The 2010 Healthcare IT Survey is a study carried out by Zoomerang,  an online services provider on behalf of Imprivata, a company that develops enterprise authentication and access management solutions and is based in Lexington, Mass. The survey was conducted amongst 600 decision-makers across hospitals in the U.S. and Canada.

80% of respondents said that securing patient information from unauthorized access and data breaches is a top priority in their organization and 76 percent claim breach of confidential HIPAA protected information or unauthorized access to various clinical applications as their greatest security concerns. A full 97% of those surveyed said their organizations planned on spending more on IT security in 2010 than they did in 2009.

And the HITECH act it seems is only complicating things for those in healthcare IT.

Challenges cited by respondents for complying with the HITECH Act included employee education (46 percent), costly updates (43 percent) and meeting deadlines (37 percent). Nineteen percent of respondents said they themselves do not understand the HITECH Act.

Read the full survey report here

HIPAA privacy regulations have always given individuals the right to request restrictions on how health care providers use or disclose their information, but until recently, health care providers have always had the discretionary power to say “no” to these requests if they felt it would impair their ability to properly treat their patient or to get paid by the insurance companies.

However the HITECH amendments recently proposed to supplement the HIPAA laws change that, to a certain degree at least.

Now, when a patient is paying for their own treatment out of their own pocket, or another private individual is footing the bill and they request that you share none of their information you must comply with their wishes.

The patient will also have the right to make their request on a visit by visit basis. For instance if you (or the medical practitioner you work for) regularly sees a patient for a certain complaint that is covered by his or her insurance but then opts to pay out pocket for a non-covered treatment they have the right to request that you share none of the details of the treatment they paid for themselves with anyone, including their health insurance company.

More headaches? Maybe. Tracking which patient procedures can be shared and which cannot may prove cumbersome. But the extra effort will be worth it in the long run to ensure your diligent efforts to remain HIPAA complaint are not derailed.

Like many Michigan residents she was upset when a local policeman was shot to death pursuing a suspect. She actually treated the killer as a part of her duties as a nurse at Oakwood Hospital in Detroit. Problem was she then posted that fact on her Facebook status – sort of.

Her first message revealed that she came face-to-face with a cop killer and hoped he rotted in hell. She also posted another one that her now former employers won’t discuss. They let her go from her job citing that she had violated HIPPA regulations by disseminating protected health information about a patient on a public forum (ie Facebook)

The nurse plans to fight her termination as she feels she did no such thing. According to her “ I am familiar with HIPPA. I did not give out any of his information. I did not give out his name. I did not mention the hospital. I did not give out his condition,” James said. “I did not violate HIPAA”

Who do you think is in the right here? Click here to watch Ms. James ‘interview with Fox 2 Detroit

On Tuesday July 27^th, 2010 it was announced that drugstore giant Rite Aid had agreed to a $1 million settlement to atone for their HIPAA transgressions. The settlements apply to all of Rite Aid’s nearly 4,800 retail pharmacies and follow an extensive joint investigation by the HHS Office for Civil Rights (OCR) and the FTC.

The problems began for Rite Aid and its 40 affiliated entities – collectively known as RAC – when the television news media began producing video footage of various RAC employees in several cities across the country disposing of prescription bottles containing individuals’ identifiable information in industrial dumpsters that were accessible by the public – a huge HIPAA violation that one would have assumed a giant corporation would have known better than to ever risk.

In addition to the fines Rite Aid has had to forge agreements with both the OCR (Office for Civil Rights) and the FTC (Federal Trade Commission) who conducted the joint investigation as to the steps they have to take to ensure that such violations never occur again.

You can read the full press statement announcing the settlement here

The suit came about as a result of  Health Net’s loss of a hard drive containing over 500,000 individuals’ records including clinical data, social security numbers, addresses, and other financial information. According to Blumenthal, Healthnet then compounded the gaffe (which they chalked up to theft) by failing to inform those affected about what had occurred for over six months after the incident occurred.

Under the terms of the settlement Healthnet will be ordered to pay $250,000 directly to the state of Connecticut representing statutory damages (and to serve as a warning to other health insurance companies as well no doubt) They will also have to put aside a further $500,000 to cover damages should it eventually be found that the missing hard drive was accessed and that members personal information was ever used in an illegal manner. Guessing that there are still a lot of crossed fingers at Healthnet on that issue..

You can view the full settlement details here

In order to protect the public from possible abuse of their personal genetic information, Congress has voted to ban genetic discrimination in the workplace. The new law addresses questions raised by advances in genetic testing that go beyond the scope of HIPAA.

The main thrust of this bill is to deny the opportunity to misuse the information. There are some privacy elements in here, as well. Much of that is covered by HIPAA, which was passed now a long time ago.

Read the whole article here