Article – Get set: New HIPAA has teeth

In this article, the new HIPAA Privacy and Security final rule—also known as the HIPAA Omnibus Rule—which became effective on March 26, 2013, is discussed.

Some thoughts…

  • Access to protected health information by 3rd parties, such as vendor support staff, is mentioned. In the related article referenced at the bottom (note: link is broken; corrected link here), it mentions that “Third parties account for 40 percent of the breaches reported and 75 percent of the records exposed”. It will be interesting to see how effective a vendor’s support staff will be when they are unable to analyze data referenced in a reported problem; invalid or corrupt data is a common enough problem that analyzing the original data to eliminate this as a root cause of the problem is a routine task. Also, wide scale analysis of databases to detect frequency of missing or invalid data elements is also a common method. If this data is not made available, or is stored in an encrypted form (at rest), it will be interesting to see how effective current support methods and tools will be (may need to be updated).
  • Same question as above for Business Intelligence (BI) applications that often mine databases (and sometimes files) containing patient record information.
  • Encryption of data on disk (by the storage subsystem or the application) is relatively common (often as an option), but encryption of the database files is less common (though technically feasible with many database management systems). It seems to me that most of the detected and reported breaches are of laptops and portable media (e.g. USB drives).
  • I wonder, if this rule is heavily enforced, if the fines will become enough of a revenue source to be viewed as a way of offsetting the costs of enforcement, or even funding—much like speeding and parking tickets subsidize police operations.

Article – The Obamacare Revolt: Physicians Fight Back Against the Bureaucratization of Health Care

Politics aside, this article provides some numbers on the actual costs of some healthcare procedures in the U.S., comparisons to the reimbursement amounts for these, and the “horse trading” to make some procedures more affordable (performed at a loss), while others are allowed to be more expensive (higher margin to subsidize the other procedures).

Medical imaging (MRI) is mentioned on the second page. The Coming Failure of Accountable Care

The Coming Failure of Accountable Care

Interesting (and perhaps correct) predictions.

While a change to the financial motivations–from reimbursement for procedures (which leads to volume) to funding based on clinical outcomes, quality of care and savings achieved–is admirable, the issue of change management looms. If the systems changes, but those in the system do not, what is accomplished?

Also, one thing I still have to figure out (more reading needed) is how an ACO serving a statistically high elderly or obese or otherwise higher health risk population is compared to one that serves a relatively young and healthy population. Is there some form of “base line” measurement done and the ACO is measured based on improvement from there?