HIPAA Blog

[ Wednesday, November 11, 2009 ]

 

What if Quizno's Were Run Like Healthcare? This is pretty funny, and goes a long way to explain what's wrong with the healthcare system.
Jeff [11:34 AM]

[ Tuesday, November 10, 2009 ]

 

Anthem BCBS (Connecticut) Data Breach: I noted below that Anthem Blue Cross Blue Shield had a laptop stolen that had data on about 18,000 doctors, including some social security numbers (not PHI, though, so it's [probably] not a HIPAA violation). The information was unencrypted, which was against company policy. Well, the Connecticut AG is on the case, alleging Anthem of acting too slowly in notifying the victims and not providing enough credit protection to the doctors.

This will be interesting to watch, since it might be a little taste of what we'll be in for when state AGs get to enforce HIPAA.
Jeff [10:31 AM]

[ Thursday, November 05, 2009 ]

 

Interesting Georgia personal representative decision: Well, interesting if you're a HIPAA geek. The Georgia Supreme Court has ruled that a spouse of a deceased person is that person's "personal representative" for HIPAA purposes. It seems the complicating factor in Alvista Healthcare Center v. Miller was the fact that the information was being sought by the surviving wife who was pursuing a wrongful death action on her own behalf against the nursing home, and no executor of the estate of the deceased husband had been appointed yet. The court found no problem with the wife obtaining the records in her capacity as personal representative of her deceased husband and then using the information in connection with her personal cause of action for wrongful death; since she's not a covered entity, the nature of her intended use is irrelevant if she has authority to obtain the information in one capacity or another.

Via BNA. Story here, opinion here (may need a subscription).
Jeff [10:19 AM]

[ Tuesday, November 03, 2009 ]

 

Data Breach experience: Here's an interesting first-person perspective of a data breach victim. Understandable (if not really balanced) concerns about the ability of research organizations to use data without consent.
Jeff [10:57 AM]

[ Monday, November 02, 2009 ]

 

Survey: As I mentioned below, SoftwareAdvice is taking a survey on EMR adoption. They've decided to hold the survey open until Thursday, November 5th to see if they can compile more data. You can take the survey here.
Jeff [11:40 AM]

 

Miami HIPAA/ID Theft sentencing: As noted below, the Miami ID theft ring at Palmetto General Hospital resulted in two convictions of a medical records employee and an outside accomplice. The hospital employee got 2 years and 5 days (?) and the accomplice got 11 months in jail.

Via BNA (subscription required).
Jeff [10:44 AM]

[ Saturday, October 31, 2009 ]

 

Red Flags Update: I didn't see this until this morning, but knew it was coming. Sunday is November 1, the date the much-delayed Red Flags Rule would become enforceable against "creditors" (financial institutions, which obviously ought to implement identity theft prevention programs, have been under the Red Flags Rule for about a year). And when the eve of enforcement rolls around, FTC punts. Which they did yesterday, delaying enforcement all the way to June 1, 2010. This time the delay was requested by members of Congress: the House has already passed, 400-0, legislation removing professional practices with fewer than 20 employees and certain other businesses that meet certain characteristics indicative of a low risk of ID theft, but the Senate has not moved a bill yet.

Coincidently, this happened the same day that a Federal Judge ruled that the FTC cannot enforce the Red Flags Rule against attorneys.
Jeff [9:44 AM]

[ Friday, October 30, 2009 ]

 

Cost-efficient technology: HIPAA issues abound, obviously, but there sure are some good iPhone and smartphone apps that doctors and patients can use that deliver a big bang for the buck.
Jeff [9:48 AM]

[ Thursday, October 29, 2009 ]

 

Red Flags and Small Businesses: To stop ID theft, businesses need to follow the Red Flags Rule. TJMaxx and other high-profile breaches show that. But is it even more important for small businesses to follow the Red Flags Rule? Some say so.

Pro: small businesses have less technology, so lower technological defenses against ID theft. They also tend to be more likely to fall victim to social engineering activities. They also can't bear the potential cost of a data breach/ID theft claim, since they have fewer customers to spread that cost/risk over.

Con: they tend to know their customers better and are more likely to ask questions. With fewer customers, they are more likely to notice an abberation, since their customers will fall into a tighter pattern of behavior and account activity. They have less staff to bear the bureaucratic burden of compliance with regulations like the Red Flags Rule.

Arguments both ways.
Jeff [8:54 AM]

[ Wednesday, October 28, 2009 ]

 

Arkansas Snoopin' update: Sentences have been handed down in the Little Rock, Arkansas snoopin' case, which involved the brutal murder of Ann Pressly, a Little Rock news anchor. A doctor and two hospital employees were caught accessing the medical records of the victim, and have each been sentenced to a year's probation, plus fines and community service.
Jeff [1:38 PM]

 

EHR Adoption Due to Stimulus Bill Provisions: Have the EHR provisions in the so-called Stimulus Bill impacted your decision and/or timing about adopting electronic medical records? The folks at SoftwareAdvice are surveying folks to see if the statutory changes caused healthcare providers to take action, or just go looking. Go take the survey if you have any insights.
Jeff [11:14 AM]

 

5 Vulnerabilities that Lead to Identity Theft: Interesting article in InfoWeek's Dark Reading on areas to watch for ID theft. I thought it would be about specific items and behaviors that could pose risks, but it's more global than that. Interestingly, #5 is "Healthcare."
Jeff [8:41 AM]

[ Monday, October 26, 2009 ]

 

Curb Your Enthusiasm: The digitization of medical records is not the cure-all some claim it will be. As with just about every other component of the health reform debate, nothing will be as good (the public option will end the uninsured problem), bad (death panels will kill grandma), or efficient (cutting fraud and abuse will save $500 billion) as the most vocal proponents/critics say. Here, the Washington Post points out that not everyone thinks electronic medical records are a panacea.
Jeff [10:20 AM]

[ Thursday, October 22, 2009 ]

 

Cost of a (non-HIPAA) Data Breach: FTC fines ChoicePoint $275,000 for 2008 breach.
Jeff [9:54 AM]

[ Wednesday, October 21, 2009 ]

 

Hospital bans Facebook: New England Baptist Hospital has banned its employees from using Facebook at work over privacy and time-wasting concerns. The second concern is definitely apt; as for the first, that's probably punishing the medium when the message is the potential problem. It's an interesting dilemma for all businesses, but the privacy/patient information issue is particularly relevant for healthcare concerns. Ultimately, every organization needs a social media policy.
Jeff [7:34 AM]

[ Tuesday, October 20, 2009 ]

 

Red Flag Reduction Reax: Some disagree with the new legislation to exempt small providers from the Red Flags Rule.
Jeff [8:57 AM]

[ Monday, October 19, 2009 ]

 

Second Life: Interesting article on Children's Memorial Hospital in Chicago's use of Second Life for training and peer support for disabled patients. I'm still not very sure how to purposefully navigate through Second Life: I have an identity there and an avatar that looks nothing like me, thankfully, but have never had any successful interactions there. Is there a "Second Life for Dummies" site somewhere?
Jeff [8:03 AM]

[ Thursday, October 15, 2009 ]

 

RED FLAGS UPDATE:
In case you're following the Red Flags issue (the latest FTC compliance date was shifted to November 1), here's some big, big news: The House Financial Services Committee has quickly (and without Republican objection) moved forward a bill that would fully exempt healthcare, legal, and accounting firms with fewer than 20 employees from the definition of "creditor" under the Red Flags Rule. It will also allow any company to seek an exemption directly from the FTC.

You can read below (and here, here and here) some of my other posts, but the gist is this: The FTC passed rules required by Congress under FACTA that require financial services companies and "creditors" to adopt identity theft prevention programs designed to spot "red flags" indicating that a customer may be a victim of identity theft. "Creditors" is broadly defined, so the AMA wrote a letter to the FTC asking for clarification that doctors aren't "creditors" generally. The FTC wrote back and said almost all doctors are, which started a war of words between the FTC and the AMA (and a bunch of other physician organizations), but which also led the FTC to serially delay the effective date of the Red Flags Rule. Further, the ABA took a more direct route, suing the FTC to remove lawyers from the definition of "creditors." As far as I know, the AICPA has sat on the sidelines, figuring they'll get the benefit of the efforts of the doctors and lawyers.

This Congressional action will settle the matter for small practices of lawyers, doctors and accountants, but won't impact the issue for larger organizations. It will be interesting to see if conceding the fight for the majority of AMA members will cool the AMA's lather; I don't suspect this will have any impact on the ABA lawsuit.

UPDATE: the bill to limit the applicability of the Red Flags Rule to companies with 20 or more employees has passed the House. However, there's no companion legislation in the Senate at this time, so it might just die where it is.

UPDATE 2: should've mentioned that it passed the House 400-0. Can't they get someone in the Senate to pick it up?
Jeff [9:48 AM]

[ Tuesday, October 06, 2009 ]

 

Express Scripts: a 2008 successful hacker into the pharmacy benefits management company's data base might have exposed personal information 700,000 people.
Jeff [11:57 AM]

 

FTC Endorsement Rule: In light of the (unconstitutional) FTC guidance published yesterday requiring bloggers to disclose any compensation for endorsement, let me state that anyone listed under the "Advertisers" to the left has paid for that spot. Most of the "Links" are unpaid, but some might've plied me with liquor. Rest assured, the grand total of what I've been paid in cash for posts or links during the entire 7.5-year run of this blog is less than what I charge for an hour of my time.

UPDATE: Like I was sayin': read Jarvis.
Jeff [9:29 AM]

[ Monday, October 05, 2009 ]

 

70,000,000 Records; Is That a Lot? The National Archives hosts a database that allows veterans to request copies of their medical records and discharge data. One of the hard drives went out, so the Archives sent it to the contractor to fix. The contractor couldn't fix, so it sent it to another contractor to recycle. Unfortunately, nobody scrubbed the data off of the drive, which may hold medical information and social security numbers for up to 70 million people. After all of the Stimulus Bill and Healthcare Reform talk of billions and trillions of dollars, I'm a little dazed, but it still seems like 70 million is a lot of folks. Of course, so far there's no indication that the information actually fell into the wrong hands, nor is there proof of just how much information was out there (tags like "up to" or "as many as" are pretty much red herrings), and the last time the VA had a big data breach, nothing came of it. But still, not something you want to see.
Jeff [1:50 PM]

 

Not what we intended: Congressmen react to Secretary Sibelius' "no harm" standard for notifying of data breach. Apparently, that's too loose a standard for the Congressmen, who did not intend for HHS to give away such a big escape hatch for data breachers.
Jeff [1:45 PM]

 

Data breach for physicians: Here's a twist. Yeah, it's the same old story of the stolen laptop, but this time the information was physician info (including some social security numbers), lost by an insurance company.
Jeff [7:38 AM]

[ Thursday, October 01, 2009 ]

 

Bookmark this Permalink: HHS has published its instructions for submitting a notice of a data breach involving PHI here. Count the number of affected individuals and follow the instructions.
Jeff [4:55 PM]

[ Friday, September 25, 2009 ]

 

Business Associate Agreements: The HITECH provisions of HIPAA contain some big changes for business associates, as well as some changes to business associate agreements. But the specifics aren't that well defined. What should you do? Should you amend your existing BAAs? Should you adopt a new form of BAA for new relationships, but keep the existing form to see what happens?

Well, according to Susan McAndrew, OCR's deputy director for health information privacy, HHS is drafting rules that specify what need to go into your BAAs. My advice so far has been to wait; maybe you should adopt some new, relatively generic references to the new HITECH provisions and put them into your standard form BAA, but don't worry about amending your existing BAAs. I'm sticking with that advice.

Jeff [10:18 PM]

[ Thursday, September 24, 2009 ]

 

New York: Here's a story (subscription required) about a NY scam similar to the Miami scam mentioned Tuesday. A lawyer and seven employees of a public hospital were arrested for running a scam where medical information of auto accident victims was taken by the hospital employees and sold to the lawyer, who used the information to file personal injury suits and get the patients unnecessary care at clinics that were part of the scam. The scam works particularly well in "no-fault" auto insurance states like NY.
Jeff [9:26 AM]

 

Social Media in Healthcare: I'll be speaking again next year at Q1 Production's 2nd Annual Healthcare New Media Marketing Conference, this time in Chicago. June 14-15, 2010. I'll be discussing the legal implications of using social media in healthcare, particularly in healthcare marketing.
On that note, here's a story about a hospital system and a physician recruiting agency using Facebook and Twitter to pursue their physician recruiting efforts. To paraphrase Willie Sutton, you gotta market where the customers are.
Jeff [9:16 AM]

[ Tuesday, September 22, 2009 ]

 

Twitter: Here's a Good Question. Answer: not if there's no PHI. Tweets are very short; most wouldn't be identifiable.
Jeff [6:11 PM]

 

More Miami Misappropriation: I think this is a spill-over and an addition of new parties to a previous story, but a Miami cosmetician has pled guilty to buying medical records for resale to a plaintiff's lawyer, who would solicit the patients to become his clients.

Like one of the commentators says, it's 99% of the lawyers that give the rest a bad name.

Jeff [11:17 AM]

[ Thursday, September 17, 2009 ]

 

Off Topic: Health Reform: Interesting article.
Jeff [12:16 PM]

[ Monday, September 14, 2009 ]

 

Cool: I'm a top 25 blog for nursing assistants and CNAs.
Jeff [3:41 PM]

[ Wednesday, September 09, 2009 ]

 

Business Associate compliance: As you know, HITECH added a layer of responsibility onto business associates, so they are effectively treated as covered entities for many purposes. This means covered entities and business associates need to beef up their compliance efforts. Here are some more goodies from Dom Nicastro on where you can start.
Jeff [8:58 AM]

[ Friday, September 04, 2009 ]

 

Physician trends and information: This is a pretty fascinating study from the Center for Studying Health System Change on current statistics relative to US physicians. 3/4 of practicing doctors are white; 3/4 are male; about half of doctor revenue comes from Medicare and Medicaid; most doctors provide some charity care to financially strapped patients, with the charity care rates going up with the income of the doctor and the years in practice. 4 out of 5 doctors work 40 hours per week or more. 90% of doctors are board certified. 1/3 of doctors make $150,000 per year or less, and 1/3 make over $250,000. Of all the major medical specialties, pediatricians are the most satisfied with their careers.

I could go on all day; check out the report yourself.

Jeff [10:40 AM]

[ Friday, August 28, 2009 ]

 

Paging the AMA: Here's how you do it. The AMA (American Medical Association) has been fighting the FTC over whether doctors should be subject to the Red Flags Rule, and the FTC just won't agree to the AMA's perfectly good reasons. The ABA (American Bar Association) has had the same complaint with the FTC, although the ABA has been much more aggressive, not waiting for the FTC to specifically call out lawyers to be subject to the rules. Even without the FTC saying lawyers should be subject to the Red Flags Rule, the ABA has now sued the FTC, demanding they specifically agree that lawyers aren't subject to it.

C'mon, docs, start acting like lawyers.

Jeff [9:49 AM]

[ Tuesday, August 25, 2009 ]

 

Self-diagnosing your network: Here's a pretty good paper, from Tripwire and InformationWeek, on your network and your HIPAA responsibilities. It requires free registration, but it's worth it.
Jeff [9:12 AM]

[ Friday, August 21, 2009 ]

 

Interim Final Rule on Breach Notification: The reviews are in. Some point out the new burdens (particularly due to the extreme limitation on what counts as "secured" PHI), some the improved features (like the harm threshold, allowing providers to not report breaches if there's little likelihood of harm).
Jeff [9:04 AM]

[ Wednesday, August 19, 2009 ]

 

Health Reform: Another excellent article outlining the problems with the current proposals and some principles, if not outright proposals, for reforms that might be effective.
Jeff [4:24 PM]

[ Monday, August 17, 2009 ]

 

FTC issues by the deadline, HHS not so much: The Federal Trade Commission made the HITECH deadline to issue guidelines for PHR vendors and application providers to track and report data breaches. The deadline for doing so as mandated by HITECH was today. HHS was supposed to provide the same information, but didn't (although rumor says they'll be out tomorrow). They were without a secretary for a while, and I know my office grinds to a halt when my secretary Alice is gone, so I'll cut them a break. Don't know if they'd be that ready to cut ME a break, though. . . .

UPDATE: HHS got them out today, 8/19.

Jeff [5:35 PM]

 

Here's a large corporate identity theft case.
Jeff [4:23 PM]

[ Friday, August 14, 2009 ]

 

Healthcare Reform: "Death panels." Much has been made of this. Sarah Palin referred to them in calling Obamacare "evil:"

“The Democrats promise that a government health care system will reduce the cost
of health care, but as the economist Thomas Sowell has pointed out, government
health care will not reduce the cost; it will simply refuse to pay the cost. And
who will suffer the most when they ration care? The sick, the elderly, and the
disabled, of course. The America I know and love is not one in which my parents
or my baby with Down Syndrome will have to stand in front of Obama’s ‘death
panel’ so his bureaucrats can decide, based on a subjective judgment of their
‘level of productivity in society,’ whether they are worthy of health care. Such
a system is downright evil.”

Now, to be fair, the bill in question provides compensation to doctors for having consultations with patients to discuss their options in respect to end-of-life care decisions. The doctors will be guided by a government panel of experts, presumably housed somewhere in the "Federal Coordinating Council for Effectiveness Research." Here's how President Obama sees it happening:

"LEONHARDT: And it's going to be hard for people who don't have the option
of paying for it.
THE PRESIDENT: So that's where I think you just get into
some very difficult moral issues. But that's also a huge driver of cost, right?I
mean, the chronically ill and those toward the end of their lives are accounting
for potentially 80 percent of the total health care bill out here.
LEONHARDT:
So how do you - how do we deal with it?
THE PRESIDENT: Well, I think that
there is going to have to be a conversation that is guided by doctors,
scientists, ethicists. And then there is going to have to be a very difficult
democratic conversation that takes place. It is very difficult to imagine the
country making those decisions just through the normal political channels. And
that's part of why you have to have some independent group that can give you
guidance. It's not determinative, but I think has to be able to give you some
guidance. And that's part of what I suspect you'll see emerging out of the
various health care conversations that are taking place on the Hill right now."

Now, that's not exactly a panel of government bureaucrats deciding, "No Procrit for you!" because you're old or disabled. But it definitely is a government panel advising physicians on how to advise patients regarding end-of-life issues, which the physicians are incentivized (i.e., paid) to provide. My dictionary includes as a definition of "death" the "end of life." So there's a government panel advising physicians on advising patients about death. Is "death panel" a grossly exaggerated phrase? Add to that the fact that this is in a bill that's supposed to "bend the healthcare cost curve" down; is it unreasonable to think that the "panel" and the consultations would encourage a reduction in that "driver of costs"? Especially when you consider the various sources of input to the Obama Administration.

Consider this as well: The Senate Finance Committee dropped the provision from its package. "We are working very hard to avoid unintended consequences by methodically working through the complexities of all of these issues and policy options," Iowa Sen. Chuck Grassley, the ranking Republican on the Senate Finance Committee, said in a statement. "We dropped end-of-life provisions from consideration entirely because of the way they could be misinterpreted and implemented incorrectly."

So apparently even the Senate drafters of the legislation noted how the language could be construed that way. Personally, I agree with Althouse: I think it's a bit of hyperbole (a "polemical" is a good descriptor). But that doesn't stop the journalism community from deeming it an outright lie. From an email from the Columbia Journalism Review: "The health care debate is too important to be muddied up with lies, but, well, there they are. In the first of a series we're calling Straight Talk, CJR's Trudy Lieberman traces the history of a particularly nasty fabrication—that reform legislation includes a "death panel" that will decide who should get treatment—back to its dubious source."

Like I said, it's not a lie. There will be panels that will advise doctors on end-of-life (i.e., death) issues, and that panel will focus on cost-benefit analyses. That panel will advise doctors, who will be paid to advise their patients regarding end-of-life (i.e., death) issues. At least it's not a lie like "I have not said that I was a single-payer supporter."

Now, I think it's true that the vast majority of our healthcare spending is focused on the last few months or years of life, and a lot of that money returns relatively little in value. I certainly think people should consider the cost of the care they want versus the benefit it will provide. But who should make that decision, the person paying or the person receiving the care?

Therein lies the underlying problem: OPM. Yes, I've said it before, but the problem with our healthcare system always comes back to "other people's money." If the person receiving the care is also the person paying the money for the care, then the decision is made by the person impacted, and whatever the decision, it's the right one.

Jeff [2:07 PM]

[ Thursday, August 13, 2009 ]

 

OT: Beer. Forget about the watermelon wheat beer I bottled last Sunday, this is sick (and I mean that in the good way [I think]).
Jeff [1:24 PM]

[ Wednesday, August 12, 2009 ]

 

Health Reform: The Whole Foods alternative to ObamaCare.
Jeff [4:54 PM]

[ Friday, August 07, 2009 ]

 

Healthcare Reform: This may be the best article I've read so far. And he's right: our healthcare system isn't broken, it's amazing. It's not perfect, but it's amazing. If we changed the way we pay for it, and managed our expectations regarding what we can have and how much it really costs, we might be able to continue it.
Jeff [11:36 AM]

[ Thursday, August 06, 2009 ]

 

Miami medical record theft case: I saw this on BNA this morning (subscription required):

"A South Florida man was indicted on multiple criminal counts for allegedly paying a technician at Miami's Jackson Memorial Hospital to provide him with confidential patient information that he in turn would sell [to an unnamed personal injury lawyer], federal prosecutors announced July 31 (United States v. Rodriguez, S.D. Fla., No. 1:09-CR-20623-JAL, indictment unsealed 7/30/09)."

The ultrasound tech, Rebecca Garcia, had already pled guilty to one count of wrongful disclosure of individually identifiable health information.

Jeff [11:40 AM]

[ Wednesday, August 05, 2009 ]

 

Off topic: This is sad. He was an unbelievable surgeon, but more so a great man. I was fortunate to call him a friend.
Jeff [11:24 PM]

 

Health Reform: Interesting op-ed on the Wyden-Bennett Healthy Americans Act. I don't know what other baggage comes with the Act, and I don't know if it's really appropriate for the federal government to mandate that free people buy health insurance, but that may be the only alternative to allowing providers to refuse to provide care without payment. Since the latter alternative isn't viable, and we're going to require providers (at least hospitals) to treat all comers, then maybe everyone should be required to have insurance. At the very least, this is a nice incremental approach to what is perceived as the healthcare problem. William of Occam would approve.
Jeff [12:17 PM]

[ Monday, August 03, 2009 ]

 

Social Media: Somewhat off-topic (since most of my social media posts relate to social media and medical record privacy, or the use of social media in healthcare advertising), but this story is a good reason to be careful when you're using any sort of social media. If you use it (facebook, twitter, etc.) for personal stuff, be very careful about mixing in business, and vice versa.
Jeff [2:40 PM]

 

OCR Takes Over Security: Apparently, HHS will issue a Federal Register notice today that authority for administering, monitoring, and enforcing the HIPAA Security Rule will shift from the Centers for Medicare and Medicaid Services (CMS) to the HHS Office of Civil Rights (OCR). OCR has always had responsibility over the Privacy Rule, but the Security Rule, which came out two years later, was delegated to CMS. I had always interpreted this as an indication that the Security Rule would be more aggressively and seriously enforced, since OCR does not have the reputation as a "watchdog" agency; that reputation has played out in the fact that there have been few Privacy Rule penalties levied by OCR, and OCR has been fairly easy to deal with when providers have gotten into trouble. However, it's not like CMS has been a regulatory bulldog with respect to the Security Rule. Since Privacy and Security do intermix, it does make sense that the same agency would have oversight; however, if you had told me yesterday that they would've been merged, I would've expected the shift to be from OCR to CMS.

Hat tip: Vicki Hohner, Fox Systems

Update: More (remarkably insightful) analysis here.

Here's the Federal Register posting.

Update II: still more analysis here and here.

Jeff [10:22 AM]

[ Friday, July 31, 2009 ]

 

Interesting Dallas near-HIPAA prosecution: Computer hacker attacked hospital computers, but got caught. "Ghost Exodus" is not charged with violating HIPAA, but rather 2 counts of transmitting a malicious code. Could get 20 years in jail. Don't think he got anything out of it but not-so-cheap thrills.
Jeff [3:07 PM]

 

Health Reform: this is good, too.
Jeff [10:16 AM]

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template

[ Advertisers ]
Electronic Medical Records

Health Insurance from AIG

Canada Online Pharmacy

[ HIPAA Training]

Auditing Requirements and IT Responsibilities for HIPAA electronic record security regulation

Be Prepared for a HIPAA Security Audit

HIPAA Compliance and Workforce Training for Medical Practices

A discussion of medical privacy issues buried in political arcana

E-mail me at jdrummond-at-jw.com

- Archives - March 2002 April 2002 May 2002 June 2002 July 2002 August 2002 September 2002 October 2002 November 2002 December 2002 January 2003 February 2003 March 2003 April 2003 May 2003 June 2003 July 2003 August 2003 September 2003 October 2003 November 2003 December 2003 January 2004 February 2004 March 2004 April 2004 May 2004 June 2004 July 2004 August 2004 September 2004 October 2004 November 2004 December 2004 January 2005 February 2005 March 2005 April 2005 May 2005 June 2005 July 2005 August 2005 September 2005 October 2005 November 2005 December 2005 January 2006 February 2006 March 2006 April 2006 May 2006 June 2006 July 2006 August 2006 September 2006 October 2006 November 2006 December 2006 January 2007 February 2007 March 2007 April 2007 May 2007 June 2007 July 2007 August 2007 September 2007 October 2007 November 2007 December 2007 January 2008 February 2008 March 2008 April 2008 May 2008 June 2008 July 2008 August 2008 September 2008 October 2008 November 2008 December 2008 January 2009 February 2009 March 2009 April 2009 May 2009 June 2009 July 2009 August 2009 September 2009 October 2009 November 2009

[ Links ]
Jackson Walker home page
My (official Jackson Walker) Bio
HHS' Administrative Simplification page
OCR's HIPAA Privacy page
NIST's HIPAA Security Implementation page
HIPAA.org page
TCS standard-setting
HIPAA Summit's page
Harvard's HIPAA colloquium
Workgroup for EDI
Siemen's HIPAA page
Phoenix Health System's HIPAAdvisory
Beacon Partner's HIPAAcomply
FindLaw's HIPAA law page
HIPAAComplete
HIPAADocs
AMA's HIPAA page
AHA's semi-HIPAA page
American Health Lawyers Assn
SHARP (the Southern SNIP)
Boundary Information Group's HIPAAinfo.net
HIPAA academy
MedAbiliti's Health Innovation Daily News
Thompson-West's Privacy Litigation Reporter
HIPAAnswers (HIPAA compliance solutions)
Healthcare Intelligence Network Blog
Prescription Drug Encyclopedia
Compliance Home Portal
HIPAA Training (Supremus Group)
MPMsoft (HIPAA-compliant billing software)
Canada Online Pharmacy
DMEPOS Surety Bonds

[ WebRings ]
< ? law blogs # >

[ Syndicated RSS Feed ]
Click Here