Tag Archive | "HITECH act"

The First Practice Found In Breech of The HITECH Act

The First Practice Found In Breech of The HITECH ActIn 2009, the HITECH Act was put into place to protect the privacy and security of patient information that is stored on portable electronic tools and devices. Last week in Concord, Massachusetts, Adult & Pediatric Dermatology, P.C. was the first to pay a settlement for a HITECH Act violations. They agreed to the amount of $150,000 that will be paid to the U.S. Department of Health & Human Services Office for Civil Rights.

The settlement is in response to a thumb drive that contained protected health information for 2,000 patients. The thumb drive was stolen out of one of the Dermatology employee’s cars.

Read the full story

Posted in Patient privacy, Regulation, SecurityComments (0)

A Case For EHR: HHS Reports Nearly 7.9M Health Records Exposed in Data Breaches

A new report out by the Department of Health & Human Services (HHS) proves the need for better organization, regulation and security around sensitive patient health records, a problem digital and mobile technology can help solve.

Since early 2009, there have been more than 30,000 data breaches, affecting nearly 7.9 million people who have had their health records exposed, according to the report.   Thanks to the Health Information Technology for Economic and Clinical Health (HITECH) Act, HIPAA-compliant organizations must provide notification to individuals, the Secretary, and sometimes even the media (if more than 500 individuals were affected), of breaches in unsecured health information.

Read the full story

Posted in SecurityComments (0)

Keeping People Healthy: Relevant Conversations, Marketers & The PHI Problem

Mobile Communication

My philosophy is, to get a consumer to change their behavior (like for instance remembering to take their medication), you must have very relevant conversations. The hard part in healthcare is that the more honest your conversation is, the riskier it gets, and the less channels you have to communicate your message over.

PHI or “Protected Health Information” creates this problem, or shall I say, complicates things, because protecting our health information is a good thing right?

PHI is under the U.S. Health Insurance Portability and Accountability Act (HIPAA) and in a nutshell, is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. This includes any part of a patient’s medical record or payment history. PHI has a broad interpretation and as a result not everyone in the industry can agree exactly what type of data is considered PHI.

For instance, at mobileStorm we’ve witnessed compliance teams rule that including the name of your physician in an SMS text message is completely fine, while another team says that even a cell phone number can be considered PHI.  Communicating with large populations quickly is incredibly important in keeping America healthy; however PHI can make this tricky. While people interpret PHI differently, our experience has been that most companies will always err on the side of caution. Large fines for privacy violations has the industry on edge. In February the  U.S. Department of Health and Human Services issued a $4.3 m fine to Cignet Health Care of Temple Hills. The action is the first monetary fine issued since the Act was passed in 1996.

Read the full story

Posted in Best Practices, Regulation, Security, TechnologyComments (0)