Health IT Law Blog : Health IT Law Blog : Post & Schell: Law Firm : HIT & Electronic Health Records

Healthcare providers are generally familiar with and are used to the complex network of state and federal data privacy protection laws (e.g., HIPAA and HIPAA Privacy and Security regulations).  However, most providers may not be aware of another set of data security standards, the Payment Card Industry Data Security Standards (PCI DSS), imposed by a non-governmental, private organization representing the credit card industry.  

Contrary to popular belief, PCI standards apply to any processor of credit cards, regardless of volume of credit card transactions.  (However, PCI DSS differ based on each organization's transactions volume.)  In other words, if your healthcare enterprise or practice accepts credit cards as payment for services (which virtually all practices do), your organization is subject to PCI DSS.  

SC Magazine's recent contribution from Jim Lacy, CFO of healthcare IT company ZirMed, provides an excellent reminder for all healthcare providers accepting credit cards to take note of PCI DSS and begin the process of compliance with such standards.

A few lessons from Jim Lacy's piece and more after the jump.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On June 16, 2009, the Workgroup on Meaningful Use presented its findings to the HIT Policy Committee.  The findings include two parts:  the preamble and the matrix.   The matrix consists of goals to be achieved by 2011, 2013, and 2015, and the metrics for such goals to evaluate hospital and clinician progress in meeting them.

We will have much more analysis on this preliminary definition later, so stay tuned for our updates.  Meanwhile, our favorite "geek doctor" John Halamka stated the following on his blog:

Now that the initial definition of meaningful use is available, the HIT Standards Committee workgroups and HITSP will work through the month of July to ensure the matrix is populated with the most up to date standards and implementation guide detail.

Hospitals and Clinician offices now know what is expected for 2011, so the time is now to begin your software implementations.

"Meaningful Use has Arrived", Life as a Healthcare CIO (June 16, 2009).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The New York Times reported today on the growing threat posed to patients and consumers by medical identity theft.  The article rightfully notes that this threat may only become more prominent with the widespread adoption of electronic health records technology championed by the Obama Administration. 

According to the Times, over 250,000 Americans are victims of medical identity theft each year, and this number does not include those who are not yet aware that they are victims of such identity theft.  The article profiled one case of medical identity theft, that of Brandon Sharp, a 37-year-old manager at an oil and gas company in Houston:

In Mr. Sharp’s case, someone got hold of his name and Social Security number and used them to receive emergency medical services, which many hospitals are obliged to provide whether or not a person has insurance. Mr. Sharp still does not know whether he fell victim to one calamitous perp who ended up in several emergency rooms or a ring of accident-prone conspirators.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Sen. Edward Kennedy (D-MA) revealed the first draft of the healthcare reform bill, the "Affordable Health Choices Act."  Competing versions of the healthcare reform legislation are expected shortly from senior House Democrats, including Energy and Commerce Committee Chairman Henry Waxman (D-CA), and Sen. Baucus (D-MT), chairman of the Senate Finance Committee.  According to the Los Angeles Times, while the various drafts will differ significantly, congressional Democrats agree on three broad goals for the new healthcare framework:

• Improving the quality of care for everyone by encouraging doctors, hospitals and others to adopt the best, most effective courses of treatment.
• Curbing the explosive growth in costs by prodding the medical system to make more cost-effective decisions and to increase efficiency by moving to computerized medical records.
• Expanding coverage to those who do not have health insurance.

Sen. Kennedy's bill does not provide additional funding for adoption of EHR systems, but, according to Piper Jaffrey senior research analyst Sean Wieland interviewed today by Healthcare IT News, "the use of the data generated from these yet-to-be-installed systems is a central theme throughout [Kennedy's] 615-page bill." 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On June 4, 2009, Sears Holdings Corporation (Sears) settled its dispute with the Federal Trade Commission (FTC) regarding Sears's controversial online tracking software.  Sears paid its customers $10 to join "My SHC community" and download  software which would track participants' online behavior.  However, FTC alleged that Sears did not adequately disclose the enormous scope of information Sears collected on the participants:

<...> Sears represented to consumers that the software would track their “online browsing.” The FTC charges that the software would also monitor consumers’ online secure sessions – including sessions on third parties’ Web sites – and collect information transmitted in those sessions, such as the contents of shopping carts, online bank statements, drug prescription records, video rental records, library borrowing histories, and the sender, recipient, subject, and size for web-based e-mails. The software would also track some computer activities that were not related to the Internet.

Sears did disclose the full extent of what information it would monitor, but only "in a lengthy user license agreement, available to consumers at the end of a multi-step registration process", which the FTC deemed to be inadequate. 

Under the settlement, Sears is required to destroy the data collected under this program, and to "clearly and prominently disclose the types of data the software will monitor, record, or transmit" if Sears advertises or disseminates any tracking software in the future.  The FTC also required Sears to make such disclosure prior to installation of the software and separate from any user license agreement; and disclose whether any of the data will be used by a third party.

"Sears Settles FTC Charges Regarding Tracking Software", FTC press release (June 4, 2009).
"Sears settles with FTC in privacy flap", Reuters (June 4, 2009).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Healthcare IT News reports that a new study projects that the market for electronic health records related equipment and software will reach $1.6 billion in 2013, which is almost three times more than last year's value.  EHR market was estimated at $575 million in 2008.  ARRA is, of course, the main reason for such a steady rise in market value:

Driven by the growing use of EMRs in hospitals and physician offices, this segment of the patient monitoring market will grow 23.3 percent annually through 2013, notes the report, "High-Tech Patient Monitoring Systems Markets (Remote and Wireless Systems, Data Processing, EMR Data Transfer)."

Increased use of EMRs and high-tech patient monitoring systems is a key piece of President Barack Obama's plan to fix the ailing healthcare system, the report notes, because they have the potential to improve patient outcomes and satisfaction, provide cost savings and more efficient use of healthcare resources and reduce hospitalizations.

Full article here.

"Market for EMRs pegged at $1.6 billion by 2013", Healthcare IT News (June 4, 2009).

• Email This
• Print
• Comments
• Trackbacks
• Share Link