Tag: patient privacy

USB drive

The False Dilemmas of the Fifth Circuit’s HIPAA Ruling

Leslie Francis Leave a comment

By Leslie Francis

In a caustic opinion issued on January 14, the Fifth Circuit vacated penalties assessed by the U.S. Department of Health and Human Services (HHS) against the University of Texas M.D. Anderson Cancer Center for HIPAA security breaches.

As has happened to many other health care entities, M.D. Anderson had employees who were not careful with their laptops and thumb drives (and the data therein). A laptop with the unencrypted protected health care information of nearly 30,000 patients was stolen. Unencrypted thumb drives with information on another almost 6,000 patients were lost. M.D. Anderson disclosed the security breaches to HHS, which assessed civil monetary penalties for violation of HIPAA’s encryption and disclosure rules. M.D. Anderson then filed a petition for review, which resulted in the Fifth Circuit holding that the agency action was arbitrary and capricious for failure to consider an important aspect of the problem.

Commentators have already pointed out that this decision will reverberate throughout the HIPAA enforcement world. As it does, I hope it is met with scorn, for it trades on the informal logical fallacy of the false dilemma in two noteworthy ways.

Read More

Diverse crowd of adults on a bus, all using smartphones

ACCESS Act Points the Way to a Post-HIPAA World

Adrian Gropper 4 Comments

By Adrian Gropper

The October 22 announcement starts with: “U.S. Sens. Mark R. Warner (D-VA), Josh Hawley (R-MO) and Richard Blumenthal (D-CT) will introduce the Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act, bipartisan legislation that will encourage market-based competition to dominant social media platforms by requiring the largest companies to make user data portable – and their services interoperable – with other platforms, and to allow users to designate a trusted third-party service to manage their privacy and account settings, if they so choose.”

Although the scope of this bill is limited to the largest of the data brokers (messaging, multimedia sharing, and social networking) that currently mediate between us as individuals, it contains groundbreaking provisions for delegation by users that is a road map to privacy regulations in general for the 21st century.

Read More

ONC’s Proposed Rule is a Breakthrough in Patient Empowerment

Adrian Gropper 5 Comments

By Adrian Gropper

Imagine solving wicked problems of patient matching, consent, and a patient-centered longitudinal health record while also enabling a world of new healthcare services for patients and physicians to use. The long-awaited Notice of Proposed Rulemaking (NPRM) on information blocking from the Office of the National Coordinator for Health Information Technology (ONC) promises nothing less. 

Having data automatically follow the patient is a laudable goal but difficult for reasons of privacy, security, and institutional workflow. The privacy issues are clear if you use surveillance as the mechanism to follow the patient. Do patients know they’re under surveillance? By whom? Is there one surveillance agency or are there dozens in real-world practice? Can a patient choose who does the surveillance and which health encounters, including behavioral health, social relationships, location, and finance are excluded from the surveillance? Read More