Monday, July 16, 2007

Fear the Reaper

Because, you know, if we continue with HIPAA the terrorists win. From a letter to the editor of the Asbury Park Press:

Finding terrorist cells in the British health care industry is disturbing, because it exposes those doctors as criminals intending to cause mass murder. Al-Qaida is recruiting people from nations such as India and Pakistan who work within the industry. The easy access and knowledge doctors have of dangerous biological agents, chemicals and drugs poses a new threat.

Medical terrorists also have access to private information in our medical records. In cases of our recovering soldiers, they see the wounds inflicted that make them unfit for further duty.

The medical reports of millions of Americans are routinely sent over the Internet to India and Pakistan to be typed or transcribed. Most Americans are unaware the doctor treating them here is sending their private medical history and treatment record to India to be typed. Depending on the turnaround time, your medical report already may be somewhere in India before you return home from treatment.

Once these private medical reports leave the United States via the Internet, they enter a cyber-system, where the medical information can be passed from one company to another within a business chain. Your doctor may not know where the medical dictation finally ends up downloaded to a foreign computer to be typed or transcribed.

All of this is legal under the less-than-adequate medical privacy law called HIPAA. The solution to this crisis is simple: Don't allow our personal medical information to leave the jurisdiction of the U.S. court system. Plenty of qualified medical transcribers live here, where it is easier to maintain privacy and trace the path of this sensitive information.

There are so many things wrong with this I don't have the energy to fully rebut them. Leaving aside the delusional nature of the thing and concentrating on HIPAA, the writer is of course mistaken. PHI in India is still under jurisdiction of US courts via Business Associate Agreements, which make at least the US based sides responsible for the conduct of their foreign counterparts.

Now there are boogymen under every hospital bed. Sheesh.


Anonymous said...

In your own words you clearly show the giant loophole in the HIPAA Regs. The foreign transcribers are what is referred to as "Non-Covered Entities" and are therefore expected to be self-regulated. Self-regulation does not work, not here in the US, and especially not somewhere in India or Pakistan. The 4th Amendment of the Constitution and my right to medical privacy will not be protected by the government of India or Pakistan. For that matter, the government of Pakistan seems to have little respect for it's own constitution, how do you expect Pakistan or India to value and uphold a weak and inadaquate "HIPAA Business Agreement"? I wonder how much experience you really have in the medical transcription industry other than PR?

michael said...

I suspect you haven't actually read this blog. I can see you know nothing about me. I am not a medical transcriptionist. I am a computer security engineer. My interest in HIPAA is not in promoting it, but in helping non-technical people understand what was intitally a poorly understood and to many frightening set of rules.
I have no expectations of the governments of Pakistan or India on any topic, including this one.
HIPAA was a sincere attempt torpedoed by 6 years of anti-enforcement government administration in the US, followed by active attempts to completely invalidate it. We are just now seeing some prosecutions and awareness growing from that.
Yours was a very well thought out and stinging comment--- unfortunately you didn't actually read enough of my blog for it to have made any sense here.

Anonymous said...

As you accurately stated, "6 years of anti-enforcement regulation" and administrative double-speak has some of us somewhat frustrated and ready to fight back, but in your case I might have been hasty in my judgement. There is increasing concern regarding the future ability of our present regulatory agencies to in any real fashion protect the privacy of patient medical records. Recent news of a buy-out of Medquist by Cbay of India is one more example of a vital industry slipping from our hands and with it direct control of our privacy.