http://www.wakingupcosts.net/index/channel/hipaa en Copyright 2008 Conversant's Weblog II plugin HIPAA Clark Venable http://www.wakingupcosts.net/309/trackback http://seattlepi.nwsource.com/local/214663_googlehack05.html Tue, 08 Mar 2005 00:35:18 GMT http://www.wakingupcosts.net/309 http://www.wakingupcosts.net/309/reply HIPAA Technology <p><a href="http://seattlepi.nwsource.com/local/214663_googlehack05.html">'Good guys' show just how easy it is to steal ID</a>: </p> <div class="snip">" Teams of hackers surfed the Web at Seattle University yesterday, harvesting Social Security and credit card numbers like a farmer cutting wheat. In less than an hour, they found millions of names, birth dates and numbers -- cyberburglar tools for the crime of identity theft -- using just one, familiar Internet search engine: Google. "</div><br /> <p>The problem is not Google. The problem is the sites that allowed these documents to be indexed. I wonder how successful we would be finding protected health information?</p> <p>[Via <a href="http://hipaablog.blogspot.com/2005/03/google-hacking-i-reported-from-hcca.html">HIPAA Blog</a>]</p> Clark Venable http://www.wakingupcosts.net/168/trackback http://www.wakingupcosts.net/168 Sat, 20 Nov 2004 13:47:46 GMT http://www.wakingupcosts.net/168 http://www.wakingupcosts.net/168/reply HIPAA <p>A question came up this week about whether or not we could administer eye drops in the waiting room to patients having cataract surgery. This led me to Google, which led me to '<a href="http://www.texmed.org/pmt/hipaa/march03.asp">HIPAA Myth Buster</a>'. In reading through this and related sites, I discovered that many things that we do in the name of 'HIPAA compliance' just are not necessary.</p><p>Here is but one example:</p><div class="snip">"<em>"HIPAA doesn't allow my staff to call patient names in the waiting room, so now we have to call patients by number.</em><br /><br /> "Actually, HIPAA does permit the staff to call out patient names in waiting rooms. The regulations provide that when a physician makes the good faith effort described above, he or she is permitted to disclose information "incident to a use or disclosure otherwise permitted" by the regulations. <br /><br /> "The government says that means that a physician or staff member can call out names in the waiting room, hang charts outside doors, or use a whiteboard to list patients in the building or office. However, one should refrain from unnecessary disclosures. For instance, calling out names in the waiting room is fine, but calling out names and diagnoses would be problematic.""</div><br /><p>I still don't know whether we can administer eye drops (would it be an 'incidental disclosure'?) but I do know, as I long suspected, that some of what we do is stupid and driven by the vendors that want to sell us their 'solutions.'</p>