Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Hospital Forced To Provide EMR Data Access By Court

Posted on November 13, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A New Hampshire hospital has been forced by the state’s Superior Court to provide public health officials with access to its EMR so they can further investigate a major hepatitis C outbreak.

Exeter Hospital had been ordered by the state’s Division of Public Health Services to release patient records, but had  challenged the order, arguing that it would be violating state and federal law if it provided free access to EMR records.

The issue dates back to July, when a lab technician formerly employed by the hospital was arrested in connection of a hep C outbreak affecting more than 30 patients. The lab tech, who has hep C, allegedly stole fentanyl-filled syringes from the hospital, injected the fentanyl, then refilled the dirty syringes with another substance.

The hospital sought guidance from the courts in an effort to learn just how much access it would have to provide without running afoul of HIPAA and state privacy laws.  (If I were running Exeter Hospital I certainly would have done the same thing; otherwise, one would think  it’d be wide-open liable to suits by patients who objected to the data sharing.)

Now, it seems, the hospital is satisfied that patients involved in the outbreak are adequately protected. From its official statement on the matter:

The Court pointed out that the State needs to follow very specific, CDC-sanctioned protocols in collecting data from Exeter Hospital’s electronic medical record system and can only obtain the minimum amount of information necessary to complete its investigation. The Court has also emphasized that the information collected by the State cannot be re-published which helps to protect the privacy of patients.

For both the patients’ and Exeter’s sake, let’s hope that the public health authorities involved handle such explosive data with extreme care.  A data breach at this point would not only have devastating consequences — particularly if the hepatitis C sufferers’ names were made public — it would also plunge all involved into a legal nightmare. For their sake, I’m hoping for the best.

Verizon Launches HIPAA-Compliant Cloud Services

Posted on October 4, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Last month, I shared some of Verizon’s big plans for the medical space with you, including their desire to become the industry’s default carrier of secure healthcare data.  This week, Verizon has launched its cloud service line, and I wanted to share some of the details on how it’s set up with you.

Verizon’s Enterprise Solutions division is offering five “healthcare-enabled” services, including colocation, managed hosting, enterprise cloud, an “enterprise cloud express edition” and enterprise cloud private edition. In addition to the services, Verizon provides a HIPAA Business Associate Agreement which, one would assume, is particularly stringent in how it safeguards data storage and tranmission between parties.

The new Verizon services will be offered through cloud-enabled data centers in Miami and Culpeper, Va. run by Terremark, which Verizon acquired some time ago. Security standards include PCI-DSS Level 1 compliance, ITIL v3-based best practices and facility clearances up to the Department of Defense, Verizon reports.

In addition to meeting physical standards for HIPAA compliance, Verizon has trained workers at the former Terremark facilities on the specifics of handling ePHI, Verizon exec Dr. Peter Tippett told Computerworld magazine.

You won’t be surprised to learn that Verizon is also pitching its (doubtless very expensive) health IT consulting services as well to help clients take advantage of all of this cloud wonderfulness.

Not surprisingly, Verizon notes in its press release that “each client remains responsible for ensuring that it complies with  HIPAA and all other applicable laws and applications.”  If I were Verizon, I’d be saying that too, and doubtless states the obvious. That being said, it does make me wonder just how much they manage to opt out of in their business associate agreement.  Call me crazy, but I think they’d want to leave as much wiggle room as humanly possible.

The bigger question, as I see it, is how big the market for these services really is at present. According to the Computerworld story, only 16.5 percent of healthcare providers use public or private clouds right now. Verizon may be able to turn things around on the strength of its brand alone, but there’s no g uarantees. I guess we’ll have to wait and see.