• Member Statistics

    • 854,364 Colleagues-to-Date [Sponsored by a generous R&D grant from iMBA, Inc.]
  • David E. Marcinko [Editor-in-Chief]

    As a former Dean and appointed University Professor and Endowed Department Chair, Dr. David Edward Marcinko MBA was a NYSE broker and investment banker for a decade who was respected for his unique perspectives, balanced contrarian thinking and measured judgment to influence key decision makers in strategic education, health economics, finance, investing and public policy management.

    Dr. Marcinko is originally from Loyola University MD, Temple University in Philadelphia and the Milton S. Hershey Medical Center in PA; as well as Oglethorpe University and Emory University in Georgia, the Atlanta Hospital & Medical Center; Kellogg-Keller Graduate School of Business and Management in Chicago, and the Aachen City University Hospital, Koln-Germany. He became one of the most innovative global thought leaders in medical business entrepreneurship today by leveraging and adding value with strategies to grow revenues and EBITDA while reducing non-essential expenditures and improving dated operational in-efficiencies.

    Professor David Marcinko was a board certified surgical fellow, hospital medical staff President, public and population health advocate, and Chief Executive & Education Officer with more than 425 published papers; 5,150 op-ed pieces and over 135+ domestic / international presentations to his credit; including the top ten [10] biggest drug, DME and pharmaceutical companies and financial services firms in the nation. He is also a best-selling Amazon author with 30 published academic text books in four languages [National Institute of Health, Library of Congress and Library of Medicine].

    Dr. David E. Marcinko is past Editor-in-Chief of the prestigious “Journal of Health Care Finance”, and a former Certified Financial Planner® who was named “Health Economist of the Year” in 2010. He is a Federal and State court approved expert witness featured in hundreds of peer reviewed medical, business, economics trade journals and publications [AMA, ADA, APMA, AAOS, Physicians Practice, Investment Advisor, Physician’s Money Digest and MD News] etc.

    Later, Dr. Marcinko was a vital and recruited BOD  member of several innovative companies like Physicians Nexus, First Global Financial Advisors and the Physician Services Group Inc; as well as mentor and coach for Deloitte-Touche and other start-up firms in Silicon Valley, CA.

    As a state licensed life, P&C and health insurance agent; and dual SEC registered investment advisor and representative, Marcinko was Founding Dean of the fiduciary and niche focused CERTIFIED MEDICAL PLANNER® chartered professional designation education program; as well as Chief Editor of the three print format HEALTH DICTIONARY SERIES® and online Wiki Project.

    Dr. David E. Marcinko’s professional memberships included: ASHE, AHIMA, ACHE, ACME, ACPE, MGMA, FMMA, FPA and HIMSS. He was a MSFT Beta tester, Google Scholar, “H” Index favorite and one of LinkedIn’s “Top Cited Voices”.

    Marcinko is “ex-officio” and R&D Scholar-on-Sabbatical for iMBA, Inc. who was recently appointed to the MedBlob® [military encrypted medical data warehouse and health information exchange] Advisory Board.

    entrepreneur

    Frontal_lobe_animation

  • ME-P Information & Content Channels

  • ME-P Archives Silo [2006 – 2021]

  • Ann Miller RN MHA [Managing Editor]

    ME-P SYNDICATIONS:
    WSJ.com,
    CNN.com,
    Forbes.com,
    WashingtonPost.com,
    BusinessWeek.com,
    USNews.com, Reuters.com,
    TimeWarnerCable.com,
    e-How.com,
    News Alloy.com,
    and Congress.org

    Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners(TM)

    Product Details

    Product Details

    Product Details

  • CERTIFIED MEDICAL PLANNER® program

    New "Self-Directed" Study Option SinceJanuary 1, 2020
  • Most Recent ME-Ps

  • PodiatryPrep.org


    BOARD CERTIFICATION EXAM STUDY GUIDES
    Lower Extremity Trauma
    [Click on Image to Enlarge]

  • ME-P Free Advertising Consultation

    The “Medical Executive-Post” is about connecting doctors, health care executives and modern consulting advisors. It’s about free-enterprise, business, practice, policy, personal financial planning and wealth building capitalism. We have an attitude that’s independent, outspoken, intelligent and so Next-Gen; often edgy, usually controversial. And, our consultants “got fly”, just like U. Read it! Write it! Post it! “Medical Executive-Post”. Call or email us for your FREE advertising and sales consultation TODAY [770.448.0769]

    Product Details

    Product Details

  • Medical & Surgical e-Consent Forms

    ePodiatryConsentForms.com
  • iMBA R&D Services

    Commission a Subject Matter Expert Report [$2500-$9999]January 1, 2020
    Medical Clinic Valuations * Endowment Fund Management * Health Capital Formation * Investment Policy Statement Analysis * Provider Contracting & Negotiations * Marketplace Competition * Revenue Cycle Enhancements; and more! HEALTHCARE FINANCIAL INDUSTRIAL COMPLEX
  • iMBA Inc., OFFICES

    Suite #5901 Wilbanks Drive, Norcross, Georgia, 30092 USA [1.770.448.0769]. Our location is real and we are now virtually enabled to assist new long distance clients and out-of-town colleagues.

  • ME-P Publishing

  • SEEKING INDUSTRY INFO PARTNERS?

    If you want the opportunity to work with leading health care industry insiders, innovators and watchers, the “ME-P” may be right for you? We are unbiased and operate at the nexus of theoretical and applied R&D. Collaborate with us and you’ll put your brand in front of a smart & tightly focused demographic; one at the forefront of our emerging healthcare free marketplace of informed and professional “movers and shakers.” Our Ad Rate Card is available upon request [770-448-0769].

  • Reader Comments, Quips, Opinions, News & Updates

  • Start-Up Advice for Businesses, DRs and Entrepreneurs

    ImageProxy “Providing Management, Financial and Business Solutions for Modernity”
  • Up-Trending ME-Ps

  • Capitalism and Free Enterprise Advocacy

    Whether you’re a mature CXO, physician or start-up entrepreneur in need of management, financial, HR or business planning information on free markets and competition, the "Medical Executive-Post” is the online place to meet for Capitalism 2.0 collaboration. Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds. THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
  • OIG Fraud Warnings

    Beware of health insurance marketplace scams OIG's Most Wanted Fugitives at oig.hhs.gov

On Protected Health Information [PHI]

How Secure is PHI?

[By staff reporters]

***

***

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements.

Book Marcinko: https://medicalexecutivepost.com/dr-david-marcinkos-bookings/

Subscribe: MEDICAL EXECUTIVE POST for curated news, essays, opinions and analysis from the public health, economics, finance, marketing, IT, business and policy management ecosystem.

DOCTORS:

“Insurance & Risk Management Strategies for Doctors” https://tinyurl.com/ydx9kd93

“Fiduciary Financial Planning for Physicians” https://tinyurl.com/y7f5pnox

“Business of Medical Practice 2.0” https://tinyurl.com/yb3x6wr8

HOSPITALS:

“Financial Management Strategies for Hospitals” https://tinyurl.com/yagu567d

“Operational Strategies for Clinics and Hospitals” https://tinyurl.com/y9avbrq5

***

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

Update on HIPAA Cloud Solutions for Hospitals and Health Systems

Join Our Mailing List 

New-Wave Technology and PHI

Carol S. Miller

[By Carol Miller RN MBA]

To help hospitals and health systems comply with Health Insurance Portability and Accountability Act regulations, best practices are emerging for securing all electronic cloud communication of protected health information.

These new technologies will continually be evolving with hospitals, providers and patients move to new means of communication.

Cloud Solutions

Cloud solutions are becoming a needed commodity in treating patients today but also present a risk to privacy and security violation. Despite the advantages of cloud computing, organizations are often hesitant to use it because of concerns about security and compliance.

Specifically, they fear potential unauthorized access to patient data and the accompanying liability and reputation damage resulting from the need to report HIPAA breaches. While these concerns are understandable, a review of data on HIPAA breaches published by the HHS shows that these concerns are misplaced.

In fact, by using a cloud-based service with an appropriate security and compliance infrastructure, a facility can significantly reduce its compliance risk.

***

d1052a30277425_561bf03a44905

***

But, because HIPAA compliance involves stringent privacy and security protections for electronic protected health information (PHI), many cloud providers are balking at signing new Business-Associate Agreements.

Most cloud-technology providers, such as Box and Dropbox, do not include the built-in privacy protections that guarantee HIPAA compliance. Because many cloud storage companies store plain-text data on their servers, PHI is especially vulnerable to breaches and compliance violations.

HIPAA Not Aging Well

HIPAA was written nearly 20 years ago, before cloud health applications were even envisioned. Because of this, some areas of the law make it hard to determine which applications must be HIPAA- compliant and which are exempt.  Considering the numerous ways security breaches can occur with a cloud solution, it is no wonder that HHS is very leery about how PHI is handled on server farms in the cloud.

Assessment

Regardless of the storage modality – it is important to take all the steps possible to comply with HIPAA guidelines.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™ Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

On the lack of encryption of ePHI in transmission and at rest

Join Our Mailing List 

Shahid N. Shah MS[By Shahid N. Shah MS]

ePHI is vulnerable to be compromised in all the states it is in. Whether it is at rest (in databases and files), or in motion (being transmitted through networks), or in use (being updated, or read), or is disposed (discarded paper files or electronic storage media).

Using encryption puts an extra layer of security to ePHI because even if someone gains access or reads ePHI, if it is encrypted then the chances of ePHI getting compromised diminishes. It makes the data unreadable and unusable by unauthorized persons. When ePHI is transmitted through networks, it is possible that it will be accessed by unauthorized persons, thus compromising ePHI. These type of unauthorized access hacking may not be immediately known, but can cause many damages.

Major Mitigation

ePHI should be encrypted and there must also be reasonable and appropriate mechanisms in place to prevent access to ePHI so that it is not accessed by persons or software programs that have not been granted access rights.

There are many different encryption methods and technologies to encrypt data in motion (SSL, VPN) or at rest. Choose the methods and technologies that best meet the physician’s office requirements.

Success criteria

The risk analysis/assessment reports will provide a clear indication of whether these type of risks exists or has been mitigated with appropriate controls.

***

secret

***

Assessment

Auditing logs that track access to ePHI can be verified periodically to check if there has been unauthorized access by persons or software programs that have not been granted access rights.

More

ABOUT 

Mr. Shahid N. Shah is an internationally recognized healthcare thought-leader across the Internet. He is a consultant to various federal agencies on technology matters and winner of Federal Computer Week’s coveted “Fed 100″ Award, in 2009. Over a twenty year career, he built multiple clinical solutions and helped design-deploy an electronic health record solution for the American Red Cross and two web-based eMRs used by hundreds of physicians with many large groupware and collaboration sites. As ex-CTO for a billion dollar division of CardinalHealth, he helped design advanced clinical interfaces for medical devices and hospitals. Mr. Shah is senior technology strategy advisor to NIH’s SBIR/STTR program helping small businesses commercialize healthcare applications. He runs four successful blogs: At http://shahid.shah.org he writes about architecture issues; at http://www.healthcareguy.com he provides valuable insights on applying technology in health care; at http://www.federalarchitect.com he advises senior federal technologists; and at http://www.hitsphere.com he gives a glimpse of HIT as an aggregator. Mr. Shah is a Microsoft MVP (Solutions Architect) Award Winner for 2007, and a Microsoft MVP (Solutions Architect) Award Winner for 2006. He also served as a HIMSS Enterprise IT Committee Member. Mr. Shah received a BS in computer science from the Pennsylvania State University and MS in Technology Management from the University of Maryland. 

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

***

  Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

Emerging New-Wave Cloud Technology for HIPAA

Join Our Mailing List

Securing Electronic Communication in the Cloud

[By Carol S. Miller BSN MBA PMP]

Carol S. MillerTo help hospitals and health systems comply with burdens of the Health Insurance Portability and Accountability Act [HIPAA] regulations, best practices are emerging for securing all electronic communication – cloud, wireless, and texting –  of protected health information.

These new technologies will continually be evolving with hospitals, providers and patients move to new means of communication.

And so, below is a very brief description of one: cloud solutions.

Cloud Solutions

Cloud solutions are becoming a needed commodity in treating patients today but also present a risk to privacy and security violation.  Despite the advantages of cloud computing, organizations are often hesitant to use it because of concerns about security and compliance.

Specifically, they fear potential unauthorized access to patient data and the accompanying liability and reputation damage resulting from the need to report HIPAA breaches. While these concerns are understandable, a review of data on HIPAA breaches published by the HHS shows that these concerns are misplaced.

In fact, by using a cloud-based service with an appropriate security and compliance infrastructure, a facility can significantly reduce its compliance risk.

***

USB drive

[A.I. and the “SINGULARITY”]*

***

Because HIPAA compliance involves stringent privacy and security protections for electronic protected health information (PHI), many cloud providers are balking at signing new Business-Associate agreements.

Most cloud-technology providers, such as Box and Dropbox, do not include the built-in privacy protections that guarantee HIPAA compliance. Because many cloud storage companies store plaintext data on their servers, PHI is especially vulnerable to breaches and compliance violations.

Note:

The SINGULARITY is that hypothetical moment in time when Artificial Intelligence [AI] will have progressed to the point of a greater-than-human intelligence.

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

ABOUT THE AUTHOR

  • Carol S. Miller; BSN, MBA, PMP
  • ACT IAC Executive Committee Vice Chair at-Large
  • HIMSS NCA Board Member
  • President – Miller Consulting Group
  • 7344 Hooking Road
  • McLean, VA 22101
  • Phone: 703-407-4704
  • Fax: 703-790-3257
  • email: millerconsultgroup@gmail.com

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

Handling Protected [Cyber] Health Information [PHI]

Join Our Mailing List

More on Medical Cyber-Security

[By The Doctors Company]

***EHR risks

***

NOTE

The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each health care provider in light of all circumstances prevailing in the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.

More:

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details  Product Details

Financial Planning MDs 2015

Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants

 

Don’t Co-operate with eDR Vendors, Doc!

Join Our Mailing List

My Opinion of eDRs and eDR  Vendors

By D. Kellus Pruitt DDS

Don’t cooperate with those you don’t trust, Doc.

eDR Stakeholders

If you allow Dentrix, the W. K. Kellogg Foundation, the ADA and other ambitious EDR stakeholders talk you into switching from paper dental records to digital before 2014, it will be the most regrettable business decision you have ever made.

PHI Breaches

Regardless if a data breach of your patients’ Protected Health Information (PHI) is your fault or not, it can easily cause bankruptcy, and the odds aren’t in your favor. According to a recent Redspin study, the number of breaches doubled between 2010 and 2011. (See “Health data breaches up 97% in 2011” by Diana Manos in Healthcare IT News, February 1, 2012).

http://www.healthcareitnews.com/news/health-data-breaches-97-percent-2011

Procrastination and Late Adopters

So even if unlike Americans who enjoy freedom, professionalism keeps you from publicly expressing an opinion, there’s never been a better time to drag your feet in our usual way. Besides, what have you got to lose by waiting? If consumers prefer EDRs, don’t you think we would see dentists touting their safety in their ads?

RedSpin

Daniel W. Berger, President and CEO of Redspin, is quoted in Diana Manos’ article: “Information security breach is the Achilles’ heel of PHI. Without further protective measures, data breaches will continue to increase and could derail the implementation, adoption and usage of electronic health records.” So why allow selfish EDR stakeholders who cannot be held accountable for harming your patients rush you into buying their favorite technology?

Note that the ineffective “further protective measures” will make EDRs even more expensive compared to paper dental records – allowing paper dentists to charge less than paperless practices, while still making more profit. Indeed, Doc. What have you got to lose by waiting?

Over the last 6 years, virtually all of my predictions about HIPAA have been right, and following the recent Redspin report, I feel even stronger about this one: The national failure of HIPAA will become noticeable in dentistry first.

OCR Culture

Not only is the Rule ineffective at protecting dental patients’ identities, but the tedious, mostly worthless compliancy requirements are so unreasonably time consuming and costly that no dentist can ever be 100% compliant. What’s more, eager HIPAA auditors working on commission to enforce the Office of Civil Rights’ “culture of compliance,” can find a dentist “willfully negligent.” Is that not subjective? The fines for such an auditor’s opinion are obscene. If you unfortunately experience a data breach, you don’t want to lose even more sleep over an audit that you cannot win, do you? Dentists don’t have to take this.

Dentistry Is Billing Simple

Unlike the complex administrative tasks in physicians’ offices, the business of dentistry is simple: Billing involves ten times fewer patients and CDT codes cover fees for procedures only involving the lower third of patients’ faces. Ledger cards, pegboards and lots of carbon paper have functioned adequately and safely for busy dental practices for decades. Besides, computers still haven’t shortened the time it takes to do a technique-sensitive filling in a squirmy kid’s mouth. If the front desk is the bottleneck rather than the speed of the dentist’s hands, someone needs to brush up on their alphabet skills.

If you think you might miss your computer, now is a perfect time to encourage dentistry’s leaders to consider de-identifying EDRs… Or if like me, you aren’t a HIPAA covered entity, we could wait a little longer if you’d like. Within a year, Americans will be noticeably seeking dentists who don’t put their PHI on computers.

Assessment

The hope for miracle discoveries derived from safely data-mining interoperable dental data doesn’t have to end like this, but I certainly don’t mind the windfall profits that expensive HIPAA regulations and patients’ fear of identity theft will bring to my practice.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

   Product Details

On e-Claim Only Dental Plans

About their Hidden Costs – I’m Talking PHI Breaches

By D. Kellus Pruitt DDS

If the rumor is true about Bluebell Ice Cream’s “e-claim-only” dental benefit plan that is to go into effect in March, how many in the east-central Texas town of Brenham (pop. 16,000) will be properly warned about the danger to themselves, their families and Bluebell officials’ reputations because of reckless policy?

Transmissions Risks

Each time their dentists send an electronic dental claim (e-claim) over the internet to insurance employees in Chicago as a favor to a patient – and especially the insurer – the Bluebell employee’s digital medical identity which is worth fifty bucks on the black market, rides along to destinations unknown. It’s my guess that very few Bluebell employees are yet aware of the increasing risk of medical identity theft from dentists’ e-claims – much less given the opportunity to opt out of the risk by simply visiting a dentist who still uses the telephone, fax and US Mail.

Security Risks Growing

It certainly won’t improve my popularity with 9 out of 10 dentists for saying this, but risks of identity theft from HIPAA-covered dental offices are climbing daily. In the introduction to a recent interview with Larry Ponemon, chairman and founder of the Ponemon Institute, GovernmentIT.com editor Tom Sullivan ominously described the ever-increasing risk of a massive “data spill” of perhaps millions of patients’ protected health information (PHI):

 “The street value of health information is 50 times greater than that of other data types. Even worse, the healthcare industry is among the weakest at protecting such information. With organized criminals trying to steal medical IDs, sloppy mistakes becoming more commonplace, mobile devices serving as single sign-on gateways to records and even bioterrorism now a factor, healthcare is ripe for some a wake-up call – one that just might come in the form a damaging ‘data spill.’” (See: “Q&A: How a health ‘data spill’ could be more damaging than what BP did to the Gulf.”

Tom Sullivan – Editor [December 05, 2011]

http://govhealthit.com/news/qa-how-health-data-spill-could-be-worse-what-bp-did-gulf?page=0,0

According to Dr. Ponemon:

“The basic issue, when you think about data theft not data loss – because it’s hard to know whether that lost data ultimately ends up in the hands of the cybercriminal and all of these bad things occur – but in the case of identity theft, the end goal has been historically to steal a person’s identity, and just like getting a financial record, getting a health record probably has your credit card, debit card, and payment information contained in that record.”

Of Credit Cards … and More!

But that’s not all. Credit cards are just chump change. He continues:

“The financial records are actually lucrative for the bad guy, but the health record is actually much, much more valuable item because it not only gives you the financial information but it also contains the health credential, and it’s very hard to detect a medical identity theft. What we’ve found in our studies is that medical identity theft is likely to be on the rise and, of course, there’s an awareness within the healthcare organizations that participate in our study that they’re starting to see this as more of a medical identity theft crime. It’s not just about stealing credit cards and buying goodies, it’s about stealing who you are, possibly getting medical treatment and, therefore, messing up your medical record.”

Dr. Ponemon suggests that the victim may not know about the theft until he or she “stumbles on something that alerts them their medical identity was stolen.” Perhaps something like death following anaphylactic shock from a medication that was once digitally highlighted as “Allergic to.” Understandably, Ponemon adds that respondents recognized altered medical histories as an emerging threat they believed was affecting the patients in their organizations. Such danger for dental patients is almost non-existent if their dentists simply don’t put PHI on office computers.

Should a data breach of Bluebell Ice Cream employees’ identities occur in Brenham or Chicago, which is more likely than not, the fact that electronic dental records do nothing to improve the quality of dental care won’t make Brenham citizens any happier with local Bluebell officials. 

Conclusion       

And so, your thoughts and comments on this ME-P are appreciated. Please review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise


Product Details

Medical Identity Theft on the Rise

Join Our Mailing List

Open Up Dentists – and Physicians, Too!

[By D. Kellus Pruitt DDS]

If I tell you that your patients’ insurance identities can be sold for $50 each, how much will you trust your employees on Monday, Doc?

The Experts Speak

According to a panel of cyber-security experts at a recent Digital Health Conference, medical identity theft has become one of the most lucrative forms of identity theft. “DHC: EHR Data Target for Identity Thieves” by MedPage Today Associate Staff Writer Cole Petrochko, was posted last week

http://www.medpagetoday.com/PracticeManagement/InformationTechnology/30074

“Presentations at the Digital Health Conference here indicated that a single patient’s electronic health records can fetch $50 on the black market — a much fatter target than more familiar forms of identity theft, such as Social Security numbers ($3), credit card information ($1.50), date of birth ($3), or mother’s maiden name ($6).”

eMRs Not Like Credit-Cards

“And, unlike a credit card number, patients’ healthcare records cannot be cancelled or changed to prevent stolen data from being used by criminals”, said John DeLuca, of EMC Corp., an information technology company.

The Street Value of eDRs 

What do you want to bet that medical identities downloaded from dentists’ computers bring $50; as well. I’d like to share a special, visceral sentiment with my shy, HIPAA covered colleagues:

I warned you, damn it! And, I assume, just like virtually all other silent dentists in the nation, you’ve done NOTHING to safeguard your patients’ identities. Even if you don’t like truth served bluntly, this dentist has your reputation in mind when I warn that if your practice experiences a reportable data breach of over 500 records, and your patients’ identities aren’t encrypted, those who choose to remain with your practice will never trust you as much as they do today – even if you properly report the breach. Of the estimated 20% who will never return, many will probably look for a gentle dentist who doesn’t store patients’ Protected Health Information (PHI) on computers …. Like me. (Yea, that was a sales pitch. As one might expect, I certainly welcome discussion of it with anyone).

ADA Laggards 

After 5 years of awaiting responses from unaccountable leaders inside and outside the American Dental Association concerning HIPAA and EDRs, It feels really good to aggravate 9 out of 10 dentists still reading this – challenging those who normally take offense with professional stoicism to loosen up and share their feelings with everyone for once … God help me, I do love this so.

More About the Black Market 

The black market price for EHRs has increased ten-fold in the last 5 years. In 2006, I warned in a guest column on WTN that it only takes one dishonest employee needing a couple of thousand quick dollars to potentially bankrupt a practice almost without risk of being caught. Back then, the black market price for a stolen medical identity was estimated at only $5 (See: “Careful with that electronic health record, Mr. Leavitt,” WTN News, October 18, 2006).

http://wtnnews.com/articles/3407/

It’s no secret that reticent ADA officials like President-elect Dr. Robert Faiella have suspiciously failed in their duty to be transparent with dues-paying members about the liabilities of the EHRs – even as they continue to recklessly promote paperless practices. The result: Almost all dentists in theUSstill maintain patients’ unencrypted medical identities on their office computers – often guarded by a flimsy password that is still cute a decade later. (Did I hear a gasp?).

Consider This!

Consider this, Doc! If a practice has 3000 active patients with identities worth $150,000, all one dishonest employee needs for dreams to come true is a flash drive and private time with your computer.

Assessment

Show me a dentist who thinks the benefits of EHRs to dental patients still outweigh the liabilities and I’ll show you a dangerously naive healthcare provider who probably doesn’t know about KPMG Auditors. Let’s face the facts bravely, Doc. Now would be a terrible time to invest in an EDR system – even cloud based. The proven, avoidable danger EDRs bring to American dental patients is unacceptable and only getting worse. Give it a year or so.

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Product Details

About [Health] Data Protection

What’s Your Back-up Plan – Doctor?

Join Our Mailing List

As per a recent study, 32% of data is lost by human errors. However hardware, software, hacks and smack-downs are responsible for remaining 68% data loss.

Data protection gains major importance in data loss. It can be achieved by implementing data management successfully.

Source: dell.com

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

Dictionary of Health Information Technology and Security

OCR Imposes Penalties for Employee’s Unauthorized Viewing of PHI

By Garfunkel Wild, PC

Join Our Mailing List 

Early in July, the Department of Health and Human Services Office of Civil Rights (“OCR”) entered into a settlement for $865,500 with UCLA Health System (“UCLAHS”) as a result of complaints alleging that UCLAHS employees repeatedly and without permissible reason looked at the electronic protected health information (“ePHI”) of celebrity patients.

Initial Complaints

Although the complaint was initially made by only two patients, in its investigation OCR determined that from 2005-2008 unauthorized employees of UCLAHS repeatedly looked at the ePHI of numerous other patients as well. In addition to paying the settlement, UCLAHS committed to a correction action plan that includes (1) implementation of policies and procedures; (2) robust training for employees; (3) a commitment to sanction offending employees; and (4) designation of an independent monitor to assess compliance over 3 years.

Assessment

This settlement is the fourth settlement in a year and highlights OCR’s increasing enforcement of violations to HIPAA Privacy and Security Rules. Failure to have an effective HIPAA compliance program can result in significant monetary penalties, and therefore, providers and business associates alike should be evaluating their HIPAA compliance programs to ensure that appropriate safeguards are in place.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Proposed Regulations on HIPAA Accounting of Disclosures

New Rules and Regulations for Covered Healthcare Entities

ADVERTISEMENT

Join Our Mailing List 

By HCR@garfunkelwild.com

Proposed regulations regarding HIPAA accounting of disclosures have been recently published and are open for public comments.  If enacted in their current form, the new regulations will require Covered Entities to make significant revisions to their current HIPAA procedures and may require modifications to current computer systems.  

The HI-TECH Act

Under the HITECH Act, regulations must be enacted that allow individuals to receive a much expanded accounting of disclosures of electronic health information, including disclosures made for treatment, payment and health care operations. 

In order to accomplish this, the proposed regulations differentiate between “accountings of disclosures” and “access reports.”  Accountings will continue to be a list of certain limited types of disclosures.  Access reports will be similar to “audit trails” and must include information regarding each access to an individual’s electronic health information.  Covered Entities must be able to provide, upon request, both accountings and access reports.

Covered Entities

The proposed regulations also include specific requirements, including the following:

  • Accountings and access reports must be available in regard to disclosures or access, as applicable, for 3 years and must be provided within 30 days of the request. 
  • Accountings and access reports will be required only for health information maintained in designated record sets (e.g., medical records, billing records).
  • Accountings and access reports must include information about disclosures of, and access to, information maintained by business associates.
  • There are additional exceptions to the types of disclosures that must be included on an accounting (e.g., exceptions will include disclosures about abuse and to medical examiners).

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product Details 

Protecting Personal Health Information [PHI on Talk Radio]

Check out the Xerox Blog Talk Radio

By Staff Reporters

Join Our Mailing List 

Federal regulations require that healthcare organizations put new safeguards be put in place to protect a person’s personal health information, also known as PHI. This means new challenges for anyone who handles sensitive data [covered entities]. And, there are also severe penalties if the guidelines aren’t followed.

From ACS

Mark Tripodi, chief innovation officer for ACS’ government healthcare solutions group will explain why data can easily be put at risk and what can be done to ensure organizations meet privacy standards.

Assessment

You can access the recording here: http://bit.ly/eyv65U.

For more on Xerox: http://xrx.sm/news.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product Details 

Do We Have A False Sense of HIT Security?

Data Breaches More Common than Realized

By Darrell K. Pruitt; DDS

Here is an article titled “Report: Healthcare Organizations may have a False Sense of Data Security,” written by Neil Versel for FierceHealthIT.

http://www.fiercehealthit.com/story/report-healthcare-organizations-may-have-false-sense-data-security/2010-04-12?sms_ss=twitter#ixzz0kzNS6lq

Versel describes the results of a study commissioned by Nashville, Tenn-based Kroll Fraud Solutions. Kroll estimates that 19% of healthcare organizations in the nation suffered a data breach in the last 12 months. That number is up from 13% a year ago. It is based on this information that I estimate that in the last year, at least 24 million dental patients in the nation have been unknowingly exposed to the danger of identity theft. Everyone agrees that the only ethical thing for a dentist to do if he or she knows that patients’ identities have been exposed is to notify the patients and HHS. The shameful fact is, data breaches in dentistry are not being reported.

Enter the Dentists  

But, who can blame American dentists for underreporting breaches without first blaming the heavy-handed, stakeholder-friendly system that forces honest professionals to be dishonest? If a dentist self-reports a breach of 500 or more patients’ Protected Health Information (PHI) it can easily bankrupt a practice. The harm to one’s reputation in the community is just too great a disincentive for even the best of us, even without the added expense of patient notification, subsequent fines and lawsuits. It’s ugly, but that’s the hard, hidden truth about HITECH-HIPAA in dentistry – a piece of lame, one-sided “feel good” legislation that rather than preventing data breaches in dentists’ offices, it drives them underground. As healthcare providers, we should have warned our patients about the growing danger from electronic dental records long ago. Besides me, there are no practicing dentists discussing the topic. Why?

Accepting Ownership of the Dilemma  

Would anyone like to argue that the bi-partisan federal mandate for an interoperable, national eHR system relieves dentists of their obligations to the Hippocratic Oath? Let’s face it: Dentists’ computers continue to threaten up to 20% of dental patients in the nation. We cannot ignore it any longer, doctors.  Once we finally accept ownership of our problem, what are we going to do about it? I’ve suggested that we use common sense and simply remove the dangerous information from dental patients’ files. Anyone see any problem with this idea? Anyone have a better solution?

Assessment 

So what do the leaders of the ADA think of de-identification?

 

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe. It is fast, free and secure.

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Notice of Healthcare Privacy Practices Explained

Join Our Mailing List

NPP “Game Changer” Replaced Use of Consents

Dr. Mata

[By Richard J. Mata; MD, MS]

In its most visible change, the privacy regulations of HIPAA require covered health entities to provide patients with a Notice of Privacy Practices (NPP).

The NPP replaces the use of consents, which are now optional, although they are recommended.

The NPP outlines how PHI is to be regulated, which gives the patient far-reaching authority and ownership of their PHI, and must describe, in general terms, how organizations will protect health information.

THE NPP Specifics

The NPP specifies the patient’s right to the following:

  • gain access to and, if desired, obtain a copy of his or her own health records;
  • request corrections of errors that the patient finds (or include the patient’s statement of disagreement if the institution believes the information is correct);
  • receive an accounting of how their information has been used (including a list of the persons and institutions to whom/which it has been disclosed);
  • request limits on access to, and additional protections for, particularly sensitive information;
  • request confidential communications (by alternative means or at alternative locations) of particularly sensitive information;
  • complain to the facility’s Privacy Officer if there are problems; and
  • pursue the complaint with DHHS’s Office of Civil Rights if the problems are not satisfactorily resolved.

A copy of the NPP must be provided the first time a patient sees a direct treatment medical provider, and any time thereafter when requested or when the NPP is changed. On that first visit, treatment providers must also make a good faith effort to obtain a written acknowledgement, confirming that a copy of the NPP was obtained. Health plans and insurers must also provide periodic Notices to their customers, but do not need to secure any acknowledgement. Most Health Information Management departments that oversee the clinical coding of medical records also manage the NPP documentations and deadlines, but this may vary from hospital to hospital, or office to office.

Assessment

HIPAA requires no other documentation from the patient in order for information to be used or disclosed for basic functions, like treatment and payment, or for a broad range of other core healthcare operations. State laws may nonetheless require some kind of consent/authorization form from the patient for these purposes [It is common for institutions to claim, incorrectly, that HIPAA does].

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Encrypt or De-identify PHI

Join Our Mailing List

Which One Just Might Work?

[By Darrell K. Pruitt; DDS]pruitt

The United States’ advancement in Healthcare Information Technology, which has the potential to lead to wonderful money-saving cures through research using trustworthy interoperable health records, is currently stopped cold by patient security problems that are only getting worse. Our lawmakers cannot get around the security obstacle without resorting to authoritarian means using CMS’s power to withhold providers’ discounted payments and threats of obscene fines from the HHS and the FTC. History shows that tyranny is not tolerated well in this part of the world. Lawmakers can get their butts voted smooth out of office in my neighborhood.

HITECH  

Here is something nobody mentions: Despite the current hope in a thick, political fantasy called HITECH, encryption of patients’ Protected Health Information [PHI] is a non-starter in the land of the free. Everyone knows that resourceful, cynical Americans will simply never trust encryption to protect their secrets, and will reliably withhold important information from their eMRs – one way or another. Doctors as well as patients can be expected to go out of their way to sabotage technology they fear. We all intuitively know this is true, don’t we? We aren’t so naïve to think all the players will happily play by the rules, are we? And I think we can all agree that an untrustworthy digital health record in an emergency room is worse than no patient information at all. Security is a grand problem with eMRs that started with HIPAA changes in 2003 that made eHRs so slippery. And the problem is clearly not being resolved. Not yet.

Public Lacks Trust 

Regardless of the campaign donations which follow him, there is nothing Newt Gingrich and his entrepreneurial friends in high places can do about the public’s lack of trust in encryption. It gets worse: Encryption hasn’t a chance of isolating PHI from dishonest employees in doctors’ offices, and slippery digital patient data can be moved soo easily. Everyone knows that as well, don’t they? It is estimated that two-thirds of the identities stolen in the nation are lifted from doctors’ offices. That’s us, Doc. HIPAA is not only irrelevant, it is an expensive distraction – it gives future ID theft victims a false sense of security.

HIPAA Approved 

De-identifying digital records is not mentioned in HITECH as a HIPAA-approved method of security. Yet it is the ONLY solution that promises to be even more secure than paper records. Because of heavy stakeholder stakes in hospital care, it will take longer for CEO-types to embrace patient-friendly de-identification. Other than identifiers such as names, social security numbers, birthdates, addresses and other items that have street value, NOBODY cares what is in a dental record. I actually think this opens a tremendous opportunity for someone courageous in the Texas Dental Association to discuss the feasibility of de-identification of dental records. Otherwise, instead of leading the nation in solving security problems, the TDA will look just as stupid as the ADA.

Encryption would also provide a dangerous false sense of security in eMRs – that is if it had a chance in the marketplace. But encryption will never go far because consumers simply won’t buy it. That is a marketplace fact that stoically optimistic HIT stakeholders are trying hard to avoid. They also know they are running out of time. Deadlines are quickly approaching for both HIPAA and the Red Flags Rule that providers are far from prepared for.

Former Attorney Speaks 

Bill Lappen, a former attorney and author of the ad I copied below, as well as a partner with his brother David in the de-identified health record venture says: “Since no identifying information is ever entered, a hacker can’t determine whose information is shown.”

So in addition to protecting one’s practice against dishonest or vindictive employees, de-identification of dental records would make hacking a dentist’s computer a complete waste of time, and hackers wouldn’t endanger dental patients and bankrupt dentists.

My Confidence 

I confidently tell you that soon, someone smart will come upon the unprecedented idea that the ultimate answer to our security problem in healthcare will be de-identification of medical records, not encryption. De-identification allows a compromise of privacy for only a miniscule percentage of physicians’ patients. We cannot allow that to stand in the way of better health for everyone else. Those special cases are so few that I am confident that they can be dealt with individually. We simply must move forward. I’ll have to retire some day. I may need help from Medicare.

Encryption gives us only danger and protects nobody but a thief with a key.

Assessment 

We’ve wasted enough time on HITECH and HIPAA, as well as CCHIT. It’s time to say no to stakeholders and pay attention to patients’ needs instead of those who would needlessly increase the cost of their care. Stimulus money attracts cockroaches.

In the name of Hippocrates, disregard the tainted HIPAA mandate. It is dangerous, and especially absurd in dentistry.

Link: http://www.theopenpress.com/index.php?a=press&id=58568

Life-Saving Patient Information can be Online, Anonymous and Usable

Published on: September 26th, 2009 12:19am

By: blappen

Los Angeles, CA (OPENPRESS) September 26, 2009 — Hospital Emergency Rooms need instant access to patient medical information. Allergic reactions and dangerous drug interactions can be deadly. Time is critical. Until now, privacy was a large concern. Two brothers, who have developed medical software over the past 15 years, think they have a simple first step towards moving patient information on to the internet.

“The ER doesn’t need to look up the information by patient name” said Bill Lappen, a former attorney. “We have implemented secure systems in the past, but no matter how secure we make the site, we have to assume that it will be hacked” added David Lappen, a computer design engineer from Stanford. “But providing instant access to life-saving information is too important to ignore”, he added. To protect patient privacy, their system does not know to whom the medical information belongs. Since the person’s identifying information is never on the system, it can’t be stolen. “By enabling anonymous entry, we have protected people’s privacy while allowing them to put their life-saving information in a place where it can be instantly accessed when needed”, added Bill Lappen.

www.AMCC.me is the public service website they created. It allows anyone to enter medical information anonymously. The site provides a random ID which the user carries in his/her wallet. For someone to see that user’s medical information, they merely enter the ID into the site. Unless the user has given them their ID, the information shown is meaningless. That same information, when associated with a patient, can save their life.

Since no identifying information is ever entered, a hacker can’t determine whose information is shown. “Secure patient-controlled Electronic Medical Records are now available on the internet” said David Lappen. A sample ID has been set up on the site to allow users to evaluate the concept before setting up their own free ID.

Contact:

Bill Lappen

Bill@AMCC.me

Join Our Mailing List

(818) 789-6531

Channel Surfing
Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Understanding the PHI “Minimum Necessary” Rule

Join Our Mailing List

Protected Health Information and HIPAA

By Richard J. Mata; MD, MIS, CMP™ [Hon]

Dr. Mata

One important concept of the Health Insurance Portability and Accountability Act [HIPAA] is the “minimum necessary” rule, which states the minimum use of Protected Health Information [PHI] to identify a person, such as a social security number, home address, or phone number.

Only the essential elements are to be used in transferring information from the patient record to anyone else that needs this information.

Financial Information Included

This is especially important when financial information is being addressed. Only the minimum codes necessary to determine the cost should be provided to the financial department. No other information should be accessed by that department. Many institutions have systems where a registration or accounting clerk can pull up as much information as a doctor or nurse, but this is now against HIPAA policy and subject to penalties. The “minimum necessary” rule is also changing the way software is set up and vendor access is provided.

Human Resources

Another challenging task is keeping up with the number of people who access PHI, because the privacy regulations allow a patient to receive an accounting of anyone who has accessed their information, both internally (within your hospital, Emerging Healthcare Organization, or medical entity) and externally (such as through your business associates).  The patient has the right to know who in the lengthy data chain has seen their PHI.  This sets up an audit challenge for the medical organization, especially if the accountability is programmed internally.  When other business associates use this PHI without documenting access to a specific patient’s PHI, no one would be accountable for a breach in privacy.

http://www.findbookprices.com/author/Hope_Hetico

One way to track access is through a designated record set, which contains medical or mixed billing records, and any other information that a physician and/or medical practice utilizes for making decisions about a patient.  It is up to the hospital, EHO, or healthcare organization to define which set of information comprises “protected health information” and which does not, though logically this should not differ from locale to locale.

Assessment

Overlaps from the privacy regulations that are also addressed in the security regulations are access controls, audit trails, policies on e-mail and fax transmissions, contingency planning, configuration management, entity and personal authentication, and network controls. For more information about the Security Standards final rule; reference the Federal Register.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product DetailsProduct Details

Product Details

Video: Protecting Protected Health Information

Join Our Mailing List

The eEHR Privacy Debate Continues

[By Staff Reporters]

According to our colleague Richard Mata; MD, MIS, writing in the premium print-journal Healthcare Organizations [Financial Management Strategies], a critical feature of any healthcare information system [HIS] is compliance with privacy requirements. Of course, the most important compliance regulation is the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The key here is to have computer systems, terminals, workstations, servers and hand-held systems fully in communication with each other — including the ability to send data outside the fire-walls of the institution; interoperability as needed — while ensuring the confidentiality of protected health information (PHI), which is health information where the person to whom it belongs is identifiable

Federal Privacy Regulations

The federal government required hospital and healthcare entity compliance with HIPAA security regulations since April 2005. Briefly, the following are features of HIPAA which concern HIS:

·         HIPAA presents a unique opportunity for automation of information since it is easier to protect secure information electronically as compared to having a paper chart that can be lost or open in front of patients and visitors.

·         Secure password protection must be in place at multiple levels to ensure that access to PHI is restricted to those who need the information at that time.

·         Appropriate encryption of data is essential for transmission between systems in order to prevent the interception of data.

National Spotlight

Yet, in this video clip, CNN’s Campbell Brown and Elizabeth Cohen examined how easy it is for someone to obtain private medical information online by simply using someone’s Social Security number and date of birth www.HealthDictionarySeries.com

Assessment

Whenever the subject of proliferating eHRs catches the national spotlight, you can bet that debates about privacy aren’t far behind. Indeed the privacy issue has already started to gain some traction in the media with the above video, and more.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

%d bloggers like this: