Health Information Compliance Alert

HEALTH INFORMATION NEWS:

KAISER PAYS THE PRICE FOR EXPOSING PATIENTS' PHI

Posting patients' PHI on an unencrypted Web site will not only ruin your reputation with current and potential patients - it could net you steep fines.

California's Department of Managed Health Care (DMHC) slapped Kaiser Foundation Health Plan with a $200,000 fine after completing its investigation into the plan's unauthorized disclosure of patients' PHI.

"Patients must be assured that health plans will, at all costs, do everything possible to protect confidential information," especially as the industry moves toward interoperable electronic medical records, Cindy Ehnes, director of the DMHC told the Sacramento Business Journal.

The agency took into account that Kaiser did not shut the Web site down immediately after its existence was brought to their attention. The health plan also did not inform state regulators of the site until much later.

"We're imposing this fine because we consider this act to be irresponsible and negligent at the expense of members' privacy and piece of mind," Ehnes said.

The Bottom Line: You must diligently protect your patients' health information, or be prepared to pay the price for any resulting damages.

Don't Let Hackers Find Your Flaws

Even password-protected Web portals can expose your patients' protected health information.

That's what Duke University Health System learned May 26 after it discovered that computer hackers tapped into the records of 10,000 employees and 4,500 conference attendees and others, the Durham Herald Sun reported.

The hackers did not access patients' medical or financial information, but in almost 9,000 cases, four or six digits of Web site users' Social Security numbers were exposed.

Duke alerted its Web site users through e-mails beginning May 27. The system does not believe the breach was extensive enough to lead to identity theft.

The Bottom Line: Your Web site's flaws could be a boon to data thieves.

Health IT Funding on The Way

You don't have to rely solely on your organization's security budget to fund your transition to EMRs.

The House of Representatives approved a more than $600 billion Labor, HHS and Education spending bill June 24 that carves out $75 million for contracts and grants to fund providers' attempts to build an interoperable health network.

The Bottom Line: You can expect more funding for your projects to become available in 2006.