DBR ON DATA

Security, Privacy and Information Governance

Tag: Health Care

Business Associate Exposes Protected Health Information of 19,000 Patients

Share

An error made by a transcription service provider during a software upgrade on Orlando Orthopaedic Center (OOC)’s server in December 2017 has resulted in the exposure of more than 19,000 patients’ protected health information (PHI). PHI stored on OOC’s server from December 2017 until February 2018 – when the breach was finally discovered – was freely exposed over the internet without any authentication. Upon full investigation, patients’ names, social security numbers, dates of birth, insurance information, employer details, and treatment types were deemed accessible.

Continue reading

FCC Moves Ahead with Connected Care Pilot Program Notice of Inquiry

Share

The Federal Communications Commission (FCC) announced its intention to launch a $100 million pilot program to provide greater access to health care for rural and low-income Americans, as well as veterans, through the use of telehealth last month. The FCC is now moving forward with a Notice of Inquiry (NOI), which will kick off a comment period on the proposed program.

Continue reading

Digital Medicine: Health Care Providers’ Side of the Story

Share

Health care technology, particularly digital medicine, promises great new capabilities that will improve outcomes and reduce overall costs and time constraints. Digital medicine encompasses a broad-range of technologies, from technologies used to record, retain, and manipulate health data (i.e., Electronic Health Records aka., EHRs) and thereby make it more useable and amenable to analysis; to actual tools in clinical care (i.e., medical imaging, wearable sensors) that can measure physiological parameters or patient activity and facilitate clinical care and decision-making.

Continue reading

New Report Finds Health Care Industry Bears Highest Data Breach Costs

Share

Health care data breaches cost health care entities an average $408 per record– the highest of any industry for the eighth straight year, according to IBM and the Ponemon Institute’s 2018 Cost of a Data Breach Report, and three times higher than the cross-industry average of $148 per record. The cost for a health care data breach increased from last year’s reported average of $380 per record. Contributing factors to the high costs include compliance with laws and regulations and abnormally high churn rates due to consumer mistrust.

Continue reading

CMS Proposed Rule, Rebranding of Medicare and Medicaid Electronic Health Records Incentives Program Shifts Focus to Interoperability and Patient Access

Share

The Centers for Medicare and Medicaid Services (CMS) recently released its Proposed Rule that, in major part, rebrands the previously known Medicare and Medicaid Electronic Health Records (EHR) Incentives Program into the Promoting Interoperability Program. The rebrand shifts the focus of the program to ensure that providers facilitate patient access to their own health data, and  limit the burden on health care providers when it comes to monitoring clinical care using health technology.

Continue reading

OCR’s Guidance on HIPAA-Permissible Information Sharing During Patient Opioid Crisis

Share

In response to President Trump’s call to action on opioids, acting Department of Health and Human Services (HHS) Secretary Eric D. Hargan declared the opioid crisis a national public health emergency on October 26, 2017.  The next day, HHS-Office for Civil Rights (OCR) released new guidance on when and how health care providers can share a patient’s health information with the patient’s family and close friends during certain crisis situations, such as opioid overdoses, without violating the Health Insurance Portability and Accountability Act (HIPAA) privacy regulations.

HIPAA prohibits health care providers from sharing protected health information about patients who have capacity to make their own health care decisions and object to information sharing, unless there is a serious and imminent threat of harm or safety.  However, health care professionals may disclose some health information without a patient’s permission under certain circumstances, including:

  • Sharing health information with family, close friends, or any other person identified by the patient, and involved in caring for the patient if the provider determines that doing so is in the incapacitated or unconscious patient’s best interests and the information is directly related to the family or friend’s involvement in the patient’s health care or payment for care. The provider may use professional judgment and experience with common practice to make reasonable inferences of the patient’s best interest.
  • Informing persons in a position to prevent or lessen a serious or imminent threat to the patient’s health or safety.

Continue reading

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy