Posted in Healthcare Privacy

HIPAA

Why Employers Need to Carefully Approach Employee Healthcare Data

By Kirk J. Nahra, CIPP/US

The recent controversy about AOL CEO Tim Armstrong’s comments on employee healthcare expenses reflects ongoing confusion about the actual and appropriate rules for employers and the protections for employees concerning their health care information. As employers become more involved in the overall management of employee wellness and overall healthcare expenditures, this confusion is likely to remain. Employers need to very carefully consider their approach to employee healthcare information and how they will act effectively and intelligently in this controversial and risky area.

More from Kirk J. Nahra

Big Data

How To Solve the President’s Big Data Challenge

In his recent remarks on the NSA and surveillance, President Barack Obama grabbed the Big Data bull by the horns. We commend the president’s decision to task the Council of Advisors on Science and Technology (PCAST) to reach out to privacy experts, technologists and business leaders to examine the challenges inherent in Big Data. Government surveillance raises distinct civil liberties concerns that commercial and scientific use of Big Data does not; still, it is appropriate to address the profound impact of new technologies on Big Data business opportunities.

Big Data was all the rage in privacy circles in 2013, and now it is achieving appropriate broad policy attention. It implicates modern day dilemmas, which transcend privacy and impact a variety of delicate balancing acts at the core of free market democracy. The examination requires engagement not only by privacy professionals but also by ethicists, scientists and philosophers to address what may very well be the biggest public policy challenge of our time.

More from Jules Polonetsky

From the Regulator

Living in Interesting Times—A View from the New Zealand Privacy Office

One of the dubious delights of being a privacy regulator is the unexpected things that crop up during every working week. It doesn’t matter how I plan and prioritise work—some headline-grabbing issue or urgent demand for time and attention will come across the desk and force a rethink. It can be a challenge, but it certainly keeps the job interesting.

More from Katrine Evans

Healthcare Privacy

On Where Health IT and Privacy Meet

By K Royal, CIPP/US, CIPP/E

The Eighth Annual National Health IT Week kicks off today with the slogan, “One Voice. One Vision: Transforming Health and Care.” This honorary week has been created by the Healthcare Information and Management Systems Society (HIMSS). HIMSS seems to lead efforts similar to the IAPP, even if the mission is different, and there is no doubt that our membership overlaps. HIMSS states that last year, more than 250 organizations participated in the week’s activities while also being recognized by President Obama and the U.S. Senate.

More from K Royal

From the Tool Belt

Moving Past the New HIPAA Rules

By Kirk J. Nahra, CIPP/US

So, you’re a HIPAA covered entity or business associate who is in the final throes of revamping (or creating) appropriate and compliant HIPAA privacy and security policies. And, you finally think you are getting a handle on all the changes required by the new HITECH components of the HIPAA rules. And, boy, it’s been some work. So, you’re good for a while, right?

Not really. While the HIPAA privacy and security rules occupy the primary attention for healthcare entities and their business associates, there is a wide range of other privacy and security practices, rules, laws and regulations that must be met—and the laundry list is evolving almost constantly.

More from Kirk J. Nahra

From the Tool Belt

Policing Your Own People

By Kirk J. Nahra, CIPP/US

The recent reports of terminations at Cedars-Sinai Medical Center following inappropriate review of celebrity medical records should serve as a reminder to every healthcare entity—and any company with sensitive information. You must police your own people. They need access to information to do their own job, but history has shown that they can’t be trusted entirely. You need a plan to make sure...

More from Kirk J. Nahra

Opinion

Why Healthcare Providers Should Utilize Social Media

By Valita Fredland, CIPP/US

Social media users, and communal Internet forums in general, continue to increase in number. It is a source of a good deal of interesting data—yet, healthcare providers seem to approach social media as one of the contents in Pandora’s box. Because of the potential good to be had from large data analysis, healthcare providers should get engaged through social media and think critically about its potential, while being mindful of potential privacy and legal risks.

Healthcare providers are often slow to adopt new technology; there are good reasons for this cautious approach. Yet, while other industries are early adopters of new technology, healthcare providers can often seem like laggards because their large capital outlays tend to go to equipment and services that directly deliver patient care: monitors, fluoroscopy units, magnetic resonance imaging machines and new private patient rooms.

More from Valita Fredland

From the Toolbelt

What Should You Do If You Receive an Investigatory Letter From the OCR?

By K Royal, CIPP/US, CIPP/E

Opening mail still carries the potential of discovering a treasure. Unfortunately for many organizations, the envelope may contain unpleasant information, namely an investigatory letter from the Office for Civil Rights (OCR), the entity that enforces the Health Insurance Portability and Accountability Act (HIPAA).

More from K Royal