Factor Compliance into Wearable Tech Plans

Julie Anderson by Julie Anderson, AG Strategy Group
Monday, June 15, 2015

More employers are considering whether to encourage or even require employees to use wearables to reduce workplace injuries, lower workers’ comp claims and even lower health care benefit costs. But they should take note: any potential exposure to workers’ private health information could subject employers to rules under the Health Insurance Portability and Accountability Act (HIPAA). Wearables such as Google Glass, smart safety helmets and any number of sensor-enabled devices can identify hazardous conditions on worksites such as toxic chemical fumes or equipment under excessive pressure. Employers are also looking into clothing that carry embedded biosensors, actuators and gyroscopes to follow movement, heart rate, stress level, fatigue, and countless other metrics … all of it connected wirelessly to mobile devices and computers. But can the use of such devices expose employers to claims of HIPAA violations? What kind of due diligence will they need to do in order to ensure that their use of wearables can’t come back to haunt them later? Julie Anderson, a principal at AG Strategy Group in Washington, D.C. said this is a murky area as policy always lags behind the development and use of technology. HIPAA was passed in 1996, and nine years later in 2005 HIPAA released its first privacy rule as it related to health care data. In 2013 those rules were updated. “It’s a complex set of issues, and it can take that long for policymakers to react to what’s happening in the marketplace, particularly regarding how health care entities are using technology and handling the data they collect,” Anderson said.

Are wearables violating HIPAA?

Julie Anderson by Julie Anderson, AG Strategy Group
Thursday, May 14, 2015

With the development of wearable technologies such as the Nike Fuel Band, Fitbit, and Apple Watch, consumers suddenly have more options to monitor their fitness performance than ever before. And the way these devices capture data poses serious privacy and security issues to individually-identifiable health information that must be addressed.

Commentary: Healthcare must embrace new ISO cloud privacy standard

Julie Anderson by Julie Anderson, AG Strategy Group
Monday, April 27, 2015

A new international privacy standard for cloud providers — ISO 27018 — brings an effective means to better protect health data. The privacy standard mirrors some of HIPAA’s tenets while providing an all-important third-party audit mechanism.

A booster shot for cloud privacy standards?

Julie Anderson by Julie Anderson, AG Strategy Group
Wednesday, April 22, 2015

A 2013 update to HIPAA’s privacy standards put greater restrictions on profit-making uses of PHI but did not go far enough. With the update, cloud providers have the option of adopting stronger voluntary privacy standards. Released in August 2014, the ISO/IEC code of practice (known formally as 27018) outlines standards for how providers of public cloud services should handle personally identifiable information). Though there is some overlap with HIPAA, the ISO/IEC code of practice draws several important distinctions:

HIPAA Regulations v. FERPA Rules In Privacy Rights

Elizabeth Snell, Health Security,  Wednesday, March 11, 2015

HIPAA regulations were created to ensure that patients’ PHI remained secure, and that individuals would not have to worry about their personal information falling into the wrong hands. Similarly, the Family Educational Rights and Privacy Act (FERPA) is a federal law protecting the privacy of student education records. However, recent events have pushed the two laws to the forefront, as individuals’ privacy rights are being called into question. A University of Oregon (UO) student was reportedly going to file a sexual assault-related lawsuit against the school. However, UO allegedly accessed the student’s therapy records from its counseling center and handed them over to its general counsel’s office. The student’s medical records were then used to help defend against her lawsuit.

Healthcare Organizations Have Embraced the Cloud...Now What?

Bob Bogle, Health Data Management,  Friday, January 30, 2015

Despite the initial hesitation, new data suggests that healthcare organizations have moved beyond these once widely-held concerns. One telling finding, via Imprivata’s “2014 Desktop Virtualization Trends in Healthcare” report, is that 40% of healthcare organizations surveyed report now storing protected health information in the cloud. While this is far from the majority, PHI is often considered the most sensitive segment of healthcare data, and that figure is certainly up from years’ past, indicating that a significant shift has taken place with decision makers now placing more trust in cloud infrastructure. Following that shift, what continues to evolve is the benefits that healthcare organizations have realized through the adoption of cloud-based health IT services. With trust on the rise, use cases and benefits of cloud in healthcare continue to surface.

Google, Twitter, Yahoo nab HealthCare.gov data

Julian Hattem, The Hill,  Friday, January 30, 2015

Companies including Google, Twitter, Yahoo and Advertising.com automatically obtain information from people visiting HealthCare.gov, according to analysis by congressional staffers. The finding builds on news last week that dozens of data-tracking companies were able to obtain information about people visiting the federal healthcare website, potentially including information about their age, location and pregnancy status.

Google on board for DoD contract bid

Bernie Monegain, Healthcare IT News,  Thursday, January 15, 2015

Google is a key contender – part of the PwC team – bidding on the massive 10-year federal contract to build an electronic health record system for the Department of Defense. PwC announced the collaboration with Google Thursday. Google had been part of the team from the start, Dan Garrett, PwC's health IT leader, told Healthcare IT News. "They were part of our submission in our original proposal," he said. "Since the proposal, we've also cemented a broader relationship between the two firms. And, we thought it was appropriate now to make the rest of the world aware of the submission that we had made."

Tips from NIST on Picking the Right Cloud Vendor

Joseph Goedert, Health Data Management,  Wednesday, December 17, 2014

The draft guidance seeks to bring uniformity to the vocabulary of cloud service measurements that include abstract metric, abstract metric definition, cloud service property, concrete metric definition, context, measurement, measurement result, metric, observation, and unit of measurement. The guidance also describes the “cloud service trifecta” which can be broken down into three general areas: service selection, service agreement and service verifications, along with supporting metrics. It further defines in detail a “cloud service metric model” with 23 elemental descriptions of the foundation diagram that describes a metric definition.

How CIOs Can Prepare for Healthcare ‘Data Tsunami’

Kenneth Corbin, CIO,  Tuesday, December 16, 2014

The volume of healthcare data is growing at a staggering rate, bringing with it a host of technical, compliance and governance challenges for CIOs working in that sector. A recent report from EMC and the research firm IDC offers a few imaginative ways at visualizing that proliferation, anticipating an overall increase in health data of 48 percent annually.