Search This Blog

Saturday, July 07, 2007


WHAT PRIVATE PATIENT INFORMATION LURKS IN THESE SEQUESTERED HALLS?


It was bound to happen somewhere, and it finally did in the medical profession’s implementation of the 1996 Health Insurance Portability and Accountability Act (HIPAA). You take a bunch of people who are professionally trained, and with a level of focus necessary to be able to save our life, and who don’t know diddly about the privacy issue, and they are bound to overreact. Apparently the medical profession does not know how to interpret HIPAA, and the higher-ups aren’t taking the time to bring the workers up to speed. In a New York Times article by Jane Gross, she recounts an incident where Gerard Nussbaum was threatened with arrest and eviction from a hospital for trying to make sure his father-in-law was being properly cared for. They picked the wrong person because Nussbaum is a HIPAA consultant. It all stemmed from the fact that these nurses in the Palos Heights, IL emergency room were about to give Nussbaum’s elderly relative a dangerous second dose of sedatives. He was only looking out for the father-in-law’s best interest, and it should be criminal to prevent him from doing so. HIPAA even says the health care providers may share information with others with no signed authorization necessary, unless the patient objects. Ted Kennedy (D-Mass) sponsored the original version of HIPAA, but was “dismayed” by the “bizarre hodgepodge” of regulations added. He and Sen. Patrick Leahy (D-VT) plan to introduce legislation to add some oversight to the dilemma. What is really perplexing about this whole situation is that in the very specialized area of medicine we have massive overreaction, yet when our individual rights are trampled as they are regularly by the Bush administration, the American public responds with an apathy that has become both predictable and pathetic.

2 comments:

Mike said...

It is having said that until today 2007 many of healthcare organizations are unaware of what exactly the HIPAA rules and regulations are and/or they don’t want to invest their money to get HIPAA compliant. With the growing incidence of privacy breaches the compliance authorities should need to put more efforts bringing awareness about the HIPAA compliance and should try to make it easy and cost effective for organization to get HIPAA compliant. Very recently I came across one tool which I really find more helpful. This tool will help many organizations for multitask compliance achievement. A crosswalk between different regulations poster from Symantec is a very useful tool. This poster is crosswalk between: Sarbanes Oxley, HIPAA, Payment Card Industry (PCI), GLBA, NERC standards CIP and PIPEDA (Canada) http://www.compliancehome.com/symantec/

Compliance advisor said...

If one needs to have a deep understanding of HIPAA and more information on HIPAA training and also HIPAA template suite along with enterprise contingency plan template suite which any organization, small or big, can use to meet their compliance requirements of Sarbanes Oxley (SOX), FISMA, ISO 17799 or any other regulation/standards requiring business impact analysis, risk assessment, disaster recovery planning (DRP), business continuity plan (BCP) and Testing & Revision of Plan, they can discover it at training-hipaa.net website by following the links given below

HIPAA Privacy and Security Certification Training
http://www.training-hipaa.net/certification_training/com_privacy_security.htm
Enterprise Contingency Plan Template Suite
http://www.training-hipaa.net/template_suite/enterprise_contingency_plan_template_suite.htm