By Samuel D. Lustgarten
Professional Psychology: Research and Practice, Apr 27 , 2015. http://dx.doi.org/10.1037/pro0000018
Abstract
In June 2013, Edward Snowden released top-secret intelligence documents that detailed a domestic U.S. spying apparatus. This article reviews and contends that current APA ethics and record-keeping guidelines, the Health Insurance Portability and Accountability Act, and the Health Information Technology for Economic and Clinical Health Act do not adequately account for this new information and other emerging threats to client confidentiality. As psychologists bear the responsibility for being informed, protecting and maintaining client records, and preventing breaches, it is vital that the field establish specific best practices and present regular security updates to colleagues.
Here is an excerpt:
Unfortunately, on top of data-mining practices, most cloud storage and communication providers do not provide adequate information about data-retention policies. Google's Drive cloud storage service for personal users (not Google Apps) offers no specific data-retention policy (Google, 2014c). This amorphous data-retention policy stands in contrast to APA's (2007) record-keeping guidelines, which suggest that client records and data may be destroyed after 7 years in the absence of superseding legal requirements. It also calls into question a practitioner's ability to maintain and provide confidentiality and proper informed consent when using certain corporate providers. Moreover, it is questionable whether practitioners could ever believe that records had been deleted if the cloud provider did not clearly and publicly state its data-retention standards.
The entire article is here.
Showing posts with label Digital Records. Show all posts
Showing posts with label Digital Records. Show all posts
Friday, June 19, 2015
Monday, October 15, 2012
Letting Patients Read the Doctor’s Notes
By PAULINE W. CHEN, M.D.
The New York Times
Originally published on October 4, 2012
Here are some excerpts:
This patient’s experience, like those of so many others who have tried to obtain their medical records, came to mind this week when I read about the long-awaited results of a study in which patients were given complete access to their doctors’ notes. The findings, published in the Annals of Internal Medicine, do more than shed light on what patients want. They make our current ideas about transparency in the patient-doctor relationship a quaint artifact of the past.
Since 1996, when Congress passed the Health Insurance Portability and Accountability Act, or HIPAA, patients have had the right to read and even amend their own records.
In fact, few patients have ever consulted their own records. Most do not fully grasp the extent of their legal rights; and the few who have attempted to exercise them have often found themselves mired in a parallel universe filled with administrative regulations, small-print permission forms, added costs and repeated delays.
(cut)
For one year, the study, aptly called OpenNotes, allowed over 13,000 patients from three medical centers — the Beth Israel Deaconess Medical Center in Boston, the Geisinger Health System in Danville, Pa., and the Harborview Medical Center in Seattle — to have complete access to one part of their medical records, the notes that doctors wrote about them. Within days of seeing their doctors, patients received an e-mail inviting them to read the doctor’s signed note on a secure patient Web site. Two weeks before their return visit, patients received a second e-mail inviting them again to review their doctor’s note from the previous encounter.
After a year, almost all the patients were enthusiastic about the OpenNotes initiative.
Surprisingly, so were the majority of doctors.
The entire article is here.
The research from the Annals of Internal Medicine is here.
The New York Times
Originally published on October 4, 2012
Here are some excerpts:
This patient’s experience, like those of so many others who have tried to obtain their medical records, came to mind this week when I read about the long-awaited results of a study in which patients were given complete access to their doctors’ notes. The findings, published in the Annals of Internal Medicine, do more than shed light on what patients want. They make our current ideas about transparency in the patient-doctor relationship a quaint artifact of the past.
Since 1996, when Congress passed the Health Insurance Portability and Accountability Act, or HIPAA, patients have had the right to read and even amend their own records.
In fact, few patients have ever consulted their own records. Most do not fully grasp the extent of their legal rights; and the few who have attempted to exercise them have often found themselves mired in a parallel universe filled with administrative regulations, small-print permission forms, added costs and repeated delays.
(cut)
For one year, the study, aptly called OpenNotes, allowed over 13,000 patients from three medical centers — the Beth Israel Deaconess Medical Center in Boston, the Geisinger Health System in Danville, Pa., and the Harborview Medical Center in Seattle — to have complete access to one part of their medical records, the notes that doctors wrote about them. Within days of seeing their doctors, patients received an e-mail inviting them to read the doctor’s signed note on a secure patient Web site. Two weeks before their return visit, patients received a second e-mail inviting them again to review their doctor’s note from the previous encounter.
After a year, almost all the patients were enthusiastic about the OpenNotes initiative.
Surprisingly, so were the majority of doctors.
The entire article is here.
The research from the Annals of Internal Medicine is here.
Friday, September 16, 2011
New data spill shows risk of online health records
By Jordan Robertson
AP Technology Writer
There were insurance forms, Social Security numbers and doctors' notes. Among the files were summaries that spelled out, in painstaking detail, a trucker's crushed fingers, a maintenance worker's broken ribs and one man's bout with sexual dysfunction.
At a time of mounting computer hacking threats, the incident offers an alarming glimpse at privacy risks as the nation moves steadily into an era in which every American's sensitive medical information will be digitized.
Electronic records can lower costs, cut bureaucracy and ultimately save lives. The government is offering bonuses to early adopters and threatening penalties and cuts in payments to medical providers who refuse to change.
But there are not-so-hidden costs with modernization.
"When things go wrong, they can really go wrong," says Beth Givens, director of the nonprofit Privacy Rights Clearinghouse, which tracks data breaches. "Even the most well-designed systems are not safe. ... This case is a good example of how the human element is the weakest link."
Southern California Medical-Legal Consultants, which represents doctors and hospitals seeking payment from patients receiving workers' compensation, put the records on a website that it believed only employees could use, owner Joel Hecht says.
The personal data was discovered by Aaron Titus, a researcher with Identity Finder who then alerted Hecht's firm and The Associated Press. He found it through Internet searches, a common tactic for finding private information posted on unsecured sites.
The data were "available to anyone in the world with half a brain and access to Google," Titus says.
Titus says Hecht's company failed to use two basic techniques that could have protected the data — requiring a password and instructing search engines not to index the pages. He called the breach "likely a case of felony stupidity."
One of the patients affected was Paul Thompson, who learned of the breach from Titus.
The Sugarloaf, Calif., electrician blew out his shoulder four years ago on a job wiring up a multiplex movie theater. His insurance company denied his claim, which led to a protracted dispute. He eventually settled.
Thompson says his injury has been a "long, painful road."
Unable to afford surgery in the U.S. to fix his torn rotator cuff, he paid a medical tourism company that was supposed to schedule a cheaper procedure in Costa Rica. The company went bankrupt, however, and Thompson said he lost nearly $7,300.
To have his personal information exposed on top of that was a final indignity.
"I'm totally disgusted about everything," he said, calling the breach "another kick in the stomach."
Thomson is worried that hackers may have spotted his information online and tagged him for future financial scams. He contacted his bank and set up a fraud alert with the credit reporting agencies.
He says the prospect of all health records going electronic — which federal law mandates should happen by 2014 — "scares the living hell out of me."
When mistakes occur, the fallout can be more severe than the typical breach of email addresses or credit card numbers.
The rest of the story can be read here.
Subscribe to:
Posts (Atom)