Electronic Health Record - Bill of Health

The False Dilemmas of the Fifth Circuit’s HIPAA Ruling

January 22, 2021January 21, 2021 Leslie Francis Leave a comment

By Leslie Francis

In a caustic opinion issued on January 14, the Fifth Circuit vacated penalties assessed by the U.S. Department of Health and Human Services (HHS) against the University of Texas M.D. Anderson Cancer Center for HIPAA security breaches.

As has happened to many other health care entities, M.D. Anderson had employees who were not careful with their laptops and thumb drives (and the data therein). A laptop with the unencrypted protected health care information of nearly 30,000 patients was stolen. Unencrypted thumb drives with information on another almost 6,000 patients were lost. M.D. Anderson disclosed the security breaches to HHS, which assessed civil monetary penalties for violation of HIPAA’s encryption and disclosure rules. M.D. Anderson then filed a petition for review, which resulted in the Fifth Circuit holding that the agency action was arbitrary and capricious for failure to consider an important aspect of the problem.

Commentators have already pointed out that this decision will reverberate throughout the HIPAA enforcement world. As it does, I hope it is met with scorn, for it trades on the informal logical fallacy of the false dilemma in two noteworthy ways.

Closing the Electronic Health Record Usability Gap

June 26, 2020June 25, 2020 The Petrie-Flom Center Staff Leave a comment

By Raj M. Ratwani, PhD, Christine A. Sinsky, MD, and Edward R. Melnick, MD, MHS

Two recent studies on the usability of electronic health records (EHRs) use the same standardized metric report, but come to very different conclusions.

One study, using data generated by vendors, found satisfaction to exceed the average benchmark for products across industries (a “C” grade), while the other study, using data from a representative sample of practicing physicians, reports satisfaction as failing (a “F” grade). In this piece, we explore the likely reasons for this discrepancy and propose a path forward.

Picture of doctor neck down using an ipad with digital health graphics superimposed

Practice Fusion: it’s data use, not de-identification, that matters

February 6, 2020March 19, 2020 Leslie Francis Leave a comment

By Leslie Francis

Practice Fusion, an electronic health record (EHR) vendor, just settled with the Department of Justice to pay a $145 million fine for alleged kickbacks from an unnamed pharmaceutical company. The DOJ contended that the company had taken kickbacks in exchange for including practice alerts to encourage physicians to prescribe opioids. But paid-for prescription alerts were not the only practices engaged in by Practice Fusion with de-identified patient data.

What Should Happen to our Medical Records When We Die?

April 9, 2019April 9, 2019 The Petrie-Flom Center Staff Leave a comment

By Jon Cornwall

In the next 200 years, at least 20 billion people will die. A good proportion of these people are going to have electronic medical records, and that begs the question: what are we going to do with all this posthumous medical data? Despite the seemingly logical and inevitable application of medical data from deceased persons for research and healthcare both now and in the future, the issue of how best to manage posthumous medical records is currently unclear.

Presently, large medical data sets do exist and have their own uses, though largely these are data sets containing ‘anonymous’ data. In the future, if medicine is to deliver on the promise of truly ‘personalized’ medicine, then electronic medical records will potentially have increasing value and relevance for our generations of descendants. This will, however, entail the public having to consider how much privacy and anonymity they are willing to part with in regard to information arising from their medical records. After all, enabling our medical records with the power to influence personalized medicine for our descendants cannot happen without knowing who we, or our descendants, actually are. Read More

Apple’s mHealth Rules Fear to Tread Where Our Privacy Laws Fall Short

August 29, 2014August 29, 2014 Nicolas P. Terry Leave a comment

By Nicolas Terry

On September 9 Apple is hosting its ‘Wish We Could Say More’ event. In the interim we will be deluged with usually uninformed speculation about the new iPhone, an iWatch wearable, and who knows what else. What we do know, because Apple announced it back in June, is that iOS 8, Apple’s mobile operating system will include an App called ‘Health’ (backed by a ‘HealthKit’ API) that will aggregate health and fitness data from the iPhone’s own internal sensors, 3rd party wearables, and EMRs.

What has been less than clear is how the privacy of this data is to be protected. There is some low hanging legal fruit. For example, when Apple partners with the Mayo Clinic or EMR manufacturers to make EMR data available from covered entities they are squarely within the HIPAA Privacy and Security Rules triggering the requirements for Business Associate Agreements, etc.

But what of the health data being collected by the Apple health data aggregator or other apps that lies outside of protected HIPAA space? Fitness and health data picked up by apps and stored on the phone or on an app developer’s analytic cloud fails the HIPAA applicability test, yet may be as sensitive as anything stored on a hospital server (as I have argued elsewhere). HIPAA may not apply but this is not a completely unregulated area. The FTC is more aggressively policing the health data space and is paying particular attention to deviance from stated privacy policies by app developers. The FTC also enforces a narrow and oft-forgotten part of HIPAA that applies a breach notification rule to non-covered entity PHR vendors, some of whom no doubt will be selling their wares on the app store. Read More

More Bad News on Electronic Health Records

October 7, 2012August 7, 2018 kvantassel Leave a comment

By David Orentlicher

During the debate over the Affordable Care Act, the Obama administration and other proponents of electronic health records (EHRs) cited a RAND study projecting cost-savings of $80 billion a year from EHRs. More recent data have cast doubt on those estimates. In March, for example, a study in Health Affairs found that physicians with access to electronic records were more likely to order MRI scans and other diagnostic tests. Last week, the New York Times reported that EHRs apparently lead hospitals and physicians to bill more aggressively for their services, using higher billing codes than justified by the services they provide. (For an earlier post on the disappointing impact of EHR, see here.)

[Cross-posted from HealthLawProf Blog]

Tag: Electronic Health Record