Clinical Documentation News Roundup: Patient Privacy Edition

Clinical Documentation News Roundup: Patient Privacy Edition

Clinical Documentation News Roundup: Patient Privacy Edition

Six organizations -- including AARP and Blue Cross Blue Shield -- announced this week they are joining together to offer leadership and education about medical identity theft. Meanwhile, the British Medical Journal published a study that found 6 percent of physicians and medical students on Twitter have posted at least one tweet that could violate patient privacy laws.

This week's Clinical Documentation News Roundup brings you this week's news story on patient privacy and other medical-information-security issues.

  • Study: 6% of Physicians Tweeted Potential Patient Privacy Violations at Beckers Hospital Review: "In a study published in the British Medical Journal, 6 percent of physician and medical student Twitter users were found to have posted at least one tweet that could violate patient privacy laws. Results showed 15 users to have posted 26 tweets that contained specific and potentially identifying patient information. The findings correlate with a 2011 study published in the Journal of the American Medical Association, which found 3 percent of physicians' tweets to be unprofessional."

  • September 23 HIPAA Deadline Approaches at The American Physical Therapy Association: "Practitioners have until September 23 to comply with provisions of the final rule that earlier this year extensively modified the privacy, security and enforcement regulations established under the Health Insurance Portability and Accountability Act of 1996, or HIPAA. The final rule expanded many of the requirements to business associates of covered entities that receive protected health information, such as contractors and subcontractors. If a covered entity did not have a business associate agreement in place by January 25 this year that was compliant with the previous HIPAA regulations, it must enter into one by September 23."

  • New Alliance Seeks Best Practices to Combat Medical Identity Theft at Health Data Management: "Six organizations have formed the new Medical Identity Fraud Alliance and seek other stakeholders to join them. Initial members include AARP, Blue Cross and Blue Shield Association, Consumer Federation of America, ID Experts, Identity Theft Resource Center, and National Health Care Anti-Fraud Association. The alliance’s mission is to offer leadership, education and awareness programs that drive development of best practices and technologies, as well as changes in regulations, to reduce the frequency and impact of medical identity theft. Initiatives will include performing research to assess the cost of medical identity theft and identify trends and patterns, raise awareness and education, develop new policies to reduce fraud, and empower consumers to be the first line of defense."
  • States Raise Privacy Worries Over HIX at HealthcareIT News: "As the Department of Health and Human Services invests $67 million in insurance exchange navigators and $150 million more in enrollment assistance, some attorneys general are raising privacy and fraud concerns. The attorneys general of 13 of the 36 states set to have federally-run insurance exchanges are asking HHS Secretary Kathleen Sebelius for answers to several privacy questions. Among them: Where does liability rest when a consumer outreach program causes harm through the use of personal information?"

  • The HIPAA Conundrum in the Era of Mobile Health and Communications at the Journal of the American Medical Association: "In theory, HIPAA-compliant organizations can take “reasonable steps for adequate PHI protection” that are appropriate to their circumstances, depending on the size, function, and need. In practice, organizations find this guidance too vague and often implement numerous security controls (e.g., PIN numbers, encryption, accessibility controls) to ensure HIPAA compliance. Moreover, business associates are now required to secure PHI content that may be stored in servers or transmitted over the Internet, even though they may not have direct access to the PHI (as is the case, for example, with data storage companies)."

Logan Solutions uses a combination of clinical practice expertise and technological skill to help physician practices throughout the U.S. implement, customize and improve their ERM and Dragon Medical software systems. Contact us to find out how our clinical-practice expertise can help your practice with its clinical documentation software needs.