• Member Statistics

    • 848,541 Colleagues-to-Date [Sponsored by a generous R&D grant from iMBA, Inc.]
  • David E. Marcinko [Editor-in-Chief]

    As a former Dean and appointed University Professor and Endowed Department Chair, Dr. David Edward Marcinko MBA was a NYSE broker and investment banker for a decade who was respected for his unique perspectives, balanced contrarian thinking and measured judgment to influence key decision makers in strategic education, health economics, finance, investing and public policy management.

    Dr. Marcinko is originally from Loyola University MD, Temple University in Philadelphia and the Milton S. Hershey Medical Center in PA; as well as Oglethorpe University and Emory University in Georgia, the Atlanta Hospital & Medical Center; Kellogg-Keller Graduate School of Business and Management in Chicago, and the Aachen City University Hospital, Koln-Germany. He became one of the most innovative global thought leaders in medical business entrepreneurship today by leveraging and adding value with strategies to grow revenues and EBITDA while reducing non-essential expenditures and improving dated operational in-efficiencies.

    Professor David Marcinko was a board certified surgical fellow, hospital medical staff President, public and population health advocate, and Chief Executive & Education Officer with more than 425 published papers; 5,150 op-ed pieces and over 135+ domestic / international presentations to his credit; including the top ten [10] biggest drug, DME and pharmaceutical companies and financial services firms in the nation. He is also a best-selling Amazon author with 30 published academic text books in four languages [National Institute of Health, Library of Congress and Library of Medicine].

    Dr. David E. Marcinko is past Editor-in-Chief of the prestigious “Journal of Health Care Finance”, and a former Certified Financial Planner® who was named “Health Economist of the Year” in 2010. He is a Federal and State court approved expert witness featured in hundreds of peer reviewed medical, business, economics trade journals and publications [AMA, ADA, APMA, AAOS, Physicians Practice, Investment Advisor, Physician’s Money Digest and MD News] etc.

    Later, Dr. Marcinko was a vital and recruited BOD  member of several innovative companies like Physicians Nexus, First Global Financial Advisors and the Physician Services Group Inc; as well as mentor and coach for Deloitte-Touche and other start-up firms in Silicon Valley, CA.

    As a state licensed life, P&C and health insurance agent; and dual SEC registered investment advisor and representative, Marcinko was Founding Dean of the fiduciary and niche focused CERTIFIED MEDICAL PLANNER® chartered professional designation education program; as well as Chief Editor of the three print format HEALTH DICTIONARY SERIES® and online Wiki Project.

    Dr. David E. Marcinko’s professional memberships included: ASHE, AHIMA, ACHE, ACME, ACPE, MGMA, FMMA, FPA and HIMSS. He was a MSFT Beta tester, Google Scholar, “H” Index favorite and one of LinkedIn’s “Top Cited Voices”.

    Marcinko is “ex-officio” and R&D Scholar-on-Sabbatical for iMBA, Inc. who was recently appointed to the MedBlob® [military encrypted medical data warehouse and health information exchange] Advisory Board.

    entrepreneur

    Frontal_lobe_animation

  • ME-P Information & Content Channels

  • ME-P Archives Silo [2006 – 2021]

  • Ann Miller RN MHA [Managing Editor]

    ME-P SYNDICATIONS:
    WSJ.com,
    CNN.com,
    Forbes.com,
    WashingtonPost.com,
    BusinessWeek.com,
    USNews.com, Reuters.com,
    TimeWarnerCable.com,
    e-How.com,
    News Alloy.com,
    and Congress.org

    Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners(TM)

    Product Details

    Product Details

    Product Details

  • CERTIFIED MEDICAL PLANNER® program

    New "Self-Directed" Study Option SinceJanuary 1, 2020
  • Most Recent ME-Ps

  • PodiatryPrep.org


    BOARD CERTIFICATION EXAM STUDY GUIDES
    Lower Extremity Trauma
    [Click on Image to Enlarge]

  • ME-P Free Advertising Consultation

    The “Medical Executive-Post” is about connecting doctors, health care executives and modern consulting advisors. It’s about free-enterprise, business, practice, policy, personal financial planning and wealth building capitalism. We have an attitude that’s independent, outspoken, intelligent and so Next-Gen; often edgy, usually controversial. And, our consultants “got fly”, just like U. Read it! Write it! Post it! “Medical Executive-Post”. Call or email us for your FREE advertising and sales consultation TODAY [770.448.0769]

    Product Details

    Product Details

  • Medical & Surgical e-Consent Forms

    ePodiatryConsentForms.com
  • iMBA R&D Services

    Commission a Subject Matter Expert Report [$2500-$9999]January 1, 2020
    Medical Clinic Valuations * Endowment Fund Management * Health Capital Formation * Investment Policy Statement Analysis * Provider Contracting & Negotiations * Marketplace Competition * Revenue Cycle Enhancements; and more! HEALTHCARE FINANCIAL INDUSTRIAL COMPLEX
  • iMBA Inc., OFFICES

    Suite #5901 Wilbanks Drive, Norcross, Georgia, 30092 USA [1.770.448.0769]. Our location is real and we are now virtually enabled to assist new long distance clients and out-of-town colleagues.

  • ME-P Publishing

  • SEEKING INDUSTRY INFO PARTNERS?

    If you want the opportunity to work with leading health care industry insiders, innovators and watchers, the “ME-P” may be right for you? We are unbiased and operate at the nexus of theoretical and applied R&D. Collaborate with us and you’ll put your brand in front of a smart & tightly focused demographic; one at the forefront of our emerging healthcare free marketplace of informed and professional “movers and shakers.” Our Ad Rate Card is available upon request [770-448-0769].

  • Reader Comments, Quips, Opinions, News & Updates

  • Start-Up Advice for Businesses, DRs and Entrepreneurs

    ImageProxy “Providing Management, Financial and Business Solutions for Modernity”
  • Up-Trending ME-Ps

  • Capitalism and Free Enterprise Advocacy

    Whether you’re a mature CXO, physician or start-up entrepreneur in need of management, financial, HR or business planning information on free markets and competition, the "Medical Executive-Post” is the online place to meet for Capitalism 2.0 collaboration. Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds. THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
  • OIG Fraud Warnings

    Beware of health insurance marketplace scams OIG's Most Wanted Fugitives at oig.hhs.gov

Understanding the “Golden Ratio”

What it is – How it works!

[By staff reporters]

***

***

Phi is the basis for the Golden Ratio, Section or Mean

The ratio, or proportion, determined by Phi (1.618 …) was known to the Greeks as the “ dividing a line in the extreme and mean ratio ” and to Renaissance artists as the “ Divine Proportion ”

It is also called the Golden Section, Golden Ratio and the  Golden Mean.

MORE :https://www.goldennumber.net/what-is-phi/

Assessment: Your thoughts are appreciated.

***

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™8Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

 

On Protected Health Information [PHI]

How Secure is PHI?

[By staff reporters]

***

***

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements.

Book Marcinko: https://medicalexecutivepost.com/dr-david-marcinkos-bookings/

Subscribe: MEDICAL EXECUTIVE POST for curated news, essays, opinions and analysis from the public health, economics, finance, marketing, IT, business and policy management ecosystem.

DOCTORS:

“Insurance & Risk Management Strategies for Doctors” https://tinyurl.com/ydx9kd93

“Fiduciary Financial Planning for Physicians” https://tinyurl.com/y7f5pnox

“Business of Medical Practice 2.0” https://tinyurl.com/yb3x6wr8

HOSPITALS:

“Financial Management Strategies for Hospitals” https://tinyurl.com/yagu567d

“Operational Strategies for Clinics and Hospitals” https://tinyurl.com/y9avbrq5

***

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

HIPAA Cloud Solutions?

Join Our Mailing List 

On New-Wave Technology

Carol S. Miller

By Carol Miller RN MBA

To help hospitals and health systems comply with Health Insurance Portability and Accountability Act regulations, best practices are emerging for securing all electronic communication – cloud, wireless, and texting – of protected health information.

These new technologies will continually be evolving with hospitals, providers and patients move to new means of communication.  Below is a description of one.

Cloud Solutions

Cloud solutions are becoming a needed commodity in treating patients today but also present a risk to privacy and security violation.  Despite the advantages of cloud computing, organizations are often hesitant to use it because of concerns about security and compliance.

Specifically, they fear potential unauthorized access to patient data and the accompanying liability and reputation damage resulting from the need to report HIPAA breaches. While these concerns are understandable, a review of data on HIPAA breaches published by the HHS shows that these concerns are misplaced.

In fact, by using a cloud-based service with an appropriate security and compliance infrastructure, a facility can significantly reduce its compliance risk.

***

cloud-tech-1

***

Business-Associate Agreements

Because HIPAA compliance involves stringent privacy and security protections for electronic health information (PHI), many cloud providers are balking at signing new Business-Associate agreements.

Assessment

Most cloud-technology providers, such as Box and Dropbox, do not include the built-in privacy protections that guarantee HIPAA compliance. Because many cloud storage companies store plaintext data on their servers, PHI is especially vulnerable to breaches and compliance violations. 

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

PHI RansomWare Just Went Up!

Join Our Mailing List

1-darrellpruitt

[By Darrell K. Pruitt DDS]

Expect malware entrepreneurs to charge what the market will bear, again and again.

“OCR Releases Guidance on Ransomware: ‘Your Money or Your PHI’”. By Dianne J. Bourque for The National Law Review,” July 12, 2016

http://www.natlawreview.com/article/ocr-releases-guidance-ransomware-your-money-or-your-phi

Bourque: “A key component of the guidance provides a ransomware attack that encrypts a Covered Entity’s ePHI is presumed to be a breach. As ransomware can infect a Covered Entity’s entire system, this presumption may lead to enormous breach notification obligations.”

Bourque adds: “OCR indicates that when ePHI is encrypted as a result of a ransomware attack, a breach has occurred because the ePHI encrypted by the ransomware was acquired (i.e., unauthorized individuals took possession of the information) and is thus a ‘disclosure’ not permitted under the HIPAA Privacy Rule has occurred.”

When patients are notified of data breaches – for any reason – many will quietly change providers. According to The Ponemon Institute, loss of future income is the most costly result of lawfully reporting data breaches…. and ransomware attacks are at “epidemic” levels. I have heard dentists are paying the ransom quickly.

The disincentives to do the right thing were overwhelming providers even before the OCR’s recent ruling. Such is the ugly nature of extortion.

Assessment

Cha-ching! 

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

Update on HIPAA Cloud Solutions for Hospitals and Health Systems

Join Our Mailing List 

New-Wave Technology and PHI

Carol S. Miller

[By Carol Miller RN MBA]

To help hospitals and health systems comply with Health Insurance Portability and Accountability Act regulations, best practices are emerging for securing all electronic cloud communication of protected health information.

These new technologies will continually be evolving with hospitals, providers and patients move to new means of communication.

Cloud Solutions

Cloud solutions are becoming a needed commodity in treating patients today but also present a risk to privacy and security violation. Despite the advantages of cloud computing, organizations are often hesitant to use it because of concerns about security and compliance.

Specifically, they fear potential unauthorized access to patient data and the accompanying liability and reputation damage resulting from the need to report HIPAA breaches. While these concerns are understandable, a review of data on HIPAA breaches published by the HHS shows that these concerns are misplaced.

In fact, by using a cloud-based service with an appropriate security and compliance infrastructure, a facility can significantly reduce its compliance risk.

***

d1052a30277425_561bf03a44905

***

But, because HIPAA compliance involves stringent privacy and security protections for electronic protected health information (PHI), many cloud providers are balking at signing new Business-Associate Agreements.

Most cloud-technology providers, such as Box and Dropbox, do not include the built-in privacy protections that guarantee HIPAA compliance. Because many cloud storage companies store plain-text data on their servers, PHI is especially vulnerable to breaches and compliance violations.

HIPAA Not Aging Well

HIPAA was written nearly 20 years ago, before cloud health applications were even envisioned. Because of this, some areas of the law make it hard to determine which applications must be HIPAA- compliant and which are exempt.  Considering the numerous ways security breaches can occur with a cloud solution, it is no wonder that HHS is very leery about how PHI is handled on server farms in the cloud.

Assessment

Regardless of the storage modality – it is important to take all the steps possible to comply with HIPAA guidelines.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™ Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

Emerging New-Wave Cloud Technology for HIPAA

Join Our Mailing List

Securing Electronic Communication in the Cloud

[By Carol S. Miller BSN MBA PMP]

Carol S. MillerTo help hospitals and health systems comply with burdens of the Health Insurance Portability and Accountability Act [HIPAA] regulations, best practices are emerging for securing all electronic communication – cloud, wireless, and texting –  of protected health information.

These new technologies will continually be evolving with hospitals, providers and patients move to new means of communication.

And so, below is a very brief description of one: cloud solutions.

Cloud Solutions

Cloud solutions are becoming a needed commodity in treating patients today but also present a risk to privacy and security violation.  Despite the advantages of cloud computing, organizations are often hesitant to use it because of concerns about security and compliance.

Specifically, they fear potential unauthorized access to patient data and the accompanying liability and reputation damage resulting from the need to report HIPAA breaches. While these concerns are understandable, a review of data on HIPAA breaches published by the HHS shows that these concerns are misplaced.

In fact, by using a cloud-based service with an appropriate security and compliance infrastructure, a facility can significantly reduce its compliance risk.

***

USB drive

[A.I. and the “SINGULARITY”]*

***

Because HIPAA compliance involves stringent privacy and security protections for electronic protected health information (PHI), many cloud providers are balking at signing new Business-Associate agreements.

Most cloud-technology providers, such as Box and Dropbox, do not include the built-in privacy protections that guarantee HIPAA compliance. Because many cloud storage companies store plaintext data on their servers, PHI is especially vulnerable to breaches and compliance violations.

Note:

The SINGULARITY is that hypothetical moment in time when Artificial Intelligence [AI] will have progressed to the point of a greater-than-human intelligence.

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

ABOUT THE AUTHOR

  • Carol S. Miller; BSN, MBA, PMP
  • ACT IAC Executive Committee Vice Chair at-Large
  • HIMSS NCA Board Member
  • President – Miller Consulting Group
  • 7344 Hooking Road
  • McLean, VA 22101
  • Phone: 703-407-4704
  • Fax: 703-790-3257
  • email: millerconsultgroup@gmail.com

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

On Physicians Texting [SMS]

Join Our Mailing List 

Some Technical Considerations

By Carol Miller BSN RN MBA PMP [Miller Consulting]

Carol S. Miller

Text (SMS = Short Message Service) Messaging has become nearly ubiquitous on mobile devices. According to one survey, approximately 72 percent of mobile phone users send text messages (TMs).

Clinical medical care is not immune from the trend, and in fact physicians appear to be embracing texting on par with the general population. Another survey found that 73 percent of physicians text other physicians about work.

(Source:  Journal of AHIMA, “HIPAA Compliance for Clinician Texting”, by Adam Green, April 2012)

Advantages

Texting can offer providers numerous advantages for clinical care. It may be the fastest and most efficient means of sending information in a given situation, especially with factors such as background noise, spotty wireless network coverage, lack of access to a desktop or laptop, and a flood of e-mails clogging inboxes.

Further, texting is device neutral—it will work on personal or provider-supplied devices of all shapes and sizes. Because of these advantages, physicians may utilize texting to communicate clinical information, whether authorized to do so or not.

Risks

All forms of communication involve some level of risk. Text messaging merely represents a different set of risks that, like other communication technologies, needs to be managed appropriately to ensure both privacy and security of the information exchanged.

Text messages, like all digital data,  may reside on a mobile device indefinitely, where the information can be exposed to unauthorized third parties due to theft, loss, or recycling of the device. Text messages often can be accessed without any level of authentication, meaning that anyone who has access to the mobile phone may have access to all text messages on the device without the need to enter a password.

***

AA9tsnE

***

Texts also are generally not subject to central monitoring by the IT department. Although text messages communicated wirelessly are usually encrypted by the carrier, interception and decryption of such messages can be done with inexpensive equipment and freely available software (although a substantial level of sophistication is needed.

If text messages are used to make decisions about patient care, then they may be subject to the rights of access and amendment. There is a risk of noncompliance with the privacy rule if the covered entity cannot provide patients with access to or amend such text messages.

The Wireless Association

According to 2012 data from CTIA–The Wireless Association, U.S. citizens alone exchange nearly 200 billion text messages every month. So it’s not surprising that an increasing number of clinicians are using text messaging to exchange clinical information, along with a wide range of other modes — smartphones, pagers, computerized physician order entry, emails, etc. Electronic communication is certainly faster, can be more efficient, enhances clinical collaboration and enables clinicians to focus on patient care. But with these benefits comes an increased risk of security breaches.

(Source:  Clarifying the Confusion about HIPAA – Compliant Texting, by Megan Hardiman and Terry Edwards, May 2013)

Unfortunately, vendor hype about the Health Insurance Portability and Accountability Act [HIPAA] is causing many hospitals and health systems to implement stop-gap measures that address part — but not all — of a problem. To identify all vulnerabilities, health care leaders need to consider not only text messaging, but all mechanisms by which protected health information in electronic form is transmitted — as well as the security of those mechanisms.

Mobile device-to-mobile device SMS text messages are generally not secure because they lack encryption.  The sender does not know with certainty that his or her message is indeed received by the intended recipient.  In addition, telecommunications vendor/wireless carrier may store the text messages.

Recent HHS guidance indicates text messaging, as a means of communicating PHI, can be permissible under HIPAA depending in large part on the adequacy of the controls used.  A hospital or provider may be approved for texting after performing a risk analysis or implementing a third-party messaging solution that incorporates measures to establish a secure communication platform that will allow texting on approved mobile devices.

***

AA9tvIj

***

The Ponemon Institute

A study reported in Computer World in May 2013 by the Ponemon Institute with 577 healthcare and It professional in facilities that ranged from fewer than 100 beds to over 500 beds stated that fifty-one percent of the respondents felt HIPAA compliance requirements can be a barrier to providing effective patient care.

Specifically HIPAA reduces time available for patient care (85% of the respondents), makes access to electronic patient information difficult (79% of the respondents) and restricts the use of electronic mobile communications (56% of the respondents).

The study stated “respondents agreed that the deficient communications tools currently in use decrease productivity and limit the time doctors have to spend with patients. “ They also stated “they recognized the value of implementing smartphones, text messaging and other modern forms of communications, but cited overly restrictive security policies as a primary reason why these technologies were not used.”

Clinicians in the survey stated that only 45% of each workday is spent with patients; the remaining 55% is spent communicating and collaborating with other clinicians and using the electronic medical record and other clinical IT systems.

Several other statements made were:

  • Because of the need for security, hospitals and other healthcare organizations continue to use older, outdate technology such as pagers, email and facsimile machines. The use of older technology can also delay patient discharges – now taking an average of 102 minutes.
  • The Ponemon Institute estimated that the lengthy discharge process costs the U.S. hospital industry more than $3.189 billion a year in lost revenue, with another $5 billion lost through decrease doctor productivity and use of outdated technology. Secure text messaging could cut discharge time by 50 minutes.

(Source:  Computer World, “HIPAA rules, outdate tech cost U.S. hospitals $3.38 B a year”, by Lucas Mearian, May, 2013)

***

smart phone mobile ME-P

***

Assessment

Several suggestions offered for these preferred mobile devises are:  1) ensure encryption and access to individuals who need to have access; 2) use secure texting applications; and 3) even consider alerting employees with warnings before they send an email or share files that lets them know they are liable for the information sent

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

ABOUT CAROL MILLER; BSN, MBA, PMP millerconsultgroup@gmail.com ACT IAC Executive Committee Vice Chairwoman at-Large HIMSS NCA Board Member [President – Miller Consulting Group] Phone: 703-407-4704 and Fax: 703-790-3257

Ms. Carol S. Miller has an extensive healthcare background in operations, business development and capture in both the public and private sector. Over the last 10 years she has provided management support to projects in the Department of Health and Human Services, Veterans Affairs, and Department of Defense medical programs. In most recent years, Carol has served as Vice President and Senior Account Executive for NCI Information Systems, Inc., Assistant Vice President at SAIC, and Program Manager at MITRE. She has led the successful capture of large IDIQ/GWAC programs, managed the operations of multiple government contracts, interacted with many government key executives, and increased the new account portfolios for each firm she supported. She earned her MBA from Marymount University; BS in Business from Saint Joseph’s College, and BS in Nursing from the University of Pittsburgh. She is a Certified PMI Project Management Professional (PMP) (PMI PMP) and a Certified HIPAA Professional (CHP), with Top Secret Security clearance issued by the DoD in 2006. Ms. Miller is also a HIMSS Fellow.

Conclusion

How does this relate to emails? Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Health Data Breaches Multiplying

Join Our Mailing List

YET – Fines Remain Rare

By Charles Ornstein @charlesornstein

[ProPublica]

Federal health watchdogs say they are cracking down on organizations that don’t protect the privacy and security of patient records, but data suggests otherwise.

***

Fines Remain Rare Even As Health Data Breaches Multiply

***

data

***

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

More:

Even More:

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

Product DetailsProduct Details

Dentists for De-Identification

Join Our Mailing List 

A Start-Up Idea

[By Darrell K. Pruitt DDS]

1-darrellpruittAn early, shoestring proposal for a non-profit dedicated to common sense security solutions.

Why? if patients’ identities are unavailable, they cannot be hacked.

Recently, I’ve considered starting a non-profit dedicated to keeping patients’ identities off of dentists’ computers where they are far too easily fumbled thousands at a time. I think I might call it “Dentists for De-identification.” What do you think?

My son Ryan and I have discussed putting together an educational YouTube cartoon – comparing the cost, convenience and security of encrypted Protected Health Information (PHI), to storing PHI, including medical information, only on paper in bulky metal filing cabinets – leaving only nameless, unencrypted dental records on the computer. De-identification is the “other” HIPAA Safe Harbor, meaning if patients’ de-identified dental information is stolen or hacked, nobody has to be notified. And, since the patients’ nameless dental records remain unencrypted, de-ID should not slow down work flow like encryption does.

***

eHRs

***

One could call employing in-house reference numbers to re-connect patients’ digital dental information to paper-based PHI a hybrid solution to an otherwise intractable security problem. The solution is nothing new, and has a long history of success. For decades, police departments have been substituting in-house reference numbers for citizens’ names to protect the owners. I see no reason it cannot work for dental radiographs as well.

Depending on staff’s familiarity with the alphabet, pulling a patient’s thin paper record from a loud filing cabinet might even take less time than correctly typing in an encryption key (on the first try). What’s more, since there is a limit to the number of patients even the fastest dentists can treat in one day, 4000 or so active patients per dentist is a reasonable estimate of the number of records in a  busy dental practice – which is probably one third of the records in the average physician’s practice. Since the dental information remains digital and only a couple of sheets of paper are needed to reveal the patients’ reference number along with a brief medical history, very little filing space should be needed.

The problems with encryption don’t end with correctly entering the key. Once permitted access to encrypted ePHI, it will take much more time to de-crypt one radiograph than it takes to open a manila folder. Depending on the number of radiographs and other digital images – including complex cone-beam radiographs – a patients’ encrypted diagnostic history could require several minutes to view.

I would want to witness the De-ID non-profit professionally investigate whether de-identification indeed offers a cheaper and more secure solution to data breaches from dental offices. I think we all know by now that full disk encryption will never be the answer.

***

Medical Charts

***

Assessment 

Still too soon? Give it time. The FBI assures us that more massive data breaches are just around the corner.

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

More:

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

 

Enter the HIPAA Fear Mongers

Join Our Mailing List

Fear of HIPAA Sells

[By Darrelkl K. Pruitt DDS]

“The HHS Office for Civil Rights (OCR) can show up at your door and ask to perform an audit on short notice, and your organization will need to be ready, or face fines of up to $50,000 per day for each regulatory provision violated.”

– Gene Kraemer [Customer Relationship Director at The Coding Institute]

http://www.audioeducator.com/hipaa-audits-and-enforcement-042412.html?utm_medium=email&utm_source=E99NAGAJ&utm_campaign=E99NAGAJ

The most successful of opportunistic HIPAA consultants are the scariest

As a dentist for almost 30 years, I’ve noticed that along with even rumors of mandate enforcement, ambitious compliance consultants’ fear-inspiring ads start interrupting happier thoughts. It happened with OSHA’s push into dentistry 20 years ago and we clearly see the aggressive sales pitches with HIPAA as well.

The scariest part of Gene Kraemer’s description of HIPAA’s tedious requirements and bankruptcy-level liabilities is that he is simply telling the truth. So if you are a HIPAA covered dentist, be scared.

On the other hand, if you don’t store or send your patients’ digital PHI – choosing instead to use the US Mail – you are increasingly fortunate in the dentistry market. For one thing, our patients are fed up with identity thefts, and paper dental records are the gold standard in security. In addition, nothing is holding down your competitors’ costs for HIPAA compliance and it is increasing much faster than the cost of postage.

De-identify now or lose computerization, Doc. If your patients’ PHI is not present it simply cannot be hacked by an identity thief. Guaranteed more secure than Cloud. Arguably more secure than even paper dental records.

Or … You can hire The Coding Institute.

You can bet Gene Kraemer isn’t someone who would hold down the cost of compliance.

 

From: Gene_Kraemer@mail.vresp.com

Subject: HIPAA Audits & Enforcement: New Penalties & Push for Compliance – Final Notice!

Good Morning,

The US Department of Health and Human Services (HHS) is currently implementing audits to meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 (ARRA) for performing periodic audits of compliance with the HIPAA Privacy and Security Rules, and up to 150 random HIPAA compliance audits will be performed by the end of 2012.  While in the past, audits had been performed only at entities that had had a complaint filed against them, the new rule calls for audits whether or not there is a complaint.  This means, the HHS Office for Civil Rights (OCR) can show up at your door and ask to perform an audit on short notice, and your organization will need to be ready, or face fines of up to $50,000 per day for each regulatory provision violated.

Join us for this live audio conference on Tuesday, April 24, 2012 at 1 pm ET | 12 pm CT | 11 am MT | 10 am PT. This conference is being presented by Jim Sheldon-Dean, the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to health care firms and businesses throughout the Northeast and nationally. He serves on the HIMSS Information Systems Security Workgroup, the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and co-chairs the WEDI HIPAA Updates sub-workgroup.  Sheldon-Dean is a participating member of the advisory board of Vermont Information Technology Leaders (VITL), and has participated in VITL’s Vermont Health Information Technology Plan working group, VITL’s Physician EMR adoption project, and the Security Workgroup of the New Hampshire/Vermont Strategic HIPAA Implementation Plan (NHVSHIP).

Highlights of the session :

• Fines and penalties for violations of the HIPAA regulations have been significantly increased and now include mandatory fines for willful negligence that begin at $10,000 minimum.

• HIPAA Audits have been few and far between in the past, but that’s now changing – the HHS will be auditing HIPAA covered entities and business associates even if there have been no complaints or problems reported.

• What HHS OCR is likely to ask you if you are selected for an audit, and what you’ll have to have prepared already when they do.

• The rules are that you need to comply with will be explained. Learn about the policies you can adopt that can help you come into compliance and be prepared for an audit.

• How the HIPAA rules have changed and how you may need to change. How you work to keep up with them.

• How having a good compliance process can help you stay compliant and respond to audits more easily.

• The documentation needed to survive an audit and avoid fines will be described.

• A discussion on what you’ll need to think about to deal with current and future threats to the security of patient information.

If interested, please click the following link to register and get your early bird discount : –

http://www.audioeducator.com/hipaa-audits-and-enforcement-042412.html?utm_medium=email&utm_source=E99NAGAJ&utm_campaign=E99NAGAJ

Please apply discount code “GENE20” at checkout to get your $20 discount on early registration.

Looking forward to having you onboard here.

Thanks,

Gene Kraemer

Customer Relationship Director

The Coding Institute LLC

2222 Sedwick Drive,

Durham, NC 27713

************************************************************************************8*************************

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

Product Details

Don’t Co-operate with eDR Vendors, Doc!

Join Our Mailing List

My Opinion of eDRs and eDR  Vendors

By D. Kellus Pruitt DDS

Don’t cooperate with those you don’t trust, Doc.

eDR Stakeholders

If you allow Dentrix, the W. K. Kellogg Foundation, the ADA and other ambitious EDR stakeholders talk you into switching from paper dental records to digital before 2014, it will be the most regrettable business decision you have ever made.

PHI Breaches

Regardless if a data breach of your patients’ Protected Health Information (PHI) is your fault or not, it can easily cause bankruptcy, and the odds aren’t in your favor. According to a recent Redspin study, the number of breaches doubled between 2010 and 2011. (See “Health data breaches up 97% in 2011” by Diana Manos in Healthcare IT News, February 1, 2012).

http://www.healthcareitnews.com/news/health-data-breaches-97-percent-2011

Procrastination and Late Adopters

So even if unlike Americans who enjoy freedom, professionalism keeps you from publicly expressing an opinion, there’s never been a better time to drag your feet in our usual way. Besides, what have you got to lose by waiting? If consumers prefer EDRs, don’t you think we would see dentists touting their safety in their ads?

RedSpin

Daniel W. Berger, President and CEO of Redspin, is quoted in Diana Manos’ article: “Information security breach is the Achilles’ heel of PHI. Without further protective measures, data breaches will continue to increase and could derail the implementation, adoption and usage of electronic health records.” So why allow selfish EDR stakeholders who cannot be held accountable for harming your patients rush you into buying their favorite technology?

Note that the ineffective “further protective measures” will make EDRs even more expensive compared to paper dental records – allowing paper dentists to charge less than paperless practices, while still making more profit. Indeed, Doc. What have you got to lose by waiting?

Over the last 6 years, virtually all of my predictions about HIPAA have been right, and following the recent Redspin report, I feel even stronger about this one: The national failure of HIPAA will become noticeable in dentistry first.

OCR Culture

Not only is the Rule ineffective at protecting dental patients’ identities, but the tedious, mostly worthless compliancy requirements are so unreasonably time consuming and costly that no dentist can ever be 100% compliant. What’s more, eager HIPAA auditors working on commission to enforce the Office of Civil Rights’ “culture of compliance,” can find a dentist “willfully negligent.” Is that not subjective? The fines for such an auditor’s opinion are obscene. If you unfortunately experience a data breach, you don’t want to lose even more sleep over an audit that you cannot win, do you? Dentists don’t have to take this.

Dentistry Is Billing Simple

Unlike the complex administrative tasks in physicians’ offices, the business of dentistry is simple: Billing involves ten times fewer patients and CDT codes cover fees for procedures only involving the lower third of patients’ faces. Ledger cards, pegboards and lots of carbon paper have functioned adequately and safely for busy dental practices for decades. Besides, computers still haven’t shortened the time it takes to do a technique-sensitive filling in a squirmy kid’s mouth. If the front desk is the bottleneck rather than the speed of the dentist’s hands, someone needs to brush up on their alphabet skills.

If you think you might miss your computer, now is a perfect time to encourage dentistry’s leaders to consider de-identifying EDRs… Or if like me, you aren’t a HIPAA covered entity, we could wait a little longer if you’d like. Within a year, Americans will be noticeably seeking dentists who don’t put their PHI on computers.

Assessment

The hope for miracle discoveries derived from safely data-mining interoperable dental data doesn’t have to end like this, but I certainly don’t mind the windfall profits that expensive HIPAA regulations and patients’ fear of identity theft will bring to my practice.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

   Product Details

On e-Claim Only Dental Plans

About their Hidden Costs – I’m Talking PHI Breaches

By D. Kellus Pruitt DDS

If the rumor is true about Bluebell Ice Cream’s “e-claim-only” dental benefit plan that is to go into effect in March, how many in the east-central Texas town of Brenham (pop. 16,000) will be properly warned about the danger to themselves, their families and Bluebell officials’ reputations because of reckless policy?

Transmissions Risks

Each time their dentists send an electronic dental claim (e-claim) over the internet to insurance employees in Chicago as a favor to a patient – and especially the insurer – the Bluebell employee’s digital medical identity which is worth fifty bucks on the black market, rides along to destinations unknown. It’s my guess that very few Bluebell employees are yet aware of the increasing risk of medical identity theft from dentists’ e-claims – much less given the opportunity to opt out of the risk by simply visiting a dentist who still uses the telephone, fax and US Mail.

Security Risks Growing

It certainly won’t improve my popularity with 9 out of 10 dentists for saying this, but risks of identity theft from HIPAA-covered dental offices are climbing daily. In the introduction to a recent interview with Larry Ponemon, chairman and founder of the Ponemon Institute, GovernmentIT.com editor Tom Sullivan ominously described the ever-increasing risk of a massive “data spill” of perhaps millions of patients’ protected health information (PHI):

 “The street value of health information is 50 times greater than that of other data types. Even worse, the healthcare industry is among the weakest at protecting such information. With organized criminals trying to steal medical IDs, sloppy mistakes becoming more commonplace, mobile devices serving as single sign-on gateways to records and even bioterrorism now a factor, healthcare is ripe for some a wake-up call – one that just might come in the form a damaging ‘data spill.’” (See: “Q&A: How a health ‘data spill’ could be more damaging than what BP did to the Gulf.”

Tom Sullivan – Editor [December 05, 2011]

http://govhealthit.com/news/qa-how-health-data-spill-could-be-worse-what-bp-did-gulf?page=0,0

According to Dr. Ponemon:

“The basic issue, when you think about data theft not data loss – because it’s hard to know whether that lost data ultimately ends up in the hands of the cybercriminal and all of these bad things occur – but in the case of identity theft, the end goal has been historically to steal a person’s identity, and just like getting a financial record, getting a health record probably has your credit card, debit card, and payment information contained in that record.”

Of Credit Cards … and More!

But that’s not all. Credit cards are just chump change. He continues:

“The financial records are actually lucrative for the bad guy, but the health record is actually much, much more valuable item because it not only gives you the financial information but it also contains the health credential, and it’s very hard to detect a medical identity theft. What we’ve found in our studies is that medical identity theft is likely to be on the rise and, of course, there’s an awareness within the healthcare organizations that participate in our study that they’re starting to see this as more of a medical identity theft crime. It’s not just about stealing credit cards and buying goodies, it’s about stealing who you are, possibly getting medical treatment and, therefore, messing up your medical record.”

Dr. Ponemon suggests that the victim may not know about the theft until he or she “stumbles on something that alerts them their medical identity was stolen.” Perhaps something like death following anaphylactic shock from a medication that was once digitally highlighted as “Allergic to.” Understandably, Ponemon adds that respondents recognized altered medical histories as an emerging threat they believed was affecting the patients in their organizations. Such danger for dental patients is almost non-existent if their dentists simply don’t put PHI on office computers.

Should a data breach of Bluebell Ice Cream employees’ identities occur in Brenham or Chicago, which is more likely than not, the fact that electronic dental records do nothing to improve the quality of dental care won’t make Brenham citizens any happier with local Bluebell officials. 

Conclusion       

And so, your thoughts and comments on this ME-P are appreciated. Please review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise


Product Details

About [Health] Data Protection

What’s Your Back-up Plan – Doctor?

Join Our Mailing List

As per a recent study, 32% of data is lost by human errors. However hardware, software, hacks and smack-downs are responsible for remaining 68% data loss.

Data protection gains major importance in data loss. It can be achieved by implementing data management successfully.

Source: dell.com

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

Dictionary of Health Information Technology and Security

OCR Imposes Penalties for Employee’s Unauthorized Viewing of PHI

By Garfunkel Wild, PC

Join Our Mailing List 

Early in July, the Department of Health and Human Services Office of Civil Rights (“OCR”) entered into a settlement for $865,500 with UCLA Health System (“UCLAHS”) as a result of complaints alleging that UCLAHS employees repeatedly and without permissible reason looked at the electronic protected health information (“ePHI”) of celebrity patients.

Initial Complaints

Although the complaint was initially made by only two patients, in its investigation OCR determined that from 2005-2008 unauthorized employees of UCLAHS repeatedly looked at the ePHI of numerous other patients as well. In addition to paying the settlement, UCLAHS committed to a correction action plan that includes (1) implementation of policies and procedures; (2) robust training for employees; (3) a commitment to sanction offending employees; and (4) designation of an independent monitor to assess compliance over 3 years.

Assessment

This settlement is the fourth settlement in a year and highlights OCR’s increasing enforcement of violations to HIPAA Privacy and Security Rules. Failure to have an effective HIPAA compliance program can result in significant monetary penalties, and therefore, providers and business associates alike should be evaluating their HIPAA compliance programs to ensure that appropriate safeguards are in place.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Proposed Regulations on HIPAA Accounting of Disclosures

New Rules and Regulations for Covered Healthcare Entities

ADVERTISEMENT

Join Our Mailing List 

By HCR@garfunkelwild.com

Proposed regulations regarding HIPAA accounting of disclosures have been recently published and are open for public comments.  If enacted in their current form, the new regulations will require Covered Entities to make significant revisions to their current HIPAA procedures and may require modifications to current computer systems.  

The HI-TECH Act

Under the HITECH Act, regulations must be enacted that allow individuals to receive a much expanded accounting of disclosures of electronic health information, including disclosures made for treatment, payment and health care operations. 

In order to accomplish this, the proposed regulations differentiate between “accountings of disclosures” and “access reports.”  Accountings will continue to be a list of certain limited types of disclosures.  Access reports will be similar to “audit trails” and must include information regarding each access to an individual’s electronic health information.  Covered Entities must be able to provide, upon request, both accountings and access reports.

Covered Entities

The proposed regulations also include specific requirements, including the following:

  • Accountings and access reports must be available in regard to disclosures or access, as applicable, for 3 years and must be provided within 30 days of the request. 
  • Accountings and access reports will be required only for health information maintained in designated record sets (e.g., medical records, billing records).
  • Accountings and access reports must include information about disclosures of, and access to, information maintained by business associates.
  • There are additional exceptions to the types of disclosures that must be included on an accounting (e.g., exceptions will include disclosures about abuse and to medical examiners).

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product Details 

Protecting Personal Health Information [PHI on Talk Radio]

Check out the Xerox Blog Talk Radio

By Staff Reporters

Join Our Mailing List 

Federal regulations require that healthcare organizations put new safeguards be put in place to protect a person’s personal health information, also known as PHI. This means new challenges for anyone who handles sensitive data [covered entities]. And, there are also severe penalties if the guidelines aren’t followed.

From ACS

Mark Tripodi, chief innovation officer for ACS’ government healthcare solutions group will explain why data can easily be put at risk and what can be done to ensure organizations meet privacy standards.

Assessment

You can access the recording here: http://bit.ly/eyv65U.

For more on Xerox: http://xrx.sm/news.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product Details 

About Cyber Insurance for Doctors

Join Our Mailing List

What it is – How it works?

By Staff Reporters

All medical practitioners and ME-P readers and subscribers are aware that there are stiff penalties for protected health information [PHI] data breaches. And, the HIPPA policies and laws are legendary.

Security Standards

Cyber security standards are standards which enable healthcare and other organizations to practice safe security techniques to minimize the number of successful cyber security attacks and HIPPA information breaches.

Assessment

These guides provide general outlines as well as specific techniques for implementing cyber security. For certain specific standards, cyber security certification by an accredited body can be obtained. There are many advantages to obtaining certification including the ability to get cyber security insurance.

Link: ISA – Cyber-Insurance Metrics and Impact on Cyber-Security

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Do Patients Really Believe in eMRs?

Not Necessarily

By Dr. David Edward Marcinko MBA CMP™

[Publisher-in-Chief]

A NPR / Kaiser / Harvard School of Public Health patient opinion poll of more than a year ago [Aril 2009], demonstrated that for the most part, patients believed that just spending money on eMR’s was not going to improve their health or bring down health care costs.

The Personal Touch

In fact, the most important part, it seems, is their relationship with their doctor [ie, trust].

Link: Harvard

Assessment

So, how does this square with the following tends?

  • Patient-Doctor face time is decreasing.
  • Doctors avoid eye contact because of poor keyboarding computer input skills.
  • Some medical schools may abandon courses in physical diagnosis.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

PhysAssist Scribes for eMRs [Necessity or Frivolity?]

Join Our Mailing List

On Human eHR Input Devices [aka Personal Secretaries]

By Dr. David Edward Marcinko MBA CMP™

[Publisher-in-Chief] www.CertifiedMedicalPlanner.org

What it Is – How it Works?

According to their website, PhysAssist Scribes provide turn-key solutions, recruits, interviews, trains and certifies staff, schedules and maintains highly-trained human eHR input scribes for their clients [$8-10/hour wages]. Emergency room departments and physicians were an initial target market.

Data Input Services

Scribes provide real-time charting for physicians by shadowing them throughout their shifts and performing a variety of tasks including recording patients’ history and chief complaints, transcribing the physical exam, ordering x-rays, recording diagnostic test results, and preparing plans for follow-up care, etc.

Typical Clients

Clients are mostly hospital based physicians, but one can imagine progressing down the food chain to large medical practices and even to solo practitioners as technology advances and HR costs are reduced. So, give em’ a click, and tell us what you think.

http://iamscribe.com

Reported Benefits

  • Increase physician performance
  • Increase physician job satisfaction
  • Increase overall patient satisfaction
  • Improve chart accuracy
  • Decrease patient length of stay
  • Increase communication among ED staff
  • Improve physician recruiting and [retension] retention.

Related story: http://www.hhnmag.com/hhnmag_app/jsp/articledisplay.jsp?dcrpath=HHNMAG/Article/data/12DEC2010/1210HHN_FEA_staffingissues&domain=HHNMAG

Assessment

  • It seems implausible to me that in order to facilitate the widespread use of eMRs, one has to hire another layer of bureaucracy in order to input the patient encounter. Is this an indictment of the various speech recognition systems or physician keyboarding ability? I am not a technophobe but eHRs are not yet up to pragmatic-use snuff. This is reminiscent of jeweled encrusted “buggy-whips” of the 1850’s. They were expensive, cumbersome and added no utility; but were “nice-to-have” devices for the affluent until the internal combustion engine came along [i.e. non-solo or small group medical practitioner].
  • Of course, injecting another human resource [i.e. personal secretary] into the data input equation increases privacy breach possibilities for this protected health information [PHI]. And, it is not exactly the model of a contemporary and lean micro-medical office.
  • Does a secretary-scribe really have to be “certified”? Won’t a good typist do just as well? Is this an example of vertical integration in the PhysAssist business model?  How long till the scribes join the labor-union movement and seek employment benefits?
  • What happens to the doctor, patient and data input chain when a scribe quits, or is a no-show for work?
  • What ever happened to Occam’s razor (or Ockham’s razor), often expressed in Latin as the lex parsimoniae (translating to the law of parsimony, law of economy or law of succinctness), which is a principle that generally recommends selecting a hypothesis that makes the fewest new assumptions. IOW: KISS
  • Of additional interest to note is the misspelling of the word retention, as “retension” on the www.IAmScribe.com website. Not a very good impression for a transcribing firm; or am I just an aging editorial curmudgeon?
  • Are e-MR scribes a necessity or mere frivolity?

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Are such secretary scribes a “covered entity” or “business associate” under the HIPAA laws with the needed paperwork, etc? Or, is this an Obama administration job creation initiative?

And, feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

eMR Privacy versus Healthcare Efficiency [A Voting Opinion Poll]

The Electronic Controversy Continues

By Anonymous

Medicine may be the last industry to resist the digital revolution as many doctors still use paper medical records.

Framing the Debate

Privacy advocates worry that if the move to eMRs is rushed, patient privacy will suffer. Supporters, on the other hand, argue that health information technologies have advanced to the point that such concerns are vastly overblown. Any loss of privacy will, they insist, be more than offset by efficiency gains. Who is right?

Link: http://www.economist.com/debate/debates/overview/189

Assessment

Will any privacy loss from eMRs be compensated for by commensurate welfare gains from increased medical delivery efficiency?

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com and http://www.springerpub.com/Search/marcinko

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Product Details  Product Details

   Product Details 

Of WikiLeaks, Politics and eMRs [A Voting Opinion Poll]

Is Reporting for “Accidental” Political Downloads a HIT Security Game-Changer?

By Dr. David Edward Marcinko MBA CMP™

[Publisher-in-Chief]

Recently, I read in The New York Times that Federal workers are being told to avoid the website WikiLeaks and stay away from those classified cables leaked from the US State Department! Classified information, whether or not already posted on public websites or disclosed to the media, remains classified, and must be treated as such by federal employees and contractors”,  the Office of Management and Budget [OMB] said in a notice sent out last Friday.

Link: http://www.msnbc.msn.com/id/40512200/ns/us_news-wikileaks_in_security

Of Advice … Not Threats?

According the release, The New York Times was told by a White House official that it does not advise agencies to block WikiLeaks or other websites on government computer systems. Nor does it bar federal employees from reading news stories about the leaks! But – and this is a big one – if they “accidentally download” any leaked cables, they are being told to notify their “information security offices.”

Too Many Conflicting Questions 

  • Is document leaker PFC Bradley Manning a hero and a real patriot – not the mislabeling of an ACT as THE PATRIOT ACT – or traitor goat? What about Julian Assange – is he a full-disclosure hero or guilty of treason – should he be treated as an enemy combatant of the US Government?
  • How could a mere PFC download a quarter million classified documents without raising a red flag? Is the government incompetent? Has it just issued a not so thinly veiled threat to its own citizens with this admonishment? Are we becoming more like China in our use and restrictions of the Internet? Was the big brother prescience of George Orwell’s 1984, correct?
  • Is the admonishment of security officer notification following “accidental download” akin to the “don’t ask – don’t tell” policy on gays in the armed forces? So much for the transparency we were told our current administration wanted.
  • Should we forget about, or modify, the eMR privacy debate and/or should HIPAA be modernized?
  • Should Hillary Clinton resign?

Health Care Security Questions

  • Who exactly is a government employee anyway? And, does this include workers in the VA system, prison health system, Indian Health Service, postal workers, Medicare and Medicaid recipients, school kids with government meal subsidies and/or independent contractors and recipients of budgetary pork projects, US tax credits or federal unemployment benefits, etc?
  • Have these employed folks signed a HIPAA-like “business associate agreement” with Uncle Sam? Should government workers close their eyes and ears, too! And, with the expansion of federal government, does this mean that even more folks will have access to classified information [and more accidental downloads] than ever before? Who is left and allowed to read WikiLeaks and who is actually immune, or not?
  • If government can not protect its own data, records, confidential information or websites with certainty, how does it expect a solo medical professional [DPM, DO, DDS, DC, etc] to do the same with eMRs, and at what cost! HIPAA rules and regulations spell ou very specific health policy mandates and onerous legal punishments and fines for protected health information [PHI] data breach don’t they; not just the notification of a Chief Medical Information Security Officer [CMISO]. Is this a federal double standard?

Historical Re-Do

Federal employees were told to not read the Pentagon Papers. The leaker, economist Daniel Ellsberg PhD, precipitated a national controversy in 1971 when he released them. The right of the press to publish the papers was upheld in New York Times Co. v. United States. As a response, the Nixon administration began a campaign against further leaks – and  a smear campaign against Ellsberg personally – by creating the White House “plumbers”, which in turn led to the Watergate burglary of the LA office of Dr. Lewis Fielding MD [Ellsberg’s psychiatrist] in an effort to discredit him. According to Ellsberg;

“The public is lied to every day by the President, by his spokespeople, by his officers. If you can’t handle the thought that the President lies to the public for all kinds of reasons, you couldn’t stay in the government at that level, or you’re made aware of it, a week … The fact is Presidents rarely say the whole truth—essentially, never say the whole truth—of what they expect and what they’re doing and what they believe and why they’re doing it and rarely refrain from lying, actually, about these matters.”

Note: “Presidential Decisions and Public Dissent”, Conversations with History, July 29, 1998].

Now … Four Decades Later

Has anything changed since the above scandal? Almost forty years later, those with security clearance across the board were given this same directive about WikiLeaks. Will they comply; nope! Did little Johnny refrain when his mother told him not to read Playboy magazine; of course not! The surest way to perusal, or unwanted behavior, is prohibition. Just tell someone NOT to do something, and watch that activity increase.  Human nature is human nature. Recall, the 18th. amendment [1919-1933] was repealed by the 21st. amendment whose 77th. anniversary is celebrated just this week.  

Assessment

Look, like most traditional news organizations and journalists, we at the ME-P fiercely advocate for our First Amendment Rights. Anyone looking at classified information without clearance, while not necessarily illegal when posted by a media organization, is considered to be making an “ethics” violation of the rules of secrecy as established by the intelligence community. And, we always strive to be ethical as part of our Judeo-Christian heritage.

But, citizens and members of the fourth estate are not in the intelligence community. What does this mean for average citizens and private doctors … nothing at all. What a HIPAA breach means to a medical professional however, is another serious matter! Fear the government’s admonition: Do as I say – Not as I do. Use paper medical records; eschew eMRs?

Voting Poll and Survey

Conclusion

Is reporting for “accidental” downloads, or security breaches, an HIT security game-changer? Your thoughts and comments on this ME-P are appreciated. Is WikiLeaks like eMR security; more potentially legal and economically damaging to the leaker than the outed? What about Julian Assange and the need to revise the HIPAA statutes? Is there an analogy here; or not?Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com and http://www.springerpub.com/Search/marcinko

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Product Details  Product Details

   Product Details 

 

Do Passwords Protect the Identity of Patients?

Essay on eDR and eHR Data Integrity

By D. Kellus Pruitt DDS

“ADA Tip: Password protection is the responsibility of each workforce member. Strong alphanumeric passwords provide a strong defense against unauthorized electronic system intrusion. Passwords that cannot be guessed, that are not publicly posted, and that are changed on a regular basis will help your practice avoid the occurrence of security incidents.”

– 2010 ADA Practical Guide to HIPAA Compliance, Chapter 4, page 26.

Not So Fast, ADA 

I read a recent article on lifehacker.com titled “How to Break into a Windows PC (And Prevent It from Happening to You).” The unnamed author tells a different story.

http://lifehacker.com/5674972/how-to-break-into-a-windows-pc-and-prevent-it-from-happening-to-you

Running on Windows®  

Apparently, if a healthcare provider’s office computer runs on Windows and it is not encrypted, password protection is worse than ineffective security. Passwords are false security. If lifehacker.com is correct, all a dishonest employee needs to download thousands of patient identities to sell for a few hundred bucks is a Linux CD and 10 minutes of snuggle-time with an office terminal.

What’s more, it is unlikely that if the thief will ever be caught if he or she sports common sense. Months or years following the silent heist, the doctor could learn of a rash of neighborhood identity thefts from a federal investigator with a badge – waiting in the reception room for the doc’s next break between patients. Please remember this gaping hole in security the next time a HIT stakeholder like the ADA assures Americans that HIPAA is swell protection from identity theft. HIPAA empowers identity theft. The amendments to the 1996 Rule in 2002 gave too much away to campaign contributors, in my opinion.

About De-identification 

Now then; since you’ve made it this far, is anyone ready to consider a different path to the benefits of electronic dental records? It’s called de-identification. My goal has always been to stimulate open discussion of de-identifying dental records because it is so common sense to remove fuses from bombs. In 5 years, I’ve had very little success attracting sincere discussion about de-identification other than privately. Nevertheless, over the years I entertained an adequate amount of ridicule that stopped a few months ago. Like Charlie Brown and his persevering faith in the Great Pumpkin, I’m resolute.

HIPPA Data-Breach Liability 

Physicians might not be able to get away with sidestepping HIPAA and data-breach liability using de-identification because it is so easy to re-identify owners of medical records. And insurance company CEOs who don’t know the difference between cost control and quality control will fight de-identification of dental records before giving up the exclusive right to bend proprietary algorithms toward bonuses.

Here Comes the Pitch!  

Is America interested in better dental care through a transparent 2.0 platform that incentivizes value-based competition for dental patients instead of paid ads? I have a better solution than HIPAA: Drop the PHI identifiers from dental records and store volatile health histories on one or two well-guarded flash drives. It’s that simple. Want to see miracle discoveries in dentistry? Offer the boring but safe raw, de-identified dental data to anyone who cares to perform Evidence-Based Dental research. Interoperability will still be incredibly tedious and expensive, but at least the effort won’t be doomed by dangerous and expensive HIPAA regulations.

Assessment

So how about it? Imagine the incentives for self-improvement if dentists could privately compare their treatment results with competitors’ – without risk of harming their patients or practices – on an “opt-in” basis rather than a mandated fantasy of a “pay-for-performance” [P4P] model run by stakeholders with investors to answer to. If our grandchildren are to benefit from unbiased Evidence-Based Dental research mined from facts rather than manicured dental claims, passwords won’t allow them a return on ARRA investment and encryption is just one more layer of expensive and futile complication.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Product DetailsProduct DetailsProduct Details

   Product Details 

An Open Letter to the TDA Council on Ethics

And … Judicial Affairs

By Darrell K. Pruitt DDS

Dear Dr. Roy N. Burk – Chairman

In your email to me on Thursday, you informed me that you would call my office this week at your convenience to discuss the as yet to be defined complaints about my “unprofessional conduct” from unnamed origins – some of which are rumored to be as old as three years. Also in your reply that was days late, you confirmed my suspicion that you rarely check your email (even though you provided your address). That is why I asked the manager of the TDA Twitter account to send you the message not to call my office. I’ve given her another message today to tell you to check you email. You said you prefer to have a phone conversation with me. However, I naturally decline because of obvious reasons such as inconvenience, misinterpretations and limited exchange of information.

Foundation of our Nation

The foundation of our nation was defined in carefully chosen words written by Thomas Jefferson, Thomas Paine and others. You have to admit that writing is a much more meaningful and efficient way to resolve the TDA’s mistake than with a 5 minute phone conversation. In addition, by working out our misunderstanding in meaningful sentences that can be viewed by all, both of us are much less likely to say something we might regret if our conversation gets heated… which it will. After all, you threatened my reputation in my community, Dr. Roy Burk. And for that reason, I intend to hold you personally accountable in your community if Judicial Case No. 12-2010-3 is not dismissed. Fair is fair.

Let’s Talk 

Things said in anger help nobody, and can be completely avoided with the written word. In short, there is no reason for either our phone conversation or the meeting you have planned for me on September 18. We can all do something else on that Saturday rather than waste the morning in an Omni Fort Worth hotel room. That is, if you are more interested in resolution than punishment. So let’s negotiate this mistake quickly and quietly, but in a transparent manner, Dr. Burk. As Dr. David May said (but did not mean) when he took over as TDA President in 2007, “Let’s talk.”

TDA Censorship? 

The issue at hand is clearly TDA censorship for political reasons rather than “unprofessionalism.” Trust me when I tell you that nobody who is following us is fooled by the kangaroo court you propose. Considering the recent NLRB decision against the TDA for mistreating employees, the TDA is no longer considered an ethically run organization by many. That means your credibility is shot from the beginning. This week, Jan Jarvis, whom I’m sharing this email with, published “Fort Worth medical clinic spends $15,000 notifying patients of theft” in the Fort Worth Star-Telegram.”

http://www.star-telegram.com/2010/08/06/2389717/fort-worth-medical-clinic-spends.html#ixzz0wIaU5AQa

My Community 

This is my community. Some of my patients are (or rather were) also patients of the local allergy clinic where computers containing 25,000 patients’ PHI were stolen in a burglary. In the end, the data breach will cost the clinic hundreds of thousands of dollars in lost customers because of the bad publicity, in addition to possible HIPAA fines and perhaps a lawsuit from Texas Attorney General Gregg Abbott. Yet, the TDA has still failed to warn members of the liability of their computers. There is simply no excuse for the TDA’s neglect, and punishing me for revealing the truth will not help anyone, and it aggravates me. That said, please allow me to show you exactly how the TDA’s censorship is hurting dentists as well as endangering their patients in Texas – even as we speak: One year ago today, I posted the following article concerning the liabilities of data breaches on the TDA’s Facebook. It is one of many cautionary articles I contributed about data breaches, electronic dental records and HIPAA. However, the TDA as well as the ADA has ignored the exploding identity theft problem because of undisclosed allegiances to entities other than dentists and patients. The behavior of my professional organization is counter to the Hippocratic Oath and indefensible.

In October, an unnamed person in the TDA determined that TDA members should be prevented from reading the following information.

TDA Facebook, August 11, 2009

HITECH/HIPAA Breach notification

On August 18, American dentists will hear from HHS that HITECH-empowered HIPAA now requires that patients be notified if a breach includes their identifiers. Most will be surprised to learn that the notification requirement is nothing new. The law has been there for years. Besides the law, everyone has to admit that notifying those whose welfare is at risk is the only ethical thing to do, even if it bankrupts a practice. And that is the problem. Breach notification will bankrupt a dental practice. The law has been around for years. It simply never was enforced by either HHS or CMS because it would be so devastating to small medical and dental practices. I assume that the shoddy enforcement is why the ADA did not see a need to distribute discouraging information about the HIPAA requirement. For some reason, the ADA supported the adoption of HIPAA. Some day we’ll know why.  This is not the first time I’ve brought up the breach notification topic on a TDA publication. At the first of 2007, the TDA ventured into the blogosphere with “Ask a Colleague” Forum as part of the TDA’s Website. I began to take over the forum with a contribution posted on January 13, 2008 which I copied below. It is a snail-mail letter I received from President-elect Dr. John S. Findley, describing for the only time in ADA history, the ADA’s Data Breach protocol.

ADA Resources? 

As you can see from the hard work put into the letter, it took a considerable amount of ADA dues to produce this response for only one ADA member. Nevertheless, my question was not taken lightly because they probably assumed it would show up again. And, they were correct. Even though the leaders failed to share it with other ADA members, before it was forgotten, it was cc’d to

  • Dr. S. Jerry Long, trustee, Fifteenth District
  • Dr. James Bramson, executive director
  • Ms. Mary Logan, chief operative officer
  • Ms. Tamra Kempf, chief legal counsel
  • Ms. Mary Kay Linn, executive director, Texas Dental Association

Two and a half years later, Findley’s letter is current enough to be posted with only minor changes. For example, Dr. James Bramson and Ms. Mary Logan no longer work for the ADA.

One more note about Dr. Findley’s response to my question, I did not misrepresent myself in my email to him that I had a computer stolen. He knew from six months earlier when I first emailed him my question that it was a hypothetical question about an obscure topic that ADA leaders did not want to talk about.

Posted: 13 Jan 2008 10:05 AM on the TDA.org Forum

Data breach protocol announced

On January 8th, Dr. John S. Findley, President-elect of the American Dental Association, signed the letter below which defines a data breach, describes a dentist’s obligation under the law in Texas to notify patients involved and the penalty for failing to do so. This is the first time this information has been made available to dentists anywhere in the nation in the 12 years of the HIPAA rule. Dr. Findley and his team are to be congratulated for working through an arduous and unpopular task. It demanded courage.

Darrell

ADA

American Dental Association

http://www.ada.org

John S. Findley, D. D. S. President-Elect

January 8, 2008

Dr. Darrell Pruitt

6737 Brentwood Stair Rd., Ste. 220

Fort Worth, Texas 76112-3337

Dear Doctor Pruitt:

I received your email of December 26th and regret to learn of the loss of your computer. I did inquire as to appropriate procedures upon the occurrence of such an event and am copying below an excerpt from the response of out legal department. “It appears that under these circumstances the dentist may wish to notify affected patients that their information may have been compromised so that they can take necessary steps to protect themselves (i.e. cancel credit cards, notify social security about potentially stolen social security numbers…). (This communication is informational and personal consultation between the dentist and his or her attorney is recommended.) They should also check their state breach notification laws to determine if there is anything else that is required. In this case, the Texas Identity Theft Enforcement and Protection Act (Texas Code Sec. 48 et seq) (the “Act”) covers data breach notification. The Act protects both “Personal Identifying Information,” which is defined as any information that alone, or in conjunction with other information, can be used to identify an individual and an individual’s:

A) name, social security number, date of birth, or government-issued identification number;

B) mother’s maiden name;

C) unique biometric data, including the individual’s fingerprint, voice print, and retina or iris image;

D) unique electronic identification number, address, or routing code; and

E) telecommunication access device.

The Act also protects “Sensitive Personal Information,” which is defined as an individual’s first name or first initial and last name in combination with any one or more of the following items, if the name and the items are not encrypted:

i) social security number;

ii) driver’s license number or government-issued identification number; or

iii) account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

Sec. 48.102 of the Act creates a duty for businesses to protect and safeguard information through creating and implementing procedures for such purpose. If there is a breach in the security of information, the Act requires a business that maintains ‘Sensitive Personal Information” to notify the owners of such information as soon as possible that a breach has occurred. The Act specifies one of the following modes of notice to be provided:

1) written notice;

2) electronic notice, if the notice is provided in accordance with 15 U.S.C. Section 7001 (which basically requires that a consumer must consent to receiving such notice in electronic form); or

3) notice as provided by Subsection (f) (see below).

(f) If the person or business demonstrates that the cost of providing notice would exceed $250,000, the number of affected persons exceeds 500,000, or the person does not have sufficient contact information, the notice may be given by:

1) electronic mail, if the person has an electronic mail address for the affected persons;

2) conspicuous posting of the notice on the person’s website; or

3) notice published in or broadcast on major statewide media.

Violations

“A person who violates the Act is liable to the state for a civil penalty of at least $2,000 but not more than $50,000 for each violation.” The information pertaining to your question was found in the Identity Theft Enforcement and Protection Act, Chapter 48 of the Business and Commerce Act of Texas.

We hope this information helps.

Sincerely,

John S. Findley, D.D.S.

President-elect

JSF:cac

cc: Dr. S. Jerry Long, trustee, Fifteenth District

  • Dr. James Bramson, executive director
  • Ms. Mary Logan, chief operative officer
  • Ms. Tamra Kempf, chief legal counsel
  • Ms. Mary Kay Linn, executive director, Texas Dental Association

Assessment

Dr. Findley’s letter to me was also deleted from the now closed TDA.org Forum.  The TDA’s actions are a lot like burning books, Dr. Roy Burk.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

How Expensive are Healthcare Data Breaches?

Join Our Mailing List

Estimating Financial Damage Often Difficult 

By D. Kellus Pruitt DDS

Dom Nicastro just posted an article on HealthLeaders Media titled “HITRUST: HIPAA Breaches Near $1 Billion.”

http://www.healthleadersmedia.com/content/TEC-255015/HITRUST-HIPAA-Breaches-Near-1-Billion##

“Covered entities and business associates reporting breaches of unsecured personal health information (PHI) affecting 500 or more individuals to the Office for Civil Rights (OCR) together could spend nearly $1 billion because of those breaches.”  Nicastro continues:

“HITRUST used the 2009 Ponemon Institute study that found the average cost for a compromised record to be approximately $144 in indirect costs and $60 of direct costs, for a total cost of $204.”

Fort Worth Star-Telegram

Just days ago, Jan Jarvis described a data breach in the Fort Worth Star-Telegram titled “Fort Worth medical clinic spends $15,000 notifying patients of theft.”

http://www.star-telegram.com/2010/08/06/2389717/fort-worth-medical-clinic-spends.html#ixzz0wIaU5AQa

Jarvis writes,

“In June, employees at a Fort Worth allergy clinic discovered that the office door had been kicked in and four computers containing patients’ personal information including Social Security numbers and birth dates had been stolen.”

Jarvis reports that 25,000 records were involved, and it only cost $15,000 to notify them. That’s only 60 cents per record instead of 60 dollars each as estimated by the Ponemon Institute. Instead of it costing the clinic $1.5 million for direct costs, it only cost them $15,000. That’s a savings of 99%.

Assessment

So what’s the deal? Is the Ponemon Institute that far off in their estimates?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product Details

Are You Prepared for a HIPAA Dental Audit?

Why – or Why Not?

By D. Kellus Pruitt; DDS

If you are a dentist and pay ADA dues year after year to be kept better informed about protecting your patients as well as your practice, your ignorance of HIPAA is not entirely your fault. The ADA clearly dropped the ball. Nevertheless, you could still suffer fines as high as $1.5 million for what our leaders failed to emphasize.

It’s time members accept the shameful truth about the ADA Department of Dental Informatics, headed by Ms. Jean Narcisi. Narcisi, working under the direction of ADA Sr. Vice President Dr. John Luther, has been abysmally negligent in preparing members for HITECH HIPAA, and now the compliance deadline is only days away. It’s been months since any information about HIPAA has been published in any ADA publications. Why?

HIPAA Avoidance 

Why do ADA leaders avoid discussing HIPAA? They are ashamed, not unlike embarrassed scam victims. About six years ago, Newt Gingrich visited ADA Headquarters and “lied” to ADA Delegates about the future of eHRs in the US. Then he bribed the ambitious career bureaucrats in the crowd with millions of dollars in federal grants to play along with the scam. I can only imagine that the Delegates must have been star-struck by the former Speaker of the House, because nobody dared asked the tough questions.

Newt’s Slick

So here I am, Ms. Jean Narcisi. I’m again doing your job because your mistakes I pointed out years ago now have you frozen in shame. If you disagree, and consider self-respect as something worth defending, let’s discuss your innocence in front of everyone – including the ADA members who pay your salary. Or, you can continue to hide from your responsibilities. This crap will catch up with you soon enough, Ms. Narcisi, and Dr. Luther no longer has the courage to stick his neck out to protect you. He’s also scared of me. You are alone.

Newsletters 

Dom Nicastro, senior managing editor at HCPro, edits the Briefings on HIPAA and Health Information Compliance Insider newsletters. He posted an informative article on HealthLeadersMedia.com today titled “HIPAA Compliance Questions to Ask as HITECH Date Nears.”

http://www.healthleadersmedia.com/page-1/TEC-246514/HIPAA-Compliance-Questions-to-Ask-as-HITECH-Date-Nears

The article features Chris Apgar, CISSP, president, Apgar & Associates, LLC, in Portland, Oregon. Mr. Apgar notes that “many covered entities and business associates have consistently failed to comply with the HIPAA Security Rule.” Apgar adds, “I find this over and over when conducting compliance audits.”

The lack of compliance described by Apgar is consistent with the results from my study in 2008, “HIPAA Rules and Dentistry.”

https://healthcarefinancials.files.wordpress.com/2008/08/hipaa-survey-dentists4.pdf

Study Abstract

A survey of 18 dentists was performed using the Internet as a platform. The volunteer dentists’ anonymity was guaranteed. The dentists were presented with ten HIPAA compliancy requirements followed by a series of questions concerning their compliancy as well as the importance of the requirements in dental practices.

The range of compliancy was found to be from 0% for the requirement of a written workstation policy to 88% for that of password security. The average was 49%, meaning that less than half of the requirements are being respected by the dentists in this sample.

Frustrated at Mandates

Frustration with the tenets of the mandate, as well as open defiance is evident by the written responses. In addition, it appears that a dentist’s likelihood of satisfying a requirement is related to the dentist’s perceived importance of the requirement. Even though this is a limited pilot study, there is convincing evidence that more thorough investigation concerning the cost and benefits of the requirements need to be performed before enforcement of the HIPAA mandate is considered for the nation’s dental practices. 

HIPAA

Questions to Consider

Apgar says that the security rule requires covered entities to consider these questions:

  • Has a risk analysis been conducted lately? Was it properly documented? Were damages mitigated and were the risks acceptable?
  • Is privacy/security training current? Have new workforce members who will have access to personal health information (PHI) been adequately trained? Has refresher training for all staff been accomplished? Have security reminders been provided?
  • Are the office policies and procedures complete, current and enforceable? Are workforce members trained on the policies and procedures they are required to respect?
  • Has a comprehensive audit program been implemented? (The security rule requires three periodic audits and an “evaluation” or compliance audit). Are evaluations current? Have audit findings been addressed and documented?
  • Have up to date disaster recovery and emergency mode operations plans been communicated and recently tested?
  • Are CMS’ remote access guidelines being followed? (These are not part of the rule, but CMS earlier indicated remote access management would be included as audit criteria).
  • Are data in transit and data at rest encrypted? Are non-electronic PHI being protected?

Office of Civil Rights

Mr. Apgar adds that even though the Office of Civil Rights isn’t saying when audits will start, if a complaint is filed with OCR alleging ”willful neglect,” OCR is mandated by statute to investigate. The fines for “willful neglect” are much more devastating than fines for simple carelessness. And “willful neglect” is a subjective judgment call made by inspectors … who work on commission.

Assessment

Unfortunately for the nation’s dentists, the statute invites disgruntled patients and employees to celebrate revenge via federal inspectors. And, the more dentists are fined, the more the inspectors make. That can’t end well. Where are you hiding, Jean Narcisi? You’ve been silent far too long. Let’s talk. Don’t make me come get you.

Editor’s Note: The applicability of this post to all medical specialties is obvious.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product Details 

Protected Health Information Data Breaches

Affecting 500 or More Individuals

[By Staff Reporters]

As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.

The following breaches have been reported to the Secretary of the US Department of Health and Human Services [DHHS].

Full Report

This link was sent in by our own investigative reporter Darrell K. Pruitt, DDS.

Link: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html

Assessment

Shall we await a response from Kathleen Sebelius, who was sworn in as the 21st Secretary of the Department of Health and Human Services (HHS) on April 28, 2009?

Currently, she leads the principal agency charged with keeping Americans healthy, ensuring they get the health care they need, and providing children, families, and seniors with the essential human services they depend on. She also oversees one of the largest civilian departments in the federal government, with nearly 80,000 employees.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct Details

Product Details

The Time Costs of Internal HIPAA Complaints

On Hospital Compliance

By Staff Reporters

The privacy regulations of HIPAA require that each hospital have an internal process to allow an individual to file a complaint concerning the covered entity’s compliance with privacy policies and procedures. This requires hospitals to designate a contact person to be responsible for receiving and documenting the complaint as well as the disposition.

A formal response to the person is not required as part of this rule; therefore it is estimated that each complaint, even though rare, will take ten minutes to document.

Recent Data

Recent data reveals that the most frequent complaints received either by hospitals or ultimately by DHHS include the following:

  • impermissible use or disclosure of individual PHI (most occurrences were curiosity or accidental, yet were reported);
  • lack of safeguards to protect PHI;
  • refusal or failure to provide an individual with access to or a copy of his or her record;
  • disclosure of more information than is minimally necessary; and
  • failure to have the individual’s valid authorization for a disclosure that requires one.

Assessment

Most hospitals have documented and logged such complaints; have reviewed the situation; and have resolved the problem internally.

Conclusion

And so, your thoughts and comments on this ME-Pare appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Physician Advisors: www.CertifiedMedicalPlanner.org

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details

Product Details

Promoting the “Minimum Necessary” Rule

Understanding HIPAA Security Standards

By Richard J. Mata; MD, MS

www.HealthcareFinancials.com

One concept that is stressed by HIPAA is the “minimum necessary” rule, which states the minimum use of personal health information [PHI] that can be used to identify a person, such as a social security number, home address, or phone number. Only the essential elements are to be used in transferring information from the patient record to anyone else that needs this information. This is especially important when financial information is being addressed. Only the minimum codes necessary to determine the cost should be provided to the financial department. No other information should be accessed by that department. Many institutions have systems where a registration or accounting clerk can pull up as much information as a doctor or nurse, but this is now against HIPAA policy and subject to penalties.  The “minimum necessary” rule is also changing the way software is set up and vendor access is provided. 

Chain of Custody

Another challenging task is keeping up with the number of people who access PHI, because the privacy regulations allow a patient to receive an accounting of anyone who has accessed their information, both internally [within your hospital, Emerging Health Organization, or medical practice) and externally [such as through your business associates]. The patient has the right to know who in the lengthy data chain has seen their PHI. This sets up an audit challenge for the medical organization, especially if the accountability is programmed internally.  When other business associates use this PHI without documenting access to a specific patient’s PHI, no one would be accountable for a breach in privacy.

Enter the Designated Record Set

One way to track access is through a designated record set, which contains medical or mixed billing records, and any other information that a physician and/or medical practice utilizes for making decisions about a patient.  It is up to the hospital, EHO, medical practice, or healthcare organization to define which set of information comprises “protected health information” and which does not, though logically this should not differ from locale to locale. 

Assessment

Overlaps from the privacy regulations that are also addressed in the security regulations are access controls, audit trails, policies on e-mail and fax transmissions, contingency planning, configuration management, entity and personal authentication, and network controls.  For more information about the Security Standards final rule, reference the Federal Register.

Conclusion

In the age of Twitter, IMing, blogging and texting, some young doctors are forgetting the basic fundamentals of patient privacy. And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com 

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Notice of Healthcare Privacy Practices Explained

Join Our Mailing List

NPP “Game Changer” Replaced Use of Consents

Dr. Mata

[By Richard J. Mata; MD, MS]

In its most visible change, the privacy regulations of HIPAA require covered health entities to provide patients with a Notice of Privacy Practices (NPP).

The NPP replaces the use of consents, which are now optional, although they are recommended.

The NPP outlines how PHI is to be regulated, which gives the patient far-reaching authority and ownership of their PHI, and must describe, in general terms, how organizations will protect health information.

THE NPP Specifics

The NPP specifies the patient’s right to the following:

  • gain access to and, if desired, obtain a copy of his or her own health records;
  • request corrections of errors that the patient finds (or include the patient’s statement of disagreement if the institution believes the information is correct);
  • receive an accounting of how their information has been used (including a list of the persons and institutions to whom/which it has been disclosed);
  • request limits on access to, and additional protections for, particularly sensitive information;
  • request confidential communications (by alternative means or at alternative locations) of particularly sensitive information;
  • complain to the facility’s Privacy Officer if there are problems; and
  • pursue the complaint with DHHS’s Office of Civil Rights if the problems are not satisfactorily resolved.

A copy of the NPP must be provided the first time a patient sees a direct treatment medical provider, and any time thereafter when requested or when the NPP is changed. On that first visit, treatment providers must also make a good faith effort to obtain a written acknowledgement, confirming that a copy of the NPP was obtained. Health plans and insurers must also provide periodic Notices to their customers, but do not need to secure any acknowledgement. Most Health Information Management departments that oversee the clinical coding of medical records also manage the NPP documentations and deadlines, but this may vary from hospital to hospital, or office to office.

Assessment

HIPAA requires no other documentation from the patient in order for information to be used or disclosed for basic functions, like treatment and payment, or for a broad range of other core healthcare operations. State laws may nonetheless require some kind of consent/authorization form from the patient for these purposes [It is common for institutions to claim, incorrectly, that HIPAA does].

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Don’t Hide a Security Breach if You Can’t Do the Time

Join Our Mailing List

When Will Costs Outweigh Health Information Technololgy?

[By Darrell K. Pruitt; DDS]pruitt

At what point will security data breaches become so costly that dentists will abandon computerization and return to pegboards and ledger cards?

Senate Judiciary Committee

A week ago, the Senate Judiciary Committee approved two separate bills which would mandate that dentists who store digital PHI notify patients if their data is breached. Of course, that would be the ethical thing to do anyway, wouldn’t it?

Senate Bill 139, also known as the Data Breach Notification Act, was introduced by Dianne Feinstein of California and is similar to existing state notification bills – including California’s own landmark Bill 1386 which set the standard 7 years ago.

Two Hundred Ten Dollars Cost – Per Record – for Notification

Considering that in October, the Ponemon Institute reported that it costs an estimated $210 per record to notify patients of a breach, there are a lot of angry lawmakers who are missing the point. Mandated fines for a breach are meaningless. Simply notifying thousands of patients of a breach will bankrupt any dental practice, even if it is an insurance company employee who loses a laptop computer containing a dentists’ patients’ personal data – like a BCBS employee did recently with over 800,000 physicians’ personal information.

Personal Data Privacy and Security Act 

Even now, a dentist whose practice is a victim of a breach, whether it is from stolen computer, hacker or dishonest employee, might take a quick look at the notification path to certain bankruptcy and gamble that patients’ data won’t be used before hiding the incident. That is why Senator Patrick Leahy of Vermont has sponsored the other breach bill which reflects the prevailing attitude of frustrated constituents throughout the nation. It is known as the Personal Data Privacy and Security Act.

Leahy is more concerned with punishment than with breaches themselves. In addition to a fine, he would establish a jail term of up to five years for failing to disclose a breach when required.

http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=111_cong_bills&docid=f:s1490is.txt.pdf

§ 1041. Concealment of security breaches involving sensitive personally identifiable information 

‘‘Whoever, having knowledge of a security breach and of the obligation to provide notice of such breach to individuals under title III of the Personal Data Privacy and Security Act of 2009, and having not otherwise qualified for an exemption from providing notice under section 312 of such Act, intentionally and willfully conceals the fact of such security breach and which breach causes economic damage to 1 or more persons, shall be fined under this title or imprisoned not more than 5 years, or both.” 

If dentists want to continue to use computers in their practices, Leahy would have them put serious skin into the game. The bill was read twice and referred to the Committee on the Judiciary.

On the ADA Advocacy page, dental leaders still maintain that electronic dental records will lower the cost of dentistry. And as recently as last month, the ADA House of Delegates again publicly endorsed the adoption of eDRs, yet still neglect to adequately warn ADA members of their dangers, now including possible imprisonment.

Assessment

ADA President Dr. Ron Tankersley is already irrelevant.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Product DetailsProduct Details

Encrypt or De-identify PHI

Join Our Mailing List

Which One Just Might Work?

[By Darrell K. Pruitt; DDS]pruitt

The United States’ advancement in Healthcare Information Technology, which has the potential to lead to wonderful money-saving cures through research using trustworthy interoperable health records, is currently stopped cold by patient security problems that are only getting worse. Our lawmakers cannot get around the security obstacle without resorting to authoritarian means using CMS’s power to withhold providers’ discounted payments and threats of obscene fines from the HHS and the FTC. History shows that tyranny is not tolerated well in this part of the world. Lawmakers can get their butts voted smooth out of office in my neighborhood.

HITECH  

Here is something nobody mentions: Despite the current hope in a thick, political fantasy called HITECH, encryption of patients’ Protected Health Information [PHI] is a non-starter in the land of the free. Everyone knows that resourceful, cynical Americans will simply never trust encryption to protect their secrets, and will reliably withhold important information from their eMRs – one way or another. Doctors as well as patients can be expected to go out of their way to sabotage technology they fear. We all intuitively know this is true, don’t we? We aren’t so naïve to think all the players will happily play by the rules, are we? And I think we can all agree that an untrustworthy digital health record in an emergency room is worse than no patient information at all. Security is a grand problem with eMRs that started with HIPAA changes in 2003 that made eHRs so slippery. And the problem is clearly not being resolved. Not yet.

Public Lacks Trust 

Regardless of the campaign donations which follow him, there is nothing Newt Gingrich and his entrepreneurial friends in high places can do about the public’s lack of trust in encryption. It gets worse: Encryption hasn’t a chance of isolating PHI from dishonest employees in doctors’ offices, and slippery digital patient data can be moved soo easily. Everyone knows that as well, don’t they? It is estimated that two-thirds of the identities stolen in the nation are lifted from doctors’ offices. That’s us, Doc. HIPAA is not only irrelevant, it is an expensive distraction – it gives future ID theft victims a false sense of security.

HIPAA Approved 

De-identifying digital records is not mentioned in HITECH as a HIPAA-approved method of security. Yet it is the ONLY solution that promises to be even more secure than paper records. Because of heavy stakeholder stakes in hospital care, it will take longer for CEO-types to embrace patient-friendly de-identification. Other than identifiers such as names, social security numbers, birthdates, addresses and other items that have street value, NOBODY cares what is in a dental record. I actually think this opens a tremendous opportunity for someone courageous in the Texas Dental Association to discuss the feasibility of de-identification of dental records. Otherwise, instead of leading the nation in solving security problems, the TDA will look just as stupid as the ADA.

Encryption would also provide a dangerous false sense of security in eMRs – that is if it had a chance in the marketplace. But encryption will never go far because consumers simply won’t buy it. That is a marketplace fact that stoically optimistic HIT stakeholders are trying hard to avoid. They also know they are running out of time. Deadlines are quickly approaching for both HIPAA and the Red Flags Rule that providers are far from prepared for.

Former Attorney Speaks 

Bill Lappen, a former attorney and author of the ad I copied below, as well as a partner with his brother David in the de-identified health record venture says: “Since no identifying information is ever entered, a hacker can’t determine whose information is shown.”

So in addition to protecting one’s practice against dishonest or vindictive employees, de-identification of dental records would make hacking a dentist’s computer a complete waste of time, and hackers wouldn’t endanger dental patients and bankrupt dentists.

My Confidence 

I confidently tell you that soon, someone smart will come upon the unprecedented idea that the ultimate answer to our security problem in healthcare will be de-identification of medical records, not encryption. De-identification allows a compromise of privacy for only a miniscule percentage of physicians’ patients. We cannot allow that to stand in the way of better health for everyone else. Those special cases are so few that I am confident that they can be dealt with individually. We simply must move forward. I’ll have to retire some day. I may need help from Medicare.

Encryption gives us only danger and protects nobody but a thief with a key.

Assessment 

We’ve wasted enough time on HITECH and HIPAA, as well as CCHIT. It’s time to say no to stakeholders and pay attention to patients’ needs instead of those who would needlessly increase the cost of their care. Stimulus money attracts cockroaches.

In the name of Hippocrates, disregard the tainted HIPAA mandate. It is dangerous, and especially absurd in dentistry.

Link: http://www.theopenpress.com/index.php?a=press&id=58568

Life-Saving Patient Information can be Online, Anonymous and Usable

Published on: September 26th, 2009 12:19am

By: blappen

Los Angeles, CA (OPENPRESS) September 26, 2009 — Hospital Emergency Rooms need instant access to patient medical information. Allergic reactions and dangerous drug interactions can be deadly. Time is critical. Until now, privacy was a large concern. Two brothers, who have developed medical software over the past 15 years, think they have a simple first step towards moving patient information on to the internet.

“The ER doesn’t need to look up the information by patient name” said Bill Lappen, a former attorney. “We have implemented secure systems in the past, but no matter how secure we make the site, we have to assume that it will be hacked” added David Lappen, a computer design engineer from Stanford. “But providing instant access to life-saving information is too important to ignore”, he added. To protect patient privacy, their system does not know to whom the medical information belongs. Since the person’s identifying information is never on the system, it can’t be stolen. “By enabling anonymous entry, we have protected people’s privacy while allowing them to put their life-saving information in a place where it can be instantly accessed when needed”, added Bill Lappen.

www.AMCC.me is the public service website they created. It allows anyone to enter medical information anonymously. The site provides a random ID which the user carries in his/her wallet. For someone to see that user’s medical information, they merely enter the ID into the site. Unless the user has given them their ID, the information shown is meaningless. That same information, when associated with a patient, can save their life.

Since no identifying information is ever entered, a hacker can’t determine whose information is shown. “Secure patient-controlled Electronic Medical Records are now available on the internet” said David Lappen. A sample ID has been set up on the site to allow users to evaluate the concept before setting up their own free ID.

Contact:

Bill Lappen

Bill@AMCC.me

Join Our Mailing List

(818) 789-6531

Channel Surfing
Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

On PHI Security Breaches

Join Our Mailing List

New HHS Regulations

[By Staff Reporters]

Effective September 23, 2009, new regulations issued by the U.S. Department of Health and Human Services (“HHS”) will require covered entities to notify affected individuals and HHS following the discovery of a breach of patient information. These regulations are more expansive than other notification laws that may already exist. Under these new regulations, covered entities must analyze every privacy and/or security incident to determine whether a notification requirement exists and then satisfy detailed notice requirements.

Breach Defined 

According to Garfunkel, Wild and Travis PC, a “breach” may be defined as the unauthorized acquisition, access, use or disclosure of unsecured Protected Health Information (“PHI”) which compromises the security or privacy of the PHI. It is important to note that this definition of breach is broader than most state notification laws under which most covered entities have already been operating for a number of years. While state notification laws may only require notification when there is an unauthorized disclosure of social security numbers or other specific kinds of personal information, under these new Federal regulations, unauthorized access, acquisition, use or disclosure of any PHI, not just social security number, is a potential breach. Furthermore; unauthorized uses of PHI, not just access or disclosure, requires notification.

Assessment

For more info: http://www.gwtlaw.com

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

How to Become a ME-P Thought-Leader

Answering a Growing Chorus of Inquiries

By Professor Hope Rachel Hetico; RN, MHA, CMP™

[Managing Editor]hetico

The Medical Executive-Post is the complimentary companion blog to the premium peer-reviewed quarterly subscription journal: Healthcare Organizations [Financial Management Strategies]. While the perspective of our blog is private medical practitioners, the focus of our e-journal on CD-ROM is large medical groups, healthcare organizations, hospitals, healthcare-systems, ASCs, emerging healthcare institutions and medical business entities  TABLE OF CONTENTS

HOFMS

The ME-P is for Doctors

 

Currently, the ME-P is being developed as a common venue for medical professionals to share their insights on how to best manage a private medical practice. A well-established practice will have a solid financial and executive-management foundation, and will have protocols, procedures and contingency plans in place before they are ever needed in an emergency. And so, we seek new-wave and next-generation input from physicians, osteopaths, podiatrists, dentist, nurses, PAs, CRNAs and optometrists who have experience starting and running medical practices in the Health 2.0 modern era. The goal is better patient care as doctors avoid costly or tragic management mistakes.

biz-book

The ME-P is for Financial Advisors and Management Consultants

Physician advisors like attorneys, accountants, practice managers, medical billing experts, insurance agents, commercial realtors, healthcare IT experts and others are invited to display their expertise, too. You may not become rich here, but you may become famous, or at least develop an excellent client base from the doctors and practitioners reading your articles, posts and comments! Financial advisors, CMAs, CFAs, MBAs, PhDs, CFP® and Certified Medical Planners [CMP™] are also invited to strut “cognitive-stuff”, as free-labor publishing entrepreneurs! Then, we aim to unite both sectors for success.  

fp-book3

Steps to Becoming a Thought-Leader

1. Send us an email with your bio and contact info.

2. Tell us why you want to write for the ME-P.

3. Send in an original writing sample.

We may follow-up and discuss your credentials and the topics you’re interested in writing about.

Assessment  

Speaking engagements, travel to exotic locales, and print or e-book chapter contributions may all be in your future because of your career launching contributions to the ME-P. Everyone has something to share and teach, and we look forward to learning from everyone joining us here. And, please feel free to contact us for deeper involvement in all www.MedicalBusinessAdvisors.com, www.HealthDictionarySeries.com or www.CertifiedMedicalPlanner.com activities. Take your career to the next level with the ME-P.

HDS

Conclusion

And so, your thoughts and comments on this Medical Executive-Post are appreciated. Tell us what you think. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com 

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

About the MS Office® eMR Project

Programming a Powerful eMR – or – Jumping the Shark?

By Ann Miller; RN, MHA

Recently we communicated with Al Borges MD, founder of the Office eMR Project. He is quite an innovative guy. His passion – eMRs for the physician masses – through an infra-structure already largely in place?DrBHP2

The Problem: You want to use a great eMR but you can’t afford to pay for it.

You have a growing medical office that is completely paper based, and wish to capture the efficiencies of an electronic medical record (eMR) system. But, many eMR systems on the market are complicated, expensive and have been known to actually slow down the typical office workflow. You have used the MS Office® suite of software products in the past and appreciate its power, but you don’t know how to use it to set up a great eMR that perfectly suits your needs.

An Alternative

Alternatively, you can purchase an inexpensive MS Office® based proprietary eMR, but you might wish to write an add-in to incorporate add certain features to this basic, but excellent eMR platform. So, what do [can] you do?

CCHIT Takes a Hit

http://www.emrupdate.com/blogs/emrinterviews/archive/2006/10/09/CCHIT-takes-a-hit-from-Washington_2C00_-D.C.-area-doctor-who-claims-new-certification-group-restrains-free-trade-in-EMR-_2800_Electronic-Medical-Record_2900_-software.aspx

https://healthcarefinancials.wordpress.com/2009/03/02/cchit-is-prejudiced-and-lacks-diversity-%e2%80%93-an-indictment/

A Solution: Open Source Programs

According to Dr. Borges, one may use his web site to get the answers to program your eMR. His site discusses these very issues. It is continuously growing, with a host of free programs, position papers and forum discussions that touch on a wide variety of topics. These include general information on the use of MS Office® in the medical office, programming the various components of MS Office®, and those political topics that affect how we use health information technology [HIT].

Two Program Versions

There are 2 major eMR programs available – the MS Word® eMR Project (MSWP) and the MS Access® eMR Project (MSAP). But, is the Office eMR Project of Alberto truly an interoperable solution – a digital solution – or something else?

Website: http://www.msofficeemrproject.comThe Shark

Jumping the Shark

Jumping the Shark is a phrase coined by Jon Hein and used by TV critics to denote the point in a show where the plot veers off into absurd story lines in a desperate attempt to attract viewers. Shows that have “jumped the shark” are typically deemed to have passed their peak. On the other hand, is Dr. Borges a Cassandra at his peak … who just happens to be correct? 

MSFT Discussion Groups for Al Borges, MD

http://www.microsoft.com/office/community/en-us/default.mspx?query=alborg&dg=&cat=en-us-office&lang=en&cr=US&pt=3a4e9862-cdce-4bdc-8664-91038e3eb1e9&catlist=&dglist=&ptlist=&exp=&sloc=en-us

Making eHRs Illegal?

For example, did you know that the democrats want to make use of non certified eHRs illegal in NJ? The bill allegedly provides specifically as follows:

“On or after January 1, 2011, no person or entity is permitted to sell, offer for sale, give, furnish, or otherwise distribute to any person or entity in this State a health information technology product that has not been certified by CCHIT.  A person or entity that violates this provision is liable to a civil penalty of not less than $1,000 for the first violation, not less than $2,500 for the second violation, and $5,000 for the third and each subsequent violation, to be collected pursuant to the “Penalty Enforcement Law of 1999,” P.L.1999, c.274 (C.2A:58-10 et seq.).”

Link: http://www.njleg.state.nj.us/2008/Bills/A4000/3934_I1.HTM

Conclusion

And so, your thoughts and comments on this Medical Executive-Post are appreciated. Is the Office eMR Project a panacea to the eMR conundrum, or a hybrid? What about CCHIT; is it certified – does it have to be? Users and early-adopters, we need your opinions! Has the “shark been jumped” here; or not? Tell us what you think. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com  or Bio: www.stpub.com/pubs/authors/MARCINKO.htm

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Understanding the PHI “Minimum Necessary” Rule

Join Our Mailing List

Protected Health Information and HIPAA

By Richard J. Mata; MD, MIS, CMP™ [Hon]

Dr. Mata

One important concept of the Health Insurance Portability and Accountability Act [HIPAA] is the “minimum necessary” rule, which states the minimum use of Protected Health Information [PHI] to identify a person, such as a social security number, home address, or phone number.

Only the essential elements are to be used in transferring information from the patient record to anyone else that needs this information.

Financial Information Included

This is especially important when financial information is being addressed. Only the minimum codes necessary to determine the cost should be provided to the financial department. No other information should be accessed by that department. Many institutions have systems where a registration or accounting clerk can pull up as much information as a doctor or nurse, but this is now against HIPAA policy and subject to penalties. The “minimum necessary” rule is also changing the way software is set up and vendor access is provided.

Human Resources

Another challenging task is keeping up with the number of people who access PHI, because the privacy regulations allow a patient to receive an accounting of anyone who has accessed their information, both internally (within your hospital, Emerging Healthcare Organization, or medical entity) and externally (such as through your business associates).  The patient has the right to know who in the lengthy data chain has seen their PHI.  This sets up an audit challenge for the medical organization, especially if the accountability is programmed internally.  When other business associates use this PHI without documenting access to a specific patient’s PHI, no one would be accountable for a breach in privacy.

http://www.findbookprices.com/author/Hope_Hetico

One way to track access is through a designated record set, which contains medical or mixed billing records, and any other information that a physician and/or medical practice utilizes for making decisions about a patient.  It is up to the hospital, EHO, or healthcare organization to define which set of information comprises “protected health information” and which does not, though logically this should not differ from locale to locale.

Assessment

Overlaps from the privacy regulations that are also addressed in the security regulations are access controls, audit trails, policies on e-mail and fax transmissions, contingency planning, configuration management, entity and personal authentication, and network controls. For more information about the Security Standards final rule; reference the Federal Register.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product DetailsProduct Details

Product Details

Video: Protecting Protected Health Information

Join Our Mailing List

The eEHR Privacy Debate Continues

[By Staff Reporters]

According to our colleague Richard Mata; MD, MIS, writing in the premium print-journal Healthcare Organizations [Financial Management Strategies], a critical feature of any healthcare information system [HIS] is compliance with privacy requirements. Of course, the most important compliance regulation is the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The key here is to have computer systems, terminals, workstations, servers and hand-held systems fully in communication with each other — including the ability to send data outside the fire-walls of the institution; interoperability as needed — while ensuring the confidentiality of protected health information (PHI), which is health information where the person to whom it belongs is identifiable

Federal Privacy Regulations

The federal government required hospital and healthcare entity compliance with HIPAA security regulations since April 2005. Briefly, the following are features of HIPAA which concern HIS:

·         HIPAA presents a unique opportunity for automation of information since it is easier to protect secure information electronically as compared to having a paper chart that can be lost or open in front of patients and visitors.

·         Secure password protection must be in place at multiple levels to ensure that access to PHI is restricted to those who need the information at that time.

·         Appropriate encryption of data is essential for transmission between systems in order to prevent the interception of data.

National Spotlight

Yet, in this video clip, CNN’s Campbell Brown and Elizabeth Cohen examined how easy it is for someone to obtain private medical information online by simply using someone’s Social Security number and date of birth www.HealthDictionarySeries.com

Assessment

Whenever the subject of proliferating eHRs catches the national spotlight, you can bet that debates about privacy aren’t far behind. Indeed the privacy issue has already started to gain some traction in the media with the above video, and more.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Prescription Data-Mines and Insurance “Credit-Reports”

Join Our Mailing List

The End to “Rx” Privacy? 

[By Staff Reporters}

Collecting and analyzing [HIPAA protected?] personal health information [PHI] in commercial databases is a fledgling, but exploding industry, despite privacy concerns.

Industry Leaders

For example, Milliman’s IntelliScript provides personal drug profiles to insurers. And, Ingenix’s MedPoint is owned by UnitedHealth, the corporation that owns UnitedHealthCare. UHC is also the nation’s second-largest health insurance company.

Large Data Bases

Both firms created their large profiles by mining rich databases of prescription drug histories [eRXs], kept by pharmacy benefit managers [PBMs], which help insurer’s process drug claims. The data-base then aggregates and ranks the information, based on the drugs and dosages, dates filled and refilled, therapeutic class, and the name and address of prescribing doctor; etc. Higher scores imply higher health insurance premium costs.

Thus, prescription data is used to “rate” or economically judge potential insured patients via these “health credit-reports.”

***

matrix pills

***

Assessment

And so, while politician’s debate how to regulate electronic medical records [EMRs], and attorneys monitor HIPAA policies, some health insurers have already begun tapping into other information sources such as clinical and pathological laboratories, as well. And, other sources are sure to follow.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

%d bloggers like this: