Obama health care plan said to boost security, privacy controls
Privacy advocates say $20B e-health proposal overcomes some HIPAA concerns
Computerworld - The electronic health records plan in President Barack Obama's $825 billion economic stimulus bill aims to boost security and privacy controls beyond those now required under the Health Insurance Portability and Accountability Act (HIPAA).
The Health Information Technology for Economic and Clinical Health Act (HITECH) initially provides $20 billion for the creation of a national electronic health records system that would fundamentally improve the manner in which health information is electronically created, accessed, stored, shared and controlled.
Health care security experts lauded the bill for upgrading HIPAA controls that security experts have criticized for years. Some did say they still fear that the improvements could be diluted at the request of health care lobbyists.
Deven McGraw, director of the health privacy project at the Center for Democracy and Technology, called the bill's proposed ban on the sale of protected health information in electronic medical records and limitations on marketing such data a key upgrade over HIPAA.
The sale and use of personal health data by health care vendors and providers has long posed a strong threat to patient privacy, according to McGraw, who on Jan. 27 testified on health care privacy issues before the Senate Judiciary Committee. (download PDF)
"HIPAA's provisions for when a person's personal information can be used for marketing have never been very strong," McGraw said. "It has always allowed covered entities to use patient information to send communications that have been paid for by an outside marketing company." The new proposal would require covered entities such as hospitals and physician offices to, at a minimum, obtain the consent of the patient before using his information, she said.
Another big change is the requirement that all health care providers and others using health care data disclose in a timely manner any data breach involving the unauthorized acquisition, access, use or disclosure of protected patient health information, McGraw said. The new federal rule is similar to several state laws that require the prompt disclosure of the loss of financial data.
The HITECH bill would also hold business associates -- such as billing and medical transcription services -- to the same security and privacy standards as the controllers of health care data, noted Peter MacKoul, president of HIPAA Solutions LC, a consulting firm in Sugar Land, Texas. The new bill eliminates many of the loopholes that let providers bypass similar HIPAA restrictions, he added.
The bill also calls for steeper civil fines and penalties for third parties found to be negligent in protecting health care data, MacKoul said.
McGraw noted that the U.S. Department of Health and Human Services, which enforces HIPAA rules, has rarely fined health care firms for violations, despite "thousands of complaints" from patients. The HITECH bill, she said, requires that HHS imposes fines or other penalties on violators.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you like your iPhone, you can keep your iPhone. Period.
President Obama has revealed that he's not permitted to carry an iPhone. It's too insecure for the job, he says. Instead, he's stuck with a BlackBerry. Well, someone's got to have one still. However, it turns out that the Pentagon has also outlawed non-BlackBerry smartphones. In IT Blogwatch, bloggers joke that 2006 called and they want their smartphones back.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
- Leveraging Managed Security Services to Fight Growing Cybersecurity Threats
- IT Infrastructure-as-a-Service enables agile responses to constantly changing threats. All Government IT White Papers
- Video: 5 Secrets To Scaling Enterprise Apps Watch this video to learn how to successfully scale enterprise apps>>
- Collaboration 2013: Where Mobility Meets Connectivity Mobility and collaboration are quickly converging and users are demanding more capabilities. It's no longer enough to enable file sharing. This Webcast dives...
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- The Power of the Citrix Mobility Solution, XenMobile Does everything become a smartphone? Or does the smartphone begin to do everything? How can we afford to support BYOD? Rather, how can...
- BYOD Happens: How to Secure Mobility How to navigate the journey of securing mobility, including the BYOD corruption of IT, the top ten mobility strategies, and the mobility management...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.