CVS & HHS: Partners in Compromising Your Privacy

June 28, 2010 by James Christiano · Leave a Comment
Filed under: Health Law, Prescription Drugs, Privacy

cvs-receipt On January 16, 2009, the Department of Health and Human Services (HHS) and CVS entered into a resolution agreement requiring CVS to pay a $2.25 million fine and implement a corrective action plan for “potential violations of the HIPAA [The Health Insurance Portability and Accountability Act of 1996] privacy rule.” Why? CVS had allegedly been placing prescription bottles and labels into dumpsters that were accessible to the public. The bottles/labels contained protected health information (PHI), which CVS was required to safeguard under federal law.

Although HHS appears to regard the settlement as a success, given its prominence on the HIPAA enforcement section of HHS’s website, it is nothing of the sort. The agreement provides that CVS “expressly den[ies] any violation of HIPAA or the Privacy Rule, and further den[ies] any wrongdoing,” while HHS does not concede that CVS is “in compliance with the Privacy Rule.” HHS did agree with itself, however, releasing an FAQ (accompanying the press release) stating that under its Privacy and Security Rules: “covered entities are not permitted to simply abandon PHI or dispose of it in dumpsters or other containers that are accessible by the public or other unauthorized persons.”

Why is this old news important? This week I had a prescription filled at my local CVS pharmacy in Livingston, New Jersey. While standing at the pharmacy I noticed that all of the filled prescriptions were stored directly behind the counter in plain view of any customer. Each prescription was inside a small bag to which a customer receipt was attached. The receipts in the front row of the storage bins were readable from the counter. The receipts contain protected health information (PHI) that is subject to the Privacy and Security Rules of HIPAA including:

1) Full name,

2) Address,

3) Telephone number,

4) Day and month of birth,

5) Drug name and dosage, and

6) Prescriber.

HHS maintains the authority for civil enforcement of violations of the Privacy and Security Rules promulgated pursuant to HIPAA. So, why is it that CVS allows the public to view its customers’ PHI in violation of HIPAA even while still subject to the corrective action plan for its prior alleged violations? Well, I asked the pharmacist on duty. The pharmacist acknowledged that it was a problem that the PHI could be viewed from the counter. However, CVS was expecting to remodel and “hopefully” the shelf would be placed farther away to render the PHI unreadable. Upon requesting the contact information for CVS’s privacy officer, the pharmacist readily provided such information and stated that she would “appreciate” someone actually reporting the apparent violation.

HHS was recently provided with additional enforcement tools under the HITECH provisions of the American Recovery and Reinvestment Act of 2009. Unfortunately, it does not appear that HHS is serious about enforcing its own regulations or resolution agreements; nor, if the flagrantly violative placement of prescriptions is indicative of mindset, is CVS serious about HIPAA compliance.

Tags: Health Care Reform, Health Reform, HIPAA, Prescription Drugs, Privacy, Protected Health Information, The HITECH Act Compliance

RFID Tags for Nurses, then Everybody?

June 22, 2010 by Frank Pasquale · Leave a Comment
Filed under: Privacy, Research, Transparency

survselfhelplittle The recent City of Ontario v. Quon decision has had a mixed reception among privacy advocates. Though many are disappointed that employees’ privacy rights have once again been narrowed, some have discerned helpful dicta in the case. However, I worry that, whatever the drift of thought among swing justices, economic imperatives and cultural shifts will mean a lot less privacy in the workplace of the future. Health care in particular offers a few interesting bellwethers.

As an opinion piece by Theresa Brown explains, maintaining proper staffing levels in hospitals is becoming increasingly difficult. Surveillance systems are offering one way to address the problem; work can be performed more intensively and efficiently as it is recorded and studied. But such monitoring has many troubling implications, according to Torin Monahan (in his excellent book, Surveillance in a Time of Insecurity):

The tracking of people [via Radio Frequency Identification Tags] represents a . . . mechanism of surveillance and social control in hospital settings. This includes the tagging of patients and hospital staff. . . . When administrators demand the tagging of nurses themselves, the level of surveillance can become oppressive. . . . [because nurses face] labor intensification, job insecurity, undesired scrutiny, and privacy loss. . . . To date, such efforts at top-down micromanagement of staff by means of RFID have met with resistance. . . . One desired feature for nurses and others is an ‘off’ switch on each RFID badge so that they can take breaks without subjecting themselves to remote tracking. (122)

Like the “nannycam” employed by many a wary parent, the nurse-cam may be seen as a way to protect the vulnerable. It may also increase the accuracy of evidence in malpractice cases. On the other hand, inserting a tireless electronic eye to monitor what is already an extremely stressful job may create many unintended consequences, or deter people from going into nursing altogether. Even advocates of pervasive surveillance recognize these difficulties.

The increasing pressure to monitor what happens inside hospitals reminds me of a recent article by Thomas Goetz in Wired (no link yet) on Google co-founder Sergey Brin’s quest to find a cure for Parkinson’s disease. As Goetz describes it, a new form of “high-speed science” depends on rapid accumulation of as much data as possible:

In Brin’s way of thinking, each of our lives is a potential contribution to scientific insight. We all go about our days, making choices, eating things, taking medications, doing things—generating what is inelegantly called data exhaust. . . . With contemporary computing power, that data can be tracked and analyzed. “Any experience that we have or drug that we may take, all those things are individual pieces of information. Individually, they’re worthless, they’re anecdotal. But taken together they can be very powerful.” In computer science, the process of mining such large data sets for useful associations is known as a market-basket analysis.

Goetz has promoted this as a new way to “do science in the petabyte age.”
Read more

Tags: EMR, Health Care Reform, Health Reform, Privacy, Reality Mining, RFID

Patient Safety and Quality Improvement: Civil Money Penalty Inflation Adjustment

May 14, 2010 by Guest Blogger · 1 Comment
Filed under: EMR, Electronic Medical Records

By: Constantina Koulosousas

The first manned balloon ascent on October 15, 1783, to a height of 25 meters. This ascent was made by the Marquis d'Arlandes and Pilatre de Rozier. In: "Histoire des Ballons et des Aeronautes Celebres," by Gaston Tissandier, 1887, p. VII.

The Patient Safety and Quality Improvement Rule was amended, effective November 23, 2009, by the Department of Health and Human Services to adjust the maximum civil money penalty amount for violations of the confidentiality provisions. The amount was adjusted for inflation to comply with the Federal Civil Penalties Inflation Adjustment Act of 1990. This amendment was carried out through direct final rule making, as HHS expected no significant adverse comments to the rule.

The Patient Safety and Quality Improvement Act of 2005 created a voluntary program for health care providers to share what is known as “patient safety work product” (PSWP), or any information relating to patient safety events and concerns with each other and Patient Safety Organizations (PSOs). The Department of Health and Human Services is required to maintain a listing of all PSOs.

The Act amended Title IX of the Public Health Service Act for the purpose of improving patient safety and quality of care. As with attorney work product, this information is privileged and confidential. While the program may be voluntary, a knowing or reckless violation of the confidentiality requirements of the Act can result in a civil money penalty of up to $10,000 for each violation, as assessed by the Office for Civil Rights.

The deterrence effect of the civil money penalties had been reduced by inflation. This caused Congress to enact the Inflation Adjustment Act. This Act requires Federal agencies to issue regulations adjusting each civil money penalty found within the Public Health Service Act within their jurisdiction, for inflation. The agencies are required to issue these regulations at least once every four years from July 29, 2005, the date of its enactment. The inflation amount is adjusted through a three-step process.

First, the agency must calculate an increase in the penalty amount by a “cost-of-living adjustment.” “Cost-of-living adjustment” is defined in the act as the percentage for each civil monetary penalty by which the Consumer Price Index for the month of June of the calendar year preceding the adjustment, exceeds the Consumer Price Index for the month of June of the calendar year in which the amount of such civil money penalty was last set or adjusted pursuant to law.

Second, the amount of increase must be rounded based on the size of the penalty as set forth in section 5(a) of the Act. Since the penalty in this case is $10,000, the increase is $1,000, making the final maximum penalty amount $11,000. Finally, the third step requires that a first adjustment be limited to 10 percent of the penalty amount. Accordingly, an $11,000 adjusted penalty is appropriate.

One great benefit of the Act is to make sure that the penalties assessed for such violations provide adequate deterrence to potential violators. This is done by periodically increasing the violation amount to account for inflation over time. Especially now in the wake of the massive health care reform and improvements in the use of Electronic Health Records, it is important to ensure patients that their personal health information remains confidential and that a breach of this confidentiality requirement will result in steep monetary penalties.

On the contrary, many may argue that the increase in the penalty amount is not adequate. Since the Act imposes a 10% cap in addition to a standard chart for calculating the inflation, it may not always be completely in sync with the current economic environment. Further, these penalty amounts are only updated every four years, which leaves a significant gap in time.

Additionally, the slight increase in money penalties assessed will not do much to comfort patients that their health information is protected and confidential. Once the information gets out, there is no amount of money assessed as a violation that can remedy the breach and the damage which may have already been done. Further, to many of the entities involved in such violations, a $10,000 penalty may seem like an insignificant slap on the wrist.

The Act only punishes a “knowing or reckless” violation of the confidentiality provisions, so breaches that occur unintentionally will not subject physicians or PSOs to liability. This mental state requirement is especially important as electronic health record software gets ironed-out, to get rid of any technical issues or glitches that may arise in the course of implementing such a national electronic system.

Conversely, the “knowing or reckless” standard may pose some difficulties enforcing liability under the Act, as it may not always be easy to prove that the confidentiality breach was done with such a state of mind, or even where the disclosure came from.

Tags: EMR, Health Care Reform, Health Reform, Patient Safety and Quality Improvement Act of 2005, Privacy

HIPAA, The HITECH Act, and How Google May Still Be Able to Distribute, and Profit From, Your Personal Health Info

August 6, 2009 by Jordan T. Cohen · 7 Comments
Filed under: EMR, Electronic Medical Records, IT

Photo by Jonathunder

Below I will explore what seems to be a gaping hole in the HITECH Act. However, as with any new legislation, it is often necessary to reexamine the laws that preceded it, which in this case is HIPAA. This is particularly true given that the HITECH Act does not replace HIPAA. Rather, it provides–amongst other things–additional security and privacy safeguards with respect to health information. To that extent, at least a cursory reexamination of HIPAA is required before understanding HITECH and the importance of comprehensive legislation.

HIPAA was a product of the 1990’s–an era triggering nostalgic memories of grunge music for some, and the (in)famous Macarena dance for others. For a large part of this period, the Internet was accessed by a handful of tech savvy individuals who dialed into services like CompuServ, Prodigy, and AOL. It was during this transition that Congress felt the need to make health insurance more portable, as well as standardize the variegated electronic systems that were conducting nonstandard healthcare-related transactions. There was a concomitant concern that health information needed better protection. Thus, in 1996 Congress adopted the Health Insurance Portability and Accountability Act (HIPAA), providing HHS with the responsibility to enforce it. However, the regulation enforcing privacy and security of health information would not be implemented until years later.

HIPAA’s Privacy Rule, which describes the appropriate use and disclosure of certain health information, came into force on April 14th, 2001, updated in 2002, with compliance required by April of 2003. The Security Rule, which establishes the policies and best practices for securing health information, came into force in 2003. Thus, the Privacy and Security Rules (referred to below as HIPAA) came to life in a period of technological transition. New technologies like residential broadband Internet access and Wi-Fi networks were becoming the norm. Electronic Health Record (EHR) systems had been developed, but had only marginal penetration within certain academic medical centers and government entities. Consequently, the threats to patient privacy from early EHRs was much smaller than it is today, since these systems were not widespread and did not often share data over disparate regions. Thus, access to the systems was not necessarily available outside of the intranets where the servers were located.

Acronyms of HIPAA & HITECH

Acronym	Phrase	General Definition (see 160.103 for regulatory language)
PHI	Protected Health Information	Any oral or recorded information relating to any past, present, or future physical or mental health of an individual, provision of healthcare to the individual, or the payment for the healthcare of that individual.
CE	Covered Entity	A group of entities whose use, disclosure, and protection of PHI is regulated by HIPAA and HITECH. CEs are comprised of: 1) Health care provider (e.g. physicians) that submit transactions electronically. 2) Health care plans (e.g. HMOs) 3) Health care clearinghouses (which are public or private entities, including a billing service, repricing company, community health management information system, etc… that processes or facilitates the processing of health information received from another entity in nonstandard form into standard form, or from standard form to non-standard form.
BA	Business Associate	Individuals or organizations performing an activity involving the use or disclosure of PHI on behalf of the CE. BAs can include attorneys, accountants, shredding companies, billing companies, or any other person or organization that is not a CE but which is accessing a CE’s PHI.
EHR	Electronic Health Record	An electronic record of patient care comprised of information about the delivery of care, including demographic information, medications, diagnoses, etc.
PHR	Personal Health Record	An electronic record of patient care comprised of much of the same information that an EHR is comprised of, but which is created and maintained by the individual (usually a patient) as opposed to a provider. Prominent examples are Google Health and Microsoft HealthVault

d

Given the historical context of HIPAA’s passage, it is easy to appreciate HIPAA’s missteps in not specifically focusing on EHRs or PHRs. Rather, HIPAA regulates protected health information at a broader level, focusing primarily on the “use and disclosure” of PHI by CEs, and the best practices and policies for securing the PHI itself. To be fair, the Security Rule does focus on PHI that is stored and transmitted electronically. However, even the most stringent best practices and policies are useless if the corresponding privacy regulations are inadequate.

But the times they are a-changin’–sort of.

Buried on page 112 of the American Recovery and Reinvestment Act (ARRA)–also known as the Stimulus Bill–is Title VIII of the bill, known as the Health Information Technology for Economic and Clinical Health Act, or more commonly, the HITECH Act. One (of the many) purposes of the HITECH Act is to fill in the gaps that have emerged since the Privacy and Security rules came into force. But like before, we are in a transition period. Whereas HIPAA’s passage coincided with a period of generalized transition towards digital information, HITECH has coincided with its own transition: the implementation of personal health records (PHRs). Unfortunately, the current HITECH Bill and regulations have serious flaws in how they protect patient information stored in PHRs. However, before discussing the problems, it is only fair to discuss the benefits to privacy and security that HITECH’s passage has provided.

Specifically, HITECH introduces breach notification requirements. HITECH’s provisions govern the procedures which CEs and BAs must follow if health information has been compromised. HITECH also empowers the FTC to promulgate regulations pertaining to the notification procedures of PHR vendors (as well as those who offer services to PHR vendors). The FTC’s proposed breach notification requirements can be found here. Thus, CEs, BAs, and PHR vendors are, for the first time, required by law to notify individuals if their unsecured PHI has been accessed by unauthorized individuals. Surprisingly, this was not required under HIPAA. CEs were obligated to notify individuals only insofar as the CEs were required by HIPAA to mitigate damages. But now, with the passage of HITECH, breach notification is no longer amorphous, but is spelled out in detail in HITECH’s regulations.

Additionally, HITECH requires BAs to abide by many of the same privacy and security requirements that CEs have had to abide by. Before HITECH, a BA, such as an attorney reviewing the PHI of a CE, was required to sign an agreement promising to protect the PHI that they were accessing, but were not themselves regulated by HIPAA. Thus, BAs had only contractual liability to the CE if the BA violated the rules of the agreement. On the other hand, if a CE violated HIPAA, it was subject to specific penalties and fines by the government.

Under HITECH, BAs must now comply with much of the Privacy and Security Rule, and face many of the same penalties and fines if they violate HIPAA regulations. That is, BAs are now accountable to the government if they improperly use or disclose PHI, or fail to adequately secure PHI.

HITECH also offers other benefits, such as increased enforcement of violations, a strengthening of the requirement that only the minimum necessary information is disclosed to other CEs or BAs, a more thorough framework of accounting for uses and disclosures, as well as a certain prohibitions on the sale of PHI.

The last benefit of HITECH–the prohibition on the sale of PHI–is a perfect springboard for discussing the potential pitfalls of HITECH. The benefits of HITECH may well be sufficient to shore up HIPAA’s gaps when it comes to regulating CEs and BAs. However, as HITECH’s regulatory language makes clear, there remains a gaping hole:

(d) Prohibition on Sale of Electronic Health Records or Protected Health Information-

(1) IN GENERAL- Except as provided in paragraph (2), a covered entity or business associate shall not directly or indirectly receive remuneration in exchange for any protected health information of an individual unless the covered entity obtained from the individual, in accordance with section 164.508 of title 45, Code of Federal Regulations, a valid authorization

The emphasis is added to underscore that PHRs are not included in this provision. There is no corresponding provisions in the FTC’s proposed regulations which concern breach notification. The upshot of this is that, as of the date of this posting, PHR services like Google Health and Microsoft HealthVault are not subject to this prohibition, nor is there a provision in HITECH mandating that PHRs comply with HIPAA’s Privacy and Security Rule. Therefore, PHR vendors can use, disclose–and possibly even sell–an individual’s health information outside of the HIPAA and HITECH regulations. This problem underscores a larger issue: PHRs are not regulated by HIPAA, and only regulated by HITECH insofar as the FTC’s interim rule requires certain breach notification procedures. Read more

Tags: Add new tag, Electronic Medical Records, EMR, FTC, Google, Health Care Reform, Health Reform, HIPAA, Personal Health Records, PHR, Privacy, Proposed Legislation, The HITECH Act

LoJacking Grandma and “Reality Mining,” or “Daddy, What was Anonymity?”

February 7, 2009 by Michael Ricciardelli · 4 Comments
Filed under: Electronic Medical Records, IT

photo by mrsmartino via flickr

Mark Heftler, a geriatric care manager who is slated to begin study at Seton Hall Law in the Fall, has written an interesting article on RFID (Radio Frequency Identification) and its potential usage as a means of early diagnosis of dementia among the elderly. Researchers at the University of South Florida have developed and tested an RFID technology which assesses the walking patterns of those which it monitors.

By monitoring the movements of the elderly within geriatric facilities, “the researchers hope to be able to diagnose the onset Alzheimer’s in their patients. Sudden veers, long pauses, and a tendency to wander are all indicators of dementia.”

As MIT’s Technology Review notes, “Drugs that are currently available can only slow the progression of related diseases, so the earlier dementia is caught, the better a patient’s treatment will be.”

Technology Review also notes, “In particular, dementia increases the risk of injury caused by a fall… ‘That’s a huge problem for assisted-living facilities,’” said William Kearns, an assistant professor who researches aging and mental health at USF.

Not Just Grandma

Although one can readily see the positive cost/benefit and quality of life implications of warding off the falls of the elderly, as Frank Pasquale recently noted on both this blog and Concurring Opinions, the proliferation of “personal” electronic data is not without its danger.

The Technology Review article provides a link to another article which points out that RFID technology is also being harnessed to gather social networking information through what is referred to as “reality mining,”

“…a field that Tanzeem Choudhury pioneered as a PhD student at the MIT Media Lab. Working at Intel after graduation, she created a pager-size sensor pack–loaded with software plus microphones, accelerometers, and other data-gathering devices–to collect and analyze data about human interactions and activity. For instance, by processing verbal utterances, she can identify the most influential people in a social network.

Now an assistant professor of computer science at Dartmouth, Choudhury is conducting experiments with the sensor-laden iPhone. Within a few years, she says, simple versions of her software could be available for cell phones.”

Tags: Alzheimer's, Blogs, Concurring Opinions, dementia, Elderly, EMR, Health Policy Community, IT, Privacy, Professional Geriatric Care Manager's Blog, Reality Mining

Recent Posts

Contesting Depression

Renewed Efforts to Reduce Industry Funding of CMEs

Good News for Health Care Reform Implementation

New Interim Federal External Review Process for Health Insurance Appeals Announced

Center for Health & Pharmaceutical Law & Policy Submits Comments on Conflicts of Interest in Research to the National Institutes of Health

Florida Attorney General McCollum Falls Victim to Collective Mandate, Loses Bid for GOP Nomination for Governor

PPACA and the Growing Shortage of Pediatric Subspecialists

Missouri Votes Against Individual Mandate, May Impact Standing Argument in Federal Court

Trouble Brewing for Pharmaceutical Companies

Secretary of State Hillary Clinton on the Global Health Initiative

We May Need More Than A Spoonful Of Sugar To Help Our Medicine Go Down

Limit Physicians’ Off Label Prescribing Practices?

Doctors, Patients and a Failure to Communicate

An ERISA Defense Conference with Nine “Renowned Federal Judges”

Recommended Reading: Recent Legal Scholarship on Issues in Global Public Health

How Much Does PPACA Really Benefit Women?

Recommended Reading: Recent Scholarship on Medical Decisionmaking for Children

Judge Rules, Virginia Moves Forward Against Individual Mandate

New Rules for Insurance Appeals Under PPACA

Recommended Reading, “Regulating Conflicts of Interest in Research: The Paper Tiger Needs Real Teeth”

Developments In Domestic and Global HIV/AIDS Strategies

Places Cited

Posts from Health Reform Watch have been cited by media sources throughout the country, including Kaiser Health News, The Health Care Blog, NPR's Planet Money Blog, Duke Univ. Med. Center News, American Health Line Alerts, BusinessWeek.com, Concurring Opinions, Balkinization, The New England Journal of Medicine, Harvard's Nieman Foundation for Journalism, The New York Times, Washington Post, L.A. Times, Las Vegas Sun, Maggie Mahar, Ezra Klein, Tom Geoghegan, and the official homepage of the Office of the Democratic Majority Leader of the House of Representatives, Steny Hoyer.
Audio Presentations

Click on the blue links to play, click again to pause:
Hunt Lecture From the original post: During his week-long visit to Seton Hall Law School, Paul Hunt, Professor of Law, University of Essex School of Law, provided several lectures to students and faculty ...Read More Maizel Lecture From the original post: A noted expert in the restructuring of health care business debts, both in and out of court, Sam Maizel treated Seton Hall to a one hour crash course on the fiscal crisis ...Read More PPACA Discussion From the original post: On Friday, April 9th, Seton Hall was treated to an expert round table discussion on the new health reform measures. Visiting professor Tim Greaney ...Read More
Kaiser
The Commonwealth Fund
- Kathleen Sebelius and David Durenburger on How the ACA Will Improve Health Care Delivery
  On the Commonwealth Fund Blog, HHS Sec. Kathleen Sebelius discusses how the health reform law will help ensure coordinated and patient-centered health care delivery, and Senator David Durenberger explains why he's optimistic about the law's implementation.
- Health Care Opinion Leaders' Views on Delivery System Innovation and Improvement
  Nearly nine of 10 leaders in health care and health care policy believe current financial interests and lack of incentives for integration are barriers to the growth of accountable care systems, according to the latest Health Care Opinion leaders survey. Also see blog posts by HHS Sec. Kathleen Sebelius and former U.S. Senator David Durenberger.
- The Commonwealth Fund/Modern Healthcare Health Care Opinion Leaders Survey: Views on Delivery System Innovation and Improvement
  Nearly nine of 10 leaders in health care and health care policy believe current financial interests and lack of incentives for integration are significant barriers to the growth of accountable care systems.
- Experts Believe Lack of Incentives and Financial Interests Are Barriers to Integrated and Accountable Care
  Nearly nine of 10 leaders in health care and health care policy think that the lack of incentives and current financial interests of providers and other stakeholders are barriers to moving health care toward more integrated and accountable delivery models.
- The Triple Aim Journey: Improving Population Health and Patients' Experience of Care, While Reducing Costs
  These three case studies of organizations participating in the Institute for Healthcare Improvement's Triple Aim initiative shed light on how partnering with providers and organizing care can improve the health of a population and patients' experience while lowering—or at least reducing the rate of increase in—the per capita cost of care.
RWJF Health Reform News
- 'Recession Effect' Hits Spending on Health
  Health care spending this year has grown at its slowest rate in a half-century, a sign that people are forgoing medical care during the recession, a USA Today analysis of government data finds.
- Health Insurance Tax Credit Likely to Affect Small Part of Small-Business Workforce
  About 16.6 million workers are employed by small businesses that are eligible for health insurance tax credits under the new health-care law, according to estimates that were to be released by a nonpartisan research foundation Thursday.
- Health Care 'No' Hurts Minnesota
  "All executive branch departments and agencies are directed that no application shall be submitted to the federal government in connection with requests for grant funding for programs and demonstration projects deriving from the Patient Protection and Affordable Care Act ... unless otherwise required by law, or approved by the office of the governor. […]
- The Ugly Truth Behind America’s Objection To Health Care Reform
  As we head into the November elections, much is being made of the failing support for health care reform.
- Medicare Drug Premiums to Remain Stable in 2011
  Average monthly premiums for seniors enrolled in the Medicare drug benefit will increase by only $1 in 2011, bringing the total average premium to $30, the Centers for Medicare & Medicaid Services announced Aug. 18.
NY Times Health Policy
- Sanofi’s Bid Puts Pressure on Genzyme
  The French drug maker Sanofi-Aventis disclosed its $18.5 billion bid for the American biotechnology firm Genzyme.
- Employers Push Costs for Health on Workers
  Employers passed all of the increases in insurance premiums this year to their employees, a survey found.
- Deal Would Provide Dialysis to Illegal Immigrants in Atlanta
  The deal, if completed, would end a yearlong impasse that has come to symbolize the health care plight of the country’s uninsured immigrants and the hospitals that end up caring for them.
- Stem Cell Ruling Will Be Appealed
  The head of the National Institutes of Health said a judge’s decision would most likely force the cancellation of dozens of experiments in diseases ranging from diabetes to Parkinson’s.
- U.S. Rejected Hen Vaccine Despite British Success
  British farmers virtually wiped out salmonella in eggs, but American regulators decided against a mandate.
WaPo Health
- Employers shifting health-care costs to workers, survey shows
  Amid high unemployment and a weak economy, employers have been shifting health care costs to workers, according to a study released Thursday. Health care - United States - Health care reform - Insurance - Politics
- Inspectors find unsanitary conditions at egg farms
  Federal investigators found piles of manure up to eight feet tall, live mice, pigeons and other birds inside the hen houses at two egg farms suspected of causing a nationwide outbreak of salmonella illness, officials said Monday. Business - Poultry - Meat and Seafood - Food and Related Products - Associations
- New workout programs show that pools can attract exercisers of all ages
  Sean Stephens hasn't told his friends he does water aerobics. "I guess until now," the 36-year-old joked last week as we wiggled into the pool at LivingWell, the health club at the Washington Hilton. United States - Recreation - Camps - Day - Health
- Physicians use photos from patients' cellphones to deliver 'mobile health'
  In May, an emergency physician at George Washington University Hospital began a six-month study examining how accurately emergency doctors and physician assistants could diagnose wounds from patient-generated cellphone images. Medicine - Health - Mobile - Facilities - Health Systems
- Be skeptical of health-care credit cards
  These days, you may leave your dentist's office with more than a toothbrush and dental floss in your bag. Thousands of dentists are offering patients health-care credit cards to cover the work that needs to be done, with seemingly hard-to-resist repayment terms. If you need care and don't have in... Credit card - United States - Business - C […]
Boston Globe Health Blog
- Time to tighten rules on tanning beds, skin doctors say
  It's hard to fathom, but tanning beds are in the same medical device category as tongue depressors, according to US regulators, while the World Heath Organization classifies them as carcinogens. But the US Food and Drug Administration is poised...
- Today's Globe
  Massachusetts Attorney General Martha Coakley said yesterday that the board of Beth Israel Deaconess Medical Center should do some soul-searching about chief executive Paul Levys ability to continue leading the hospital, after her office concluded that his longtime personal...
- AG concludes review of Levy case
  The Massachusetts Attorney General's Office said today that a personal relationship between Paul Levy, chief executive of Beth Israel Deaconess Medical Center, and a female employee "clearly endangered the reputation of the institution and its management," and it found that "his continued, repeated and acknowledged failure to appreciate a […]
- Drinking story comes with a cautionary chaser
  Did you lift a glass to toast the new study on moderate drinkers outliving teetotalers? Hold that thought before you pour yourself another one. Although the study fits in with a large body of research linking a few drinks...
- MassHealth may be losing money on imaging, auditor says
  Massachusetts' Medicaid program could be losing millions of dollars on potentially unnecessary imaging tests and by paying more than Medicare, according to a report released by the state auditor today. Auditor Joseph DeNucci said dramatic increases in the use...
LA Times Health Blog
Health Affairs Blog
- Firms Shifting Burden To Workers For Family Coverage
  Workers on average are paying nearly $4,000 this year toward the cost of family health coverage — an increase of 14 percent, or $482, above what they paid last year, according to the benchmark 2010 Employer Health Benefits Survey released today by the Kaiser Family Foundation and the Health Research & Educational Trust (HRET). Selected [...]
- The Latest Health Wonk Review
  Henry Stern at InsureBlog hosts the latest edition of the Health Wonk Review. As always, the Review highlights many interesting posts. Among them: “New Ideas In Medicare Financing,” a Health Affairs Blog post by Michael O’Grady and Jennifer Young. Copyright � 2010 Health Affairs Blog. This Feed is for personal non-commercial use only. All […]
- New Ideas In Medicaid Financing
  The Medicaid program is facing major new challenges. The new health care law puts both significant new responsibilities and financial burdens on the program. At the same time, Medicaid, as one of the three major federal entitlement programs, is a top priority for policy makers trying to address the federal government’s staggering budget deficits. Unf […]
- Health Affairs Briefing: Medical Liability And ER Use
  The September 2010 issue of Health Affairs is devoted to two issues that arguably were insufficiently addressed by the Affordable Care Act: medical liability and patient safety; and the growing nonemergency use of the nation’s hospital emergency rooms. The issue contains new estimates of how much medical liability costs the health care system overall; of […]
- Robert Butler’s Legacy
  Editor’s note: Earlier this summer, on July 7, Robert Butler died of leukemia. Butler was the founding director of the National Institute on Aging, a Pulitzer Prize-winning author, and one of the nation’s leading authorities on aging and geriatrics. With the essay below by Christine Cassel, president and CEO of the American Board of Internal Me […]

Center News, Programs & Papers

Fourth Annual Student Health Law Conference To Be Held at Seton Hall Law on October 22nd

Seton Hall University School of Law Launches European Healthcare Compliance Certification Programme in Paris

Seton Hall Law Announces Frank Pasquale as the Schering-Plough Professor in Health Care Regulation and Enforcement

Former UN Special Rapporteur Paul Hunt on International Law & Health as a Human Right & the Human Rights Responsibilities of Pharmaceutical Companies

Recording of Sam Maizel’s Discussion of Distressed Hospitals

Recording of Professors Tim Greaney, John Jacobi, Frank Pasquale, and Sidney Watson Discussing Health Reform

Seton Hall Announces Summer Study Abroad International Health Law Program

Online Graduate Certificate Program in Health & Hospital Law to Launch in April 2010

Seton Hall Law School’s Center for Health & Pharmaceutical Law & Policy Issues White Paper Calling for Major Reforms in the Financing and Oversight of Clinical Research

Risks to Directors and Trustees of Health Care & Life Sciences Companies: Corporate Compliance in a Distressed Economy

Third Annual Student Health Law Conference, Friday, October 16th at Seton Hall Law

Position Paper In Support of the “New Jersey Compassionate Use Medical Marijuana Act”

Seton Hall Law School’s Center for Health & Pharmaceutical Law & Policy Releases White Paper Recommending Reform of Drug and Device Promotion

Tags
501(c)(3) Center White Papers Position Papers Conferences & Presentations Children Chronic Conditions CMS Conflicts of Interest Constitutional Cost Control Drug & Device Drug and Device Elderly Electronic Medical Records EMR FDA Fraud and Abuse Governmental Reports Health Care Health Care Reform Health IT Health Law Health Policy Community Health Reform HHS Hospital Finances Industry Sources Medicaid Medical Journals Medicare National Newspapers & Media Obama Obama Administration Pharma Physician Compensation PPACA Prescription Drugs Private Insurance Proposed Legislation Public Option Public Plan Quality Improvement Seton Hall Law State Initiatives Think Tanks Unconstitutional Uninsured
Meta

Acronym

Phrase

General Definition (see 160.103 for regulatory language)

PHI

Protected Health Information

Any oral or recorded information relating to any past, present, or future physical or mental health of an individual, provision of healthcare to the individual, or the payment for the healthcare of that individual.

CE

Covered Entity

BA

Business Associate

Individuals or organizations performing an activity involving the use or disclosure of PHI on behalf of the CE. BAs can include attorneys, accountants, shredding companies, billing companies, or any other person or organization that is not a CE but which is accessing a CE’s PHI.

EHR

Electronic Health Record

An electronic record of patient care comprised of information about the delivery of care, including demographic information, medications, diagnoses, etc.

PHR

Personal Health Record

An electronic record of patient care comprised of much of the same information that an EHR is comprised of, but which is created and maintained by the individual (usually a patient) as opposed to a provider. Prominent examples are Google Health and Microsoft HealthVault

d

Recent Posts

Sibelius Watch

Health Reform Law (PPACA) Complete Text

News Sources

Noteworthy Blogs

Of Interest

Resources

Wordpress

Categories

Places Cited

Audio Presentations

Center News, Programs & Papers

Tags

Meta

General Definition
(see 160.103 for regulatory language)