Comments on: In all Fairness http://www.fredtrotter.com/2008/05/23/in-all-fairness/ My life and thoughts, often about FOSS in medicine Tue, 02 Dec 2008 17:32:09 +0000 http://wordpress.org/?v=2.3 By: Colin http://www.fredtrotter.com/2008/05/23/in-all-fairness/#comment-1113 Colin Wed, 28 May 2008 19:27:32 +0000 http://www.fredtrotter.com/2008/05/23/in-all-fairness/#comment-1113 Again, thanks for your extensive breakdown on the ramifications of this whole PHR thing. I work in healthcare myself and I concur with your statement that few people really understand what HIPAA is and what it covers especially when it comes to telecommunications. It's viewed as this magical privacy shield that when you say "HIPAA Compliant" suddenly everything is more secure. From an IT perspective it's as easy as: have your web server behind a good firewall, log server access, use good passwords and SSL, and store your data encrypted. This is all HIPAA compliant security is -- and it's better security than how your patient records are normally kept. Also, I'd place bets that Google Health is more secure than most current PHR systems that are out there. Beyond the server security, HIPAA just introduces liability and restricts sharing, which would complicate if not outright kill the features that make Google Health useful. Again, thanks for your extensive breakdown on the ramifications of this whole PHR thing.

I work in healthcare myself and I concur with your statement that few people really understand what HIPAA is and what it covers especially when it comes to telecommunications. It’s viewed as this magical privacy shield that when you say “HIPAA Compliant” suddenly everything is more secure.

From an IT perspective it’s as easy as: have your web server behind a good firewall, log server access, use good passwords and SSL, and store your data encrypted. This is all HIPAA compliant security is — and it’s better security than how your patient records are normally kept. Also, I’d place bets that Google Health is more secure than most current PHR systems that are out there.

Beyond the server security, HIPAA just introduces liability and restricts sharing, which would complicate if not outright kill the features that make Google Health useful.

]]> By: Adrian Gropper http://www.fredtrotter.com/2008/05/23/in-all-fairness/#comment-1110 Adrian Gropper Wed, 28 May 2008 15:31:15 +0000 http://www.fredtrotter.com/2008/05/23/in-all-fairness/#comment-1110 Thanks Fred for the clearest and most thorough discussion of this misconception about patient-controlled PHRs that I've ever seen. Part of the problem is that HIPAA covered entities (CE) see themselves as competitors to patient-controlled accounts when it comes to networking information and are using HIPAA strategically. Should any CE have a default right to communicate private health information beyond its firewall without informed consent? Should every patient that declares to their CE that they have a PHR be allowed to request that *all* sharing go through the PHR account that they designate? Thanks Fred for the clearest and most thorough discussion of this misconception about patient-controlled PHRs that I’ve ever seen.

Part of the problem is that HIPAA covered entities (CE) see themselves as competitors to patient-controlled accounts when it comes to networking information and are using HIPAA strategically. Should any CE have a default right to communicate private health information beyond its firewall without informed consent? Should every patient that declares to their CE that they have a PHR be allowed to request that *all* sharing go through the PHR account that they designate?

]]> By: Holt Anderson http://www.fredtrotter.com/2008/05/23/in-all-fairness/#comment-1109 Holt Anderson Wed, 28 May 2008 12:12:11 +0000 http://www.fredtrotter.com/2008/05/23/in-all-fairness/#comment-1109 I believe it will be very important for Google, HealthVault and Dossia to emphasize their custodian responsibilities and commitment to protect, to the extent possible and practicable, the health information that will be entered into their systems. The general public has continuously expressed concerns regarding the unanticipated future uses or disclosures of informaiton about them for marketing or other purposes towhich they did not agree when purchasing this new aid for managing health information. I believe it will be very important for Google, HealthVault and Dossia to emphasize their custodian responsibilities and commitment to protect, to the extent possible and practicable, the health information that will be entered into their systems. The general public has continuously expressed concerns regarding the unanticipated future uses or disclosures of informaiton about them for marketing or other purposes towhich they did not agree when purchasing this new aid for managing health information.

]]> By: Your personal health: Google Health, HealthVault and HIPAA : business|bytes|genes|molecules http://www.fredtrotter.com/2008/05/23/in-all-fairness/#comment-1096 Your personal health: Google Health, HealthVault and HIPAA : business|bytes|genes|molecules Sat, 24 May 2008 16:46:06 +0000 http://www.fredtrotter.com/2008/05/23/in-all-fairness/#comment-1096 [...] via WikipediaFred has a great post on the subject. I will add the following, especially in the wake of GINA. People need crutches. Knowing there is a [...] […] via WikipediaFred has a great post on the subject. I will add the following, especially in the wake of GINA. People need crutches. Knowing there is a […]

]]>