Sunday, October 15, 2006

Lookin' For Trouble

Disturbing numbers:

Fewer hospitals and healthcare facilities are fully complying with the law this year than in 2005, according to a recent survey by the American Health Information Management Association (AHIMA), a professional organization for health information executives. And more than one-quarter of U.S. security executives whose organizations need to be HIPAA-compliant admit that they are not, according to "The Global State of Information Security 2006," a study released last month by CIO and PricewaterhouseCoopers.

Wednesday, October 04, 2006

A Bad Case of Loving You

Here is an example of a guy with a ton of credentials in another field missing something entirely:

One particularly outrageous aspect of these cases is the way HIPAA's privacy provisions tie the hands of defense attorneys. We're only now finding out about these women's histories with other doctors because defense attorneys were prevented by HIPAA from knowing of or viewing their medical records, even when a man's freedom was at stake. The prosecution was free to make spurious claims to the jury -- claims they knew or should have known were inaccurate -- but the defense was barred from looking at the very medical records that would have rebutted many those spurious charges.

Of course, is the prosecution knew of potentially exculpatory evidence -- that is, their witnesses' dealings with other doctors -- and didn't disclose it to the defense, Ms. Buchanan's office might soon be forced to answer some difficult questions about prosecutorial misconduct.

Medical privacy is important, of course. But if the DEA is going to continue to go after these doctors with charges that hinge on the medical histories of some of their witnesses, defendant doctors ought to be able to peruse those histories for evidence that could help proove their innocence.

I read Balko occasionally, and several of my more conservative friends are big fans of his. In this case he misses the very important point that the HIPAA Privacy Rule allows for this very type of case. The problem had nothing to do with HIPAA. It was a failure of the prosecution during the discovery phase to disclose what they knew. HIPAA did not hamper the defense; a dishonest prosecution did.

Tuesday, October 03, 2006

Kansas City Star

From the Kansas City Star, here is another case of HIPAA as a convenient excuse. An EMT got permission to post photos of an accident from the victims as a traffic safty example. He was suspended for violating the HIPAA Privacy Rule. Except with permission, there was no violation.

In the district's letter to Drennan, obtained by the Kirksville Daily Express, district officials accuse Drennan of disclosing protected patient information, violating ethics rules regarding patient confidentiality and committing an act that brings discredit on the district and questions its safe operation.

While the letter doesn't spell out the protected information, Drennan said ambulance district Chief Jason Albert told him the suspension was linked to the photos and online comments.

Albert said the suspension was based on other factors besides the photos but wouldn't comment further, saying it is still an internal personnel matter.

Other factors. Indeed. Without the HIPAA violation, which apparently didn't occur, would they have been able to suspend him? HIPAA is just so danged convenient!