As Hurricane Florence makes landfall, the HHS Office for Civil Rights (OCR) and its federal partners remain in close coordination to help ensure that emergency officials effectively address the needs of at-risk populations as part of disaster response. If you believe that a person or organization covered by the Privacy and Security Rules (a "covered entity") violated your health information privacy rights or otherwise violated the Privacy or Security Rules, you may file a complaint with OCR. For additional information about how to file a complaint, visit OCR's web page on filing complaints at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.

In the article titled, "Can Patients Make Recordings of Medical Encounters?" from the JAMA Network authors Elwyn, Barr, and Castaldo discuss some of the broader legalities of making a recording while visiting your doctor.

Making a recording that you can add to your personal health record can be a great way of maintaining documentation and accountability for your care, as well as assist you and your family in remembering instructions given to you by your care provider.

Understanding the legalities can help ensure this is a positive experience for both you and your doctor and will allow you to make recordings that are admissible in court if needed.

This newly published web guide from ONC titled, "The Guide to Getting & Using Your Health Records: The steps, tips, and tools you’ll need to get, check, and use your health record" helps to instruct consumers on how to get their health record from healthcare providers, their rights to those records, and some specific ways in which to get a hold of that information.

Have you ever wondered what a health information technology (health IT) developer’s share of meaningful use eligible hospitals looked like compared to its peers? How about the same for eligible clinicians under the Quality Payment Program (QPP)? Well, look no further. Today, the Office of the National Coordinator for Health Information Technology (ONC) published two […]

The post Visualized: Mashing up 2015 Edition Certification and Progress Attestation Requirements appeared first on Health IT Buzz.

I woke up to a flood of news about ransomware today. By virtue of being down here in Australia, a lot happens in business hours around the world while we're sleeping but conversely, that's given me some time to collate information whilst everyone else is taking a break. The WannaCry incident is both new and scary in some ways and more of the same old stuff in others. Here's what I know and what the masses out there need to understand about this and indeed about ransomware in general.

From the HHS Ransomware Fact Sheet:

A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015).1 Ransomware exploits human and technical weaknesses to gain access to an organization’s technical infrastructure in order to deny the organization access to its own data by encrypting that data.

From the Troy Hunt article:

"The indictment also suggest that the hackers, in most cases, did not employ particularly sophisticated methods to gain initial entry into the corporate networks. The papers show that in most cases, the breach was made via SQL injection flaws -- a threat that has been thoroughly documented and understood for well over than a decade."

From the OCR website: 

We are experiencing an explosion of technology using data about the health of individuals in innovative ways to improve health outcomes. Building privacy and security protections into technology products enhances their value by providing some assurance to users that the information is safe and secure and will be used and disclosed only as approved or expected. Such protections are sometimes required by federal and state laws, including the HIPAA Privacy, Security and Breach Notification Rules.

From the Ranked Health website: 

RANKED Health is a project run by the Hacking Medicine Institute (HMi), a non-profit organization spun out of MIT’s Hacking Medicine program. This project is designed to review and rank healthcare focused applications, providing independent, unbiased and accurate information to accelerate patient and provider adoption of clinically proven and high-quality digital health solutions. In addition to identifying best-in-class healthcare applications for better health monitoring and disease management, RANKED Health also helps uncover unsafe and ineffective apps on the market.

From the Federal Trade Commission website: 

Does your mobile app collect, create, or share consumer information? Does it diagnose or treat a disease or health condition? Then this tool will help you figure out which – and it may be more than one – federal laws apply. It’s not meant to be legal advice about all of your compliance obligations, but it will give you a snapshot of a few important laws and regulations from three federal agencies.

From the OCR website:

A “business associate” is a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information.  A “business associate” also is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another business associate. 

From the NQF website:

"In order to address the rapidly-evolving area of HIT and its intersection with quality and outcomes, NQF initiated a project to develop a set of recommendations around the measurement of HIT-related safety issues."

I get a lot of people popping up with data breaches for Have I been pwned (HIBP). There’s an interesting story in that itself actually, one I must get around to writing in the future as folks come from all sorts of different backgrounds and offer up data they’ve come across in various locations. Recently someone sent me a list of various data breaches they’d obtained.

1. Ending the Sustainable Growth Rate (SGR) formula that determines Medicare payments for services
2. Making a new framework to reward health care providers for giving better care 
3. Combining our existing quality reporting programs into one new system