Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Saturday, October 15, 2011

Weekly Overseas Health IT Links - 15 October, 2011.

Note: Each link is followed by a title and few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.
-----

Time for a Health Care ‘Chief Knowledge Officer’?

HDM Breaking News, October 5, 2011
A number of industries have started to create the position of chief knowledge officer, responsible for making good use of the increasing amount of data available.
It’s time for the CKO position to come to health care, with the C-level moniker more than name-only, according to Cindy Zak, director of health information management and privacy officer at Milford (Conn.) Hospital. “The CKO is a change agent, an ambassador using knowledge to bring change to the organization,” she said during a session at the AHIMA 2011 Convention & Exhibit in Salt Lake City. “The CKO needs to report to the CEO.”
-----

AHIMA: ICD-11 on horizon, but need to get through ICD-10 first

Written by Bob Mitchell
October 4, 2011
SALT LAKE CITY—Managing information in the 21st century and whether to code or not to code was the keynote address presented Oct. 4 at the American Health Information Management Association (AHIMA) conference by T. Bedirhan Ustun, MD, PhD, team coordinator of classification, terminology and standards in the department of health statistics at the World Health Organization (WHO).
“Procrastinating over ICD-10 is not a good thing. It is more wrong to not make the transition,” he said. “Healthcare is a very high information-intensive sector and integration is needed. Healthcare information is of vital importance for its patient safety, quality and efficiency.”
-----

Provider EHR incentive registrations exceed 100,000

October 05, 2011 | Mary Mosquera
The number of physicians and hospitals that have registered for the Medicare or Medicaid electronic health record (EHR) incentive program has surpassed 100,000, according to the Centers for Medicare and Medicaid Services.
As of the end of September, 88,399 physicians and hospitals have signed up for the Medicare program, 24,030 for the Medicaid program and 2,215 hospitals that are eligible for both incentive programs, for a total of 114,644 registrants. In August, the count was 90,000. Thirty-three states have opened their Medicaid EHR incentive programs. 
-----

Health Information Exchanges Need A Better Business Model

National Association of State CIOs says HIEs won't be sustainable without new ways to generate revenue and cut costs.
By Nicole Lewis, InformationWeek
October 04, 2011
The National Association of State Chief Information Officers (NASCIO) is urging state CIOs who are developing health information exchanges (HIEs) to improve their business strategy. That strategy has to generate revenue to cover operational costs and provide sustainability for these exchanges, before the public funds that they have already received run out.
In its latest brief, Sustainable Success: State CIOs and Health Information Exchange, NASCIO points out that the State Health Information Exchange Cooperative Agreement Program alone has distributed nearly $550 million in funding.
State-run HIEs are fundamental to the vision of a new healthcare delivery system that electronically exchanges patient data securely among providers, payers, and other healthcare stakeholders, and their numbers have grown substantially, according to NASCIO. In July 2010, there were approximately 37 public health information exchanges, now there are 67. The number of private exchanges has increased from 52 to 161.
-----

Consumer interest presents educational opportunities

October 07, 2011 | Jeff Rowe, HITECH Watch
One of the questions long underlying the HIT transition is the “field of dreams” question: If you build EHRs, will the people come?
This long-time observer reviews a number of recent consumer surveys and answers with a fairly resounding “Yes”.
For starters, she cites a 2011 Intuit poll in which three-quarters of respondents said they “would use a secure online tool to make it easier to communicate with the doctor's office. Furthermore, one-half of those interested in online access to doctors would consider switching doctors to one whose office offered secure online access.”
-----

Policymakers need to balance speed and safety

October 05, 2011 | Jeff Rowe, HITECH Watch
Since at least the creation of the Office of the National Coordinator for Health Information Technology, it’s been quite clear that the federal government was going to play a major role in the evolution of health IT across the country.
Now, at least one observer is predicting that, particularly when it comes to the matter of regulating new technology, the federal role is going to get even larger.
As he puts it, “FDA’s exemption for EHRs seems headed the way of the dodo bird.” Two “opposing” trends, he notes, will ultimately be responsible for the Food & Drug Administration’s full-scale entry into the arena of EHR regulation.
-----

ONC Takes on Patient Engagement in HIT

Gienna Shaw, for HealthLeaders Media , October 6, 2011

The federal government will spend nearly $1.4 million to determine "whether and when" providers can share patients' data and to figure out how best to share electronic health data between patients and providers.
In a 36-page document, the Office of the National Coordinators' Office of the Chief Privacy Officer outlines a number of questions and tasks for the contractor, APP Design, Inc., with partnering with providers to creating pilot programs to answering a number of questions about how to engage patients and educate them about their electronic health data.
-----

HIT Industry Remembers Steve Jobs

HDM Breaking News, October 6, 2011
The passing of Apple Computer's Steve Jobs has many in the health information technology industry reflecting on his impact. Among them:
Girish Navani, CEO and co-founder of eClinicalWorks:
Every entrepreneur thinks of Steve Jobs when building his or her business. His passing leaves behind a feeling of deep loss, especially at the knowledge that it will be another generation before the world finds another like him. Jobs was a leader, visionary and a perfectionist, and I am deeply saddened."
-----

Humber "impressed" with Lorenzo

5 October 2011
Humber NHS Foundation Trust has confirmed it is now the early adopter for Lorenzo mental health care management and said that its staff are “impressed” with the system.
A trust spokesperson told eHealth Insider that the functionality of the system, which is due to be delivered by CSC as the local service provider for the North, Midlands and East of England, would help it to deliver its informatics strategy.
“Our staff have reviewed Lorenzo and are impressed with the product. We are looking forward to using the rich functionality provided by Lorenzo to modernise our mental health information systems,” they added in a statement.
-----

EHI interview: Katie Davis

In an exclusive interview with eHealth Insider editor Jon Hoeksma, Katie Davis, the managing director of NHS Informatics, says her priority is to ‘connect all’ on the foundations of the defunct NPfIT.
5 October 2011
In her first interview since taking up post in July, Katie Davis, the managing director of NHS Informatics, says her focus is delivering the government’s ‘connect all’ agenda for NHS IT.
The ‘connect all’ philosophy was first set out in the Operating Framework for the NHS in England 2010-11 in December 2009, and reiterated by health minister Simon Burns at the end of a review of the National Programme for IT in the NHS last September.
So it is hardly new, and certainly not the outcome of the Cabinet Office review of NPfIT that was triggered by a critical National Audit Office report on the detailed care records element of the programme earlier this summer.
-----

U.K. E-Health Records Failure Makes U.S. Plan Shine

It's too soon to know whether U.S. healthcare providers will jump on the IT bandwagon, but one thing's for certain: the U.K.'s health IT project was too top-heavy.
By Marianne Kolbasuk McGee, InformationWeek
October 06, 2011
Perhaps the United Kingdom should have taken the U.S. approach to health IT. Seems like the Brits might be thinking that, too.
The failure of the United Kingdom's troubled, $20 billion-plus National Health Service National Programme for IT, launched in 2002 and officially declared dead last month, serves several lessons for the United States as it rolls out its own $27 billion health IT program.
Granted, the U.S.'s own $20 billion-plus Health Information Technology for Economic and Clinical Health, or HITECH Act, stimulus program, set up to entice doctors and hospitals to trade in their paper patient charts for digitized record systems, is too young to call a success, or to predict being one.
-----

AHIMA Goal: 40,000 More HIM Jobs

HDM Breaking News, October 3, 2011
A new initiative from the American Health Information Management Association seeks to create at least 40,000 HIM jobs to build and maintain electronic health records.
“The HIM Jobs for America” initiative is two-fold and builds off AHIMA’s ongoing work to provide HIM curricula to universities and community colleges.
Under a demonstration program, AHIMA is working with the HHS Office of Minority Health and North Shore Medical Labs in Williston, N.Y., to bring health I.T. to 100 small-practice physicians in underserved communities in Alabama, Mississippi and North Carolina. HHS has identified the communities, AHIMA will recruit physicians and provide free I.T. training to providers and staff, and North Shore will donate Web-based electronic health records/practice management/patient portal software from Nortec Software Inc.
-----

Is the U.S. government as far behind on cloud computing as we thought?

October 04, 2011 | Tom Sullivan, Editor
While an overwhelming percentage of organizations are talking about moving to the cloud, far fewer have actually made such a transition -- and even among those that have, more than half have found cloud technologies are not yielding the benefits they anticipated.
That’s according to Symantec’s State of Cloud Survey 2011. The security vendor published its results on Tuesday, finding that 75 to 81 percent of respondents are “at least discussing all forms of cloud,” according to Symantec. But despite that level of interest, fewer than “20 percent reported having completed implementing each of the cloud focus areas covered by the research.” Those being email services including management and security, security management, and Web and IM security.
-----

British Electronic Health Record Collapse Sparks Lawsuit

Investors sue U.S. contractor CSC, claiming it concealed its inability to complete failed $18 billion U.K. National EHR Program.
By Neil Versel, InformationWeek
October 05, 2011
Two weeks after the official decision to kill the British government's plan to build a national health IT network for all 52 million residents of England, the repercussions are mounting.
On Monday, a group of shareholders filed a class-action suit in the United States against Falls Church, Va.-based contractor Computer Sciences Corp. (CSC), claiming that CSC "fraudulently concealed that it was incapable of delivering" on a 10-year, 3.1 billion British pound ($5.4 billion) contract with the United Kingdom's National Health Service (NHS).
-----

Direct Project reaches consensus on trust framework

October 03, 2011 | David Kibbe, MD, Senior advisor at AAFP and principal at The Kibbe Group
On Friday September 22, 2011, members of the Direct Project Rules of the Road workgroup reached consensus on a key component of the trust framework necessary to make Direct exchange expand nationally and be available to more users.
The Certificate Policy, which governs the use of X.509 digital certificates within the ecosystem of potential Direct providers and users who are covered entities, business associates, and others abiding by HIPAA security and privacy rules, is now available for industry guidance of Direct exchange implementations.
The Direct Project is an ONC initiative formed in partnership with a diverse group of private sector stakeholders that included leading health IT companies, several Health Information Exchanges, the American Academy of Family Physicians, and many others. Over a year’s time, the Direct Project produced a set of protocols and specifications that creates a simple, scalable, standards-based way for participants to send authenticated, encrypted health information directly to known recipients over the Internet. Because Direct exchange uses technology that is open and well-tested, for example S/MIME over SMTP, it does not require implementers and users to deploy expensive new or proprietary software or hardware. And because Direct focuses entirely on the transport and security aspects of clinical messaging between participants, each of whom has his or her own unique Direct address, Direct is compatible with many different operating systems and applications such as EHRs and PHRs. Direct exchange is “universal” in the sense of being vendor- and application-neutral.
-----

ICD-10's ten-year reign of fear

October 03, 2011 | Tom Sullivan, Editor
Shortly after the National Committee on Vital and Health Statistics (NCVHS) recommended that the United States adopt ICD-10, the Medical Group Management Association (MGMA) assembled a session on the code scheme for its annual conference. The last-minute addition was so late, in fact, that the MGMA did not have time to include it on the printed agenda, and the only available time slot was 7 a.m.
Yet the room was overflowing with attendees.
“You couldn’t get in. The line was out the door,” said Robert Tennant, senior policy advisor for the MGMA. “They were terrified.”
That day, nearly a decade before the dreaded compliance deadline, marked the beginning of what would become ICD-10’s reign of fear. And today, with two years remaining before the Oct. 1, 2013 compliance date, the mandate stands to incite more consternation than in all previous years combined.
-----

INPS Vision approved for EPS R2

23 September 2011   Fiona Barr
Healthcare IT supplier INPS has become the second GP system supplier to receive full roll-out approval for Release 2 of the Electronic Prescription Service.
NHS Connecting for Health has announced that it has granted approval for the EPS R2 functionality in INPS’s Vision system to be rolled-out following first of type testing.
The EPS is one of the national services that the government has pledged to retain despite this week's announcement that it will be "dismantling" much of the National Programme for IT in the NHS.
-----

Top tech gurus in Utah: Health IT is ‘indispensable’

By kirsten stewart
The Salt Lake Tribune
First published 29 minutes ago
Health information managers are the Marines of health reform, sweating it out on the front lines of a high-tech push for smarter, lower-cost health care.
For a decade, privacy concerns, high up-front costs and a lack of data-sharing standards have waylaid their quest to deliver on the promise of electronic health records.
But the consensus Tuesday at the American Health Information Management Association’s (AHIMA) annual conference in Salt Lake City was that health IT’s time has come.
-----

Health 2.0: eHealth Needs Hardware, Too

Gienna Shaw, for HealthLeaders Media , October 3, 2011

You think eHealth is all about the apps and software? While it is true that the vast majority of eHealth tools featured at the Health 2.0 conference in San Francisco exist only online or in smartphones and devices, there were several devices folks can actually touch at the show.
Although most of the devices are aimed at consumer end-users, there are benefits to healthcare organizations. For example, devices that allow patients to share their data can help docs track patients after discharge, allowing them to intervene if a patient shows signs deterioration--possibly heading off a visit to the ER or a readmission.
-----

HHS Site Gives Patients the Scoop on Their Legal Rights to Health Data

HDM Breaking News, September 30, 2011
The federal government's revamped HealthIT.gov Web site includes extensive information for patients on their rights under the HIPAA privacy, security and breach notification rules.
One page, for instance, walks through the process of accessing medical records from providers and explains patients' rights: "A provider cannot deny you a copy of your records because you have not paid for the services you have received. If you request an electronic copy of protected health information, a covered entity is required to provide you with such electronic copy to the extent it is readily producible.
-----

ONC awards contract for e-consent project

Posted: October 3, 2011 - 12:00 pm ET
The Office of the National Coordinator for Health Information Technology awarded APP Design, an Itasca, Ill.-based software developer, a contract worth more than $1.2 million to design, develop and pilot the electronic implementation of existing patient healthcare choice policies and improve healthcare provider business processes.
The contract was issued through the ONC's Office of the Chief Privacy Officer. Project goals include automating an informed consent process and ensuring "that individuals are knowledgeable participants in decisions about the sharing (of) their electronic health information in a clinical environment," according to a statement of work issued by HHS (PDF).
-----

Over-regulation 'stops app development'

22 September 2011   Shanna Crispin
Misguided regulatory regimes are making it difficult for the manufacturers of mobile medical apps to bring their products to market, an industry summit has been told.
The audience at the Mobile Healthcare Industry Summit 2011 in Brussels heard that there are now significant differences in the regulation of mobile medical software and applications in Europe and the United States.
In the US, the Food and Drug Administration is getting heavily involved in the regulation of mobile medical applications.
In July, the FDA issued guidance on how it plans to monitor apps, and it is now in the process of formulating regulatory guidelines in consultation with the industry.
-----

Only connect

There were plenty of ideas for products and services at the Mobile Healthcare Industry Summit 2011; but fewer ideas for getting them implemented. Shanna Crispin reports from Brussels.
3 October 2011
“Maybe you get sensors embedded into your body, and they link to a watch and let you know: ‘hey, it’s time to eat’. Well that could be nice.”
Christian Lindholm, chief innovation officer for Finnish digital service design company Fjord, had some popular - and some not so popular - ideas to put forward at the Mobile Healthcare Industry Summit 2011.
The conference was not short of like-minded people with big ideas; even devices already in existence and showcased at the event could appear somewhat futuristic.
-----

The 6 tips for avoiding data breaches

September 30, 2011 | Michelle McNickle, Web content producer
According to a Department of Health & Human Services (HHS) tally of data breaches since 2009, about 260 incidents occurred that went on to affect more than 10 million patients. And, it gets worse -- the second largest breach occurred not because of a hacked password but when computer back-up tapes were stolen from the back of a truck.
Security within the industry is changing, and health data breaches are a significant issue. According to Rick Kam, president and co-founder of ID Experts, now is a critical time in determining the future of health security. 
-----

GE-Philips Health Equipment Market Opens as Smartphones Win FDA Nod: Tech

By Olga Kharif - Sep 30, 2011 8:00 AM ET
When Brian Froelke joined emergency responders in tornado-ravaged Joplin, Missouri, in May, the physician brought along a Toshiba Corp. (6502) smartphone with a hairbrush-size gadget attached.
The device, made by Redmond, Washington-based startup Mobisante Inc., converts a phone into a pocket ultrasound machine. Froelke used it to examine a pregnant woman who came to a temporary hospital complaining of stomach pain.
“It was helpful to reassure the mom that the baby didn’t have any obvious problems,” Froelke says.
Mobisante’s device, which goes on sale in October, is part of a wave of new smartphone applications and attachments in the nascent mobile health market, Bloomberg Businessweek reports in its Oct. 3 issue. In the past eight months, products that turn a phone into a blood-pressure monitoring cuff, a CT-scan viewer and other health-care gadgets have received U.S. Food and Drug Administration clearance.
-----

Ambulatory EHRs: Get on board!

September 30, 2011 | Mike Miliard, Managing Editor
Fewer than half of physician practices have made the switch to EHRs – but that should change very soon
So how's that been going so far? "I'd definitely characterize it as rapid adoption," says IDC Health Insights analyst Judy Hanover. "Providers have really taken the opportunities created under HITECH to heart. They've really seen this as a unique and limited opportunity to adopt EHRs, particularly in the ambulatory market."
-----

Tick tock...Last day to start 2011 EHR reporting is Oct. 3

September 30, 2011 | Mary Mosquera
The last day that physicians and other eligible professionals can start their 90-day reporting period this year for the Medicare electronic health records (EHRs) incentive program is Oct. 3.
Providers must use their certified EHRs in a meaningful way for 90 consecutive days in order to attest and qualify to receive an incentive payment in 2011, according to the Centers for Medicare and Medicaid Services.
CMS offers tools at its website to help providers prepare to verify that they have met requirements, such as a worksheet to record their meaningful use measures to have as a reference when attesting for the incentive program.
-----

Full electronic medical records still 20 years away

Lack of training and funding for health professionals in small offices and health centres are hobbling EMR push, experts say.
10/3/2011 6:00:00 AM
by Nestor E. Arellano
Don't hold your breath over Canadian doctors fully adopting an electronic medical record (EMR) system any time soon.
Health information and technology experts say it will likely take another 20 years or more before the e-health dream is fully realized in the country.
Canada Health Infoway has been at it for 10 years, but I don't think we'll see full e-records implementation in 50 years…well that's an exaggeration, its more likely 20 years,” said Gail Crook, CEO and registrar of the Canadian Health and Information Management Association (CHIMA). The CHIMA represents more than 3,700 health information management professionals employed in hospitals, community health centres, education systems and government offices across the country. Crook spoke during a debate on medical records security sponsored by document destruction company, Shred-it Canada.
-----
Monday, October 3, 2011

Cloud Computing Defined

A primer on key terms in Business Impact this month.
By Simson L. Garfinkel
To bring some order to the fuzzy world of cloud computing, the U.S. government's National Institute of Standards and Technology has created a standard definition and a Cloud Computing Reference Architecture. Both are in the form of "Special Publications," which are not official U.S. government standards but are designed to provide guidance to specific communities of practitioners and researchers.
The NIST Definition of Cloud Computing, currently in draft form, is based on NIST-sponsored workshops and public comments. The single definition helps ensure that government workers, industry, and other groups are talking about the same thing when they use the same words.
The draft document defines cloud computing as "a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."
-----
Friday, September 30, 2011

All The News That's Fit to Print: New York Times Notices UK National Health IT Project Goes "PfffT"

At my Sept. 22, 2011 post "NPfIT Programme goes PfffT" I wrote about the £12.7bn National Programme for IT in the NHS (National Health Service) in the UK being ended after years of delays, technical difficulties, contractual disputes and rising costs. I had predicted this for years.
Now the New York Times has felt this to be News Fit to Print. The NYT may be alone in terms of US coverage of this situation by national newspapers:
September 27, 2011, 7:40 am
New York Times
By STEVE LOHR

-----
Enjoy!
David.

Friday, October 14, 2011

Diagnostic Errors Are A Problem That Needs To Be Addressed. Here Is One Type of Approach.

The following popped up the other day.

Study sheds light on docs' perspectives on curbing diagnostic errors

October 04, 2011 | Molly Merrill, Associate Editor
WALTHAM, MA – A new study finds that physicians believe that preventing diagnostic errors can be aided using technology like decision support and artificial intelligence, but they will never replace the physician’s role in diagnosis.
The 6,400-clinician study was conducted by QuantiaMD, which touts itself as the largest mobile and online physician community.
Key findings of the study include:
  • 47 percent of the respondents encounter diagnostic errors (e.g., missed, late, or wrong diagnoses) at their practice at least monthly.
  • 64 percent said that up to 10 percent of misdiagnoses they have experienced have directly resulted in patient harm.
  • More than 96 percent of clinicians believe diagnostic errors are preventable at least some of the time.
Study respondents identified atypical patient presentation, failure to consider other diagnoses and inadequate patient history as the top contributors to diagnostic errors. Respondents also noted external factors such as over-testing to avoid malpractice risk.
Clinicians indicated the top five diagnoses at greatest risk for misdiagnosis as:
  • Pulmonary embolism
  • Bipolar disorder
  • Appendicitis
  • Breast cancer
  • Myocardial infarction
An estimated 40,000 to 80,000 US hospital deaths result from misdiagnosis annually, according to a 2002 JAMA article. However, these errors have received little attention due to a combination of under-reporting and under-developed measurement techniques. QuantiaMD's Do No Harm Special Interest Group initiated this study to shed light on this problem and to engage the nation's physicians in a mobile and online interactive educational program aimed at helping to prevent these errors.
"Diagnostic errors have been a long-neglected aspect of the patient safety movement, not getting the attention they deserve," said Robert M. Wachter, MD, professor and associate chairman, Department of Medicine, University of California, San Francisco and the moderator of the new series. "This QuantiaMD program, which includes presentations by many of the world's leading experts on diagnostic mistakes, lays the foundation for physicians to come together to begin discussing the challenge of improving our diagnostic acumen, and learning about the utility of new tools, including new kinds of cognitive training, systems-based decision support tools, and even artificial intelligence."
.....
QuantiaMD's 8-part series, "Preventing Diagnostic Errors", is available for viewing here. In it, Wachter and his faculty of experts from across the nation discuss the latest thinking around misdiagnosis, including current and future approaches to overcome many of the challenges identified in this study and elsewhere. Each interactive segment takes on a different aspect of the issues, such as exploring systems and cognitive errors, focusing on improving diagnostic reasoning, and discussing policies and future approaches to prevention.
More here:
The full press release on which this article is based is found here:
A 12 page report on the study is found here:
I think it is fair to say the view of the physicians surveyed was that while computers can help, there is still some art to diagnosis that is hard to replicate using technology.
It is worth noting that it is well recognised that missed and wrong diagnoses are a really very serious issue and need to be addressed comprehensively for the sake of all concerned.
Quantia have a program to encourage error prevention which is obviously a good idea!
In this regard it is interesting that IBM have deployed their AI technology used to play Jeopardy to address the issue as its first real task!
Also worthy of mention is Isabel - which is a diagnostic decision support tool with a pretty good reputation. You can visit their web site here:
I suspect this area is a topic we are going to hear more about in coming years.
David.

Thursday, October 13, 2011

There Are Some Ways That We Can Assist in Reducing Data Breaches In the Health System.

It does seem the US is an endless source of revelations regarding loss of private electronic health information.
A couple of recently reported examples include:

Florida Hospital privacy breach: Workers accessed ER patient information

3 employees terminated; more than 2,000 patients notified by mail of breach

By Kate Santich and David Breen, Orlando Sentinel
7:51 PM EDT, September 30, 2011
Florida Hospital tried to reassure patients Friday that a breach of its electronic medical records spanning 20 months was limited to certain patients and not used for identity theft.
Instead, the intent of the breach — which targeted emergency-room patients who were involved in motor-vehicle accidents — appears to have been to pass the information on to an attorney-referral service. However, neither the hospital nor the Osceola County Sheriff's Office, which continues to investigate the incident, could confirm the motive.
The problem came to the hospital's attention, according to hospital spokeswoman Samantha O'Lenick, when a woman who had been in a car accident complained that she had been contacted by a lawyer referral service — and there apparently was no other way for the service to have obtained her personal information.
The breach occurred between January 2010 and Aug. 15, 2011, O'Lenick said. All 2,252 patients whose records were subject to "inappropriate access" are being contacted by mail.
The hospital has fired the three employees involved, all of whom were nonmedical personnel whose records indicated no previous disciplinary actions. On Sept. 6 the matter was referred to both the Osceola County Sheriff's Office and the FBI. The hospital did not further publicize the situation until Friday, when it took out a public notice to alert patients who might overlook the news in their mailbox.
Lots more here:
and another recent summary comment report here

Stolen patient records call for better communication

October 5, 2011 — 10:08pm ET | By Marla Durben Hirsch - Contributing Editor
It's very disconcerting that TRICARE contractor Science Applications International Corporation (SAIC) lost unencrypted backup tapes from an electronic health care record containing the personally identifiable and protected health information impacting almost 5 million military clinic and hospital patients. The tapes, which included 19 years worth of patient data, were stolen from the car of an SAIC employee.
Even more disconcerting: Not only was this kind of security breach--theft of patient information from a contractor's car--not an isolated incident, but with a little communication, it likely was easily avoidable.
In August, Saint Barnabas Health Care System in New Jersey and Cook County Health and Hospitals System in Chicago both reported that they were affected by a breach involving the theft of an external hard drive from the car of an employee of MedAssets, a business associate of the two hospital systems that provided revenue management and supply chain services. The breach involved the records of 82,000 patients. The hard drive was neither password protected nor encrypted. 
The SAIC employee in the TRICARE breach valued his stolen car stereo system at $300; meanwhile, the stolen Tricare backup tapes were valued only at $100.
According to a recent Ponemon Institute report, however, it now costs the victim of a security breach $214 per compromised record and an average of $7.2 million per data breach event. A large part of the problem is that some business associates, although relatively familiar with HIPAA's privacy rule, still are not as well versed in HIPAA's security rule and the security breach notification requirements.
More here:
The risk is indeed very real. (see the first paragraph below).

The 6 tips for avoiding data breaches

September 30, 2011 | Michelle McNickle, Web content producer
According to a Department of Health & Human Services (HHS) tally of data breaches since 2009, about 260 incidents occurred that went on to affect more than 10 million patients. And, it gets worse -- the second largest breach occurred not because of a hacked password but when computer back-up tapes were stolen from the back of a truck.
Security within the industry is changing, and health data breaches are a significant issue. According to Rick Kam, president and co-founder of ID Experts, now is a critical time in determining the future of health security. 
"We're at the convergence of technology becoming more pervasive in healthcare," he said. "Patients want to share information and have multiple providers. This includes more sophisticated criminals as well as healthcare reform. Coming on the horizon in the area of healthcare, you could say we're at the crux of a potential data breach disaster -- if not within the next few months, within the next year you’ll see a data breach oil spill, so to speak."
"We operate with three core values," added Christine Arevalo, director of healthcare identity management at ID Experts. "One is the importance of taking preventative action. The second is doing the right thing for patients and the data you're entrusted with; the system as a whole is based on the trust patients have in physicians and safeguarding their sensitive information. And the third is being compliant -- it's a regulatory matter that can’t be ignored. We’re seeing a lot more of those rules being enforced, specifically data breach notifications. Companies can't hide from those issues anymore."
With that said, Kam and Arevalo shared six ways to plan for, mitigate and protect against health data breaches. 
1. Perform a risk assessment.
2. Inventory your PHI.
3. Develop PHI security strategy.
4. Train employees.
5. Implement processes, technologies and polices.
6. Have an incident response plan ready.
The full article is here - explaining each of the points (note PHI stands for Protected Health Information):
The reason I raise all this is in the context of the planned legislation for the PCEHR.
(The following is an expansion of my Draft Submission BTW)
On page 29 of the Companion to the Exposure Draft we read:
“Certain participants in the PCEHR system must notify certain matters such as data breaches or risk of being in contravention of the Draft Bill with potential civil penalties to apply to those contraventions.
Entities such as the System Operator, a registered repository or registered portal provider have obligations to report matters to the System Operator, or in certain circumstances both the System Operator and the Information Commissioner.
In addition to the notification, the entity must do the followings things:
  • contain the contravention and undertake a preliminary analysis;
  • evaluate the associated risks;
  • if the entity is the System Operator – consider notifying the affected consumers;
  • if the entity is not the System Operator – ask the System Operator to consider notifying the affected consumers.
In addition, the entity must take steps to prevent or mitigate the effects of further contraventions, events or circumstances in relation to the unauthorised collection, use or disclosure of health information included in a person’s PCEHR.
A further civil penalty provision in the Draft Bill provides that a registered repository operator or a registered portal operator must not contravene the PCEHR Rules that apply to that operator or portal.”
Can I suggest this is just not good enough. The legislation should make it clear that the release or breach of any personally identifiable information should be notified to the individual concerned and additionally any breach that involves more than 100 individuals should be notified to the public with an analysis of what caused the breach.
Of course notification is bolting the door after the horse has gone and clearly the legislation should also make it clear, as it does to some extent, that to prevent breaches in the first place is required and to not take reasonable preventative steps is also an offence.
The US compulsion to notify is, of course, the reason we know how it bad it is over there and we need the same here!
Pretty simple really.
David.

Amazing Demonstration of High Definition Dental Education Software. Worth a Look If Dentists Don’t Worry You!


I had an e-mail about this software this morning.
I am no dentist - and I don’t like what they do much with those drills etc. but this educational tool to explain to patients where all the money is going looks amazing.
Go here to watch - if you are not dentist averse! (Only a couple of mins in duration)
Or if you are up to it try this one:
I am sure they are trying to sell something (i.e. the software!) - but it is interesting to see just what is possible!
I wonder what other clever people are doing for the broader medical arena?
David.