HIPSA Proposed

(Thanks to Ellen Wright Clayton for the pointer)

Recently, Senators Leahy and Kennedy introduced the Health Information Privacy and Security Act to the Senate.

Title I of the bill, "Individual Rights," guarantees an individual's right to supplement, amend, correct, or destroy any of their protected health information maintained or stored by an entity. It also would require entities maintaining, accessing, using, or storing protected health information to provide the individual with a notice of privacy rights and practices, and notify individuals when data corruption or loss of health information is discovered.

Title II of the bill, "Restrictions on Use and Disclosure," includes requirements on groups seeking to disclose protected health information to obtain a signed, written authorization from an individual in connection with any treatment, payment, or other purpose.

Also, individuals must be provided with notification in the case of an actual or attempted security breach if there is at least a "reasonable belief" that protected health information concerning the patient was accessed or acquired during the breach.




A summary of the bill is here.

NYTimes on HIPAA and Access to Records (or Lack Thereof)

Jane Gross, at the NY Times, penned a recent story on the ways in which various health organizations (and their employees) misinterpret the HIPAA Privacy Rule. It's filled with annecdotal evidence, but it does highlight some of the confusions and challenges with implementing the privacy rule correctly.

Read the story here.

GAO Summarizes Report on Privacy Needs for Health Records

In January 2007, the Government Accountability Office issued a report on the federal government's lack of an overall privacy framework for a national health information infrastructure. They summarized the report in a one-pager this morning. In summary, the following challenges were recognized:

1. Resolve legal / policy issues


2. Ensure appropriate disclosure


3. Enable an individual's right to access / amend health record


4. Integrate security measures for electronic health information

DNA Testing + Genealogies + Internet = Huh?

According to a press release, Ancestry.com is teaming up Sorenson Genomics, so that people can add the results of various genetic tests to their online family tree websites. I don't want to scream fire in a movie theater, especially since I don't know what the "DNA results" will correspond to, but at the same time, you have to wonder where the oversight is, who will have access to this information, if full-family consent will be necessary, ... the questions are endless.

Read a blurb on the release here.

Google Supporting Public Records

The AP is reporting that several states (including California) are opening their doors to let Google archive and support search over public their records.

Federal Health IT Advisor Quits Over Privacy

Though not a critical blow, the resignation of Paul Feldman is clearly an indication that the definition and integration of privacy policies in the coming national healthcare infrastructure are lacking.

FBI Losing Laptops....And Firearms?

CNN is reporting that the FBI has admitted to losing laptops with classified, as well as identifying, information. Now, there's no proof that the information in these laptops was, or can be, accessed by the culprits. However, the same can not be said for the stolen firearms...