Texas AG Charges Rehab Facility With Unlawfully Dumping Client Records

Texas Attorney General Greg Abbott today charged Treatment Associates of Victoria Inc., with violating the Texas Identity Theft Enforcement and Protection Act. According to court documents, the San Antonio-based drug testing and rehabilitation facility violated a state law that requires businesses to protect their customers’ sensitive information.
The Office of the Attorney General (OAG) launched an investigation after reports indicated that Treatment Associates had unlawfully dumped bulk client records in publicly-accessible garbage containers. According to OAG investigators, the defendant exposed 44 clients’ sensitive personal and medical information, including Social Security numbers, private medical history and substance abuse records. The files also contained private information that clients shared during counseling sessions, as well as the personal information of clients’ family members and other third parties.

N.Y. group issues draft on RHIO consent policy

A state-led consortium of individuals and organizations in New York has published a draft set of recommendations on how to standardize consent policies for the electronic exchange of personal healthcare information as part of the development of a statewide health information network.

The work of the New York Health Information Security and Privacy Collaborative is being overseen and funded by the New York State Health Information Technology Transformation Office, part of the New York State Health Department. Lori Evans, the deputy commissioner of the health department’s technology office, headed up the state’s end of the consortium’s policy development process. Evans’ office is currently overseeing $400 million in state funds and private-sector contributions to promote the use of health IT and develop a statewide health information network—SHIN-NY.

Group launches online ZIP code atlas of population health

A public health organization will launch an online database this fall that could help forecast the demand for health care services in specific locations for chronic conditions including diabetes, obesity, and HIV.

The National Minority Quality Forum has created the “ZIP Code Analysis Project” to collect data on disease activity among both general and minority populations by postal code.

The project already has a diabetes atlas online. The database shows differences in the prevalence of diabetes across a map of the U.S., as well as noticeable annual changes. This fall atlases will be available for cardiovascular disease, obesity, HIV and chronic kidney disease.

HIMSS: Stark I.T. Bill Needs Work

The Healthcare Information and Management Systems Society has sent a letter to leaders of the House Ways & Means health subcommittee regarding recently introduced health information technology legislation.
Rep. Pete Stark (D-Calif.), chair of the subcommittee, introduced H.R. 6898. In the letter to Stark and ranking member Rep. David Camp (R-Mich.), HIMSS leaders expressed support for several provision of the bill. They also opposed creation of a new advisory committee and government-overseen development of open-source health information systems. What follows is the complete text of the letter:
“The Healthcare Information and Management Systems Society (HIMSS) applauds your leadership on healthcare information technology (IT) issues. HIMSS is the healthcare industry’s membership organization exclusively focused on providing global leadership for the optimal use of healthcare IT and management systems for the betterment of healthcare. HIMSS has over 20,000 individual; 350 corporate, healthcare providers, and affiliate members; plus 46 chapters around the United States that frame and lead healthcare public policy and industry practices through its policy research and educational and professional development initiatives designed to promote information and management systems’ contributions to ensuring safe, quality, and cost-effective patient care.

Study: Online Care May Reduce Healthcare Costs

Results of a study released today found that the use of online care for certain prescribed circumstances may result in first-dollar financial savings for employer-sponsored health plans.

The Milliman study was authored by Arthur L. Wilmes, FSA, MAAA, principal & actuary at Milliman, an actuarial firm with a leading presence in the healthcare market. The analysis demonstrated potential medical savings of $3.36 and $6.95 per-member-per-month (PMPM) for commercial and Medicare plans, respectively. The study investigated the use of online care services similar to those in American Well’s Online Healthcare Marketplace System, which became commercially available earlier this year.

Laptop Searches at Border Spark Debate Over Privacy vs. Security

Laptop searches at the border have sparked debate about how the government’s broad powers to search international travelers should apply to electronic data.
Under current law, federal agents at the border can search electronic devices, copy data or seize a computer without probable cause.
During the first two weeks of August, 40 people of the almost 17 million who crossed U.S. borders had their laptops searched, according to the Department of Homeland Security.
“Some people have had their stuff taken away for two or three months,” said Rep. Loretta Sanchez, D-Calif., who introduced a bill to make searches of electronic devices more transparent. “It’s incredibly inconvenient, and people weren’t even aware it could happen.”

New certification aims to improve security of computer applications

An information security training firm announced on Wednesday it will offer a new security certification for software professionals in 2009 aimed at reducing the number of vulnerabilities in applications, one of the most common ways hackers gain access to systems.
ISC2, which has trained and certified more than 50,000 information security professionals, said it will begin offering in June 2009 an exam to security specialists interested in receiving the firm’s Certified Secure Software Lifecycle Professional designation. The CSSLP will establish best practices and will validate an individual’s competency in addressing security issues that occur during the life cycle of software development and use.
More than 70 percent of computer security vulnerabilities can be found in software applications, such as databases, word processors, spreadsheets and even security programs themselves, according to research firm Gartner. These vulnerabilities frequently are the result of poorly written code.

Healthcare shunted aside: Economy dominates as Congress prepares for recess

Hospital lobbyists are playing a game of “Beat the Clock” with Congress, eyeing a handful of healthcare provisions that they want to see pushed through in what could be the final week of the legislative session. Federal lawmakers are expected to exit Washington on Sept. 26, freeing up congressional members to campaign in their home districts before the November elections. Even so, some members may get called back into action to deal with the fallout from the unsteady banking and lending sector, House leaders said.

The dwindling time left coupled with the turmoil in the financial markets have worked against pending healthcare initiatives on Capitol Hill, potentially kicking them over to a new president and Congress, said Richard Pollack, executive vice president of the American Hospital Association. “It’s unclear what they can get done and what they can’t get done,” he said.

There are a number of hospital-backed measures under consideration (See table, p. 9). Legislators also are showing signs that a much-wanted change to how Medicare reimburses physicians may also stay on the backburner for a while (See story, below).

But a separate bill requiring companies to offer mental health benefits on par with physical health benefits—also backed by the AHA—could pass this week. As of Sept. 19, the bill used restrictions on physician ownership of hospitals as a means to help pay for the legislation, though it’s uncertain whether it will stick.

AHIC Successor names 15 board members

Appointments to the 15-member board of AHIC Successor, the replacement organization to the federally chartered healthcare information technology advisory panel, include five physicians, one of whom works for the largest for-profit payer, WellPoint; plus representatives from drugmaker Eli Lilly and Co.; retailer Wal-Mart Stores, the head of a new electronic-prescribing software vendor, Prematics; one official each from state and local agencies but no representatives from the nation’s larger provider and payer of healthcare, the federal government.

According to the announcement, made during the second to last meeting of the American Health Information Community, HHS Secretary Mike Leavitt and Veterans Affairs Secretary James Peake will serve as “federal liaisons” to the board. Robert Kolodner, the physician who is head of the Office of the National Coordinator for Health Information Technology, “will continue to coordinate federal input into the public-private process.”

Leavitt created AHIC in 2005 with eight of its original 17 members representing federal government agencies, including Leavitt, who appointed himself chairman. But from its inception, Leavitt promised that the federally funded organization would be replaced by a private-sector organization before the end of the Bush administration.

Human error to blame for Grady data breach

Private medical records of Grady Memorial Hospital patients were made public on the Internet, in a way that has become an increasing concern to information security experts.
Human error —- not hackers —- apparently caused the medical records of 45 patients to make their way onto an unsecured Web site in July, where they remained for a few weeks, Grady officials said.
The records were thought to be on a secured Web site, but the site turned out to be unsecured and open to the public, officials said.
Grady has since made sure the information has been removed from public access, said Grady lawyer Timothy Jefferson.
At a time when more and more information is stored and moved electronically, oftentimes on Internet sites protected with passwords and firewalls, experts say they see an increasing amount of information inadvertently slip onto unsecured sites and become available to the World Wide Web.