X
Health IT Information, Education, & News

Why it's Important to Check Your Health Records

Guidance from the Office for Civil Rights on your right to access your health records

Nathan E Botts 0 36042 Article rating: 5.0

From the HHS Office for Civil Rights website: Ask your doctor. You have the right to see and get copies of your health information - PDF. In most cases, you can get a copy the way you want it, such as by e-mail. While your doctor normally has up to 30 days to provide you a copy of your information, your doctor often can provide the information much sooner than that. If your doctor offers a web portal, you may be able to easily view and download your health information whenever you want.

OCR Guidance on Ensuring Equal Access to Emergency Services During Hurricane Florence

Official guidance from the Office for Civil Rights

Nathan E Botts 0 23258 Article rating: 5.0

As Hurricane Florence makes landfall, the HHS Office for Civil Rights (OCR) and its federal partners remain in close coordination to help ensure that emergency officials effectively address the needs of at-risk populations as part of disaster response. If you believe that a person or organization covered by the Privacy and Security Rules (a "covered entity") violated your health information privacy rights or otherwise violated the Privacy or Security Rules, you may file a complaint with OCR. For additional information about how to file a complaint, visit OCR's web page on filing complaints at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.

Is It Legal to Record Your Visit with the Doctor?

Journal of the American Medical Association with an updated article from the BMJ

Nathan E Botts 0 33026 Article rating: 4.7

In the article titled, "Can Patients Make Recordings of Medical Encounters?" from the JAMA Network authors Elwyn, Barr, and Castaldo discuss some of the broader legalities of making a recording while visiting your doctor.

Making a recording that you can add to your personal health record can be a great way of maintaining documentation and accountability for your care, as well as assist you and your family in remembering instructions given to you by your care provider.

Understanding the legalities can help ensure this is a positive experience for both you and your doctor and will allow you to make recordings that are admissible in court if needed.

The Guide to Getting & Using Your Health Records

An Office of the National Coordinator published web guide

Nathan E Botts 0 19132 Article rating: No rating

This newly published web guide from ONC titled, "The Guide to Getting & Using Your Health Records: The steps, tips, and tools you’ll need to get, check, and use your health record" helps to instruct consumers on how to get their health record from healthcare providers, their rights to those records, and some specific ways in which to get a hold of that information.

Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware

Nathan E Botts 0 21879 Article rating: No rating

I woke up to a flood of news about ransomware today. By virtue of being down here in Australia, a lot happens in business hours around the world while we're sleeping but conversely, that's given me some time to collate information whilst everyone else is taking a break. The WannaCry incident is both new and scary in some ways and more of the same old stuff in others. Here's what I know and what the masses out there need to understand about this and indeed about ransomware in general.

Ransomware Fact Sheet

Guidance from the U.S. Department of Human Services

Nathan E Botts 0 12718 Article rating: No rating

From the HHS Ransomware Fact Sheet:

A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015).1 Ransomware exploits human and technical weaknesses to gain access to an organization’s technical infrastructure in order to deny the organization access to its own data by encrypting that data.

Everything you wanted to know about SQL injection

But were afraid to ask...

Nathan E Botts 0 13806 Article rating: No rating

From the Troy Hunt article:

"The indictment also suggest that the hackers, in most cases, did not employ particularly sophisticated methods to gain initial entry into the corporate networks. The papers show that in most cases, the breach was made via SQL injection flaws -- a threat that has been thoroughly documented and understood for well over than a decade."

Data by Geography Training

A Health Resources & Services Administration YouTube video

Nathan E Botts 0 13855 Article rating: No rating
HRSA’s mission is to improve health and achieve health equity through access to quality services, a skilled health workforce, and innovative programs. This video provides an overview of how to utilize the Data by Geography tool that helps outline HRSA’s investments nationwide or by a geographic area, including: HHS region, state, county, congressional district, and ZIP Code.

Health app developers, what are your questions about HIPAA?

A resource from the US Office for Civil Rights

Nathan E Botts 0 19776 Article rating: No rating

From the OCR website: 

We are experiencing an explosion of technology using data about the health of individuals in innovative ways to improve health outcomes. Building privacy and security protections into technology products enhances their value by providing some assurance to users that the information is safe and secure and will be used and disclosed only as approved or expected. Such protections are sometimes required by federal and state laws, including the HIPAA Privacy, Security and Breach Notification Rules.

Ranked Health: Curated Health Apps & Devices

Health app rankings by clinicians, researchers, & patients

Nathan E Botts 0 14871 Article rating: No rating

From the Ranked Health website: 

RANKED Health is a project run by the Hacking Medicine Institute (HMi), a non-profit organization spun out of MIT’s Hacking Medicine program. This project is designed to review and rank healthcare focused applications, providing independent, unbiased and accurate information to accelerate patient and provider adoption of clinically proven and high-quality digital health solutions. In addition to identifying best-in-class healthcare applications for better health monitoring and disease management, RANKED Health also helps uncover unsafe and ineffective apps on the market.

Mobile Health Apps Interactive Tool

Find out which federal laws you need to follow

Nathan E Botts 0 11794 Article rating: No rating

From the Federal Trade Commission website: 

Does your mobile app collect, create, or share consumer information? Does it diagnose or treat a disease or health condition? Then this tool will help you figure out which – and it may be more than one – federal laws apply. It’s not meant to be legal advice about all of your compliance obligations, but it will give you a snapshot of a few important laws and regulations from three federal agencies.

Business Associate Contracts

Sample Business Associate Agreement Provisions provided by the Office of Civil Rights

Nathan E Botts 0 10081 Article rating: No rating

From the OCR website:

A “business associate” is a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information.  A “business associate” also is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another business associate. 

NQF Identification and Prioritization of HIT Patient Safety Measures

National Quality Forum HIT Safety Report

Nathan E Botts 0 10825 Article rating: No rating

From the NQF website:

"In order to address the rapidly-evolving area of HIT and its intersection with quality and outcomes, NQF initiated a project to develop a set of recommendations around the measurement of HIT-related safety issues."

How your data is collected and commoditised via “free” online services

The fiscal impact of data breach

Nathan E Botts 0 33789 Article rating: No rating

I get a lot of people popping up with data breaches for Have I been pwned (HIBP). There’s an interesting story in that itself actually, one I must get around to writing in the future as folks come from all sorts of different backgrounds and offer up data they’ve come across in various locations. Recently someone sent me a list of various data breaches they’d obtained.

Medicare Access and CHIP Reauthorization Act (MACRA)

Important changes to how Medicare pays those who give care to Medicare beneficiaries

Nathan E Botts 0 12730 Article rating: No rating
From the CMS YouTube page: During this MLN Connects® video, CMS subject matter experts provide an overview of the Medicare Access and CHIP Reauthorization Act (MACRA), which makes three important changes to how Medicare pays those who give care to Medicare beneficiaries: 
  1. Ending the Sustainable Growth Rate (SGR) formula that determines Medicare payments for services
  2. Making a new framework to reward health care providers for giving better care 
  3. Combining our existing quality reporting programs into one new system

Understanding Cross Site Request Forgery

Mechanics of a CSRF Attack

Nathan E Botts 0 7062 Article rating: No rating

Cross site request forgery is one of those attacks which remains enormously effective yet is frequently misunderstood. I’ve been running a bunch of security workshops for web developers around the globe recently and this is one of the topics we cover that often results in blank stares when I first ask about it. It usually unfolds that the developers have multiple resources at risk of a CSRF attack and if it’s not a classic web form style resource, then it’s frequently an API somewhere (you’re passing anti-forgery tokens to any APIs you wouldn’t want fraudulently called, right?!).

Cypress: Meaningful Use Stage 2 Toolkit

Clinical Quality Measure Testing And Certification

Nathan E Botts 0 6935 Article rating: No rating

From the ONC Cypress website:

Cypress is the rigorous and repeatable testing tool of Electronic Health Records (EHRs) and EHR modules in calculating Meaningful Use (MU) Stage 2 Clinical Quality Measures (CQMs). The Cypress tool is open source and freely available for use or adoption by the health IT community including EHR vendors and testing labs. Cypress serves as the official testing tool for the 2014 EHR Certification program supported by the Office of the National Coordinator for Health IT (ONC).

Health IT Summaries

U.S. National and State Health IT data and statistics.

Nathan E Botts 0 0 Article rating: No rating

From the HealthIT.gov website: 

"All referenced national level measures are provided for the most recent period of data in the 'all U.S.' report. All referenced state level measures are provided for the most recent period of data, in addition to at most two years of preceding trend data. State level measures are visualized side-by-side with national level measures for state-specific reports. All of the data is fully accessible, with full data documentation, through the Dashboard."

Breaking Up (With an EHR) Is Hard to Do

But experts say not cutting ties leads to a worse fate.

Nathan E Botts 0 0 Article rating: No rating

From the article in For the Record: 

"Lack of sufficient vendor support. Workflow inefficiencies. Changing needs.

The motivations may vary, but more health care organizations seem to be coming to the same conclusion: It’s time for a new EHR. We’re not talking your typical paper-to-electronic transformation either. This is a one-EHR-to-a-hopefully-better-EHR transition.

It’s not as uncommon as one may think. In fact, based on results from a recent survey of 17,000 EHR users in which almost one-quarter of respondents cited enough dissatisfaction with their current system to consider switching to a new EHR vendor, Black Book Rankings is calling 2013 “The Year of the Great EHR Switch.”

What are the contributing factors to EHR disenchantment and, more importantly, what considerations should health care organizations take into account before making such a mammoth decision?"

Toolkit for the Safe Use of Copy and Paste

A toolkit published by the ECRI Institute

Nathan E Botts 0 0 Article rating: No rating

From the ECRI Institute website:

"The Partnership for Health IT Patient Safety has established workgroups for in-depth study of health IT events. The issue of copying and pasting health information (e.g., orders, notes, labels) was chosen for the first workgroup. Copy and paste is widespread, often underreported, and has the potential to cause adverse patient safety events.
Four safe practice recommendations were agreed upon and endorsed by the multidisciplinary group of stakeholders:
Recommendation A: Provide a mechanism to make copy and paste material easily identifiable.
Recommendation B: Ensure that the provenance of copy and paste material is readily available.
Recommendation C: Ensure adequate staff training and education regarding the appropriate and safe use of copy and paste.
Recommendation D: Ensure that copy and paste practices are regularly monitored, measured, and assessed.
Additional information about safe practice recommendations and implementation strategies are available for dissemination to the healthcare community through the distribution of a free publicly-available toolkit."

Microsoft Regional Director

Nathan E Botts 0 5086 Article rating: No rating
Microsoft Regional Director

This was not what I was expecting earlier this week:

I am delighted to welcome you to the Microsoft Regional Director program!

Microsoft Regional Director

More specifically, the nomination I received some weeks back was not what I expected and this week’s message was what I’d dared not get my hopes up too much about.

A bit of context first – I’m not going to work for Microsoft and despite the title of “Microsoft Regional Director”, I’m no more an employee than what I was (and still am) an MVP. The MVP title remains and what the Regional Director status does is turns that up to 11. Here’s what they told me in the email:

The competition for admission to this program was intense. Your selection is a tribute to your deep technical and business knowledge, your community leadership, and your ability to connect with Microsoft customers, partners, prospects, and product group professionals.

There’s a good little piece on what the Microsoft Regional Director Program is plus a list of the folks that I join on the program which will include many familiar names if you travel in Microsoft circles. I’ll join them representing the Asia Pacific region and I expect it will give me better access to the right people in Microsoft (although in fairness, I’ve never felt this has been a challenge in the past) as well as obviously carrying kudos which helps when talking to the various organisations I work with.

As with the MVP program, independence is still key and also as with the MVP program, I suspect I’ll continue to face a barrage of “well you have to say that, because Microsoft” responses from time to time. I’ll continue to get my phone and tablet Apple, my browser from Google and my laptops from Lenovo, but I’ll also continue to love working in Visual Studio with ASP.NET and publishing it up to Azure. That’s what independence looks like.

I’m really grateful to have this recognition, particularly because it’s comes as a result of just doing what I genuinely love. I’m really enjoying creating Pluralsight courses, travelling the world to speak and spend time with organisations in workshops and seeing Have I been pwned continue to grow in unexpected ways, all of which give me an opportunity to showcase many wonderful technologies, including those from Microsoft. All of that only works because I have an audience though so a big thanks to everyone who’s helped me along the way by consuming the things I create and enabling me to have these opportunities.

Snomed CT

The language for interoperable EHR

Nathan E Botts 0 0 Article rating: No rating

From the SNOMED website: SNOMED CT (Systematized Nomenclature of Medicine--Clinical Terms) is a comprehensive clinical terminology, originally created by the College of American Pathologists (CAP) and, as of April 2007, owned, maintained, and distributed by the International Health Terminology Standards Development Organisation (IHTSDO), a not-for-profit association in Denmark. The CAP continues to support SNOMED CT operations under contract to the IHTSDO and provides SNOMED-related products and services as a licensee of the terminology.

Data Aggregation - A Primer

An article from the Northwest Regional Primary Care Association

Nathan E Botts 0 0 Article rating: No rating

From the original article introduction: Healthcare is in the midst of a profound business model change. And we are all aware that the old model of “fee-for-service” medicine is over, and a new model is quickly emerging. On December 12, 2013, the Dartmouth Institute for Health Policy and Clinical Practice published the first real evidence that the management of the patient across the continuum of care can bend the cost curve of our ever- aging population. The new shared savings model that has developed is designed to deliver seamless, high-quality care for patients, replacing the fragmented care that we see in the fee-for-service payment system. In the fee-for-service model, different providers receive different, disconnected payments. But the new model is designed to maintain a patient-centered focus by developing processes to promote evidence-based medicine, patient engagement, and report on quality. To deliver on that promise, health systems need greatly enhanced data aggregation tools; however, it is difficult to evaluate these tools, and many do not understand how the system needs translate into data requirements. This article is designed to present some of those issues in context.

Meaningful Use Stage 2 & HIPAA

The Relationship between HIPAA and Meaningful Use Privacy & Security

Nathan E Botts 0 8532 Article rating: No rating

The Health Insurance Portability and Accountability Act (HIPAA) Rules provide federal protections for patient health information held by Covered Entities (CEs) and Business Associates (BAs) and give patients an array of rights with respect to that information. Regulations includes the Privacy Rule, which protects the privacy of individually identifiable health information; the Security Rule, which sets national standards for the security of electronic Protected Health Information (ePHI); and the Breach Notification Rule, which requires CEs and BAs to provide notification following a breach of unsecured Protected Health Information (PHI). CEs must comply with the HIPAA Privacy,10 Security,11 and Breach Notification12 Rules. BAs must comply with the HIPAA Security Rule and Breach Notification Rule as well as certain provisions of the HIPAA Privacy Rule.

Introduction to the Health IT Adoption Toolbox

A YouTube video posted by HRSA

Nathan E Botts 0 5816 Article rating: No rating

From the HRSA website: "Effective use of EHRs is a must for everyone in the safety net community. The main goal of EHRs is improving the quality and safety of patient care. Having one accurate, up-to-date record that includes all of a patient's health information makes it easier for providers and patients to make better decisions."

Tips on Open Source EHR Systems in the Safety Net Community

A YouTube video from HRSA

Nathan E Botts 0 8142 Article rating: No rating

From the HRSA YouTube Channel:

This webinar focuses on open source Electronic Health Records (EHR) for the safety net community. Open Source EHRs are systems that are either free or very low cost to implement. The presenters will provide an overview of the types of open source systems, the benefits and challenges of using open source EHRs, and how these systems can be used effectively to meet the Meaningful Use requirements and provide high quality care to meet population health needs. In addition, one speaker will present on how his rural federally qualified health center selected the use of RPMS (a free EHR system which was developed by Indian Health Service) to support its clinical services. A second presenter will talk about his health center's selection of Worldvista (Based on the Veterans Administration EHR System) and how it supports UDS reporting requirements. 

The presenters include: Jason Goldwater, M.A., M.P.A., Health IT Program Manager, NORC; Matthew King, M.D., VistAdoc,LLC and former Chief Medical Officer of Clinica Adelanta; Sarah Chouinard, M.D., Clinical Lead
Community Health Network of West Virginia

RSS

 

Google Ads
Google Ads
Google Ads
All information, thought, and references provided on Health eConsultation is intended for informational and educational purposes only. Health eConsutlation currently makes no attempt at HIPAA privacy compliance. Any trade names used are information and details given for the convenience of users and do not constitute an endorsement from Health eConsultation.
Use this site at your own risk, and do not use the information to make medical or legal decisions without first seeking guidance from a medical or legal professional.
Plain and simple, ads are used to help pay for the cost of the server and resources required to serve Health eConsultation members and provide an objective resource of health information and health education. Subscribers of Health eConsultation can access the site without having to view ads.