Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Some Friday HIPAA Humor

Posted on August 8, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It’s Friday after a long week for me and I imagine many of you. So, let’s keep today post short and simple and hopefully give you a little laugh. Nothing like humor to help make any day better.

HIPAA Cartoon

Thanks to Practice Manager Solutions for sharing it with me.

Patients Want to Share Their Medical Data

Posted on March 29, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

During the recent Dell Healthcare Think Tank which I took part in, I had an idea that I think is incredibly powerful and not talked about nearly enough. In fact, I think its reasonable to say that if we want to get healthcare costs down, then we have to learn how to do this well.

The idea revolves around how we talk about privacy of health information with patients. Far too often, patients just hear news reports that talk about all of the reasons they should fear their health information getting out in the open. Instead, they almost never hear stories about how having their health information shared with the right people will actually improve their health.

The simple fact is that if you lead with all the bad things that could possibly happen with health information in the wrong hands, then of course no patient is going to want their patient information shared. However, if they know how sharing their health information with the right people will improve their care, then patients are more than willing to share away.

Basically, what I’m saying is that sharing healthcare data has been marketed wrong. The privacy advocates are well organized and have many people fearful for what will happen with their health information. I don’t have any problem with privacy advocates, because they help us to pause to take a reasonable look at the importance of privacy. However, the need for proper privacy controls doesn’t mean that we don’t share healthcare information at all.

The beauty of all of this is that the majority of people think this is how it happens in healthcare today. They don’t realize that quite often their healthcare information isn’t traveling with them to specialists and hospitals. In fact, when patients discover that it doesn’t they’re usually quite surprised and don’t understand why it doesn’t.

I hope we can work on the data sharing message. We can share your data with the people who need it so we can improve your care. If patients hear this message, healthcare data sharing will not be feared but embraced.

A Fun (and Educational) Look at Privacy and Security – Meaningful Use Monday

Posted on September 24, 2012 I Written By

Lynn Scheps is Vice President, Government Affairs at EHR vendor SRSsoft. In this role, Lynn has been a Voice of Physicians and SRSsoft users in Washington during the formulation of the meaningful use criteria. Lynn is currently working to assist SRSsoft users interested in showing meaningful use and receiving the EHR incentive money.

One of the most common sources of confusion about the meaningful use requirements is the Privacy and Security Risk Analysis measure. As I discussed in a past Meaningful Use Monday post, according to CMS, practices that are HIPAA compliant are likely in pretty good shape on this measure. For those physicians, what’s needed is documentation of the steps that were taken to review HIPAA compliance, the deficiencies identified, and what was done to remediate these exposures. (For more information, see the meaningful use chapter in ONC’s “Guide to Privacy and Security of Health Information.”)

This begs the question, “What exactly is HIPAA compliance?” I recently came upon the “Privacy and Security Training Game” that was created by ONC’s Chief Privacy Officer and couldn’t resist playing. While a lot of the information provided is quite basic for those with expertise in the privacy and security arena, as you progress through the game, the questions become more challenging. It’s definitely a fun way to introduce staff to the issues and increase awareness about the importance of safeguarding patient information.

Check out all of the past Meaningful Use Monday posts.

Patients Medical Record Posted to Facebook – HIPAA Violation

Posted on January 24, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve generally been writing more about the EMR side of EMR and HIPAA lately. For the most part, it seems readers are more interested in EMR and EHR than they are in the details of HIPAA. Although, one of my top posts ever is from back in 2006 about HIPAA Privacy Examples and HIPAA Lawsuits. It seems that people are most interested in HIPAA when it has something to do with a HIPAA violation or lawsuit.

Today’s HIPAA violation could very likely become a HIPAA lawsuit. Plus, it is a word of caution to those about training your staff on HIPAA requirements and also on proper use of social media in healthcare.

Anne Steciw posted about the violation on Search Health IT. Here’s an excerpt from her post:

Details of the health data breach provided by the Los Angeles Daily News indicate that the employee, who was provided by a staffing agency, shared a photo on his Facebook page of a medical record displaying a patient’s full name and date of admission. The employee appeared to be completely ignorant of HIPAA laws.

I’m sure every hospital and healthcare administrator is cringing at this. I’m sure many could share stories of HIPAA issues related with staffing agencies as well. Although, it’s really hard for me to understand how someone even from a staffing agency could be so ignorant to the HIPAA laws. I’m not overstating how ignorant this person was in this situation. The above article explains something even more outrageous and unbelievable:

Even after being told by other posters that he was violating the patient’s privacy, the employee argued: “People, it’s just Facebook…Not reality. Hello? Again…It’s just a name out of millions and millions of names. If some people can’t appreciate my humor than tough. And if you don’t like it too bad because it’s my wall and I’ll post what I want to. Cheers!”

To me this is totally mind boggling. I’m sure many will argue that this person was exhibiting many of the characteristics of the Facebook generation of users. That’s a cop out and an excuse, but does make a larger point that many of the next generation have these outlandish views of what’s theirs and what’s ok and reasonable. Sadly, far too many people think when it’s humor it’s ok to do anything. It’s not and I’m sure those dealing with HIPAA violations won’t find it a reasonable excuse either.

One thing I really hate about stories like this is that they give a bad name to use of social media in healthcare. Social media is like most things which can be used for good or bad. It’s a shame if incidents like this discourage people from accessing the benefits of social media.

This is another good example of how our biggest HIPAA privacy vulnerability is people.