What if your laptop containing PHI gets lost or stolen?
Just imagine this… A doctor’s laptop containing Personal Health Information of about 1,000 patients gets stolen or lost. What is to be done next?
The first issue which comes to the mind in this scenario is that PHI should never be stored in a laptop in the first place. The correct practice would be to use EMR to store all the patient information on the server and in any case, PHI should never be stored in a laptop.
If, however, it does happen, then the advancement in technology these days comes to immediate aid. As soon as your laptop gets stolen you need to report it stolen and then the authorities start the process of tracking down your laptop (in the same way as they track stolen cars). Then if your laptop ever gets connected to a network, it will call back to the main center and receive the command to wipe out the laptop.
It will also give the authorities the information about where it was connected so the police can possibly recover the stolen laptop as well. This is the beauty of technology these days and an increasing number of companies are allowing this facility on their laptops these days.
Subscribe to the comments for this postUnemployed recently and looking for insurance options?
If you have been recently unemployed and in addition, if you have health problems, the basic problem before you is how to stay insured in this testing time of unemployment. We assure you here that the laws definitely are there to help you out.
One option is Cobra which says that you can get an extension of the coverage you had prior to unemployment. However, you need to apply within 60 days of becoming unemployed and then you have the coverage for up to one and a half years after you lose your job. Cobra has its own flips and swings. The drawback is that you have to pay the full premium price, including the portion your company had paid for you, but the bonus is that if you were laid off between September 2008 and December 2009, the US government will pay 65% of your monthly premiums.
The last resort policy would be HIPAA (Health Insurance Portability and Accountability Act) policy as everyone is protected by certain healthcare rights mandated by HIPAA including the right to insurance.
However, more often than not, these individual health insurance policies can be quite pricey and you have to lookout and negotiate with the insurance providers to get most affordable health quotes from insurers so that you can also decide if you should elect to choose extended health insurance (Cobra), or will resort to an individual health insurance policy.
Patient privacy at risk with microcomputing
With the development of technology, hand-held devices such as Palm Pilots, Pocket PCs, RIMs and smartphones have become a a greater and better choice for people in medical industry as they are small, portable and comfortable.
However, the risks associated with these devices cannot be ignored as they can lead to leakage of patient’s confidential records if the there is a loss, theft or virus in the device. This can lead to HIPAA violations leading to heavy penalties.
With the growth of microcomputing and storage devices, the concept of classifying these devices as “personal” and “non-threatening,” is now unacceptable. The risk is complex and is becoming increasingly dangerous 30 percent of these devices are lost each year. Further, Gartner predicts that through 2006, 90 percent of mobile devices containing enterprise data will have insufficient power-on protection and storage encryption to withstand casual to moderate hacker attacks. Gartner recommends that enterprises immediately start addressing their mobile storage risks.
The need for today is to develop a method to integrate mobile device security and data protection as part of an overall compliance process and policy and implement cost-effective, low-maintenance technologies to quickly and easily extend their existing security policies and practices to these devices. At the same time, this must be done transparently to the device’s end users.
The Herculean task of implementing EHRs on a wide scale
President Obama has issued a new set of rules in an attempt to modernize healthcare industry. One such stimulus package issued by Obama includes incorporation of an EHR system to reduce “preventable medical errors.”
Though the outcomes seem promising, the task of implementing the EHRs is definitely not without hurdles. One major drawback in an EHR system is that multiple access points of patient data over networks leads to loss of privacy and security. HIPAA has strict rules for the protection of patient data and though there are various security practice and softwares for networks, it is definitely risky to keep patient data over wireless networks.
Another drawback is the integration of older records with the new EHR system. Scanning and integrating the data in the new system can turn out to be cost, time and energy consuming. Also, the old records, most of the times get degraded, illegible and out of current standard and formats.
Again, incorporating hardware, software and networking obligations on a wide scale to make EHR effective involves a huge budget which may prevent many organizations from going for it. There are some other drawbacks of EHR too which include difficulty in destroying electronic data completely and also that an EHR system needs to be custom designed according to the unique environment of each facility.
However, this is just the darker aspect. Many standards and softwares are already in the market to help to enable specific aspects of a future EHR and many more are yet to come. Among the popular ones in the market are ASTM International Continuity of Care Record based upon XML, ANSIX12, DICOM and so on. Medical transcriptionists have a remarkable ability to adapt and grow and in times to come, it is hoped that EHR system will be applicable universally.
Protections under HIPAA and Virginia Law
Even before the Virginia General Assembly passed laws implementing the requirements of HIPAA, the laws of the state already met or exceeded these new federal standards prior to the implementation of HIPAA.
HIPAA and the laws in Virginia ensure these following benefits for its citizens:
1. If you are starting a new job, you may get health coverage for yourself and for those dependent on you.
2. It helps you in minimizing the chances of losing existing healthcare coverage.
3. Ensures continuous health coverage for you and your dependents even when your switch jobs.
4. It also assists one in buying health insurance coverage if you lose coverage under an employer’s group health plan and have no other health coverage available.
5. It also limits the use of pre-existing condition exclusions.
6. It also protects you against any sort of discrimination by group health plans based on your past or present health conditions, so that they cannot deny you coverage or
charging you more for coverage.
7. It helps and provides guarantee to certain small employers, and certain individuals the right to purchase health insurance if they lose job-related coverage.
8. In most cases, these laws also guarantee that employers or individuals who purchase health insurance can renew coverage regardless of any health conditions of individuals covered by the insurance.
These laws are pretty complex and vary considerably according to situations. If you need to know what your rights are under your situation, you can always call the Bureau of Insurance to discuss the protections available to you under HIPAA and Virginia law.
The alarming rise in Medical Identity Thefts
There has been an alarming rise in Medical Identity Thefts in America in recent years, thanks to the increased use of electronic medical records systems built without extensive safeguards. The worst part of this scene is that people are usually unaware that they are the victims of this theft and that their medical information has been tampered with for months or even years until it shows up in collections on a credit report.
There are several ways in which these thefts can take place. In the first case, someone may get hold of the victims’ name and Social Security number and use them to receive medical services, which many hospitals are obliged to provide whether or not a person has insurance.
In cases where insurance is needed, one may steal insurance information, like the basic member ID and group policy number found on insurance cards, and receive any kind of service under the victim’s coverage. This becomes possible and easy as many doctors and hospitals do not ask for identification beyond insurance information.
If the medical information is stolen by insiders at a medical office, the personal insurance data and related information from the operation’s computerized medical records can be used to make fraudulent billing claims.
Medical identity thefts may come as a shock to the victims when revealed as the insurance companies may simply continue to pay the fraudulent claims without the victim’s knowledge and when the victim makes a genuine claim he gets to know that his benefits have already been exhausted.
HIPAA does not prove to be much help in case of medical identity thefts. In fact, they can actually work against you because once your medical information is intermingled with someone else’s, you may have trouble accessing your files as in keeping with the privacy laws, even the thief’s medical information now contained in your records must be kept confidential. Again, even after correcting the record, the erroneous information may have been passed on to dozens of other health care providers and insurers.
Healthcare options for you after retirement
With escalating health care costs, the companies are reducing coverage or are asking for more pay from employees. This makes it a necessity for retirees to budget for health coverage which indeed turns out to be a hefty job.
If you need to find insurance for yourself, either start your search at the Web site of the Foundation for Health Care Coverage Education (www.coverageforall.org) or call for help at 800-234-1317.
If you received benefits from your former employer provided benefits, you may be eligible to continue coverage under a federal law called COBRA. However, this could be costly because the employer no longer subsidizes the premium.
Again, after the expiration of COBRA benefits, it would not be wise for you to wait more than 63 days to sign up for a policy in the individual market. HIPAA (Health Insurance Portability and Accountability Act) requires that the private insurers must offer some type of coverage after your company benefits expire, even if you have a medical condition. The point to note here is that there is no specification for premiums and also because each state has its own rules, you should contact your state insurance department. If you wait longer than 63 days and have a medical condition, you may not be able to find coverage at all.
COBRA and HIPAA benefits are by far the best options for someone with a serious medical condition. However, there could be various cheap options out in the market for a relatively healthy person.
(Adapted from April 2009 issue of Kiplinger’s Retirement Report)
Adhering to HIPAA as a medical transcriptionist working from home
In order to have a good reputation as a medical transcriptionist, you not only need to have a quality work record, you are also to be reliable enough for keeping confidential all the medical data that pass your hands.
Medical transcriptionists working in a medical transcription company usually adheres to the Health Insurance Portability and Accountability Act (HIPAA) standards, but if you are working from home, you must follow certain steps keep medical records secure and confidential.
Firstly, keep your office in a private place out of the reach of family and friends so that all the medical data - the voice recordings and the transcribed information – are beyond anyone’s reach.
Protect your medical transcription work on the computer with passwords and keep your anti-virus software updated. Again, keep the firewall on whenever you are connected to a network and when sending files to your client, make sure the files are transmitted over a secure computer network.
Encrypt e–mails that contain queries and information on the medical records. Lastly, back-up your medical transcription work periodically on an external drive.
Parental access to child’s medical records as per HIPAA
The HIPAA Privacy Rule generally allows a parent to have access to the medical records about his or her child, as his or her minor child’s personal representative when such access is not inconsistent with State or other law. However, the exceptions to this when the parent would not be the minor’s personal representative under the Privacy Rule are:
When the minor is the one who consents to care and the consent of the parent is not required under State or other applicable law;
When the minor obtains care at the direction of a court or a person appointed by the court; and
When, and to the extent that, the parent agrees that the minor and the health care provider may have a confidential relationship.
However, even in these exceptional situations, if the State or other applicable law requires or permits parental access, the parent may have access to the medical records of the minor related to this treatment. All the same if the State or any other law denies such access, parental access would be denied. If State or other applicable law is silent on a parent’s right of access in these cases, the licensed health care provider may exercise his or her professional judgment to the extent allowed by law to grant or deny parental access to the minor’s medical information.
Finally, as is the case with respect to all personal representatives under the Privacy Rule, a provider may choose not to treat a parent as a personal representative when the provider reasonably believes, in his or her professional judgment, that the child has been or may be subjected to domestic violence, abuse or neglect, or that treating the parent as the child’s personal representative could endanger the child.
Difference between consent & authorization under the HIPAA Privacy Rule
The Privacy Rule permits, but does not require, a covered entity voluntarily to obtain patient consent for uses and disclosures of protected health information for treatment, payment, and health care operations. Covered entities that do so have complete discretion to design a process that best suits their needs.
An authorization is a detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or health care operations, or to disclose protected health information to a third party specified by the individual. An authorization must specify a number of elements, including a description of the protected health information to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an expiration date, and, in some cases, the purpose for which the information may be used or disclosed.
The Privacy Rule requires authorization for uses and disclosures of protected health information not otherwise allowed by the Rule. Where the Privacy Rule requires patient authorization, voluntary consent is not sufficient to permit a use or disclosure of protected health information unless it also satisfies the requirements of a valid authorization.