Home » Readers Write » Currently Reading:

Readers Write 3/16/11

March 16, 2011 Readers Write 6 Comments

Privacy and Security
By Glen F. Marshall

3-16-2011 6-41-44 PM 

The primary issue with healthcare privacy and security is the lack of ongoing risk management as a routine business practice, plus the failure to share data from existing risk analysis in a form that the general public can understand. For example, while anecdotal evidence says that provider employee snooping is the largest threat to privacy, real data are harder to find.

The evidence I have of this is anecdotal. I continually get questions from HIT people about what technology to implement or whether the latest gadget is a good thing to buy. If there was a body of risk analysis information to draw upon, the selection and implementation of mitigating technologies would more often be an informed business process. So would the selection and implementation of physical and administrative controls, e.g., locks on doors, privacy training for employees, or privacy-enhancing advisories for health care consumers.

It is more convenient for the general and HIT press to focus on sound-byte instances of breaches, versus the actual threats and outcomes in comparison to other threats to privacy. It is more readable to assess blame for breaches than identify and celebrate good privacy and security practices that provably prevent, detect, limit, and disclose breaches before damage occurs. The eagerness of the general public, provider community, and political leaders to consume this lazy news reporting amplifies the problem and crowds out the solutions.

Glen F. Marshall is the principal of Grok-A-Lot, LLC of  Berwyn, PA.

Patient Privacy and Information Accessibility: A Necessary Balance
By John Tempesco

3-16-2011 6-36-32 PM

In the original HHS privacy rule, a core component of HIPAA’s purpose was the ability to protect patient privacy while at the same time allowing the sharing of personal health information to facilitate patient care. And while healthcare has finally been dragged, kicking and screaming, to a more comprehensive use of technology, a serious divide has emerged between advocates of patient privacy versus the free flow of data needed to improve patient care.

As EHRs become more widely used by physicians and health information exchanges (HIEs) become more commonplace, the debate between privacy and the sharing of information for the purpose of enhancing patient care and lowering the costs of care delivery will only intensify.

As guidelines continue to be developed, it will be important to consider the mechanisms of how patients will determine the exchange of their health information. If restrictions are too severe, the goals of ARRA and HITECH will be in jeopardy. Patients will be driven by policy to “sit on” their data which will nullify the ability of the healthcare system to achieve its goals of improving patient care and safety, and reduce costs. But if data is exchanged too readily, patient privacy will certainly be in jeopardy. This dichotomy is the essential conundrum.

Opt-Out most closely resembles the state of fair and controlled information exchange as it exists today. Opt-Out protects patient privacy and enables the sharing of health records unless the patient specifically opts out. The Opt-Out provision requires that the patient is given an adequate amount of time to make a decision about consent, including urgent need of care. It also requires a clear explanation of consent choice that must be provided by the physician or hospital as well as the consequences of opting out.

Opt-In, on the other hand, would stop the sharing of patient information unless the patient opts in to the system enabling the transmission of health data. This option not only severely restricts health information exchange, and limits the ability of health information technology to improve patient care and reduce costs, it demolishes many of the core benefits of health information technology, particularly the multi-organizational and multi-community benefits of HIEs.

The ONC is still deliberating a final ruling on information exchange. While patient privacy must be attended to, clearly the critical exchange of patient information through HIEs is a central and key component to achieving the reforms of ARRA and the HITECH Act. There are numerous studies that point to health information technology as providing the necessary tools which enable improved patient safety and the improved efficiencies desperately needed to lower healthcare costs.

Let’s not throw out the baby with the bath water. Let’s move forward with a rational, forward-thinking approach that will ultimately get us to where we want and need to be.

John Tempesco is chief marketing officer of Informatics Corporation of America of Nashville, TN.

HIStalk Written on an EMR
By Robert D. Lafsky, MD

Given the mixed feedback regarding the recent HIStalk format change, it occurs to me that all available options have not been explored. The following sample report represents a modest proposal, which if adopted would allow Mr. HIStalk to enjoy the same efficiencies utilized by most EMR users. Apologies to 1960s-era MAD magazine and the late Jonathan Swift.  

Goniff Group

“Cash flow problems”

The COMPANY is complaining of INSUFFICIENT INCOME. DATE OF ONSET: 1/15/2010. DURATION OF PROBLEM: 14 months. The problem is made worse by LOWER SALES. The problem is made better by HIGHER SALES. The problem is aggravated by EMR WORKFLOW ISSUES. The EMR WORKFLOW is felt to be SLOW. The EMR WORKFLOW is felt to be TEDIOUS. The problem is aggravated by EMR DESIGN ISSUES. The DESIGN is felt to be AWKWARD. The DESIGN is felt to be UGLY. The problem is aggravated by LEADERSHIP ISSUES. The LEADERSHIP is felt to be INCOMPETENT. The LEADERSHIP is felt to be INDIFFERENT TO USER COMPLAINTS. The LEADERSHIP is felt to be INDIFFERENT TO USER FEEDBACK.  

Problem List
1.  Insufficient capitalization
2.  Insufficient programmer staffing
3.  History of SEC sanctions

1. Bank loans
2. Penny stock
3. Overdue payroll

CEO’s brother doing 3-5 in Allenwood for stock fraud

Revealing stories in HIStalk

Obfuscatory logorrhea (last stockholder’s meeting)
Bilateral buttock pain (participants last board meeting)
Spastic torticollis (CFO explaining financial picture)
Chronic corporate latrocinosis

Blood pressure:  60/30
Pulse: Undetectable
Head: Spinning
Neck: Horizontally positioned
Chest: Heaving
Heart: Absent
Abdomen: Distended and firm along course of colon
Extremities: Erythematous from red ink stains
Genitalia: Numerous, especially CEO and CFO

537926 Corioliform Hydrodynamic Gravitational Descent (“Circling the Drain”)
872035 DDI: Database Design Defects, Congenital
472653 Ugly Interface Syndrome

First class ticket purchases to BRAZIL for CEO, CFO
Urgent resume production by employees
Reduce thermostat settings in office during cold weather
Discontinue free coffee in break room

Robert D. Lafsky, MD is a gastroenterologist and internist in Lansdowne, VA.

View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there are "6 comments" on this Article:

  1. Bravo, Dr. Lafsky – only that your note appears to be only about 1/3 the length of the EHR notes I usually see with a suggested 99215 for an otitis recheck.

  2. That may be the most hilariious thing I have ever seen related to HealthCare IT. The HPI and ROS made me laugh out loud. Well done sir.

  3. Re: Privacy and Security

    I presented at a regional healthcare lawyer’s conference yesterday on the topic of “HITECH and HIT: Are We Safe?” (meaning, from IT-related medical errors).

    (My answer was: not yet).

    At presentations I attended on information security by various attorneys about new provisions in HITECH and elsewhere, it is becoming clear data breaches are going to become increasingly costly to the covered entities, and their business associates and subcontractors from which breaches originate.

    Examples given by presenters specializing in information privacy and security included cases like this:

    Health Net Delays Notification of Data Breach Involving 2 Million People

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Founding Sponsors


Platinum Sponsors































































Gold Sponsors















Reader Comments

  • Annon: 100% agree, this is vaporware, they are not doing anything remotely close to interoperability. Not the only ones though,...
  • Brian Too: Wait... I thought that any voids in the brain automatically filled up with cerebro-spinal fluid? Wouldn't an air void c...
  • Ophelia: Where are you seeing the 97% MIPS claim? I'm aware of their claimed 97% attestation rate for MU, but I haven't seen anyt...
  • Sue Powell: Re: "airhead". Maybe Q04.9 Congenital malformation of brain, unspecified or G93.9 Disorder of brain, unspecified? #notac...
  • Not Mr. Bush: It is very interesting that they claim to be able to guarantee something that is so dependent on physician behavior....
  • Debtor: Athena has a long history of supporting MU and PQRS attestation. It wouldn’t surprise me if they have insight into the...
  • Frank Discussion: Cerner--the best Visual Basic 5 application our tax dollars can buy! Then there's CCL (*vomits into nearest trashcan)...
  • Stormy MU: Hi, Does anyone have any feedback on athena's claim of 97% MIPs success rate? How can they publish that when 2017 at...
  • HypocritOath: This post was all over the place, but I can't help but notice some huge inconsistencies in your stance here. In one ...
  • HIT Girl: Holmes swindles people out of millions, pays a fine (with the swindled money?!), and is sent to CEO-timeout for a few ye...

RSS Industry Events

  • An error has occurred, which probably means the feed is down. Try again later.

Sponsor Quick Links