Aleksandra Vold’s Post

Judge rules in favor of AHA vacating HHS online tracking ‘bulletin’ as unlawful and beyond agency authority Many people may recall the U.S. Department of Health and Human Services (HHS’) guidance on the use of pixels and online tracking technologies on HIPAA-covered entity websites, like hospitals and healthcare orgs (HHS has actually issued at least 3 separate guidance pieces on this topic, in 2022, 2023 and 2024). You may also recall that in November 2023, the American Hospital Association (AHA) filed a lawsuit challenging HHS’ authority to make such a rule, as well as the process HHS followed. Last week, a federal judge in Texas issued an opinion and order vacating the part of HHS/OCR’s guidance restricting a CE’s use of online tracking technologies on unauthenticated public webpages (“UPWs”). Of course, the reality of the matter is that this is still only a lower court decision, and not yet definitive precedent; not to mention that this decision can be appealed, stayed, etc. So while everyone should consult their own legal counsel, it would appear that the option of least risk – at least at the moment - is for covered entities to continue avoiding using tracking technologies and analytic tools on any of their public webpages, to the extent that there is the potential for collection of PHI on those pages. Finally, FWIW, one paragraph in the TX decision that I personally found especially interesting - because it specifically identified situations where even the TX court would agree that a visitor to a UPW would be deemed to be disclosing IIHI (and thus be engaged in a HIPAA-covered disclosure) - was as follows:  "If a covered entity’s UPW greets visitors with a dropdown box requesting their subjective motive for visiting the page, that would be one thing. The Department can and should remind covered entities that the Privacy Rule would apply in those circumstances. But absent such an admittedly bizarre scenario, the Proscribed Combination cannot become IIHI as unambiguously defined." (p. 25). #meta #pixels #HHS #HIPAA #hospitals #PHI #protectedhealthinformation https://lnkd.in/e8GEesMk

As healthcare practitioners we want and will always look for ways to enhance patient safety, build positive patient outcomes, restore wellbeing and protect data privacy. At CTI, and through Regenemm Healthcare we believe the patient ultimately owns their data. We will build this into patient consent management modules. Patient's health == Patient's data #dataprivacy #datasecurity #gdprcompliance #hipaa #patientcare

Historically, healthcare regulations primarily focused on patient safety, quality of care, and standardization. However, the modern healthcare ecosystem faces multifaceted challenges that demand a more comprehensive approach to regulation. The integration of technology, personalized medicine, data privacy concerns, and the rise of global health crises have compelled regulatory bodies worldwide to reassess and recalibrate existing frameworks. I explore this in my latest blog, available here: https://bit.ly/3RG7lol Colliers Healthcare | U.S.

Explore the secrets to maintaining patient confidentiality in healthcare! Learn about legal aspects, safeguarding patient data, and efficient response to breaches. Discover why trust is key, and how healthcare providers can uphold patient confidentiality while delivering top-notch care. Read more: https://bit.ly/3vdul6O #prgmd #privacymatters #confidentialityfirst #respectpatientprivacy #ethicalhealthcare #trustinmedicine #protectpatientdata #legalresponsibility #patientrights #securingconfidentiality #healthyboundaries #physiciansrevenuegroup

Ladies and gentlemen, start your texts.   Texting patient information and the texting of patient orders among members of the health care team is now permissible, if accomplished through a HIPAA compliant secure texting platform (STP) and in compliance with the Conditions of Participation (CoPs), according to a recent CMS memorandum. See link below.   Sometimes healthcare does catch up to the present. I can almost picture the CMS boardroom meeting two weeks ago, an administrator standing up and saying: “Can I have your attention please? A new device has come to my attention. Ladies and gentlemen, I bring you… the Blackberry!” But seriously, CMS permitting texting of orders is a big deal. How the text then gets into the medical record is the next problem to be solved. But baby steps. Some hospitals and EHR vendors have already figured this out. Other noteworthy guidance from the transmittal: ·     Effective date is immediate (as of Feb. 8, 2024) ·     Computerized Provider Order Entry (CPOE) continues to be the preferred method of order entry by a provider, per CMS. ·     To comply with the CoPs, all providers must utilize and maintain systems/platforms that are secure and encrypted and must ensure the integrity of author identification as well as minimize the risks to patient privacy and confidentiality, as per HIPAA requirements. ·     Providers should implement procedures/processes that routinely assess the security and integrity of the texting systems/platforms to avoid negative outcomes that could compromise the care of patients. ·     Send your questions to [email protected]

Texting is now HIPPA permissible.

Information Blocking Will Cost Hospitals, Other Providers Under Proposed ONC Rules When Congress passed the 21st Century Cures Act in 2016, a major area of emphasis was to make it easier for patients and their healthcare providers to access and utilize the rapidly increasing amount of personal health data. The challenge had two key components: a technical one, which involves making it easier to share data across disparate healthcare information technology (HIT) platforms; and a behavioral one, which involves teaching the industry to unlearn the impulse to keep data under lock and key for privacy and self-interested proprietary reasons. Click the link below to read the full story.

The ongoing dispute between Epic and Particle Health highlights critical challenges in the healthcare data exchange landscape. Epic's decision to restrict data requests from Particle Health, citing privacy concerns and potential HIPAA violations, raises significant questions about transparency and trust in health data networks. This case exposes the need for clearer rules and better governance in data sharing practices. As healthcare continues to evolve with digital transformations, it’s crucial to balance patient privacy with the need for seamless data flow to enhance treatment outcomes. What steps should be taken to ensure data exchanges are secure and ethical? How can the industry enforce transparency without stifling innovation? #HealthTech #DataPrivacy #DigitalHealth #HIPAA Compliance

Leveraging data is becoming ever more important in #healthcareadministration. Tools and strategies that are seen as a luxury today will soon be an integral part of meeting #qualitystandards for participation in #incentivebased models of government and commercial payors.

The Match IT Act of 2024, now before Congress, would create a federal definition for ‘patient match rate’ that providers would address as they would a clinical quality measurement KEY TAKEAWAYS Difficulties in matching patients to their medical records cost healthcare providers millions of dollars each year, causing unnecessary procedures, patient harm, and some deaths. Federal regulators and the healthcare industry have long argued over creating a unique patient identifier that would give each patient a code, like a social security number, to match that person to their medical records. A new bill before Congress would bypass that argument and create a national standard for patient matching, giving providers a bar to meet in matching patients to their records.