Friday, March 18, 2011

INSPN presentations today

Excellent INSPN meeting today with 3 extremely informative presentations. The event was well attended. By my quick count, almost 100 people there and about 75% of them in healthcare.

#1: Neal Eggeson, Paintiff Attorney
Topic: Discussion of his $1.25m award won against physician group that disclosed his client's HIV status
Key points:
  • Disclosure was made to a collection agency for payment of medical bills.
  • Collection agency included (unneccesary) information in a legal filing that (in theory) could be obtained as public information.
  • Unusually large damage award was based upon a theory that his client would be unable to continue living within the community and restitution would enable him to move to a different community.
  • HIPAA was not at issue in the case.
  • Case seems to raise the bar of "harm"

#2: Greg Zoeller, Indiana’s Attorney General
Topic: The State’s Position on the Security of Consumer/Patient Information.
  • Timely disclosure of breaches appears to be the primary concern.
  • "Without unreasonable delay" is a sliding scale based upon the facts and issues like the size of the organization involved, but 30 days seems to be a threshold.
  • Prosecutions (including the recent one against wellpoint) under the Indiana Security Breach notification act. Whether the Indiana A.G. will pursue private cause of action suits is unclear.
  • Recommended calling the A.G. office to discuss breaches ASAP and even before all the facts of the case may be known. "I promise you that it will never be to your disadvantage to call us sooner rather than later."
  • A primary concern with respect to providers appears to be coding fraud.

#3: Dr. Alan Stewart & Good Samaritan Hospital
Topic: Share his personal experience of a privacy breach and subsequent investigation by the Office of Civil Rights.

  • Had a sensitive medical conversation with a patient in a semi-public forum (cafeteria area of a rehab clinic)
  • IMO, physician took appropriate subsequent steps to appologize and change his clinical processes.
  • Patient filed a complaint with the state board of health and federal office of civil rights.
  • Subsequent investigation of the hospital by board of health (no jurisidiction for privacy and no punitive action) by OCR.
  • OCR inquiry came nearly 2 years after the event.
  • Interaction with OCR was that they requested copies of policies and documentation, recommended policy changes and recommended written corrective action (i.e. letter in medical staff file).
  • Raises interesting questions about whether and how physicians are trained in HIPAA privacy and security matters. They are often NOT employees of the healthcare institution and do not go through annual training like other workforce members.
  • Dr. Stewart is to be commended for sharing his experiences openly with all of us so we can learn more.

Posted by at No comments:

Wednesday, February 18, 2009

Federal stimulus bill contains new requirements for HIPAA Security and Privacy

The HITECH act, which passed as part of the federal stimulus package contains a number of new, important provisions regarding HIPAA.

The following web link is relatively short and provides a good assessment of what new developments HITECH brings to the HIPAA Security and Privacy rules.
http://www.wallerlaw.com/articles/2009/02/13/stimulus-bill-expands-the-reach-of-hipaa.8147

Here in the Indiana we're also likely to see new, related legislation in the form of HB1121, which will likely pass and go into effect July 1 of this year.

When HITECH is considered in conjunction with Indiana House 1121, a new more challenging landscape begins to appear for for healthcare providers.

Some of the key elements of the two pieces of legislation are:

HITECH Act (contained within the stimulus bill):
1. Expands enforcement and penalties for HIPAA non-compliance. (Up to $50k/incident + investigation and court costs)
2. Enables State attorney general’s to enforce HIPAA through “private cause-of-action” suits.
3. Requires notification to the Secretary of Health and Human Services (HHS) for any breach involving 500 or more patients.
4. Requires HHS to publish a list of breaches and offending institutions on their web site.
5. Establishes greater requirements for Business Associates who work with patient data on our behalf (encryption, breach notification, etc.)
6. Establishes HIPAA as the new “low bar” for security and privacy legislation. Individual state laws can only exceed those minimum standards.
7. Heightens requirements for restricting access to patient records and accounting for all access/disclosure upon patient request.

Indiana HB1121:
1. Creates an Identity Theft task force within the Indiana Attorney General’s office which can investigate and prosecute identity thieves and non-compliant businesses.
2. Requires greater notification of breaches (and suspected breaches) to Indiana Attorney General.
3. Expands encryption requirements for databases.
4. Expands requirements for data destruction when computers and media are disposed.
5. Imposes civil penalties for non-compliance (Up to $5k/incident + investigation and court costs)

Even in this time of economic challenges, healthcare organizations will need to significantly ramp up their security and privacy risk management efforts in order to stay compliant and avoid the growing risks of breaches.
Posted by at No comments:
Labels: , , , , ,

Tuesday, October 9, 2007

PVR Update

My GBPVR box is still working well.

A couple of months ago, I picked up an Adaptec AVC-3160 dual TV tuner for under $100 on eBay. This has a USB interface, which worked well for me because my PVR box is a low-profile and only has one half-height PCI-E interface.

I ran into some issues when Tribune Media discontinued free access to their Zap2IT service last month which was providing Electronic Program Guide (EPG) information to my GBPVR. GBPVR forums have been active with discussions about possible replacements, but the easiest was to get a data subscription from Schedules Direct. What a bummer!

I've enjoyed being a PVR hobbyist, but when I add up all of the money I have spent on getting a PVR working, I definitely could have gotten a Tivo. It's also becoming pretty clear that the days of unencumbered analog cable tv are numbered.

In a related note, AT&T is gearing up to launch IP-based television in my area (Indianapolis market) and for the sake of simplicity, I'm probably going to go with TV, land-line phone and Internet from a single provider over a single pipe when that becomes a reality.
Posted by at No comments:

Wednesday, December 27, 2006

PVR exploits over Christmas

I fiddled with my PVR setup over Christmas and made some discoveries:

1. As much as I really, really want to use one of the Linux distros (KnopMyth, MythDora or from scratch) this is still more work than I wanted to put into it. I spent a couple of hours on the first two distros and installation wasn’t as trivial as I would have liked.
I should caveat that I’m using a small form dell box and I have a USB based Hauppage mpeg2 capture card.


2. I’ve used SnapStream in the past as a Windows PVR, and it is really great for what it does… but I have the following (minor) dissatisfactions with it and wanted to try something else:

  • SnapStream costs money and I didn't want to pay for the version upgrade.
  • SnapStream has limited functionality outside of PVR. (No weather, games, web browsing)

3. I'm a card carrying member of the evil empire. As much as I'd like to be a cool kid and and use the GNUest stuff, having a life outside of my nerd projects requires me to go with what I know. In this case, that's Windows.

4. Major contenders for the Windows PVR options were:

GBPVR http://www.gbpvr.com
MediaPortal http://www.team-mediaportal.com

I was initially leaning toward MediaPortal because it is open source (GBPVR=closed source) and appears to have an active developer community.

Unfortunately after about an hour with MediaPortal, I experienced some cludginess:

  • When connecting to my set-top box with VNC, I couldn't see the MediaPortal application.
  • Application would periodically and randomly lock up on me.
  • Importing tv guide listings (via XMLTV) was non-trivial.

I went back to GBPVR and was able to get the basics of PVR functionality working in about 30 minutes.

GBPVR doesn't have the sexy skins and all the plugins that MediaPortal does, but so far it works as advertised and was easy to set up. I've also tinkered with some of the plug-ins and other utilities available on the WIKI section of their web site.

From here, future direction is:

  • Rip DVDs into the Video library.
  • Remote access to streaming video (a la SlingBox)
  • MediaMVP clients for other locations in the house
  • Emulators to play games without exiting the interface
  • Set up my music collection

Some of the key components to making this all work were:

  • Low profile video card to fit my Dell Optiplex GX520 mini desktop. I went with a Jaton card with an nVidia chipset. This one fits the PCI slot and has svideo and RCA output.
  • Wireless keyboard/mouse - I did this rather than mess with the media center remote controls. The one I bought was pretty cheap but is working well so far. I got it from NewEgg.
  • For capturing video, I'm using the Hauppauge WINTV-PVR-USB2. I had to go USB because I've already filled the single PCI slot in my GX520. So far it's working well versus the PCI cards. Hauppauge cards are a must (IMHO) because you need to do MPEG2 encoding at a hardware level, rather than forcing all that work onto the PC. The end result is recordings that are high quality and aren't jumpy.
Posted by at 1 comment:
Labels:
Subscribe to: Posts (Atom)