Professional Documents
Culture Documents
Really!
99
348 You Tube
Blogs
551 Profiles
Facebook Fan
Pages 583 Tw itter
Accounts
Consumer Privacy,
Free Speech,
Internet Privacy
“While the ACLU of Northern California and Facebook both agree that
location information is very sensitive, the ACLU of Northern California
disagree that Places gives users adequate control of how and when to
share this information… We understand and appreciate the various privacy
protections and options that are currently available to Places users. But
there were some straightforward steps that we highlighted to Facebook
that they could have taken to improve the privacy features before launch.
Not having these common sense privacy protections has unfortunately
overshadowed some of the safeguards that the Places team worked so
hard to build into the product.”
~ ACLU of Northern California
http://www.aclunc.org/issues/technology/blog/facebook_addresses_several_privacy_problems.shtml
Postings on Facebook can be very
specific on patient medical
conditions. Parents may not realize
the risks of revealing this personal
medical information.
Who is Worried About Revealing Medical Information?
Vince Golla, digital media and syndication director for Kaiser, wrote in an e-
mail that the policy was necessary “to help employees understand their
responsibilities in social media channels and show them how they can
safely engage.”
The policy forbids Kaiser employees from sharing any kind of information
that might lead to the identification of a patient.
The problem arises when access is open to anyone. “If it’s not controlled
and hasn’t been sanctioned, you are probably outside the safety net,” she
says. You need a disclaimer that the discussion is not intended to provide
medical advice.
Source:http://news.nurse.com/article/20100809/NATIONAL01/108090045/-
1/frontpage
Managing Social Media in Your Hospital
LONG BEACH - State health officials on Wednesday were continuing their investigation into a
major breach of patient privacy at St. Mary Medical Center in Long Beach after some
hospital staff members took pictures of a dying patient and reportedly posted the photos on
Facebook.
On April 9, William Wells, 60, was rushed in to the St. Mary emergency room with his
throat slashed so severely he was nearly decapitated. Instead of focusing on treating him,
nurses and other hospital staff took pictures of Wells and posted them on Facebook, a
whistle-blowing employee told the Los Angeles Times.
Wells died from his injuries…Hospital officials said four staff members were fired and
three were disciplined as a result of the privacy violation…Ralph Montano, a spokesman
for the California Department of Public Health, said the department is investigating the
incident along with eight other possible breaches of patient privacy at St. Mary this year.
Establish Guidelines & Educate Staff
The personal details of 100 million Facebook users were collected and
published online in a downloadable file reported by msnbc.com on July
29,1010 The article said that Facebook downplayed the issue, saying that
no private data had been compromised. An online security consultant, on
the Internet site Pirate Bay had used code to scan 500 million Facebook
profiles for information not hidden by Facebook user privacy settings. The
MSNBC article reported that the resulting file had been downloaded by
several thousand people.
"Once I have the name and URL of a user, I can view, by default, their
picture, friends, information about them, and some other details," the
online security consultant responsible for the compromise added. "If the
user has set their privacy higher, at the very least I can view their name
and picture. So, if any searchable user has friends that are non-
searchable, those friends just opted into being searched, like it or not!
Oops :)"
Source~ HIPAA compliance, part 1: who are your "business associates"? The answer matters, because you are
responsible for their adhering to HIPAA privacy rules - Oct, 2002 by Sandra K. Battaglia
http://findarticles.com/p/articles/mi_m3830/is_10_51/ai_93232188/
*Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Enforcement Rules
Tougher personal health information protection in
proposed HHS rules
DHHS announced in July notice of proposed rulemaking on health
IT privacy and security that promises to strengthen existing laws.
The new rules are part of an effort to ensure Americans trust
personal health data exchange. The proposed rules are designed
to strengthen and expand enforcement of HIPAA*~ DHHS
Sec.Kathleen Sebelius
The rulemaking is mandated under the HITECH portion of the
American Recovery and Reinvestment Act of 2009.
The proposed rules include measures to expand individuals’ rights
to access their information and to restrict certain types of
disclosures of protected health information. It requires business
associates of HIPAA-covered entities to be under most of the
same rules as the covered entities, and it sets new limitations on
the use and disclosure of protected health information for
marketing and fund raising. It also prohibits the sale of protected
health information without patient authorization.
**Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security,
and Enforcement Rules
Changing HIPAA rules for Business Associates
“Sections 164.308, 164.310, 164.312, and 164.316 of title 45, Code of Federal
Regulations, shall apply to a business associate of a covered entity in the same
manner that such sections apply to the covered entity. The additional requirements
of this title that relate to security and that are made applicable with respect to
covered entities shall also be applicable to such a business associate and shall be
incorporate[d] into the business associate agreement between the business associate
and the covered entity.” ARRA Sec. 13401(a). This statement makes business
associates directly subject to nearly all of the HIPAA security regulations,
the HIPAA rules relating to electronic protected health information. Prior to
the change, these obligations existed for business associates only as a
matter of contract.
“A business associate of a covered entity that accesses, maintains, retains, modifies,
records, stores, destroys, or otherwise holds, uses, or discloses unsecured protected
health information shall, following the discovery of a breach of such information,
notify the covered entity of such breach.” ARRA Sec. 13402(b). This statement
creates a new obligation for business associates – report to covered entities
breaches of unsecured protected health information.
“The additional requirements of this subtitle that relate to privacy and that are made
applicable with respect to covered entities shall also be applicable to such a business
associate and shall be incorporated into the business associate agreement between
the business associate and the covered entity.” ARRA Sec. 13404(a). This
statement makes business associates directly subject to nearly all of the
HIPAA privacy regulations. Prior to the change, as with the security
regulations, these obligations existed for business associates only as a
matter of contract.
Source: "New Challenges for HIPAA Business Associates Under ARRA and HITECH" by Joseph Lazzarotti, Jackson Lewis, LLP June 1, 2010
http://www.workplaceprivacyreport.com/2010/06/articles/hipaa-1/new-challenges-for-hipaa-business-associates-under-arra-and-
hitech/
American Recovery and Reinvestment Act of 2009 (ARRA) The Health Information Technology for Economic and Clinical Health
(HITECH) Act
Hospitals Must Assess Their Business
Associate Relationship with Facebook
Source: Data Management and Security Report “New Challenges for HIPAA Business Associates Under
ARRA and HITECH June 1, 2010 by Joseph Lazzarotti
http://www.workplaceprivacyreport.com/2010/06/articles/hipaa-1/new-challenges-for-hipaa-
business-associates-under-arra-and-hitech/
Consider Your Own Hospital’s Online
Communities
Have you considered leveraging your connections on
Facebook to refer them to your own secure online
community?
Visit us at:
www.myhealthcommunity.net