As usual there were a lot of things that happened over the past week, and not all of it was related to pharmacy automation and technology. Here are some of the things I found interesting.
Read more …
“What’d I miss?” – Week of January 30, 2011
Physician’s stolen laptop contains patient information
EMR and HIPPA: “This story made me think of two things:
1. Why is PHI being stored on the laptop in the first place? I wish I could find out if there was an EMR involved. If there was, then the EMR should be storing all of the patient information on the server and none of that data should be stored on the laptop. So, if it gets stolen there’s no breach. That’s the beauty of an EMR these days. There should be no need for this to happen.
2. There’s some really cool technology that’s been coming out in recent laptops that will allow you to remotely wipe out the laptop if it ever gets connected to a network. Basically, once your laptop is stolen you report it stolen and they start tracking it down kind of like they do with stolen cars (same people from what I understand).” – The story associated with this blog goes on to say that “Patient names, treatment dates, short medical treatment summaries and medical record numbers were stored on the computer.“ This wouldn’t have been an issue if all the patient information was stored in the “cloud” and viewed and updated via a secure connection when necessary. Security aside, data stored on a local hard drive increases the chance for lost or duplicate data. Anyway you slice it, this was a bonehead move.
Call to slow down EMR development for better security.
HIT Consultant Blog: “The law [HITECH, the law gives incentives to healthcare organizations to digitize personal health information before 2020], which also updates parts of HIPAA, gives the Secretary of Health and Human Services until mid-August to define what constitutes an electronic medical record. In Schmidt’s view initial requirements should start with strong authentication and encryption, and so far, the Secretary has done just that. Citing existing NIST and FIPS standards, HHS guidance includes healthcare data at rest, data in motion, as well as the proper destruction of Protected Health Information. Unfortunately, some health practitioners have begun purchasing e-health systems before the full complement of standards is known.” - No matter how you slice it, security is always going to be a problem. Even now, security is a primary concern for any healthcare facility in the United States. As you expand outside the walls of your existing system it is only going to get worse. I agree that practitioners should slow down and wait until some of this gets worked out. There’s nothing worse than investing in a system that has to be scrapped secondary to jumping the gun.
