Wednesday, December 31, 2008

10 Things Small Business Owner Should Do In 2009

A post on the Top 10 Things Every Small Business Owner Should Do in 2009 by Guy Kawasaki came across my screen this morning via @paulhelmick and caught my eye.

Great advice for any business person to consider and "do" in 2009. We can all do better at understanding how our customers view us and improving on the service or product we offer them.

Thursday, December 18, 2008

ESPN World's Strongest Man Competition 2008 - Charleston WV







Everyone be sure sure to tune in to the ESPN World's Strongest Man Competition 2008 starting to air on ESPN2 on December 25 (7pm-1am) and ESPN on December 28 (1pm-7pm).

Charleston, West Virginia played host to the 2008 competition. I look forward to ESPN showing off the beauty and positive aspects of Charleston and West Virginia. Also, the hometown of the 2006 World's Strongest Man, Phil Pfister.

UPDATE: Today's Charleston Daily Mail  issues official announcement of the airing of 2008 World's Strongest Man Competition on ESPN.

Monday, December 15, 2008

ONCHIT Issues Nationwide Privacy and Security Framework for Electronic Exchange of Health Information

Today the Office of the National Coordinator for Health Information Technology (ONCHIT) issued The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. The summary states that the framework creates a set of consistent principles to:
". . .address the privacy and security challenges related to electronic health information exchange through a network for all persons, regardless of the legal framework that may apply to a particular organization. The goal of this effort is to establish a policy framework for electronic health information exchange that can help guide the Nation's adoption of health information technologies and help improve the availability of health information and health care quality. The principles have been designed to establish the roles of individuals and the responsibilities of those who hold and exchange electronic individually identifiable health information through a network."
Along with the Nationwide Privacy and Security Framework the Department of Health and Human Services (HHS) has issued The Health IT Privacy and Security Toolkit. The Toolkit includes new HIPAA Privacy Rule guidance documents developed by the ONCHIT and the Office for Civil Rights (OCR) to help facilitate the electronic exchange of health information.

Of particular interest to many interested in PHRs will be the OCR's guidance on Personal Health Records and the HIPAA Privacy Rule and the draft Draft Model Personal Health Record (PHR) Privacy Notice & Facts-At-A-Glance (the "Leavitt Label").

The Toolkit provides information and guidance focused around these key areas:
  • Individual Access Principle - Individuals should be provided with a simple and timely means to access and obtain their individually identifiable health information in a readable form and format.
  • Correction Principle - Individuals should be provided with a timely means to dispute the accuracy or integrity of their individually identifiable health information, and to have erroneous information corrected or to have a dispute documented if their requests are denied.
  • Openness and Transparency Principle - There should be openness and transparency about policies, procedures, and technologies that directly affect individuals and/or their individually identifiable health information.
  • Individual Choice Principle - Individuals should be provided a reasonable opportunity and capability to make informed decisions about the collection, use, and disclosure of their individually identifiable health information.
  • Collection, Use, and Disclosure Limitation Principle - Individually identifiable health information should be collected, used, and/or disclosed only to the extent necessary to accomplish a specified purpose(s) and never to discriminate inappropriately.
  • Data Quality and Integrity Principle - Persons and entities should take reasonable steps to ensure that individually identifiable health information is complete, accurate, and up-to-date to the extent necessary for the person's or entity's intended purposes and has not been altered or destroyed in an unauthorized manner.
  • Safeguards Principle - Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.
  • Accountability Principle - These principles should be implemented, and adherence assured, through appropriate monitoring and other means and methods should be in place to report and mitigate non-adherence and breaches.
I have only made an initial pass though the information and guidance documents. There is a lot to read and digest over the holidays. Please post in the comments your thoughts on the new federal principles and guidelines.

Does the Certificate of Need Law Benefit West Virginia?

Joe Letnaunchyn, CEO of the West Virginia Hospital Association, responds to the continuing discussion on the pros and cons of certificate of need regulatory oversight in West Virginia. The commentary, Certificate of Need Program Benefits West Virginia, appears in the most recent edition of the State Journal.

Mr. Letnaunchyn responds to the commentary by Dashle Gunn Kelley, dated October 30 2008, State Doesn't Need Certificates of Need, asserting that West Virginia "doesn't need certificates of need" to deliver health care. Mr. Kelley is a doctoral student in economics at West Virginia University and is an associate fellow for the Public Policy Foundation of West Virginia.

Throughout the year the Select Committee D - Health (Subcommittee Certificate of Need) - Interim has been looking at the issues involving certificate of need in West Virginia. Highlights of the Interim Meetings can be found here. I suspect that the discussion and debate will continue at the upcoming West Virginia Legislative session.

UPDATE (12/19/08): The latest edition of the State Journal contains a follow up commentary on West Virginia's certificate of need program. The commentary, Who Really Benefits from the Certificate of Need Program? was written by Russell S. Sobel, Ph.D., is professor of economics, holder of the James Clark Coffman Distinguished Chair at West Virginia University and editor of the book "Unleashing Capitalism: Why Prosperity Stops at the West Virginia Border and How to Fix It."

Tuesday, December 02, 2008

Reengineering Health Information Technology to Wire The Medical Home

Over at The Health Care Blog Dr. Kibbee issues Part 2 of his Confessions of a Physician EMR Champion, subtitled "A Conversation with American Physicians About How to Save Medicine in the Age of Information." The Part 2 post, Empowering Health IT for the Connected Medical Home, is a must read for all interested in the world of changing world of health/technology.

Dr. Kibbe lays out 5 areas that health IT should focus on to be empowering and disruptive to the current models:
  1. electronic data and information collection and access
  2. communications among providers and patients
  3. clinical decision support
  4. population quality, performance, and cost reporting
  5. consumer/patient education and self-management
He highlights the importance of stepping back and looking at the current EMR model (a bit of thinking outside the box):

There is nothing transformational or disruptive about EMRs because they have been designed to meet the functions and features of a status quo business model -- not the collaborative and participatory capabilities required of the business models of the future health system.

In this next installment of the conversation, I’d like to suggest some specific capabilities that health IT ought to empower doctors and health care teams to perform on behalf of, and in collaboration with, their patients.

I’m suggesting that we go back to the drawing board and design health IT that is truly a good fit for doctors and patients in a system that rewards quality, safety, and efficiency of care while working to keep people healthy, instead of simply adding up the charges when they’re sick.

I'm involved on a number of fronts looking at health information models for West Virginia that will improve the delivery of care and reduce the costs. Dr. Kibbee's comments and thoughts are valuable for others looking at these same issues.

Tip to Ted Eytan on the post.

Wednesday, November 26, 2008

Engage With Grace

Last month I had the opportunity to watch Alexandra Drane announce Engage With Grace: The One Slide Project at the Health 2.0 Conference in San Francisco. The idea behind the project is to get people to share just ONE slide that helps them and their loved ones talk about having a purposeful end-of-life experience.


Alexandra's talk personally touched me because my family went through a similar experience 30 years ago when I was 12 years old. My mother died at home with cancer in 1978. She had the opportunity to die at home surrounded by her 5 children because both my dad and uncle were her doctors. In the past and today, not all families are given this important choice. The memories I have of my mother's final days 30 years ago are still important to me today.

Last week, Matthew Holt who blogs at The Health Care Blog and Paul Levy, CEO of Beth Israel Deaconess Medical Center in Boston who blogs at Running A Hospital, spread the word to bloggers about a viral campaign (call it a blog rally) to raise awareness by encouraging families to discuss end of life care issues while gathering for the Thanksgiving holiday weekend.

For West Virginia readers who want to learn more about end of life care I recommend checking out the resources provided by the West Virginia Center for End of Life Care. There is also valuable information for health care professionals. Here individuals can find forms for the standard West Virginia Living Will and Medical Power of Attorney. The site also includes information, FAQs, list of West Virginia palliative/hospice providers and other resources.


Engage with Grace from Health 2.0 on Vimeo.

Below is a message being posted today and throughout the Thanksgiving holiday weekend at blogs around the country and the world:
We make choices throughout our lives - where we want to live, what types of activities will fill our days, with whom we spend our time. These choices are often a balance between our desires and our means, but at the end of the day, they are decisions made with intent. But when it comes to how we want to be treated at the end our lives, often we don't express our intent or tell our loved ones about it.This has real consequences.

73% of Americans would prefer to die at home, but up to 50% die in hospital. More than 80% of Californians say their loved ones “know exactly” or have a “good idea” of what their wishes would be if they were in a persistent coma, but only 50% say they've talked to them about their preferences. But our end of life experiences are about a lot more than statistics. They’re about all of us. So the first thing we need to do is start talking.

Engage With Grace: The One Slide Project was designed with one simple goal: to help get the conversation about end of life experience started. The idea is simple: Create a tool to help get people talking. One Slide, with just five questions on it. Five questions designed to help get us talking with each other, with our loved ones, about our preferences. And we’re asking people to share this One Slide – wherever and whenever they can…at a presentation, at dinner, at their book club. Just One Slide, just five questions. Lets start a global discussion that, until now, most of us haven’t had.
Here is what we are asking you: Download The One Slide and share it at any opportunity – with colleagues, family, friends. Think of the slide as currency and donate just two minutes whenever you can. Commit to being able to answer these five questions about end of life experience for yourself, and for your loved ones. Then commit to helping others do the same. Get this conversation started. Let's start a viral movement driven by the change we as individuals can effect...and the incredibly positive impact we could have collectively. Help ensure that all of us - and the people we care for - can end our lives in the same purposeful way we live them. Just One Slide, just one goal. Think of the enormous difference we can make together.

(To learn more please go to www.engagewithgrace.org. This post was written by Alexandra Drane and the Engage With Grace team)

UPDATE: Paul Levy provides a post-rally update thanking those engaging gracefully. There were well over 95 bloggers over the Thanksgiving holiday weekend helping to spread the word.

Monday, November 17, 2008

Blawg Review # 186: Blawgers Are All-A-Twitter

Res Ipsa Blog brings you this week's edition of Blawg Review -- Blawg Review #186. This edition begins with a summary of the raging Twitter Wars and includes a link to a post I did last week discussing some of the legal implications of live tweeting in health care.

Check out this week's edition for the latest law news from around the blogosphere.

Thursday, November 13, 2008

Medicare PHR Pilot Project

HealthcareIT News reports on the announcement of a Medicare personal health record (PHR) pilot project that will be made available to Medicare beneficiaries in Arizona and Utah.

The four PHR companies selected out of almost 40 who applied to participate in the pilot are: Google Health, HealthTrio, NoMoreClipboard.com and PassportMD.

The Arizona Republic has more on the pilot project. More background information on CMS's PHR projects.

Tip to iHeathBeat on the article.

UPDATE: Today's iHealthBeat indicates that interoperable PHRs could result in$21B savings per study conducted by Center for Information Technology Leadership. Read the press release and full Value of Personal Health Records report.

The Implications for Live Tweeting Surgery

Yesterday Robert Hendrick, health care disruptor (I mean that in a positive way) and co-founder of change:healthcare, live tweeted his laser ablation surgery at the Surgical Clinic in Nashville. He also tweeted the first installment of his surgery to remove his varicose veins -- Live from the Operating Room.

Robert and his counterpart, Christopher Parks, are all about transparency in health care, especially as it relates to payment issues. This serves as just one more example of their efforts to engage health consumers and create transparency in health care.

Robert's live tweeting during surgery struck me as an interesting application of Twitter and other mobile social networking application. Here are just a few thoughts:
  • A way to keep friends and family updated on your condition, surgery, etc.
  • Useful for others who might be contemplating a particular procedure or surgery to get a real time look at what might be involved. I know someone who is contemplating undergoing the same procedure and plan to share Robert's posts with them.
  • As more and more patients and providers start to document information via social networking avenues - what might this mean during future litigation and discovery? Certainly seeking tweets, historical Facebook updates, etc. might be valuable in either pursuing or defending litigation. What are the rules for lawyers in pursuing such evidence? What might this mean for the companies providing such services as they see more and more subpoenas for information?
For a real time look at surgery tweets check out Twitter Search for the term -- surgery. Interesting stuff. I welcome others thoughts on the topic.

Thanks Robert for making my day for awarding me "best tweet of the procedure." Follow Robert on Twitter at @Robert_Hendrick.

UPDATE (1/18/09): More discussion on live tweeting surgery. This time it is from the provider side and not just the patient tweeting away their surgery. Henry Ford Health System live tweeted a surgical procedure in Detroit to a group of medical professionals at a conference in Las Vegas.

Shel Israel at Global Neighborhood has a great summary/interview with background on the event that will be part of his upcoming book, Twitterville. Bertalan Mesko has provides coverage about the Live Tweeting Surgery at at ScienceRoll. To find all the tweets about the surgery search via Twitter Search for the tag: #twOR.


After seeing the post by Shel I reached out to him and told him this wasn't the first live tweeted surgery. However, it was the first tweeted "from the provider side" -- @HenryFordNews.@Robert_Hendrick still gets the 1st award from the patient side.

UPDATE (1/29/09): Noticed in my Twitter stream today that Rick Sanchez of CNN is live tweeting his knee/meniscus surgery. Another live tweeting patient. In this case, high profile reporter from CNN. Follow Mr. Sanchez's twitter stream at @ricksanchezcnn.

UPDATE (2/17/09): Elizabeth Cohen of CNN (@elizcohenCNN)covers the live tweeting of surgical procedures by hospitals in the article, Surgeons send 'tweets' from operating room. Included with the article is a video detailing the live twittering at Henry Ford Health Systems. You can also follow the tweet stream of the surgery tagged via Twitter as: #hfhor.

UPDATE (5/26/09): mobilehealthnews provides a historic timeline of the most notable examples of live tweeting surgery in a post, Twitter surgery timeline: 8 months of OR Tweets.


Wednesday, November 12, 2008

Why Is Healthcare So Expensive?

A simplified view of Why is Healthcare So Expensive? from Stay Smart Stay Healthy. Stay Smart Stay Healthy is a Humana new-media venture designed to deliver guidance, and to support awareness and understanding of the healthcare industry.

Our goal is simple: to educate consumers on the healthcare system by removing the usual complexities and replacing them with an informative and engaging series of videos.

Check out their other videos on health care.



Tip from KevinMD.

Tuesday, November 11, 2008

Predicting Flu Season With Google Flu Trends

Google Flu Trends uses search terms as an indicator of flu activity by state.

According to Google.org Flu Trends the aggregated search data can estimate flu activity in a state up to two weeks faster than traditional systems. The chart comparison with CDC data is impressive at showing the consistency between tracking search terms vs. using influenza surveillance data. Read about how it works and the FAQs. More background from the NYT in Google Uses Web Searches to Track Flu's Spread

What about privacy concerns? Has Google stepped beyond the boundary of the "trust question" by providing aggregated search information to the CDC? It might depend upon the level of data that is being release to the CDC. Already anyone using Google Trends can get a certain level of aggregated information on a particular topic - for example "Flu".

Privacy is one thing but expectation is another. My experience in dealing with clients on privacy breach matters has lead me to believe that it is often not about whether something should or should not be private -- but rather it is a question of expectation by the person who trusted information with another party. Did that party do something with the information that was unexpected or not agreed to by the parties.

The discussion on privacy has started . . .
Follow the current discussion using the search term: ("google flu trends" privacy) and related search results from Google Blogs.

UPDATE: Interesting follow up thoughts by Mark Hawker and the potential use of Facebook Lexicon as a similar approach to tracking flu and other health conditions.Wasn't aware of Facebook Lexicon feature - interesting tool.

The Health Cloud

Tim Sturgill, MD JD at symtym provides an explanation and insight into the potential shift from silo'ed EHRs controlled by multiple providers to a Health Cloud centralized around a single PHR.

The result of such a shift lessens the need for complex health information exchanges to process and communicate information among a variety of health information silos, matching patient records and trying to match multiple sources of health information that may or may not be identical.

This approach is similar to the discussion and perspective I outlined in a recent article on PHRs for Health Lawyer News.

Graphic image courtesy of Tim's post.

Purkinje: Another SaaS EHR

Justen Deal in his post, Purkinje: stealth fighter, introduced me to another SasS focused Electronic Health Record (EHR) and practice management service provider called Purkinje. Interesting read on the company and its history.

The principle owner of Purkinje is John Doerr, a partner in Kleiner, Perkins, Caufield and Byers, who provides venture capital funding for some of the largest technology companies in the world.

Like Athena Health, who I do know about, Purkinje appears headed in the same direction. I think this business model has a bright future in helping quickly ramp up the adoption of electronic health information systems in medium to small physicians practices. Justen's post provides his prospective on the cost/benefit analysis as compared to traditional EMR software vendors. Also, John Halamka, CIO of the CareGroup Health System and blogger at Life as a Healthcare CIO, lists these types of SaaS EMR providers as part of his Winners in 2009 list.

Sounds convincing from a $$$ standpoint and could be one of the solutions for West Virginia to expedite its efforts to bring low cost, flexible, electronic solutions to the provider community.

Thanks for the tip Justen.

World War II Honoree: LeMoyne Coffield

On this Veterans Day I give thanks to all military veterans who have served their county. Please take time today at the 11th hour of the 11th day of the 11th month to thank a family member, friend or colleague who served their county.

Thanks to my sister Becky who submitted information to the National WWII Memorial to honor my dad, LeMoyne Coffield, and his brother and my uncle, Terrell Coffield. They are my heroes in so many ways. The photo to the right is my dad and his honoree entry reads:

ACTIVITY DURING WWII
INDUCTED INTO THE U.S. ARMY ON DECEMBER 18, 1942, PROCESSED AT FORT HAYES, COLUMBUS, OHIO AND REPORTED FOR DUTY AT WEST VIRGINIA UNIVERSITY ON DECEMBER 21, 1943. HE WAS LATER TRANSFERRED TO THE MEDICAL COLLEGE OF VIRGINIA TO COMPLETE HIS MEDICAL TRAINING. HE WAS IN THE ARMY SPECIALIZED TRAINING PROGRAM (ASTP) WHICH TRAINED PHYSICIANS FOR MILITARY SERVICE. A PRIVATE FIRST CLASS DURING THE WAR, HE WAS HONORABLY DISCHARGED ON MARCH 23, 1946.

You can search the WWII registry or register an honoree here.

Monday, November 10, 2008

WV Lawyer Disciplinary Board Seeks Comments on Metadata and Wholly-Owned Subsidary Law Firms

The Lawyer Disciplinary Board of the West Virginia State Bar is seeking public comment by February 27,2009, on two draft Legal Ethics Opinions (LEO). The two LEO's were reviewed by the Board at the October 24, 2008 meeting.
Draft L.E.O. 2009-01 What Is Metadata and Why Should Lawyers Be Cautious?
The definition of metadata used in the draft LEO is broad to include all "data behind the data" including the "author's identity, the number of revisions made and comments and redlining." Citing Rule 1.1 and 1.6, N.Y. State Bar Association Committee Op. 782 and D.C. Bar Op. 341, the proposed LEO places a duty on a lawyer to take reasonable steps to protect metadata in transmitted documents. Citing Rule 8.4(C) and N.Y. State Bar Association Committee Op. 749, the proposed LEO also places a duty on the lawyer receiving inadvertently provided metadata to consult with the sender and abide by the sender's instructions before reviewing such metadata.

Draft L.E.O. 2009-02 Wholly-Owned Subsidiary Law Firms.
The draft opinion allows a law firm to form a wholly-owned subsidiary law firm while cautioning lawyers that, in order not to deceive clients and the public, full disclosure of the relationship between the two firms is essential.

Comments must be submitted by February 27, 2009, to the Office of Disciplinary Counsel, 2008 Kanawha Boulevard East, Charleston, West Virginia 25311.

Friday, November 07, 2008

Potential Data Breach and Extortion at Express Scripts

The WSJ Health Blogs reports about a potential data breach at Express Scripts, one of the largest pharmacy benefit management companies in North America. More from Express Scripts on the Facts, FAQs and Other Resources.

The potential data breach came to Express Scripts attention after having received an anonymous letter attempting to extort money from the company by threatening the expose millions of patient records. The threat letter included personal information on 75 members, including names, dates of birth, social security numbers and prescription information.

The article also mentions a similar extortion related data breach which occurred in March 2006 and involved Medical Excess LLC, a subsidiary of AIG. In that case the FBI investigated and arrested an individual who stole a computer server containing personal health information of more than 900,000 individuals. The individual tried to extort AIG for $208,000 after threatening to release the information on the Internet.

According to the FBI Press Release, the individual involved was the first person to be charged under the new federal criminal statute, Title 18 U.S.C. 1030(a)(7)(B) and (C). The new federal criminal statute makes it a federal crime to commit extortion relating to unauthorized access of, or damage to, a protected computer system and/or to impair the confidentiality of information obtained from a protected computer.

To learn more read Express Scripts' press release and related support site.

Wednesday, November 05, 2008

November 5, 2008 - Today Is A New Day!

Today is a new day. Andre Blackman shared the image below (courtesy of Patrick Moberg) with me this via Twitter. The image speaks volumes about the significance of yesterday. Congratulations to President Elect Barack Obama (change.gov blog)

Although West Virginia stayed in the red yesterday there was great support by West Virginians although not always reported that way by the national media. This morning I shared with friends some links to history about a West Virginia lawyer, J.R. Clifford, as a way to reflect on the significance of Obama's win.

Mr. Clifford (wikipedia entry) paved the way in 1898 as a result of his legal work on his most famous case, Williams v. Board of Education Tucker County. The case was the first in U.S. history to hold that discrimination in school terms and teacher pay is against the law. The case occurred 50 years before the landmark Brown v. Board of Education. In 1896, two years prior, Mr. Clifford brought the first legal challenge of the state's segregated school system to the court which he ultimately lost and was not overturned until Brown v. Board of Education. For more on Mr. Clifford check out the J.R. Clifford Project (www.jrclifford.org).

As a fellow West Virginian and lawyer I'm proud of Mr. Clifford and his willingness to create change and look forward to supporting President Elect Obama's efforts to create positive change for the United States at home and around the globe.



Monday, November 03, 2008

WVU College of Law: Entrepreneurship Law Clinic

Today the West Virginia State Bar announced a new project at the West Virginia University College of Law to provide legal assistance to technology start-ups, existing small business and nonprofits.

The Entrepreneurship Law Clinic will be directed by Professor Michael V. Risch and staffed by current law students. The Clinic will provide supervised legal counsel to small businesses and start-ups in a clinical setting by offering no cost or low cost assistance.

The Clinic will provide services to clients who are unable to find or afford legal representation. Initial services will include: preformation counseling; choosing and forming a business entity; financing and investing; drafting Articles of Incorporation and Bylaws, LLC Articles and Operating Agreements, etc.; filing for tax-exempt recognition; drafting and negotiating contracts; protecting and licensing intellectual property and forming employment policies.

Congratulations to Professor Risch for starting the new clinic program which will be valuable to the growing creative community looking to stay and invest in West Virginia. The program not only assists those with new ideas or businesses but also provide real life training to law students who will gain invaluable skills to help out lawyers like myself upon graduation.

Wednesday, October 29, 2008

What Do WV Patients See As Their #1 Health Care Concern

Today I asked a health care policy related question to my West Virginia tweeters and received great responses. I appreciate the responses from my twitter followers.The responses were so valuable that I thought I would share them with my readers. If others who are reading have additional responses please add them to the comments.

The question I posed via twitter:

WV Twitters: What is the #1 health care problem/issue that you see as a patient?

rebeccaburchrebeccaburch @bobcoffield Insurance coverage -- whether you have ins. or not, affordability is often a deal-breaker for needed procedures/meds/etc...
Andrew BecknerCandidChristian @bobcoffield Solid information. Not understanding what's covered, what isn't, what the bill will be ultimately.
Andrew BecknerCandidChristian @bobcoffield ...other than cost, of course!
Andrew BecknerCandidChristian @bobcoffield Yes...transparency in the entire process, from enrolling to billing and everything in between. Would love to see it happen.
Laura LittleMtnLaurel @bobcoffield my issue: standard coverage/rules across insurers
lineberglineberg @bobcoffield | we don't trust the insurance co's. their billing is confusing. their service is poor. lack of predictability
chipwvchipwv @bobcoffield -- let's say you have a major disease or illness and have no insurance....well, you are screwed and that's all there is to it!
chipwvchipwv @bobcoffield...#1 problem? Too many docs say...well, that's the health system, deal with it.. and btw you won't like the alternatives
Justin Seibertdomjbs @bobcoffield #1 billing. #2 ease of seeing specialists
Jason KeelingJasonKeeling @bobcoffield | Still dealing with family doc. / insurance co. billing matter. Customer service from doc's staff = FAIL. from web in reply to bobcoffield

Monday, October 20, 2008

Blawg Review #182: Test Your Blawg Exam Knowledge

Take the Blawg Bar Exam practice test over at Blawg Review #182 creatively written by David Gulbransen at preaching to the preverted. Brilliantly creative edition. Don't miss testing your knowledge of Blawg Review.

Friday, October 17, 2008

The Rise of the Personal Health Record

The October edition of the Health Lawyers News, a publication of the American Health Lawyers Association (AHLA), contains an article I co-authored with Jud DeLoss, a principal in the law firm of Gray Plant Mooty, who blogs at Minnesota Health IT. On the eve of the Health 2.0 Conference next week the article provides a look at some of the legal issues around PHRs.

The article, The Rise of the Personal Health Record: Panacea or Pitfall for Health Information (pdf version), provides an introductory background on the changing world of PHRs, highlights Health 2.0 and covers some of the legal implications and compliance issues for PHRs. We are working on a longer and more detailed analysis that will be turned into a Member Briefing for the Health Information and Technology Practice Group. I would appreciate your posting a comment on topics or legal implications that we might consider covering in the full Member Briefing.

If you are a health lawyer, law student interested in health law or otherwise interested in the the legal aspects of the health care industry and not already a member of AHLA -- think about joining. The AHLA is at the top of my professional associations for written resource material, member briefings, in person programs, listserves and collaboration with health lawyer colleagues.

The Rise of the Personal Health Record: Panacea or Pitfall for Health Information

I. Introduction
Giant bytes have been taken out of the personal health record (PHR) market by technology companies like Google, Microsoft, Dossia, and others on a mission to connect consumers with their health information. If successful, the efforts by these and other Health 2.0 technology companies could transform the health care industry. It is too early to say whether the PHR will be the catalyst for health care reform; however, we can explore what may lie in the wake if a consumer-focused PHR revolution occurs.

Technological changes in health information management are altering the way in which patients and health care providers maintain, use, control, and disclose health information. We are experiencing a paradigm shift from the current decentralized system of records maintained by multiple entities at multiple locations – often with conflicting and duplicative information – to a centralized system relying on personal health information networks (PHINs), regional health information networks (RHIOs) or national health information exchanges (HIEs).

In the 21st Century, our health care system has become more fragmented and specialized. Patients seek the services from a variety of providers – from family care providers to specialists. Moreover, as individuals move from city to city and state to state, they leave a trail of partial medical records with various providers, insurers, and others.

The rise of electronic medical records (EMRs), electronic health records (EHRs), RHIOs, and HIEs reflects a need to address the increasing complexity of maintaining and sharing health information. PHRs may be the disruptive technology providing an alternative to a complex system of interconnected interoperable health information systems, often among health care stakeholders who have conflicting and competitive interests.

A. PHRs Defined
The Office of the National Coordinator for Health Information Technology (ONC) defines a PHR as “an electronic record of health related information on an individual that conforms to nationally recognized interoperability standards and that can be drawn from multiple sources while being managed, shared and controlled by the individual.”[2]

The ONC report highlights the growing importance of PHRs to facilitate the participation of individuals in their own care and wellness activities. Encouraging individuals to become engaged in their health care, and providing the means to document, track, and evaluate their health conditions, a PHR can lead to more informed health care decisions, improved health status, and ultimately, reduced costs and improved quality of health care. The PHR is broader than a medical record and contains any information relevant to an individual’s health, including diet and exercise logs, a list of over-the-counter medications, and personal information.

PHRs are distinguishable from EMRs and EHRs. A key distinction is that a PHR is under the patient’s control. The individual patient is the ultimate guardian of information within a PHR. Portability is another distinguishing characteristic of the PHR. The goal of a PHR is to be a lifelong source of health information for an individual.

B. History of PHRs
According to Wikipedia, the earliest article mentioning PHRs is dated June 1978. Wikipedia also mentions that most articles written about PHRs have been published since 2000. In its November 2001 report, the National Committee on Vital & Health Statistics (NCVHS) mentions PHRs and the growing consumer use of Internet-based health information services.[3]

Early on, PHRs were used in a rudimentary fashion as a way for individuals to track their own specific health care information. First generation PHRs can be categorized as either stand-alone PHRs, requiring patients to gather and enter their own information, or tethered PHRs, provided by a health plan, provider, or employer sponsor who populated the PHR with information.

The past twelve months mark a new era of increased activity. Call it a second generation of PHRs or PHR 2.0. The advancement is led by the entrance of large technology companies, such as Google with Google Health and Microsoft with HealthVault, into the PHR marketplace. PHR
2.0 is not merely a data collection application, but rather a platform for the electronic aggregation and storage of health information as well as the foundation for various applications.

At the federal level, ONC also is focusing on patient-centered health care. Released in June 2008, the ONC - Coordinated Federal Health Information Technology Strategic Plan: 2008-2012 serves as the guide to coordinate the federal government’s health information technology (HIT) efforts to achieve a nationwide implementation of an interoperability health information system.[4] A critical goal is to create “patient-focused health care” through the promotion of the deployment of EHRs and PHRs and other consumer HIT tools.

C. Social Networking and Health 2.0
The transformation to a PHR-based health information system is fueled by the intensifying interest in web-based social networking and the Health 2.0 movement. The increasing adoption of social networking and lightweight web-based tools among the general public may create a willingness to have and utilize PHRs. There are various technology players positioning themselves to create the “killer PHR application” to become the default standard for industry and the personal portal for each patient’s personal health information.

The definition of the Health 2.0 movement is still being refined.[5] Jane Sarasohn-Kahn, of THINK- health, defines Health 2.0 as “the use of social software and its ability to promote collaboration between patients, their caregivers, medical professionals and other stakeholders in health.”[6] Early use of the Internet for health care was limited to the distribution and search for health information. The read-only World Wide Web has been transformed into the World “Live” Web. Today, user-generated content is being created by businesses, professionals, and ordinary people at lightening speed through social media tools such as blogs, wikis, collaborative websites, and a variety of web based products.

Online health social networking and software as service models harness the positives of networking and collective intelligence to generate a new level of collective knowledge. Whether it is patients sharing observations on chronic conditions,[7] physicians globally exchanging clinical information and insights,[8] human powered health service searching,[9] online consulting,[10] or promoting transparency through tools for organizing, managing, and comparing health care paperwork[11] -- the Health 2.0 movement is creating business models and becoming a catalyst for improving efficiency, quality, and safety of health care.

D. The Common Framework for Networked Personal Health Information
Recently the Markle Foundation announced the Common Framework for Networked Personal Health Information,[12] which has been endorsed by a collaborative group of providers, health insurers, consumer groups, and privacy groups. The framework outlines a set of practices to encourage appropriate handling of personal health information as it flows to and from PHRs.

The framework uses the term “consumer access services,” which it defines as an emerging set of services designed to help individuals make secure connections with health data sources in an electronic environment. Consumer access services are likely to provide functions such as authentication as well as data hosting and management. The framework also provides analysis of the application of HIPAA to consumer access services.

II. Ownership of Health Information
The shift to a patient-centric PHR from a provider based record raises traditional property law issues. As health information becomes networked and technology allows for health information to be transferred more easily, the lines of ownership of health information become further blurred.

Health information is often viewed under the traditional notion of property as a “bundle of rights,” including the right to use, dispose, and exclude others from using it.[13] This legal application of historic property law may not be well suited to today’s health information where patient information is shared via a variety of formats, copied, duplicated, merged, and combined with other patient records into large scale databases of valuable information.

Who owns health information? The physician? The insurer? The patient? Under the traditional rule, providers own the medical records they maintain, subject to the patient’s rights in the information contained in the record.[14] This tradition stems from the era of paper records, where physical control meant ownership. Provider ownership of the record is not absolute, however. HIPAA and most state laws provide patients with some right to access and receive a copy of the record, along with amendment and accounting of disclosures.[15]

The PHR model, where all records are located and maintained by the patient, flips and realigns the current provider-based model of managing health information. Instead of provider-based control, where the provider furnishes access to and/or copies of the record and is required to seek patient authorization to release medical information, the PHR model puts the patient in control of his medical information.

III. Legal Liability and Compliance Issues Associated with PHRs
PHRs open the door to a wide-range of new and modified legal claims. PHR stakeholders should recognize and address the negative implications to avoid long-term problems. These, of course must be balanced against the liability risks of not adopting an available technology designed to improve the quality of health care.

A. Medical Malpractice
Medical malpractice cases address whether: a patient-physician relationship was created; the treatment provided was within the standard of care; a breach of the standard of care was causally related to the injury; and the patient was injured.[16]

Seeking to prove or disprove these elements raises the issue of whether the PHR would be relevant as evidence against a provider. Generally speaking, if the data within the PHR was provided to or accessible by the provider then the evidence is admissible.[17]

Many providers have expressed concerns over the accuracy and completeness of PHRs if controlled by patients. Whether the information is credible is a legitimate question. On one hand, a patient would not want to jeopardize his or her health by including inaccurate information. On the other hand, it is well known that patients often withhold sensitive and possibly embarrassing information.

Moreover, with the advent of electronic discovery under Federal and States Rules, the production of PHRs in their electronic form could impact evidentiary issues. Health 2.0 and other social networking sites suddenly become fair game for defense lawyers seeking to discredit patients’ claims. Patients may attempt to refer to those same records and other portions of their PHR as examples of treatment modalities approved by other medical providers. Plaintiffs’ lawyers may also investigate the potential for utilizing the collective knowledge of the types of treatments suggested online within the patient networking sites as evidence of the standard of care. In essence, the possibility exists to use PHRs as the “expert” to support or reject claims of malpractice.

B. Defamation and Invasion of Privacy
Generally, a claim of defamation requires the publication of a false statement that harms the plaintiff’s reputation or esteem in the community.[18] Accordingly, PHRs which are solely accessible by the individual or upon the invitation of the individual may not create a cause of action for defamation. However, those PHRs that include communication with other individuals or providers may provide the publication necessary to satisfy that element.

Defamation based upon online communication is fairly new. Typically, such claims have involved false celebrity information posted on the Internet.[19] Arguably, where an individual uses a PHR to publish false information, an analogous claim could be pled.[20]

Generally, the tort of “invasion of privacy” encompasses four claims: (1) intrusion upon the plaintiff’s seclusion; (2) appropriation of the plaintiff’s name or likeness; (3) publicity of the plaintiff’s private life; and (4) publicity placing the plaintiff in a false light.[21] The improper disclosure of health information contained within the PHR may form the basis for one or more of these claims. Each of these claims involves the use or disclosure of private information – such as health information – concerning a person. If wrongfully used or disclosed, those responsible for the use or disclosure, as well as those responsible for protecting the PHR, may face potential liability.

C. Discrimination and Improper Disclosure
HIPAA prohibits impermissible uses and disclosures of protected health information. Although individuals are free to use and disclose their own information as they see fit, appropriate firewalls need to be constructed where, for example, employer-sponsored health plans are providing PHRs. Information in the PHR should not flow from the plan to the plan sponsor nor should it be used for employment purposes.

In addition to HIPAA, employers – and possibly insurers – must consider the implications of the Americans with Disabilities Act, the Family and Medical Leave Act, and similar State laws. The laws offer protection to employees from access to employee health information and discrimination based upon that information.

D. Breach of Contract
Despite the disclaimers and protections set forth in user agreements, it may be possible for an individual to argue that some protections arise through the agreement itself. While user agreements tend to be drafted almost entirely in favor of the PHR vendor or provider/plan, these documents may contain limited rights in favor of the individual. The individual could bring an action for breach of those rights in the event of a violation.

E. HIPAA Compliance
Most PHR vendors have taken the position that HIPAA does not apply to them. PHR vendors generally do not qualify as covered entities. Such vendors take the position that they are not business associates because they are not providing services on behalf of covered entities but rather have a relationship with the patients. Moreover, the patient releases information to or creates information in the PHR, and HIPAA does not regulate individuals’ use and disclosure of their own information.

The contrary position is that many of the PHRs are now linked directly with covered entities to allow the health information to be transferred. Several high profile relationships have been announced relating to collaborations between PHRs and medical facilities to provide PHRs for patients.[22] The collaborations should be reviewed to determine whether a business associate relationship has been created.There has been recent activity to expand the reach of HIPAA to encompass PHRs. Federal and State proposals also may address privacy and security concerns separately. In the interim, private initiatives, by the Markle Foundation and others, propose a voluntary framework to protect health information.

F. State Laws
Many States have enacted breach notification requirements and other consumer protections, which raise new issues with respect to PHRs. Some states, e.g., California, have expanded the breach notification rules to specifically cover health information. These regulations must be addressed with respect to PHRs.Finally, many states have promulgated regulations addressing the movement towards health information exchange. Many recognize “record locator services” or other similar entities that may contain health information or act as an intermediary for locating such information.[23] These State laws may be implicated by PHRs.

G. Stark and Fraud and Abuse
The Federal Stark Law prohibits certain referrals for Designated Health Services (“DHS”) by a physician to an entity with which he/she has a financial relationship.[24] In addition, the Anti-Kickback Statute prohibits remuneration in exchange for the referral of a patient for services covered by a Federal health program.[25] The violation of these laws may provide the basis for a claim under the Federal False Claims Act.[26] State laws may provide additional restrictions and prohibitions.

Recently, a number of health plans and systems have begun to offer PHRs to patients and providers. Currently, the Stark exception and Anti-Kickback Statute safe harbor expressly allow only for EHR and electronic prescribing to be donated. PHR donation may not be protected.

In addition to the practical issues associated with the donation and use of PHRs, new avenues of identifying fraud and abuse are being opened with discovery involving PHRs. Federal investigators and qui tam litigators may turn to PHRs to prove treatment that was billed for may not have been provided. In addition, the compilation of information via Health 2.0 raises the specter of data aggregation to establish fraud over a large population of patients.

Conclusion
PHRs bring a new dimension to the debate over how to create an interoperable health information network. The shift of power into the hands of patients could bring about a sustainable model. Before proceeding with the expansion of PHRs, the legal implications that go along with such an adoption should be addressed.

Bob Coffield is a member of Flaherty, Sensabaugh & Bonasso, PLLC in Charleston, West Virginia. Bob is also a Co-Chair of the Privacy and Security Compliance and Enforcement Affinity Group, a part of AHLA’s Health Information and Technology Practice Group.

Jud DeLoss is a principal with the law firm of Gray Plant Mooty in Minneapolis, Minnesota. Jud is also a Vice Chair of the AHLA’s Health Information and Technology Practice Group.

[1] Mr. DeLoss thanks Bryan M. Seiler, a Summer Associate at the firm, for his assistance in this article. Mr. Seiler is a third year student at the University of Minnesota Law School.
[2] National Alliance for Health Information Technology, Defining Key Health Information Technology Terms, April 2008. http://www.hhs.gov/healthit/documents/m20080603/10.1_bell_viles/testonly/index.html.
[3] Report and Recommendations From the National Committee on Vital and Health Statistics, Information for Health, A Strategy for Building the National Health Information Infrastructure, November 15, 2001. http://aspe.hhs.gov/sp/NHII/Documents/NHIIReport2001/default.htm.
[4] ONC-Coordinated Federal Health IT Strategic Plan: 2008-2012 (June 3, 2008), http://www.hhs.gov/healthit/resources/reports.html.
[5] Health 2.0 Wiki, http://health20.org/wiki/Main_Page.
[6] California Healthcare Foundation, The Wisdom of Patients: Health Care Meets Online Social Media, Jane Sarasohn-Kahn, M.A., H.H.S.A., THINK-Health, April 2008, http://www.chcf.org/documents/chronicdisease/HealthCareSocialMedia.pdf.
[7] E.g., Patients Like Me, http://www.patientslikeme.com/; TuDiabetes.com, http://tudiabetes.com/; Daily Strength, http://dailystrength.org/; SugarStats, http://www.sugarstats.com/; Revolution Health, http://www.revolutionhealth.com/.
[8] Sermo, http://www.sermo.com/.
[9] Organized Wisdom, http://organizedwisdom.com.
[10] American Well, http://www.americanwell.com.
[11] change:healthcare, http://company.changehealthcare.com/; Quicken Health, http://quickenhealth.intuit.com/.
[12] Markle Foundation, Connecting for Health, Connecting Consumers Common Framework for Networked Personal Health Information, June 2008; http://www.connectingforhealth.org/phti/.
[13] Christiansen, John R., Why Health Care Information Isn’t Property – And Why That Is to Everyone’s Benefit, American Health Lawyers Association, Health Law Digest, 1999.
[14] Alcantara, Oscar L. and Waller, Adelle, Ownership of Health Information in the Information Age, originally published in Jounal of the AHIMA, March 30, 1998; http://www.goldbergkohn.com/news-publications-57.html.
[15] E.g., 45 C.F.R § 164.524.
[16] See, e.g., Nogowski v. Alemo-Hammad, 691 A.2d 950, 956 (Pa. Super 1997).
[17] See, e.g., Breeden v. Anesthesia West, P.C., 656 N.W.2d 913 (Neb. 2003) (nurse’s electronic note on patient condition which would have prevented administration of anesthesia should have been reviewed by anesthesiologist despite no verbal or handwritten report by nurse).
[18] See, e.g., Mahoney & Hagberg v. Newgard, 729 N.W.2d 302 (Minn. 2007).
[19] See, e.g., Carl S. Kaplan, Celebrities Have Trouble Protecting Their Names Online, Cyber Law Journal (July 30, 1999).
[20] See, e.g., Churchey v. Adolph Coors Co., 759 P.2d 1336 (Colo. 1988). See also Restatement (Second) of Torts § 577, cmt. k (1977).
[21] See, e.g., Werner v. Kliewer, 238 Kan. 289, 710 P.2d 1250 (1985); Humphers v. First Interstate Bank, 298 Or. 706, 696 P.2d 527 (1985). See also Restatement (Second) of Torts § 652 (1977).
[22] E.g., Google Health with Cleveland Clinic and Microsoft HealthVault with Mayo Clinic.
[23] See, e.g., Minn. Stat. § 144.291, Subd. (i).
[24] 42 U.S.C. § 1395nn(a).[25] 42 U.S.C. § 1320a-7b(b).[26] 31 U.S.C. § 3729.

Health 2.0 Conference

Next week I'm headed to San Fransisco to attend the Health 2.0: User Generated Healthcare Conference.

Looking forward to attending, seeing old and meeting new colleagues interested in the world of health 2.0. I will be involved in the Health 2.0 Accelerator meet and greet on Tuesday (Oct. 21) and will be at the conference and in San Francisco through Friday (Oct 24). If you are attending or just in the area and want to meet up in person shoot me a tweet, wall post, email or call.

The buzz and discussion has started among those attending via the online social networking tools - twitter feed, Facebook page, blogs, etc. Matthew and Indu have also created a separate social network for the attendees - great idea. I plan to live blog and twitter from the conference next week -- so check in next week.

While out on the West Coast I will be following another great event here in West Virginia - CreateWV Conference. I'm sorry I will miss the conference because they have a great line up, will be bringing together the talents and creativeness of West Virginians throughout the state and addressing important issues for the future success of West Virginia.

Thanks to the likes of the Create WV twitter feed, Facebook page, etc. I can stay in touch with those at the conference and will plan to watch some of the post-conference content that will be posted on YouTube, the CreateWV Blog and other West Virginia bloggers live blogging the event.

Watch one of the pre-conference videos on diversity that was just released via twitter by @createwv:

Wednesday, October 15, 2008

Grand Rounds: Notes of an Anesthesioboist

The October 13, 2008 edition of Grand Rounds is now up at Notes of an Anesthesioboist. Great reading for anyone interested in the latest from the health and medical blogospere.

Next week's Grand Rounds will be hosted by Christian Sinclair, M.D. at Pallimed. The theme --"Changing Goals of Care."

Tuesday, October 14, 2008

Health Care Cost Rising In 2009

Sandra Block of USA Today Money reports that the average amount employees will pay for health care is expected to increase 8.9% in 2009. Her column also provides good advice on how to try to control your health care expenses.

According to the Hewitt Associates report the average amount employees will pay for health care is expected to increase 8.9% in 2009. The breakdown:

Premiums
2008 2009
$1,806 $1,946

Out-of- pocket costs
2008 2009
$1,707 $1,880

Total
2008 2009
$3,513 $3,826

Her article advises health consumers to take a close look at their health care options during the open enrollment period. As her article states - the difficulty I find is trying to compare plans/options/covered services/drug benefits/co-pays/deductibles, etc. This process is even tough for a health care lawyer and his lawyer wife. The bulk of Americans don't have the skill and expertise to understand the subtle differences.

The folks at change:healthcare recently published a new survival guide for the health care consumer to better understand the the key terms on health insurance. You can download a free copy of the book, "My Healtcare is Killing Me."

Sandra is a native of my hometown, New Martinsville, West Virginia. Great to see her offering good practical advice to health care consumers.

Monday, October 13, 2008

PROTEX: Cardiac Innovation From West Virginia

Today's Charleston Gazette features an article on a Charleston based medical technology company, Nexeon MedSystems.

Mark Bates, M.D., CEO and interventional cardiologist at CAMC has developed a "pro-healing" stent that is lined with protein. The device called PROTEX system may also eliminate the need for heart patients to take blood thinning medications for a year or more after the procedure. Clinical trials on the device are currently underway in Germany. More information can be found on Nexeon MedSystems' website.

Quote from the article:
"It's a protein-lined metal stent that the body thinks is normal artery," Bates said. "Instead of the body thinking it's a foreign body, it lines it with normal cells real quickly. It allows the body and arteries to function normally."

We're not stopping nature from doing its thing," said Bates, who heads Nexeon's offices in Charleston and Carlsbad, Calif. "We're helping nature. The body doesn't recognize [the stent] as something that's not supposed to be there."

About 65 percent of patients across the country now receive drug-releasing stents during cardiac catheterization procedures to open arteries. The remainder have bare-metal stents placed in their vessels.

Congratulations to Dr. Bates on his creativity and forward thinking to bring better heart care to West Virginians and others around the globe.

Sunday, October 12, 2008

Dr. Val Launches Getting Better With Dr. Val

Val Jones, M.D. has a new home at Getting Better with Dr. Val. Congratulations to Dr. Val on the launch of her hew health care blog.Check out her welcome message and the official press release. If you already follow Dr. Val don't forget to update your blogroll.

Dr. Val is also one of the new co coordinators (along with Colin Son who blogs at Medskool) of Grand Rounds. Be sure to check out Grand Rounds every week if you are involved in the health care industry.

Saturday, October 11, 2008

Health 2.0: Stay Focused on the Goals

Ben Heywood, co-founder of PatientsLikeMe, outlines simple (but difficult) goals that those in the health 2.0 space must accomplish. Based on his post I take it that he highlighted these during his keynote address at the second Health 2.0 Northeast conference.

His simple but eloquent message to the health 2.0 community:
I believe we, as the eHealth community, need to focus on two major goals: 1) solve patients’ problems, and 2) create business models that allow us to do #1.
Successful companies must show real and tangible benefits directly to the patient consumer. As one who regularly participates in the health information discussion and debate as West Virginia moves forward with its health information network infrastructure -- I often try to step back and ask, like Mr. Heywood, the simple question, "does this help the patient -- why and how?"

To be disruptive and successful the current crop of creative companies have to show a direct and immediate impact on improving care and quality linked to a reduction in cost or a value proposition that the increase in cost is worth such expenditure.

Thursday, October 09, 2008

HR 6898: The Health-e Information Technology Act of 2008

Jen McCabe Gorman at Health Management RX brought attention to a new House of Representative Bill (HR 6898) focused on electronic health information introduced in the 110th Congress by Congressman Pete Stark. The bill was introduced on September 15, 2008, and is currently referred out to committee.

Jen provides some great analysis and brainstorming on the impact of the draft bill in her post, "Breaking News: Congress Wants to Create National eHealthNetwork, Legislate Who Owns Health Data." Well worth a read for anyone interested in health information technology, electronic health information, personal health records, health 2.0 or the future of our health care system.

Jen highlights those sections dealing with who owns the electronic health information. Should it be the government? the provider? the consumer? This key legal concept - ownership of health information -- is a key question to discuss and debate. As I have mentioned in the past (here and here) the consumer health movement may force a change in the traditional legal notion of health information ownership rights.

The draft bill also addresses a variety of other areas - including the regulation of non-covered entities under HIPAA (many of which weren't even contemplated when HIPAA was enacted) who create or handle health information, codification of ONCHIT under HHS and empowering them with various tasks, creating Medicare related incentives for adoption and modifying other sections of the current HIPAA privacy standards. I haven't had a chance to read through the full bill and spend time reading the related materials but look forward to further analyzing.

For more information about HR 6898 (The Health-e Information Technology Act of 2008) check out Congressman Stark's website information about the legislation:
To locate the current status of the bill check out Thomas. I suspect that there will be little movement on the bill this Congressional session - but it does give insight into what might be coming down the road.

Wednesday, October 08, 2008

California Health Data Privacy and Security Bills Signed

Last week two new California data privacy and security bills were signed into law. Senate Bill 541 and Assembly Bill 211 set new breach disclosure standards and require security controls for preventing unauthorized access to patient data.

I previously posted about the bills before they were finalized. Computer World, "New health care privacy laws heighten need for HIPAA compliance in California," provides background and a good overview on the scope of the laws with great links to additional information.

Those who do health care business in California should take a close look at these new laws.

Medical Blogger Dr. Wes Subpoenaed Over Blog Comment

The New York Personal Injury Law Blog relays a incident involving a subpoena issued to a medical blogger related to anonymous comments made on his blog.

The incident involved medical blogger, Westby Fisher, MD (Dr. Wes), who was subpoenaed for a discovery deposition to determine whether he knew the anonymous commenter who left a comment on a post.

Interesting reading for medical and health care bloggers.

UPDATE: Kevin MD provides follow up commentary and his position on comment moderation. Any health bloggers looking at the advantages/disadvantages of blog post comment moderation should take a look at Section 230 of the Communication Decency Act of 1996.

Basically, Section 230 gives protections to users and providers of computer services by not making them liable for information published by another information content provider. As a blogger you can be both a user and provider. Bloggers are "users" when they create content for blogs and "providers" when they allow others to comment on blog posts. The legal question on comment moderation involves whether your active participating in moderating the comments makes you the "publisher" of the comment rather than just the "provider" of the comment. To date I don't believe this question has been fully addressed or answered by the courts.

The Electronic Frontier Foundation (EFF) has some great resource materials (and cases) for bloggers to learn more about the Section 230 protections. Check out the EFF "Legal Guide for Bloggers."