Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Does Federal Health Data Warehouse Pose Privacy Risk?

Posted on June 23, 2015 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Not too long ago, few consumers were aware of the threat data thieves posed to their privacy, and far fewer had even an inkling of how vulnerable many large commercial databases would turn out to be.

But as consumer health data has gone digital — and average people have become more aware of the extent to which data breaches can affect their lives — they’ve grown more worried, and for good reason. As a series of spectacular data breaches within health plans has illustrated, both their medical and personal data might be at risk, with potentially devastating consequences if that data gets into the wrong hands.

Considering that these concerns are not only common, but pretty valid, federal authorities who have collected information on millions of HealthCare.gov insurance customers need to be sure that they’re above reproach. Unfortunately, this doesn’t seem to be the case.

According to an Associated Press story, the administration is storing all of the HealthCare.gov data in a perpetual central repository known as MIDAS. MIDAS data includes a lot of sensitive information, including Social Security numbers, birth dates, addresses and financial accounts.  If stolen, this data could provide a springboard for countless case of identity or even medical identity theft, both of which have emerged as perhaps the iconic crimes of 21st century life.

Both the immensity of the database and a failure to plan for destruction of old records are raising the hackles of privacy advocates. They definitely aren’t comfortable with the ten-year storage period recommended by the National Archives.

An Obama Administration rep told the AP that MIDAS meets or exceeds federal security and privacy standards, by which I assume he largely meant HIPAA regs. But it’s reasonable to wonder how long the federal government can protect its massive data store, particularly if commercial entities like Anthem — who arguably have more to lose — can’t protect their beneficiaries’ data from break-ins. True, MIDAS is also operated by a private concern, government technology contractor CACI, but the workflow has to impacted by the fact that CMS owns the data.

Meanwhile, growing privacy breach questions are driven by reasonable concerns, especially those outlined by the GAO, which noted last year that MIDAS went live without an in-depth assessment of privacy risks posed by the system.

Another key point made by the AP report (which did a very good job on this topic, by the way, somewhat to my surprise) is that MIDAS’ mission has evolved from a facility for running analytics on the data to a central clearinghouse for data sharing between CMS and health insurance companies and state Medicaid organizations. And we all know that with mission creep can come feature creep; with feature creep comes greater and greater potential for security holes that are passed over and left to be found by intruders.

Now, private healthcare organizations will still be managing the bulk of consumer medical data for the near future. And they have many vulnerabilities that are left unpatched, as recent events have emphasized. But in the near term, it seems like a good idea to hold the federal government’s feet to the fire. The last thing we need is a giant loss of consumer confidence generated by a giant government data exposure.

Last Day for Healthcare.gov Coverage by January 1st

Posted on December 15, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

If you’re like me and sometime gave your email to Healthcare.gov, then you’ve probably getting the daily reminders this past week about December 15th being the last day you can sign up on the Health Insurance Exchange if you want to get health insurance coverage starting January 1st. I wish they would have made the email system a little smarter and let us click a button that said “Already got my insurance this year.” Although, I appreciate that they’re just trying to make sure that everyone knows the timelines.

Based on the news coverage (or lack therof), it seems that Healthcare.gov has survived without any major issues this year. One thing that has annoyed me about the emails is they keep telling me how many people’s health insurance is getting subsidized on the exchanges. It seems that about 8 out of 10 people who get insurance from the exchange are getting a government subsidy.

I guess that means I’m in the 20%. Maybe their marketing is working great for those who can get the subsidy. However, it has the opposite impact on someone who does’t get the government subsidy. In fact, my insurance costs have nearly doubled since pre-Obamacare days.

Turns out, that because I wasn’t getting any government subsidies for my insurance, it was better for me to just go direct to the insurance company. That’s what I did and the process was super simple. In fact, I signed up for a plan that included ZDoggMD’s Turntable Health. I’m especially excited to do e-Visits and text message my doctor as needed. Plus, I’m going to have to see about tapping into the free yoga classes and demonstration kitchen. You can sure I’ll be writing more about this in the future.

I found this piece from HIStalk to be quite interesting:

A Kaiser Health News story called “Federal defense contractors find a new profitable business: Obamacare” notes that HHS’s business purchases doubled to $21 billion in the last decade and are rising, making it the #3 contracting agency, beating out NASA, Homeland Security, and the combined spending of Departments of Justice, Transportation, Treasury, and Agriculture.

Sorry if this post was a bit of a rambling rant. I just saw the deadline and needed to get it out of my system. I think the next 5 years we’re going to see a dramatic change in healthcare as we know it. As a blogger, that means I’ll have plenty to write about. As a patient, I have some cause for concern.

Should ICD-10 Go Through Rigorous Outside Testing? Definitely. – ICD-10 Tuesdays

Posted on November 26, 2013 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Sometimes it’s fun to critique my health IT editor colleagues in this space, but this time, I can do nothing but agree with a column written by FierceHealthIT editor Dan Bowman.

In his column, he notes that physician practices and hospitals have been quite worried about the transition from ICD-9 to ICD-10, something which is inevitable given the complexity of the switchover. And with the switch set to go into effect Oct. 1, 2014, the time available to prepare is flying by.

So, he says, it’s definitely a Good Thing that CMS may be amenable to do external ICD-10 testing, despite previously asserting that it wouldn’t do so. Now, bear in mind that CMS hasn’t promised to do external testing — it’s just said that it would consider the  idea — but that’s encouraging news.

After the mind-blowing failure of HealthCare.gov, CMS hardly needs another disastrous failure of systems or operations in one of its key responsibility areas. What’s more, if ICD-10 coding doesn’t work right, we’re talking about tying up millions (or even billions) of dollars in reimbursement to providers. That could prove to be a disaster which makes the HealthCare.gov debacle look like a minor blip.

Given that a failure of testing was instrumental in the HealthCare.gov debacle, I can’t imagine why CMS wouldn’t have become super-cautious in its wake. The last thing CMS needs is mass confusion, delayed payments, undercoding, upcoding, fraud….need I go on?

As things stand, CMS’s IT operation is already in turmoil, with the agency’s CIO having resigned and other heads still likely to roll. And Congress, for once understandably, isn’t going to have a lot of patience with anything resembling another IT failure.

CMS, don’t tell the public you don’t have the resources to do more extensive ICD-10 testing. Find them. Your future as an agency may depend on it.

Meanwhile, readers, if you want to keep up with ICD-10 twists and turns, don’t miss John Lynn’s ICD-10 Tuesdays. He’ll have plenty of insights to offer as the big day approaches.