Home » Readers Write » Currently Reading:

Readers Write 3/16/11

March 16, 2011 Readers Write 6 Comments

Privacy and Security
By Glen F. Marshall

3-16-2011 6-41-44 PM 

The primary issue with healthcare privacy and security is the lack of ongoing risk management as a routine business practice, plus the failure to share data from existing risk analysis in a form that the general public can understand. For example, while anecdotal evidence says that provider employee snooping is the largest threat to privacy, real data are harder to find.

The evidence I have of this is anecdotal. I continually get questions from HIT people about what technology to implement or whether the latest gadget is a good thing to buy. If there was a body of risk analysis information to draw upon, the selection and implementation of mitigating technologies would more often be an informed business process. So would the selection and implementation of physical and administrative controls, e.g., locks on doors, privacy training for employees, or privacy-enhancing advisories for health care consumers.

It is more convenient for the general and HIT press to focus on sound-byte instances of breaches, versus the actual threats and outcomes in comparison to other threats to privacy. It is more readable to assess blame for breaches than identify and celebrate good privacy and security practices that provably prevent, detect, limit, and disclose breaches before damage occurs. The eagerness of the general public, provider community, and political leaders to consume this lazy news reporting amplifies the problem and crowds out the solutions.

Glen F. Marshall is the principal of Grok-A-Lot, LLC of  Berwyn, PA.

Patient Privacy and Information Accessibility: A Necessary Balance
By John Tempesco

3-16-2011 6-36-32 PM

In the original HHS privacy rule, a core component of HIPAA’s purpose was the ability to protect patient privacy while at the same time allowing the sharing of personal health information to facilitate patient care. And while healthcare has finally been dragged, kicking and screaming, to a more comprehensive use of technology, a serious divide has emerged between advocates of patient privacy versus the free flow of data needed to improve patient care.

As EHRs become more widely used by physicians and health information exchanges (HIEs) become more commonplace, the debate between privacy and the sharing of information for the purpose of enhancing patient care and lowering the costs of care delivery will only intensify.

As guidelines continue to be developed, it will be important to consider the mechanisms of how patients will determine the exchange of their health information. If restrictions are too severe, the goals of ARRA and HITECH will be in jeopardy. Patients will be driven by policy to “sit on” their data which will nullify the ability of the healthcare system to achieve its goals of improving patient care and safety, and reduce costs. But if data is exchanged too readily, patient privacy will certainly be in jeopardy. This dichotomy is the essential conundrum.

Opt-Out most closely resembles the state of fair and controlled information exchange as it exists today. Opt-Out protects patient privacy and enables the sharing of health records unless the patient specifically opts out. The Opt-Out provision requires that the patient is given an adequate amount of time to make a decision about consent, including urgent need of care. It also requires a clear explanation of consent choice that must be provided by the physician or hospital as well as the consequences of opting out.

Opt-In, on the other hand, would stop the sharing of patient information unless the patient opts in to the system enabling the transmission of health data. This option not only severely restricts health information exchange, and limits the ability of health information technology to improve patient care and reduce costs, it demolishes many of the core benefits of health information technology, particularly the multi-organizational and multi-community benefits of HIEs.

The ONC is still deliberating a final ruling on information exchange. While patient privacy must be attended to, clearly the critical exchange of patient information through HIEs is a central and key component to achieving the reforms of ARRA and the HITECH Act. There are numerous studies that point to health information technology as providing the necessary tools which enable improved patient safety and the improved efficiencies desperately needed to lower healthcare costs.

Let’s not throw out the baby with the bath water. Let’s move forward with a rational, forward-thinking approach that will ultimately get us to where we want and need to be.

John Tempesco is chief marketing officer of Informatics Corporation of America of Nashville, TN.

HIStalk Written on an EMR
By Robert D. Lafsky, MD

Given the mixed feedback regarding the recent HIStalk format change, it occurs to me that all available options have not been explored. The following sample report represents a modest proposal, which if adopted would allow Mr. HIStalk to enjoy the same efficiencies utilized by most EMR users. Apologies to 1960s-era MAD magazine and the late Jonathan Swift.  

Goniff Group

“Cash flow problems”

The COMPANY is complaining of INSUFFICIENT INCOME. DATE OF ONSET: 1/15/2010. DURATION OF PROBLEM: 14 months. The problem is made worse by LOWER SALES. The problem is made better by HIGHER SALES. The problem is aggravated by EMR WORKFLOW ISSUES. The EMR WORKFLOW is felt to be SLOW. The EMR WORKFLOW is felt to be TEDIOUS. The problem is aggravated by EMR DESIGN ISSUES. The DESIGN is felt to be AWKWARD. The DESIGN is felt to be UGLY. The problem is aggravated by LEADERSHIP ISSUES. The LEADERSHIP is felt to be INCOMPETENT. The LEADERSHIP is felt to be INDIFFERENT TO USER COMPLAINTS. The LEADERSHIP is felt to be INDIFFERENT TO USER FEEDBACK.  

Problem List
1.  Insufficient capitalization
2.  Insufficient programmer staffing
3.  History of SEC sanctions

1. Bank loans
2. Penny stock
3. Overdue payroll

CEO’s brother doing 3-5 in Allenwood for stock fraud

Revealing stories in HIStalk

Obfuscatory logorrhea (last stockholder’s meeting)
Bilateral buttock pain (participants last board meeting)
Spastic torticollis (CFO explaining financial picture)
Chronic corporate latrocinosis

Blood pressure:  60/30
Pulse: Undetectable
Head: Spinning
Neck: Horizontally positioned
Chest: Heaving
Heart: Absent
Abdomen: Distended and firm along course of colon
Extremities: Erythematous from red ink stains
Genitalia: Numerous, especially CEO and CFO

537926 Corioliform Hydrodynamic Gravitational Descent (“Circling the Drain”)
872035 DDI: Database Design Defects, Congenital
472653 Ugly Interface Syndrome

First class ticket purchases to BRAZIL for CEO, CFO
Urgent resume production by employees
Reduce thermostat settings in office during cold weather
Discontinue free coffee in break room

Robert D. Lafsky, MD is a gastroenterologist and internist in Lansdowne, VA.

View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there are "6 comments" on this Article:

  1. Bravo, Dr. Lafsky – only that your note appears to be only about 1/3 the length of the EHR notes I usually see with a suggested 99215 for an otitis recheck.

  2. That may be the most hilariious thing I have ever seen related to HealthCare IT. The HPI and ROS made me laugh out loud. Well done sir.

  3. Re: Privacy and Security

    I presented at a regional healthcare lawyer’s conference yesterday on the topic of “HITECH and HIT: Are We Safe?” (meaning, from IT-related medical errors).

    (My answer was: not yet).

    At presentations I attended on information security by various attorneys about new provisions in HITECH and elsewhere, it is becoming clear data breaches are going to become increasingly costly to the covered entities, and their business associates and subcontractors from which breaches originate.

    Examples given by presenters specializing in information privacy and security included cases like this:

    Health Net Delays Notification of Data Breach Involving 2 Million People

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Founding Sponsors


Platinum Sponsors






























































Gold Sponsors
















Reader Comments

  • DrM: Found the person who knows nothing about user change management. (Did I do it right, is this how we play the game?) S...
  • Seargant Forbin: @ What's with the Fairview guy? I don't think this Apple comparison is helping your case any. I bet if you spoke with de...
  • Bobby: Great point Bob. Cerner and Epic are both organic companies that value a “one big honking system” approach to thin...
  • AynRandWasDumb: "The most recent Epic trick I heard is that, now that Epic is requiring every customer to move to quarterly updates inst...
  • Bob: Even though Apple could take IP directly from the Apple ecosystem developers, their usual model is to just buy the compa...
  • You might say I'm a dreamer...: Will this Cerner dust up with the DoD now give us a real granular discussion on a national level as to what Interoperabi...
  • Eddie T. Head: To claim that Apple is a hardware company and not a software company is quite odd. Without their software, Apple's hardw...
  • DrM: Epic's model does assert the ability to use any IP in App Orchard without compensation or limitation, it's why the few v...
  • Matt: VA CIO: Expect another 10 years of VistA in facilities during new EHR rollout This is clear indication of how the VA ...
  • Satan warming up the fiddle?: Coming in to an election season where healthcare will most certainly be part of the debate are we starting to see the fi...

RSS Industry Events

  • An error has occurred, which probably means the feed is down. Try again later.

Sponsor Quick Links