Today, among other talks, I was able to hear Dr. Deborah Peels “Views from the top” session entitled “The Privacy Imperative in Healthcare IT”.
Technically, she did not say anything specifically about open source software (she did mention VA VistA)
It was an excellent talk, and it has addressed several of the concerns that I have raised in the past over at FredTrotter.com. Since I have criticized here there, I thought I should discuss Meeting Dr. Peel over at my other blogging home…
This “eWeek article”:http://www.eweek.com/article2/0,1895,1879716,00.asp
announces a petition that putportedly will help protect patient privacy.
The petition being circulated by the Patient Privacy Rights Foundation and the Electronic Privacy Information Center states that patients should be able to choose who can view medical records, explicitly bars employers from viewing employees’ medical records and states that sharing private information should not be a precondition of receiving care.
As an example of what *could happen* with proposals like this; “Also this week, the Commission for Systemic Operability released 14 recommendations to ease the creation of systems that could instantly supply a patient’s health information when necessary.”. See this URL “http://www.aclu.org/pizza/”:http://www.aclu.org/pizza/
WPC has released Open Source schemas representing the HIPAA transaction sets. Representing HIPAA EDI data in XML just became much easier. WPC, publisher of Electronic Data Interchange (EDI) transaction implementation guides adopted under HIPAA, is pleased to announce the release of W3C complaint XSD, Open Source Schemas, under the GNU license. Created directly from the same database as the federally mandated implementation guides, WPC schemas provide a single source for an XML representation of the HIPAA transaction standards.
You can find more information and downloads here.
The San Mateo County Times has a story on the problems associated with HIPAA: ‘…Under the rules, hospitals have to allow patients to opt out of the hospital directory to preserve their privacy. Suburban Hospital, though, presumes that patients want to be kept out of its directory unless they opt in. That may seem like little more than semantics. But if someone is unconscious or otherwise unable to choose, the patient will not be in the directory, and relatives and friends may have trouble finding him…’
http://www.snapinhipaa.com has some [Linux and open source] product offerings that might be of interest to your readers. We have what we think is the first open source Internet EDI gateway product. SolAce Server was designed to do reliable, secure messaging in compliance with the HIPAA Security Rule. It was written in Java so it runs on multiple platforms. An open source client hasn’t been created yet, but since the server supports both hub-and-spoke and point-to-point topology you can use two SolAce Server instances to do real-time EDI [Electronic Data Interchange] messaging between two machines. If you’re using FTP as your messaging solution, you should really check this one out! The other product is named SolAce Electronic Medical Claims and integrates with any practice management system to generate and process HIPAA EDI transactions without double entry. It transmits directly to many government carriers and Blues, bypassing clearinghouses and their charges. Support for UB92 and DME is being added, but it already supports a ton of fields over a typical clearinghouse. I mention it here because it runs on Linux and Mac OS X!
Jeff Benjamin, President
Ivertex / www.ivertex.com
Slashdot has a discussion up on the conundrum of software updating and HIPAA compliance: “…After reading the discussion on here about the new EULA for Win2k SP3, I had a disturbing thought. As far as I can tell, if you use Windows 2000 then you’re going to be out of compliance whatever you do. If you install the patch, then theoretically Microsoft could access those medical records (possibly by accident) without ‘due cause or need’ in the process of updating your machine. If you don’t patch your system then you’ll fail the security requirements of the law…”
Health Leaders Daily News has a feature article on HIPAA’s impact on Radiology: ‘…If radiology images and reports were confined to the radiology department, implementing HIPAA privacy and security regulations in the industry would not be as challenging because the problems could be localized and manageable. But images and reports are distributed and accessed by personnel throughout the hospital (in the ER, ICU, etc.), and even by physicians outside the hospital. With the advent of digital archiving and transmission of images and reports, the HIPAA challenge becomes even greater. Proper access control, authorization and subsequent audit trails are critical…
The medical IT industry faces its ‘stickiest challenge’ says an Infoworld article about the new Health Insurance Portability and Accountability Act (HIPAA) recently re-affirmed by president Bush: ‘…he long journey to electronic records was meant to unfold around a package of “interlocking” federal rules, which include standards for transmitting health data, privacy guidelines for data sharing, and standards for ensuring the security of medical data. But satisfying the cumbersome privacy component — which requires notifying patients as to how data will be used, kept, and disclosed; offering patients a chance to see and amend records; and asking for patient consent before disclosing data — has posed the stickiest challenge to health care IT staffs…’