HMT: FTC affirms data security, NJ V BCBS re stolen laptops, free EHR hardware, and more
To view this email in your browser, please click here.
HMT on Facebook HMT on Twitter   HMT on LinkedIn 
Health Management Technology News
January 30, 2014
New! Graduate programs in Health Informatics

In this issue:

FTC affirms data security enforcement authority in rejecting LabMD arguments

NJ Senate health panel grills Horizon BCBS about stolen laptops and data breach

Hearst Corporation announces formation of Hearst Health

For doctors new to Practice Fusion, free hardware to ease transition to paper-free office

FTC affirms data security enforcement authority in rejecting LabMD arguments

The Federal Trade Commission Act Jan. 16 rejected LabMD Inc.'s arguments that because the company is a covered entity under the Health Insurance Portability and Accountability Act, the FTC lacks authority to take data security enforcement action against it under Section 5 of the FTC Act's unfairness prong (In re LabMD, Inc., FTC, No. 9357, dismissal denied 1/16/14).

In denying LabMd's motion to dismiss the FTC administrative enforcement action, the commission said its enforcement authority under the FTC Act doesn't conflict with the Health and Human Services Department's regulation of health information data security practices under HIPAA.

The commission voted 4-0 to reject LabMD's motion, with Commissioner Julie Brill not participating after her December 2013 recusal (13 PVLR 32, 1/6/14).

Kirk Nahra, a partner with Wiley Rein LLP, in Washington, called the FTC's assertion of authority in the case, despite LabMD's allegation of a conflict between HIPAA and the FTC Act, “significant” for HIPAA-covered entities. “This is the FTC saying that everyone regulated by HIPAA has to worry about us too,” he said.

Nahra, who is a member of Bloomberg BNA's Privacy & Security Law Report's advisory board said that this is the first case involving a health-care company that is presumably a HIPAA-covered entity in which the company has contested the FTC's authority.

Data Security Allegations

LabMD is an Atlanta-based cancer-detection services company. In an administrative complaint, the FTC alleged that the company's billing department manager made a report containing the personal information of approximately 9,300 consumers available through a peer-to-peer file-sharing network . A second incident allegedly occurred when a police department found LabMD documents, containing the personal information of several hundred consumers, in the possession of identity thieves.

The FTC alleged that LabMD's “failure to employ reasonable and appropriate measures to prevent unauthorized access to personal information” was an unfair act or practice under Section 5 of the FTC Act, 15 U.S.C. 45.

LabMD later filed a complaint in the U.S. District Court for the District of Columbia against the FTC, contending that the commission engaged in an “extralegal abuse of government power” through its use of the unfairness prong of Section 5 in the administrative action .

Read the full Bloomberg BNA article here

Return to the table of contents >

NJ Senate health panel grills Horizon BCBS about stolen laptops and data breach

A Senate panel grilled top officials from Horizon Blue Cross Blue Shield of New Jersey today for failing to protect the privacy of 840,000 policy holders whose information was contained in two laptops stolen in November.

Senators appeared visibly aggravated by the responses from three Horizon officials who said the ongoing criminal investigation prevented them from being more candid about how the theft happened and what they have done to prevent future thefts.

Horizon notified Newark police on Nov. 4 that two laptops had been stolen during the weekend of Nov. 1. The unencrypted computers had been chained to employee work stations but the locks were broken.

"Why wasn't the information encrypted? You could have saved potentially a lot of aggravation," said Sen. Joseph Vitale (D-Middlesex), chairman of the Senate Health, Human Services and Senior Citizens Committee. Vitale said he consulted information security experts who said it was "very sloppy" for these computers not to have been protected.

The laptops contained the names, addresses date of births of 840,000 policy holders -- and in some cases the Social security numbers and limited medical information.

"Most of the laptops are encrypted," said Horizon's director of information security, Greg Barnes.

"Most is not good enough," replied Sen. Richard Codey (D-Essex).

"It's very difficult to deal in absolutes," Barnes said.

The Horizon officials tried to reassure lawmakers by saying the laptops appeared to have been stolen by someone who wanted the equipment and not the confidential information.

"No one can assume that - you have to assume the worst," Vitale said.

Horizon lobbyist John Leyman stressed the company has "enhanced encryption and security systems," and have retrained staff on how to keep sensitive information protected.

Senators also questioned why it took a month for Horizon to alert policy holders the laptops were stolen.

Leyman said Horizon hired outside forensic experts "to fully identify the potential number of people affected so we would share the information with the right universe of people." That process took about a month, he said.

Horizon officials said they have received no reports that the missing information has been illegally used. But in the event that happens, the company has agreed to pay for credit checks and identify theft services.

"What if they wait more than a year" to use the information? Vitale asked.

Read the full article here

Return to the table of contents >

Hearst Corporation announces formation of Hearst Health

Hearst Corporation today announced the creation of Hearst Health, a new brand that encompasses its healthcare information businesses, giving the company a consolidated presence across the clinical, pharmacy, home and hospice care, and health insurance markets. The announcement was made by Steven R. Swartz, president and CEO of Hearst Corporation, and Richard P. Malloch, president of Hearst Business Media, which oversees Hearst Health.

Healthcare information has become a chief revenue source for Hearst through its leading companies: FDB (First Databank), Zynx Health, MCG (formerly Milliman Care Guidelines), Homecare Homebase (85 percent stake, as previously announced) and Map of Medicine (internationally). Each year in the U.S., care guidance from Hearst Health reaches more than 75 percent of patients discharged from hospitals, 20 million patient home visits, more than 133 million insured individuals, 1.8 billion retail pharmacy prescriptions and 3.25 billion prescription claims.

“Since our founding, Hearst has been committed to public service and to independently gathering and disseminating high value, accurate information,” Swartz said. “Hearst Health’s leadership position in the healthcare information industry is rooted in that commitment. The goal of all of our healthcare businesses is to help our clients achieve excellence in care through access to better information.”

In the healthcare sector in North America, Hearst owns and operates:

  • FDB (First Databank)—the leading provider of drug knowledge bases that empower healthcare information systems and enable healthcare professionals to make better medication-related decisions
  • Zynx Health—the Best in KLAS provider of evidence-based care plans, as well as order sets and clinical optimization programs, to measurably improve patient outcomes, enhance safety and lower costs
  • MCG (formerly Milliman Care Guidelines)—a developer and producer of globally sourced, clinically validated best practices for health systems and insurance companies to drive effective and cost-appropriate care
  • Homecare Homebase—a leading provider of comprehensive software-as-service solutions to the homecare and hospice market

Internationally, the Hearst Health network also includes Map of Medicine, a Web-based visual representation of evidence-based patient care journeys to enable clinicians to plan and then benchmark clinical practice against national standards.

“Hearst has been operating in the healthcare information industry since 1980. Each of our companies pioneered their markets and emerged as leaders,” Malloch said. “Our companies complement each other under their shared mission of putting vital information into the hands of everyone who touches a person’s health journey. Establishing the Hearst Health brand will elevate the awareness of what we do in the healthcare marketplace.”

Read the full Heart Corporation news release here

Return to the table of contents >

For doctors new to Practice Fusion, free hardware to ease transition to paper-free office

Practice Fusion, the country’s largest physician-patient community, announced a program today that offers new users a free Google Chromebook for easy access to the company’s free, web-based EHR system anywhere with an Internet or Wi-Fi connection. This addresses a critical need in medical offices, where according to a 2013 survey of Practice Fusion’s community, outdated computers are common, with more than a third (36 percent) of doctors using computers that are between three to six years of age or older.

The company also launched a new set of clinical decision support tools for providers on the Practice Fusion platform. Doctors charting in the system will see new proactive messages prompting them to run critical tests and perform actions for at-risk patients. For example, doctors seeing patients with type 2 diabetes will now receive alerts reminding them to administer critical foot and eye exams and hemoglobin testing.

“The ability to afford hardware to access the web is the single largest barrier for primary care doctors to adopting new technology to manage their patients’ health,” said Ryan Howard, CEO and founder of Practice Fusion. “In addition to our award winning EHR, we are now going to address the financial burden of purchasing laptops to further serve our growing community and mission. Our new in-product clinical decision support tools further solidify our commitment to leveraging technology to help each of our users to provide the best care possible to patients.”

Read the full Practice Fusion news release here

Return to the table of contents >


A single test could cost your hospital millions

View the NEW exciting White Papers and Webinars on HMT!

Surviving value-based purchasing in healthcare

Late-binding: Why you DON'T need a comprehensive data warehouse model

Click here to read these white papers. >

February  2014  HMT digital book

Industry News

Survey reveals more compliance and ethics professionals now have a seat in the C-suite
Compliance and ethics officers are now among the high-ranking executives with a seat in the C-suite, according to “The...
Read more>>
AHIMA CEO: Information governance critical to success of nation's ehealth initiatives
Information governance is an accountability framework that provides clear policies, standards and structure to ensure the...
Read more>>
Aetna CEO says healthcare costs are out of control
While the rise in medical costs has slowed since the last recession, the U.S. still needs to switch to a “fundamentally...
Read more>>
Aurora shooting mass casualty response to be detailed at HIMSS14
The University of Colorado Hospital will present “The Role of Automation in Mass Casualty Events, ” detailing how its...
Read more>>
Compliance professionals to meet for HCCA's 18th Annual Compliance Institute
Today’s health care industry is undergoing massive restructuring and compliance professionals must keep abreast of all the...
Read more>>


Subscribe to the
HMT newsletter



Subscribe to HMT

Resource Guide

Media Kit


Career Builder

White Papers

Advertising Inquiries

Editorial Inquiries

Website and Newsletter Inquiries

Subscription Inquiries

HMT Online Only features

Subscribe to Health Management Technology | Contact the Publisher | Advertise With Us  |   Privacy Statement

Copyright 2014 NP Communications LLC, 2477 Stickney Point Rd, Suite 221B, Sarasota, FL 34231