Sector

So why are there unresolved issues in the access management area? In a manufacturing environment, if there are problems on the front-end design, huge problems ripple downstream in terms of recalls, warranty-related expenses, lawsuits, and customers that abandon the company’s products. world -class manufacturers dealt with these issues with their ISO-9000, Total Quality Management (TQM), and Six Sigma programs during the ’80s and ’90s. Hospitals, however, have allowed issues in their access management process to fester and create huge and costly problems in the downstream process. 

Assessment

In an effort to help solve access management issues, every provider must take a proactive role in dealing with the trend. The first step in this journey is healthcare administrator and physician-executive assessment.

This assessment is not a management engineering set of time studies aimed at micro-costing every second of work. The critical path information needed for this plan is reasonable and collected in a few days by talking to the people performing the work. Estimates are gathered based on workers’ views about how they spend their time. This information is combined with available workload measures and general ledger cost information, and activity-based reports are produced.

Conclusion

Going forward, ABCM it is an exercise in operational planning. Activity-based information is used to look at areas where work can be restructured so errors and rework can be eliminated. New technologies that target problematic activities are selected and implemented. Outside companies that can perform complex activities more economically can be used (e.g., www.ICMS.net).

Join Our Mailing List

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Filed under: CMP Program, iMBA, Inc., Practice Management | Tagged: , , , , , , , , , , , | 2 Comments »

Understanding the Healthcare Fraud and Abuse Control Program

Posted on December 4, 2009 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

A Joint Project Between the OIG and DOJ

PT

By Patricia Trites; MPA, CHBC, CPC

The Healthcare Fraud and Abuse Control (HCFAC) program is a joint project between the Office of Inspector General [OIG] and the Department of Justice (DOJ).

Functions

The primary functions are to coordinate federal, state, and local enforcement in controlling healthcare fraud, and to conduct investigations relating to delivery and payment of healthcare services, and oversee Medicare and Medicaid exclusions, civil money penalties, and the anti-kickback law. The program is also designed to provide opinions, alerts, and a means for reporting and disclosing final adverse actions against healthcare providers.

HIPAA Policies

HIPAA established the Health Care Fraud and Abuse Control Account within the Medicare Part A Trust Fund and funds DOJ and DHHS activities for operation of the HCFAC. In addition to federal appropriations, the fund receives a portion of funds collected from healthcare fraud and abuse penalties and fines. HIPAA also authorizes funds from general revenues for the Federal Bureau of Investigation (FBI) to combat healthcare fraud and abuse.

Assessment

Anti-fraud and abuse provisions were also included in the Balanced Budget Act of 1997 and the Deficit Reduction Act [DRA] of 2005, and annotated and

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product Details

Filed under: Career Development, Health Law & Policy, Healthcare Finance, Professional Liability | Tagged: , , , , , , , , , , , , , , , | 17 Comments »

About the Scribbos Secure Communication Platform

Posted on December 1, 2009 by Dr. David Edward Marcinko MBA MEd CMP™

What it is – How it works

By Staff Reporters

Scribbos is a secure business communications solution that enables clients to easily and quickly send confidential messages or large files to colleagues, business partners or outsourced service providers.

Scribbos uses an intuitive email-like interface that provides secure communications whether sending a confidential message, or a file with sensitive or proprietary information. Additionally, as most financial and covered healthcare entities must comply with federal and industry regulations, Scribbos helps maintain compliance with all mandates whether corporate, federal or industry-specific [Sarbanes-Oxley and HIPAA, etc].

Several Industry Verticals

Scribbos offers four industry specific and scaleable verticals for healthcare, insurance, finance and professional services; all centers of focus for the ME-P subscriber. For example:

1. The financial vertical enables providers to securely send company financials, accounting reports, internal systems transfers, payments and remittances, etc.

2. The healthcare vertical enables providers to confidentially send personal healthcare information, claims adjudication, eligibility, billing information, insurance claims, X-rays, medical necessity documentation, PHR (Personal Health Records) and eMRs (Electronic Medical Records), etc

3. The insurance vertical enables providers to encrypt policy information, payments, enrollments and claims information, etc.

4. The professional vertical is ideal for healthcare attorneys.

Assessment

So give www.scribbos.com a click today, and tell us what you think?

Conclusion

Join Our Mailing List

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com 

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Filed under: Health Insurance, Health Law & Policy, Healthcare Finance, Information Technology, Insurance Matters | Tagged: , , , , , | Leave a comment »

Promoting the “Minimum Necessary” Rule

Posted on November 30, 2009 by Dr. David Edward Marcinko MBA MEd CMP™

Understanding HIPAA Security Standards

By Richard J. Mata; MD, MS

www.HealthcareFinancials.com

One concept that is stressed by HIPAA is the “minimum necessary” rule, which states the minimum use of personal health information [PHI] that can be used to identify a person, such as a social security number, home address, or phone number. Only the essential elements are to be used in transferring information from the patient record to anyone else that needs this information. This is especially important when financial information is being addressed. Only the minimum codes necessary to determine the cost should be provided to the financial department. No other information should be accessed by that department. Many institutions have systems where a registration or accounting clerk can pull up as much information as a doctor or nurse, but this is now against HIPAA policy and subject to penalties.  The “minimum necessary” rule is also changing the way software is set up and vendor access is provided. 

Chain of Custody

Another challenging task is keeping up with the number of people who access PHI, because the privacy regulations allow a patient to receive an accounting of anyone who has accessed their information, both internally [within your hospital, Emerging Health Organization, or medical practice) and externally [such as through your business associates]. The patient has the right to know who in the lengthy data chain has seen their PHI. This sets up an audit challenge for the medical organization, especially if the accountability is programmed internally.  When other business associates use this PHI without documenting access to a specific patient’s PHI, no one would be accountable for a breach in privacy.

Enter the Designated Record Set

One way to track access is through a designated record set, which contains medical or mixed billing records, and any other information that a physician and/or medical practice utilizes for making decisions about a patient.  It is up to the hospital, EHO, medical practice, or healthcare organization to define which set of information comprises “protected health information” and which does not, though logically this should not differ from locale to locale. 

Assessment

Overlaps from the privacy regulations that are also addressed in the security regulations are access controls, audit trails, policies on e-mail and fax transmissions, contingency planning, configuration management, entity and personal authentication, and network controls.  For more information about the Security Standards final rule, reference the Federal Register.

Conclusion

In the age of Twitter, IMing, blogging and texting, some young doctors are forgetting the basic fundamentals of patient privacy. And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com 

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Filed under: Health Insurance, Health Law & Policy, Information Technology | Tagged: , , , , , , | 1 Comment »

Notice of Healthcare Privacy Practices Explained

Posted on November 27, 2009 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

NPP “Game Changer” Replaced Use of Consents

Dr. Mata

[By Richard J. Mata; MD, MS]

In its most visible change, the privacy regulations of HIPAA require covered health entities to provide patients with a Notice of Privacy Practices (NPP).

The NPP replaces the use of consents, which are now optional, although they are recommended.

The NPP outlines how PHI is to be regulated, which gives the patient far-reaching authority and ownership of their PHI, and must describe, in general terms, how organizations will protect health information.

THE NPP Specifics

The NPP specifies the patient’s right to the following:

  • gain access to and, if desired, obtain a copy of his or her own health records;
  • request corrections of errors that the patient finds (or include the patient’s statement of disagreement if the institution believes the information is correct);
  • receive an accounting of how their information has been used (including a list of the persons and institutions to whom/which it has been disclosed);
  • request limits on access to, and additional protections for, particularly sensitive information;
  • request confidential communications (by alternative means or at alternative locations) of particularly sensitive information;
  • complain to the facility’s Privacy Officer if there are problems; and
  • pursue the complaint with DHHS’s Office of Civil Rights if the problems are not satisfactorily resolved.

A copy of the NPP must be provided the first time a patient sees a direct treatment medical provider, and any time thereafter when requested or when the NPP is changed. On that first visit, treatment providers must also make a good faith effort to obtain a written acknowledgement, confirming that a copy of the NPP was obtained. Health plans and insurers must also provide periodic Notices to their customers, but do not need to secure any acknowledgement. Most Health Information Management departments that oversee the clinical coding of medical records also manage the NPP documentations and deadlines, but this may vary from hospital to hospital, or office to office.

Assessment

HIPAA requires no other documentation from the patient in order for information to be used or disclosed for basic functions, like treatment and payment, or for a broad range of other core healthcare operations. State laws may nonetheless require some kind of consent/authorization form from the patient for these purposes [It is common for institutions to claim, incorrectly, that HIPAA does].

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Filed under: Health Law & Policy, Information Technology | Tagged: , , , , , , , , , , , | 1 Comment »

HCG Forecast: Fall/Winter 2009 Edition

Posted on November 18, 2009 by Dr. David Edward Marcinko MBA MEd CMP™

The Health Care Group  

By Cheryl Sprows

Three new topics in this issue:

 

  1. New Regulations for Business Associates
  2. New Breach Notification Requirement under HIPAA
  3. Workplace Harassment – Did you hear the one about?

Link: https://www.thehealthcaregroup.com/Productdownloads/2009fallwinterforecast.pdf

Visit HCG’s website: http://www.thehealthcaregroup.com

Channel Surfing

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register.  

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com 

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Filed under: Breaking News, Career Development, Health Law & Policy, Monthly Reports | Tagged: , , | Leave a comment »

Don’t Hide a Security Breach if You Can’t Do the Time

Posted on November 15, 2009 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

When Will Costs Outweigh Health Information Technololgy?

[By Darrell K. Pruitt; DDS]pruitt

At what point will security data breaches become so costly that dentists will abandon computerization and return to pegboards and ledger cards?

Senate Judiciary Committee

A week ago, the Senate Judiciary Committee approved two separate bills which would mandate that dentists who store digital PHI notify patients if their data is breached. Of course, that would be the ethical thing to do anyway, wouldn’t it?

Senate Bill 139, also known as the Data Breach Notification Act, was introduced by Dianne Feinstein of California and is similar to existing state notification bills – including California’s own landmark Bill 1386 which set the standard 7 years ago.

Two Hundred Ten Dollars Cost – Per Record – for Notification

Considering that in October, the Ponemon Institute reported that it costs an estimated $210 per record to notify patients of a breach, there are a lot of angry lawmakers who are missing the point. Mandated fines for a breach are meaningless. Simply notifying thousands of patients of a breach will bankrupt any dental practice, even if it is an insurance company employee who loses a laptop computer containing a dentists’ patients’ personal data – like a BCBS employee did recently with over 800,000 physicians’ personal information.

Personal Data Privacy and Security Act 

Even now, a dentist whose practice is a victim of a breach, whether it is from stolen computer, hacker or dishonest employee, might take a quick look at the notification path to certain bankruptcy and gamble that patients’ data won’t be used before hiding the incident. That is why Senator Patrick Leahy of Vermont has sponsored the other breach bill which reflects the prevailing attitude of frustrated constituents throughout the nation. It is known as the Personal Data Privacy and Security Act.

Leahy is more concerned with punishment than with breaches themselves. In addition to a fine, he would establish a jail term of up to five years for failing to disclose a breach when required.

http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=111_cong_bills&docid=f:s1490is.txt.pdf

§ 1041. Concealment of security breaches involving sensitive personally identifiable information 

‘‘Whoever, having knowledge of a security breach and of the obligation to provide notice of such breach to individuals under title III of the Personal Data Privacy and Security Act of 2009, and having not otherwise qualified for an exemption from providing notice under section 312 of such Act, intentionally and willfully conceals the fact of such security breach and which breach causes economic damage to 1 or more persons, shall be fined under this title or imprisoned not more than 5 years, or both.” 

If dentists want to continue to use computers in their practices, Leahy would have them put serious skin into the game. The bill was read twice and referred to the Committee on the Judiciary.

On the ADA Advocacy page, dental leaders still maintain that electronic dental records will lower the cost of dentistry. And as recently as last month, the ADA House of Delegates again publicly endorsed the adoption of eDRs, yet still neglect to adequately warn ADA members of their dangers, now including possible imprisonment.

Assessment

ADA President Dr. Ron Tankersley is already irrelevant.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Product DetailsProduct Details

Filed under: Health Law & Policy, Information Technology, Practice Management, Pruitt's Platform | Tagged: , , , , , , , , , , , , , | 13 Comments »

Update on HIPAA Administrative Simplification

Posted on November 6, 2009 by Dr. David Edward Marcinko MBA MEd CMP™

New Enforcement Rules

Federal Register: October 30, 2009 [Volume 74, Number 209]

Rules and Regulations – Page 56123-56131

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

DOCID: fr30oc09-12typewriter

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary

45 CFR Part-160 [RIN 0991-AB55]

HIPAA Administrative Simplification: Enforcement

AGENCY: Office of the Secretary, HHS.

ACTION: Interim final rule; request for comments

SUMMARY:

The Secretary of the Department of Health and Human Services (HHS) adopts this interim final rule to conform the enforcement regulations promulgated under the Health Insurance Portability and

Accountability Act of 1996 (HIPAA) to the effective statutory revisions made pursuant to the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), which was enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA).

More specifically, this interim final rule amends HIPAA’s enforcement regulations, as they relate to the imposition of civil money penalties, to incorporate the HITECH Act’s categories of violations, tiered ranges of civil money penalty amounts, and revised limitations on the Secretary’s authority to impose civil money penalties for established violations of HIPAA’s Administrative Simplification rules (HIPAA rules). This interim final rule does not make amendments with respect to those enforcement provisions of the HITECH Act that are not yet effective under the applicable statutory provisions. Such amendments will be subject to forthcoming rulemaking(s).

Assessment

Join Our Mailing List

Link: http://edocket.access.gpo.gov/2009/E9-26203.htm

Conclusion

And so, your thoughts and comments on this Medical Executive-Post are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct Details

Filed under: Information Technology, Practice Management | Tagged: , , , | 4 Comments »

Ask an Advisor about “Meaningful-Use”

Posted on October 4, 2009 by Dr. David Edward Marcinko MBA MEd CMP™

Do dentists qualify for “meaningful use” incentives under ARRA?

By Ann Miller; RN, MHA

[Executive Director]

Chairman's Seat

A simple and direct query asked by an ME-P subscriber.

Channel Surfing

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. 

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct Details

Product Details

Filed under: "Doctors Only", Information Technology | Tagged: , , , , , , , , , | 13 Comments »

Encrypt or De-identify PHI

Posted on September 28, 2009 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

Which One Just Might Work?

[By Darrell K. Pruitt; DDS]pruitt

The United States’ advancement in Healthcare Information Technology, which has the potential to lead to wonderful money-saving cures through research using trustworthy interoperable health records, is currently stopped cold by patient security problems that are only getting worse. Our lawmakers cannot get around the security obstacle without resorting to authoritarian means using CMS’s power to withhold providers’ discounted payments and threats of obscene fines from the HHS and the FTC. History shows that tyranny is not tolerated well in this part of the world. Lawmakers can get their butts voted smooth out of office in my neighborhood.

HITECH  

Here is something nobody mentions: Despite the current hope in a thick, political fantasy called HITECH, encryption of patients’ Protected Health Information [PHI] is a non-starter in the land of the free. Everyone knows that resourceful, cynical Americans will simply never trust encryption to protect their secrets, and will reliably withhold important information from their eMRs – one way or another. Doctors as well as patients can be expected to go out of their way to sabotage technology they fear. We all intuitively know this is true, don’t we? We aren’t so naïve to think all the players will happily play by the rules, are we? And I think we can all agree that an untrustworthy digital health record in an emergency room is worse than no patient information at all. Security is a grand problem with eMRs that started with HIPAA changes in 2003 that made eHRs so slippery. And the problem is clearly not being resolved. Not yet.

Public Lacks Trust 

Regardless of the campaign donations which follow him, there is nothing Newt Gingrich and his entrepreneurial friends in high places can do about the public’s lack of trust in encryption. It gets worse: Encryption hasn’t a chance of isolating PHI from dishonest employees in doctors’ offices, and slippery digital patient data can be moved soo easily. Everyone knows that as well, don’t they? It is estimated that two-thirds of the identities stolen in the nation are lifted from doctors’ offices. That’s us, Doc. HIPAA is not only irrelevant, it is an expensive distraction – it gives future ID theft victims a false sense of security.

HIPAA Approved 

De-identifying digital records is not mentioned in HITECH as a HIPAA-approved method of security. Yet it is the ONLY solution that promises to be even more secure than paper records. Because of heavy stakeholder stakes in hospital care, it will take longer for CEO-types to embrace patient-friendly de-identification. Other than identifiers such as names, social security numbers, birthdates, addresses and other items that have street value, NOBODY cares what is in a dental record. I actually think this opens a tremendous opportunity for someone courageous in the Texas Dental Association to discuss the feasibility of de-identification of dental records. Otherwise, instead of leading the nation in solving security problems, the TDA will look just as stupid as the ADA.

Encryption would also provide a dangerous false sense of security in eMRs – that is if it had a chance in the marketplace. But encryption will never go far because consumers simply won’t buy it. That is a marketplace fact that stoically optimistic HIT stakeholders are trying hard to avoid. They also know they are running out of time. Deadlines are quickly approaching for both HIPAA and the Red Flags Rule that providers are far from prepared for.

Former Attorney Speaks 

Bill Lappen, a former attorney and author of the ad I copied below, as well as a partner with his brother David in the de-identified health record venture says: “Since no identifying information is ever entered, a hacker can’t determine whose information is shown.”

So in addition to protecting one’s practice against dishonest or vindictive employees, de-identification of dental records would make hacking a dentist’s computer a complete waste of time, and hackers wouldn’t endanger dental patients and bankrupt dentists.

My Confidence 

I confidently tell you that soon, someone smart will come upon the unprecedented idea that the ultimate answer to our security problem in healthcare will be de-identification of medical records, not encryption. De-identification allows a compromise of privacy for only a miniscule percentage of physicians’ patients. We cannot allow that to stand in the way of better health for everyone else. Those special cases are so few that I am confident that they can be dealt with individually. We simply must move forward. I’ll have to retire some day. I may need help from Medicare.

Encryption gives us only danger and protects nobody but a thief with a key.

Assessment 

We’ve wasted enough time on HITECH and HIPAA, as well as CCHIT. It’s time to say no to stakeholders and pay attention to patients’ needs instead of those who would needlessly increase the cost of their care. Stimulus money attracts cockroaches.

In the name of Hippocrates, disregard the tainted HIPAA mandate. It is dangerous, and especially absurd in dentistry.

Link: http://www.theopenpress.com/index.php?a=press&id=58568

Life-Saving Patient Information can be Online, Anonymous and Usable

Published on: September 26th, 2009 12:19am

By: blappen

Los Angeles, CA (OPENPRESS) September 26, 2009 — Hospital Emergency Rooms need instant access to patient medical information. Allergic reactions and dangerous drug interactions can be deadly. Time is critical. Until now, privacy was a large concern. Two brothers, who have developed medical software over the past 15 years, think they have a simple first step towards moving patient information on to the internet.

“The ER doesn’t need to look up the information by patient name” said Bill Lappen, a former attorney. “We have implemented secure systems in the past, but no matter how secure we make the site, we have to assume that it will be hacked” added David Lappen, a computer design engineer from Stanford. “But providing instant access to life-saving information is too important to ignore”, he added. To protect patient privacy, their system does not know to whom the medical information belongs. Since the person’s identifying information is never on the system, it can’t be stolen. “By enabling anonymous entry, we have protected people’s privacy while allowing them to put their life-saving information in a place where it can be instantly accessed when needed”, added Bill Lappen.

www.AMCC.me is the public service website they created. It allows anyone to enter medical information anonymously. The site provides a random ID which the user carries in his/her wallet. For someone to see that user’s medical information, they merely enter the ID into the site. Unless the user has given them their ID, the information shown is meaningless. That same information, when associated with a patient, can save their life.

Since no identifying information is ever entered, a hacker can’t determine whose information is shown. “Secure patient-controlled Electronic Medical Records are now available on the internet” said David Lappen. A sample ID has been set up on the site to allow users to evaluate the concept before setting up their own free ID.

Contact:

Bill Lappen

Bill@AMCC.me

Join Our Mailing List

(818) 789-6531

Channel Surfing
Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Filed under: Ethics, Health Law & Policy, Information Technology, Op-Editorials, Pruitt's Platform | Tagged: , , , , , , , , , , , , , , , , , , , , , , | 3 Comments »

« Previous PageNext Page »