This page contains a Flash digital edition of a book.
Ad Directory


American College of Phlebology ....... 30 American Physicians Insurance Company ..................................................34


Athenahealth .............................................. 10 Baylor HealthCare Systems .....................9 BBVA Compass ..........................................23 Capital Farm Credit ..................................29 Cooper Aerobics Center .........................24 Covenant Medical Group .......................... 7 Covisint/DocSite – Compuware ..........56 Cyfluent.........................................................22 Frost Bank .....................................................31 Humana .......................................................IBC Kindred ..........................................................42 Leichter Law..................................................8 Looper Reed & McGraw ..........................54 Mediacentric, LLC .....................................54 Medical Protective ...................................40 Novitas Solutions-TMA ........................... 50 Rx Security ..................................................47 Shannon’s Hope Foundation .................31 Sharp & Cobos, P.C. ...................................15 Stillwater National Bank (SNB) .............41 Texas Cardiac Center ...............................32 Texas Department of State Health Services (HIV) ......................................... 10


Texas Health Steps...............................6, 33 Texas Medical Association Communication Division .................... 64 Medical Education Dept. ....................49 Practice Consulting ................................. 3 Practice Management Education ....32


Texas Medical Association Insurance Trust ...........................................................BC


Texas Medical Group Management Association ..............................................39


Texas Medical Liability Trust .......... IFC, 5 TEXPAC .........................................................56 The Doctors Company ............................53 Transwestern ...............................................34 West, Webb, Allbritton and Gentry, PC ................................................39


Encrypt patient data


Advertise for as little as $25! TMA’s website experiences nearly 320,000 visitor sessions each month. With this kind of activity, can you afford not to advertise in TMA’s online classifieds? Place and purchase your classified ad now at http://classifieds.texmed.org.


In late June, the University of Texas M.D. Anderson Cancer Center reported theft of a laptop computer containing unen- crypted information for 30,000 patients. The lost data included patient names, treatment and research details, and So- cial Security numbers. M.D. Anderson’s ordeal is an example highlighting the importance of data en- cryption. The U.S. Department of Health and Human Services (HHS) defines en- cryption as “a method of converting an original message of regular text into en- coded text.”


48 TEXAS MEDICINE October 2012


Jump into HIE Mr. Gilman says Texas has made tremen- dous progress in implementing HIEs. “Through the local HIE grant program and the white space program covering rural Texas, all physicians and hospitals in Texas have an HIE option. Privacy and security guidance, including a state-level trust agreement and model business as- sociate agreement for use by local HIEs, has been developed in collaboration with TMA and other key stakeholders,” Mr. Gilman said.


These documents help shape the legal framework for private, secure exchange of health information in Texas. Addi- tional information on HIE privacy and security and interoperability guidance can be accessed online, http://hietexas .org/resources/policy-guidance. As much progress as Texas has made in developing HIEs, challenges to full connectivity still exist, says Dr. Deas. “Getting physicians to change the way


they’ve always done things is a constant uphill battle,” he said. “Some of us have this ingrained resistance to change.” Dr. Deas encourages his colleagues


to take the HIE plunge if they haven’t done so already. “Once physicians get past that point of initial resistance and try it out, they recognize the value of HIEs. The exchanges reduce redundancy of care, improve patients’ health, and lower costs,” he said.


Deborah Hiser, an Austin attorney who specializes in health care regula- tory and compliance matters, says it’s important that physicians review the encryption and destruction provisions, http://1.usa.gov/4Pqei, under the 2009 Health Information Technology for Eco- nomic and Clinical Health (HITECH) Act and notify patients quickly in the event of a data breach of unsecured protected health information. The HITECH Act re- vised Health Insurance Portability and Accountability Act (HIPAA) regulations to require physicians and other HIPAA- covered entities to notify the public when a breach of unsecured protected health information occurs. HHS generally defines a breach as “an impermissible use or disclosure under the [HIPAA] Privacy Rule that compro- mises the security or privacy of the pro- tected health information” and poses a significant risk of “financial, reputational, or other harm” to the patient. Ms. Hiser says physicians would be smart not only to have a system to detect breaches but also to encrypt all confi- dential patient information. The reason: Physicians and business associates must provide the required notification only if the breach involves unsecured protected health information. HHS has informa- tion on ways to encrypt protected health information on its website, http://1.usa .gov/n0KNLH.


Civil penalties for unintentional


HIPAA violations range from a mini- mum of $100 per violation to a maxi- mum of $50,000 per violation. Criminal penalties for fraud include a minimum $100,000 fine and up to five years’ im- prisonment. Individuals who violate HIPAA with intent to sell, transfer, or use protected health information for com- mercial advantage, personal gain, or ma- licious harm face a maximum $250,000 fine and 10 years’ imprisonment. (Read “Mum’s the Word,” August 2010 Texas Medicine, pages 49–53.) HHS provides answers to frequently


asked questions about encryption on its website, www.hhs.gov/ocr/privacy/ hipaa/faq/securityrule, including in- formation on the HIPAA Security Rule provisions regarding encryption. The American Medical Association has a


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68