The following commentaries are the most read postings from HCI's Blogosphere. To read other postings and leave your comments and questions, visit http://www.healthcare-informatics.com/blogs, register with a username and password, and blog away.
Cause and EffectPosted on: 12.4.2007 12:10:03 PM Posted by Reece Hirsch
One of the challenges for a plaintiff bringing a lawsuit based upon a data security breach is causation. For example, if a laptop is stolen containing your personal information and you are a victim of identity theft a week later, can you be certain that the two events are linked? More to the point, will a court allow your claim to proceed based upon that possible (and perhaps likely) connection?
A Nov. 20 ruling by the Ninth Circuit Court of Appeals provides insight into how courts will evaluate causation in data breach cases. In the Ninth Circuit case (Stollenwerk v. TriWest Health Care Alliance Corp., 9th Cir., No. 05-16990, unpublished opinion 11/20/07), three plaintiffs filed a complaint against a healthcare company after personal information on over a half million military retirees was stolen from the company's offices. One of the plaintiffs identified at least six unauthorized attempts to use his personal information within six weeks after the data breach.
The Ninth Circuit reversed a trail court's grant of summary judgment dismissing this plaintiff claim. The court relied upon the fact that the attempted identity theft occurred shortly after the breach, as well as other circumstantial evidence. In particular, the court noted that the data subject to the breach was the same kind of data needed to commit the identity theft that was later attempted. Of course, causation is just one of the challenges facing data security breach claims, but that is a subject for other postings…
HIPAA Security and VendorsPosted on: 12.1.2007 12:42:33 PM Posted by Reece Hirsch
One trend that I'm seeing in my practice representing healthcare information technology companies is an increased focus on applying the HIPAA Security Rule standards to vendors. A HIPAA business associate agreement is only required to contain relatively sketchy representations regarding “reasonable and appropriate” vendor security measures. For application service providers and other vendors that maintain significant quantities of protected health information, some HIPAA covered entities are beginning to seek much more detailed security representations that amount to compliance with the Security Rule. For vendors, this sort of approach can seem burdensome and overly prescriptive. For HIPAA covered entities, the approach is intended to ensure that security protections are not diminished when data is in the hands of vendors. In any event, it is a negotiation that many healthcare technology companies are faced with …
Passing of Art RandallPosted on: 12.1.2007 11:02:01 AM Posted by Vince Ciotti
Sad word this week: the passing of Art Randall, former sales exec at McAuto. Anyone who worked at McDonnell-Douglas couldn't fail but remember Art's great sense of humor, fiercely competitive spirit in the HIS sales world, and indomitable leadership style. In that primarily engineering-oriented aerospace firm, sales was not given as high a priority as it deserved, and Art fought the good fight during his decades there, giving the ex-IBM sales crowd at rival SMS a run for their (your?) money. What I remember most about Art was his incredible diverse talents: he could repair clocks, restore old cars, write articles on ANY subject in minutes, and give speeches that held audiences enthralled. A larger-than-life, Protean charmer, Art will be sorely missed. Condolences to his many friends and family.
A fund is being set up in Art's memory to fight the cancer that took him. Checks should go to “USSVCF”/“The Art Randall Scholarship Fund” and sent to the following address:
USSVIAttn: Art RandallPO Box 3870Silverdale, Washington 98383
Invasion of PrivacyPosted on: 12.3.2007 2:57:12 PM Posted by Jim Feldbaum
If we are looking for a major hurdle to a unified Electronic Health Record we need look no further than our healthy “concern” about the privacy of our personal health information. The paper chart, with its meandering trail from hospital department to department and open access to anyone with the nerve to sneak a peek, was rarely the genesis of national headlines or concerns. The incidents of “invasion” were no doubt numerous, but the nature of the paper chart makes any actual quantitative analysis impossible. When there was a “leak” of information, the offending culprit was impossible to track.
Conceptually, the nature of the EMR/EHR provides skeptics and conspiracy theorists fodder for rants about patient privacy. The EHR lives in “cyber-space,” which to most Americans is an arena where spammers and hackers have the upper hand over the cyber-cops. Organizations and legislative bodies that dismiss such concern as “paranoia” do so at their own peril.The Electronic Health Information and Privacy Survey, sponsored by Canada Health Infoway, the Office of the Privacy Commissioner of Canada, and Health Canada, was based on interviews with approximately 2,500 Canadians last summer. The poll results concluded that almost two-thirds of Canadians believe there are few types of personal information more important for privacy laws to protect than personal health information, and that almost nine in 10 Canadians support the development of EHRs. Eighty-four percent of respondents would like to be able to access their own medical records online, while 77 percent would like audit trails that document access to their health information. In terms of accountability, 74 percent of respondents want strong penalties for unauthorized access to their personal health information, with 70 percent saying they want to be informed and would like procedures in place to respond to such breaches. In 2005 a similar study by the California Healthcare Foundation revealed similar trends.
Recent headlines in the United States detailed the unauthorized access of the medical records of George Clooney during the film star's stay at the Palisades Medical Center in New Jersey. Advocates of the EMR use this episode to point out that today's technology is working. Prior to the advent of electronic medical records no one would ever be able to know for sure who took a peek at a patient's paper records. In this case, all unauthorized access was documented by security and more than two dozen Palisades Medical Center employees were suspended.
Compromised celebrity privacy is not just an American headline. The New Zealand Herald reported that the Auckland District Health Board fired one employee and disciplined 20 others for examining the private medical records of celebrities. Health board officials refused to identify the celebrities whose medical records were compromised, or how often the records had been examined.
What are consumers to think? If we cannot maintain the privacy of VIPs how will we keep all of their records free from malevolent eyes? Maintaining the security of the EHR is a technical necessity, but convincing the consumer that their health information is safe and secure may be the real challenge.
3D Imaging Tool SetsPosted on: 12.3.2007 6:09:47 PM Posted by Marc Deary
Imaging volumes are growing and exam sizes are increasing. 64 Slice CT scanners can produce exams with thousands of slices. Installing a high volume imaging modality usually includes a network upgrade or configuration change to handle the increased imaging traffic. Along with an increase in network bandwidth, multi-slice CT, PET/CT Fusion and MRI, among other imaging modalities, require advanced 3D rendering and viewing tools. These tools can be integrated into radiology workflow by using a third party 3D Workstation or a PACS workstation with integrated 3D capabilities.
The important thing is to implement these tools at the most efficient point in your imaging workflow. A separate third party workstation may require a technologist to render the 3D data sets according to the Radiologist protocol; this will take valuable time away from patient scanning. Licensing integrated 3D functionality in the PACS workstation will allow the radiologist to perform 3D post processing and manipulations but must be fast and easy to use or this will waste valuable reading time. A third option is to contract the 3D imaging service from the PACS vendor or a local hospital that offers 3D imaging services. This option is new and financially feasible if your workflow and results turn-a-round time can afford it.
3D Imaging Tool Sets are different depending on the views and functionality desired by the reader. Independent 3D workstations usually have more powerful tools capable of advanced 3D rendering and representation. PACS integrated 3D tool sets are sometimes less robust providing only basic MIP and MPR functionality. Regardless of your workflow, the steady increase in the number of images per exam will require the use of 3D imaging tools and processes. 3D post-processing is an effective and efficient way to manage the large number of images being produced by today's multi-image modalities.