AHLA Hospital's Friend or Foe: The Age of Social Media and Health 2.0

Today Jody Joiner and I presented at the AHLA Hospitals and Health Systems Institute on the use of social media by hospitals and health care providers. We provided an overview of social media use by hospitals and health care providers, discussed the pros/cons of using social media in the health care environment, presented case studies of the risks and legal implications and did a short role play involving tweets in the context of a medical negligence case. We also provided those attending with recommendations on developing social media guidelines and policies.

To show the speed and ease of using social media tools to spread information, news and photos we we did some live shots during the presentations using an iPhone that were then loaded up to my blog, Twitter and Facebook. We then pulled up the posts and tweets at the end of our hour presentation.

Great audience with great follow up questions. Thanks go out to Mark Browne (@ConsultDoc) and Peter Leibold (@HealthLawyers) for live tweeting during the session.

AIS Report on Patient Privacy: Analysis of Willful Neglect Under HITECH

Recently I was interviewed for a story focused on the changes to the HIPAA civil penalty enforcement under the HITECH Act.

The article, Willful Neglect Is Difficult to Pin Down, but Can Result in Enormous HIPAA Penalties, appears in the Report on Patient Privacy: Practical News and Strategies for Complying with HIPAA, Volume 10, Number 2 February 2010 published by Atalantic Information Services, Inc. (AIS). The article discusses the definition and interpretation of "willful neglect" under the HIPAA penalty provisions. Health care privacy officers should find this article helpful in better understanding their role and responsibility in overseeing privacy compliance efforts.

The full story was reprinted on AIS Health Business Daily website.

WV HIT Funding Under HITECH: WVHIN Gets $7.8M and WV REC gets $6M

Health and Human Services Secretary Sebelius and the National Coordinator for Health Information Technology, David Blumenthal, announced the HITECH funding under the ARRA for State Health Information Exchanges (HIEs) and Regional Extension Center (RECs) across the country.

The White House Press Release provides a detailed list of HIEs and RECs receiving grants. Inormation is also available via the HHS News Release, Sebelius, Solis Announce Nearly $1 Billion Recovery Act Investments in Advancing Use of Health IT, Training Works for Health Jobs of the Future.

West Virginia will receive the following funding:

• West Virginia Department of Health and Human Resources in conjunction with the West Virginia Health Information Network HIE Award: $7,819,000

• West Virginia Health Improvement Institute, Inc. REC ward:$6,000,000

More information about the health information technology programs and awards can be found on the Office of National Coordinator HIT Website.

• State Health Information Exchange Cooperative Agreement Program

• Health Information Technology Extension Program

Model Jury Instruction: Warning Jurors on Use of Electronic Technology and Social Media

The Committee on Court Administration and Case Management of the Judicial Conference of the United States has issued a memo regarding Juror Use of Electronic Communication Technologies.

At its December 2009 meeting, the Judicial Conference Committee endorsed a set of suggested jury instructions that federal district judges should consider using to help deter jurors from using electronic technologies to research or communicate about cases while they serve as jurors. The recommended instructions were developed as a result of the increased use of web enabled mobile phones and devices that can be used to research information and communicated in a variety of ways, including email, social media, etc.

The Proposed Model Jury Instruction reads as follows:

Proposed Model Jury Instructions

The Use of Electronic Technology to Conduct Research on or Communicate about a Case Prepared by the Judicial Conference Committee on Court Administration and Case Management

December 2009

Before Trial:
You, as jurors, must decide this case based solely on the evidence presented here within the four walls of this courtroom. This means that during the trial you must not conduct any independent research about this case, the matters in the case, and the individuals or corporations involved in the case. In other words, you should not consult dictionaries or reference materials, search the internet, websites, blogs, or use any other electronic tools to obtain information about this case or to help you decide the case. Please do not try to find out information from any source outside the confines of this courtroom.

Until you retire to deliberate, you may not discuss this case with anyone, even your fellow jurors. After you retire to deliberate, you may begin discussing the case with your fellow jurors, but you cannot discuss the case with anyone else until you have returned a verdict and the case is at an end. I hope that for all of you this case is interesting and noteworthy. I know that many of you use cell phones, Blackberries, the internet and other tools of technology. You also must not talk to anyone about this case or use these tools to communicate electronically with anyone about the case. This includes your family and friends. You may not communicate with anyone about the case on your cell phone, through e-mail, Blackberry, iPhone, text messaging, or on Twitter, through any blog or website, through any internet chat room, or by way of any other social networking websites, including Facebook, My Space, LinkedIn, and YouTube.

At the Close of the Case:
During your deliberations, you must not communicate with or provide any information to anyone by any means about this case. You may not use any electronic device or media, such as a telephone, cell phone, smart phone, iPhone, Blackberry or computer; the internet, any internet service, or any text or instant messaging service; or any internet chat room, blog, or website such as Facebook, My Space, LinkedIn, YouTube or Twitter, to communicate to anyone any information about this case or to conduct any research about this case until I accept your verdict.

WVHCA: 2010 CON Capital Expenditure Minimum

The West Virginia Health Care Authority announced that the capital expenditure minimum for calendar year 2010 is $2,767,500.

The capital expenditure minimum is typically used by the Authority when reviewing whether or not certain health relate projects require certificate of need review.

The Authority provided the following announcement via its website:

Pursuant to West Virginia Code §§ 16-2D-2(h) and (s), the Authority is required to adjust the expenditure minimum annually and publish an update of the amount on or before December 31 of each year. The expenditure minimum adjustment shall be based on the DRI inflation index published in the Global Insight DRI/WEFA Health Care Cost Review. The DRI inflation index as of December 31, 2009 is 2.5%.

The capital expenditure minimum for calendar year 2010 is $2,767,500.

State Attorney General HIPAA HITECH Enforcement

My health law colleague, David Harlow, covers the news today on the first HIPAA enforcement action taken by a state attorney general under the new HITECH provision of American Recovery and Reinvestment Act of 2009 (ARRA).

David's post, HIPAA enforcement by state attorney general: The shape of things to come, provides a good summary of the announcement by the Connecticut Attorney General. More information via the Connecticut Attorney General press release.

The lawsuit filed by the Connecticut Attorney General Richard Blumenthal (coincidentally brother of David Blumenthal, National Coordinator of Health Information Technology) alleges that a health insurer, Health Net of Connecticut, Inc., failed to promptly notify the AG and other officials of a missing portable computer disk drive that contained unencrypted protected health information, Social Security numbers and bank accounts for approximately 446,000 individuals. The lawsuit also named UnitedHealth Group Inc. and Oxford Health Plans, LLC who acquired ownership of Health Net of Connecticut. The action also seeks a court order against Health Net to encrypt all information held on electronic devices.

Since the early days of HIPAA implementation and compliance there has largely been a lack of real enforcement efforts. The new provisions under HITECH allowing state attorney generals to file HIPAA enforcement actions on behalf of the public bring a new era of enforcement against health care providers who are unfortunate to have a health data breach and fail to properly respond to such breach in a timely manner.

David offers some good advice and takeaway points to health care providers and others who regularly handle health information. It is not enough to have policies and procedures in place but to regularly monitor whether they are being followed. Today's health data is liquid and it can flow in many directions. Providers need to understand where and how data is stored, used and transferred.

HISPC Reports on State Health Information Law, Business Practice and Policy

The Office of the National Coordinator for Health Information Technology (ONC) has made available a compendium of reports which detail variations in state health information law, business practices and policy related to privacy and security of health information and the electronic exchange of health information.

The reports were developed in 2009 as a part of the ongoing efforts of the Health Information Security and Privacy Collaboration (HISPC) that started in 2006 when I had the the opportunity to work on the initial round of HISPC work as it related to West Virginia. The efforts by HISPC was to take a national look (at a state level) on the privacy and security challenges faced by the variation of state laws, policies and practices.

The reports will be a great resource for those who regularly look at state health information legal issues. Following are the summaries of the five reports along with links to the various tables/appendices:

• Report on State Medical Record Access Laws This report analyzes state laws that are intended to require health care providers (specifically, medical doctors and hospitals) to afford individuals access to their own health information and to identify potential barriers to the electronic exchange of health information. Specific state law provisions examined: scope of medical records to which patients are afforded access, format of information furnished, deadlines for responding to requests, fees for furnishing copies, record retention laws and access to records of minors.
• Report on State Law Requirements for Patient Permission to Disclose Health Information In Phase I of the HISPC project a majority of participants reported significant variation in the business practices and policies surrounding the need for and process of obtaining patient permission to use and disclose personal health information for a variety of purposes, including for treatment. This report furthers the initial work of this project by collating and analyzing state laws that govern the disclosure of identifiable health information for treatment purposes to identify commonalities and differences.
• Releasing Clinical Laboratory Test Results: Report on Survey of State Laws For this report, state statutes and regulations were analyzed to determine to whom clinical laboratories may release test results. This report focused on clinical laboratory and hospital licensing laws (that contain standards for hospital laboratories). It also examined general state medical record access laws to determine whether they provided an avenue for patients to access their clinical laboratory results directly.
• Report on State Prescribing Laws: Implications for e-Prescribing This report identifies and analyzes the impact and variation of state laws related to e-prescribing. The report addresses state laws related to the e-prescribing of controlled and non-controlled substances as well as topics such as record keeping and content requirements, out-of-state prescriptions, and generic substitution laws.
• Perspectives on Patient Matching: Approaches, Findings, and Challenges This report analyzes various approaches to matching patients to their health information in the context of electronic health information exchange. Current and potential methods for matching patients to their health records are discussed, challenges to performing patient matching such as scalability and ease of use are analyzed, and the types of information some HIOs use to match patients to their health records is described.