I was knee-deep covering hospital regulations in the early 2000s when Uncle Sam first released HIPAA privacy laws, and the initial reaction from healthcare organizations ranged from intrigue to panic. At that point, most medical records existed only on paper.
Fast forward 15 years. Just as the Founding Fathers could not have fully anticipated how the U.S. Constitution would apply to modern life, the authors of HIPAA probably didn't foresee how today's technology intersects with protected health information.
As CIOs grapple with the promise and risks of electronic access to medical records, pressure is rapidly building on doctors and physician practices to firm up privacy compliance now that the drumbeat of federal HIPAA audits gets louder.
In this issue of Pulse, reporter Shaun Sutner examines how to survive a HIPAA audit. The 2015 audit program from the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) affects 400 providers, many of which are not fully prepared for their reviews.
The OCR won't predict publicly what enforcement actions its inspectors are contemplating, but penalty amounts can swiftly rise to the tens and hundreds of thousands for failure to meet certain HIPAA provisions.
Statistics elsewhere in this issue tie solidly into HIPAA risks. A senior adviser for OCR noted in 2014 that 33% of protected-health-information breaches affecting 500 or more people stemmed from laptops and other mobile devices.
And we look into why IMS Health, a global healthcare software company, entered into an agreement with Amazon Web Services and ditched Microsoft Azure. As reporter Beth Pariseau writes, IMS is "one of the new poster children for businesses going all-in with Amazon Web Services"
Speaking of the Web, expert contributor Reda Chouffani looks at a gap in publicly posted information about gifts and physician payments from medical device manufacturers and pharmaceutical companies. Up to one-third of such data, the collection of which falls under the Physician Payments Sunshine Act, has not been posted yet by the Centers for Medicare and Medicaid Services.
It's not clear why this information is missing, but it may be just as well for now. On the CMS posting site is a caveat: "For some searches the results will take some time to load, please be patient."
The loading time of a page versus the amount of records requested. The rapid pace of technological development versus the reluctance behind EHR adoption. Looming HIPAA audits versus subpar physician compliance. For many of you in health IT, choosing the fast lane or the slow lane brings plenty of business decisions along as baggage.
What patient privacy security concerns do you wrestle with as 2015 unfolds? Let me know at firstname.lastname@example.org.
HIPAA privacy laws, EHR certification keep providers busy
OCR explains decision to increase HIPAA audits
Recovery of meaningful use funds foreshadowing HIPAA audits results?