Tag: HIPAA

It Is NOT against HIPAA to ask about covid vaccinations

Seth Anderson0 comment

HIPAA is woefully misunderstood, and I’ve encountered much wrong information about it during this pandemic. 

Eventually

winter birds, Cook County Forest Preserve

The Washington Post explains

Is it against HIPAA to ask about covid vaccinations? – The Washington Post:

HIPAA, also known as the Health Insurance Portability and Accountability Act of 1996, and its subsequently added Privacy Rule include provisions to protect a person’s identifying health information from being shared without their knowledge or consent. The law, though, only applies to specific health-related entities, such as insurance providers, health-care clearinghouses, health-care providers and their business associates.
That means that even if your friend, favorite restaurant or grocery store were to publicly share private details about your health, they would not be in violation of HIPAA because they aren’t one of the “covered entities,” Gatter said.

There are other federal and state confidentiality laws that may require employers and schools to protect your privacy. And, experts emphasized, there is nothing in HIPAA that bars asking people about their health — including vaccination status — or requiring proof that the information is accurate.
“It’s not really a prohibition on asking, it’s a prohibition against sharing,” said Kayte Spector-Bagdady, an associate director at the Center for Bioethics and Social Sciences in Medicine at the University of Michigan. The law, she added, “doesn’t mean you never have to tell anyone about your health information.”

HIPAA has become one of the “most misunderstood statutes in existence,” said Glenn Cohen, a Harvard Law School professor who is an expert on health law and bioethics. “People think it does a lot more than it’s actually doing.”

The misconceptions about the law likely stem from people widely using it in conversation as a “shorthand for privacy,” said Joshua Sharfstein, a public health professor at Johns Hopkins University. If someone is asked a question about their health that they view as intrusive, he said, they might say, “I can’t tell you because of HIPAA,” when what they actually mean is that they consider the information private.

Many people also seem to have a problem spelling HIPAA properly, and as one Twitter aficionado opined, perhaps this is a sign of long-haul COVID-19?

Your Data Is Not Safe at Anthem Nor At Other Healthcare Corporations

Seth Anderson0 comment

Classless Society

The next decade is going to be a continual escalation of these sorts of crimes. Many sectors of corporations have skimped on beefing up their security practices, making data theft easier for criminals to steal consumer data.

patient medical records typically include information not easily destroyed, including date of birth, Social Security numbers and even physical characteristics that make them more useful for things like identity theft, creation of visas or insurance fraud by falsely billing for expensive medical or dental procedures that were either never done or performed on someone else. Some criminals have also tried a form of so-called ransom ware in which they threaten to reveal medical information unless they are paid.

“The whole thing is evolving,” said Barbara Filkins, an analyst with the SANS Institute, which has studied the risk to the health care sector.

Hospital systems, for example, are increasingly asking for photo IDs and driver’s licenses in an effort to block patients who have stolen someone else’s medical identity, said John Barlament, a lawyer at Quarles & Brady in Milwaukee. The use of medical identity fraud is growing, he said. “It’s a one-way trend here,” he said.

(click here to continue reading Data Breach at Anthem May Lead to Others – NYTimes.com.)

Site of the Doctors' Commons
Site of the Doctors’ Commons

From my perspective, I hate when health care providers make copies of my drivers license and write down my social security number and so on. Why? Because I don’t trust that they will keep my data safe. Especially as there is a push to digitize health records, health practitioners need to have stronger data management and destruction policies. Should a dentist I visited once several years ago be able to keep all my information for ever? I guess I need to get a fake ID for these sorts of situations.

The push to digitize patient health records in hospitals and doctors’ offices has also made medical records increasingly vulnerable, according to security experts. Moving medical records from paper to electronic form allows both patients and providers better access, but it has also made patient records susceptible to breaches, whether unintentionally or through a criminal attack.

About 90 percent of health care organizations reported they have had at least one data breach over the last two years, according to a survey of health care providers published last year by the Ponemon Institute, a privacy and data protection research firm. The founder, Larry Ponemon, a security expert, says most were because of employee negligence or system flaws, but a growing number are malicious or criminal.

Last year, 18 health care providers reported data breaches because of some form of hacking. Information at Centura Health was compromised last year after a phishing scheme obtained access to employee email accounts. The data included, in some instances, Social Security numbers, Medicare beneficiary numbers and clinical information for 12,000 patients of the facility, based in Englewood, Colo. In another case, a keystroke logger virus that infected three computers for a few weeks early last year at the student health center at the University of California, Irvine, may have captured patient’s health and dental insurance numbers and diagnoses.

Health care providers have sharply increased their spending on data security in the last year, but they remain technologically far behind other industries, say experts.

(click here to continue reading Data Breach at Anthem May Lead to Others – NYTimes.com.)