HIPAA Compliance for Medical Practices
82.6K views | +0 today
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...

4 ways to balance health privacy, data sharing

4 ways to balance health privacy, data sharing | HIPAA Compliance for Medical Practices | Scoop.it

Health consumers want to know their data will be used for helpful purposes, yet seek assurances of privacy and protection against breaches, according to a new report from the Robert Wood Johnson Foundation.

The report, "Data for Health, Learning What Works," was based on "listening sessions" the foundation held in five cities last fall--Philadelphia, Phoenix, Des Moines, Iowa, San Francisco, and Charleston, South Carolina--in which people were asked to talk about their hopes, aspirations, worries and concerns when it comes to using digital data to improve health.

In the discussion to build a national health data infrastructure, such as the JASON report and interoperability roadmap, the voices of members of the public have not been heard, foundation member Michael W. Painter wrote at PLOS Blogs. These sessions aimed to rectify that.

Participants in the listening sessions said they need guidance and tools that link data to help them make better health decisions. At the same time, the committee found that having the data does not mean people will work to make the necessary health changes.

"Data moves at the speed of trust," David Ross, director of the Public Health Informatics Institute and co-chair of the Advisory Committee, said in an announcement. "Those are the words we heard from people across the country. As a nation, we need to strike a balance between privacy and the free flow of information."

Among the report's recommendations:

  • Strengthen and modernize policies governing data to protect personal health information, account for new technologies and implement policies that address new security risks as they arise. Most federal and state laws protecting the privacy of health data are years (and in some cases, decades) old.
  • Establish the equivalent of a Bill of Rights for individuals who wish to access their own personal health data.
  • Invest in community data-sharing infrastructure and initiatives to create networks that integrate health with social and community services, and support collaboration across sectors.
  • Launch a broad public education awareness campaign on the value of data use and exchange.

No comment yet.

Cyber-Insurance: How Much Is Enough?

Cyber-Insurance: How Much Is Enough? | HIPAA Compliance for Medical Practices | Scoop.it

Mega-breaches, including the recent hacking attack on Anthem Inc., always result in an uptick of interest in cyber-insurance; but determining how much coverage to buy is an ongoing challenge, says data privacy attorney Marc Voses.

"Every single industry after an event like this sees an uptick in the interest in purchasing cyber- insurance," says Voses, a partner at law firm Kaufman Dolowich & Voluck, LLP. "Over the years since cyber-insurance has been made available, the limits [for dollar value of coverage] ... are increasing at an exponential rate."

After the Target data breach, "the retail industry went streaming into the brokers wanting to find out more about the products and shift more risk onto the insurance carriers in the event of a data breach," Voses says.

Organizations considering cyber-insurance need to ponder how much is enough to offset the potential costs involved not only with breach response expenses, such as notification, but also potential lawsuits and government fines, he says in an interview with Information Security Media Group.

In the aftermath of the Anthem incident, several class action lawsuits already have been filed, including a suit seeking $5 billion that was filed in California just one day after Anthem announced the breach, he notes.

For Home Depot, breach-related expenses are estimated at about $70 million so far, while the company reportedly had cyber-insurance coverage for $100 million, Voses says. In the Target breach, expenses are estimated at about $150 million, which apparently exceeds the company's cyber-insurance coverage, which was reportedly only $40 million, he notes.

In this interview, Voses also discusses:

  • Possible regulatory investigations and other government actions that might result from the Anthem breach;
  • What the HIPAA security rule says about the use of data encryption to prevent breaches;
  • The key privacy and other lessons that are emerging from the Anthem breach so far.

Voses is a partner at the New York City office of national law firm Kaufman Dolowich & Voluck, representing domestic and international insurers and reinsurers, and their insureds, in coverage and liability disputes. He is a litigator who has been called upon to address complex coverage and liability issues involving cyber, data and privacy exposures, management and professional liabilities, environmental liabilities and commercial general liability matters.

No comment yet.