Law in the Internet Society	View r8 > r7 > r6 > r5 > r4 > r3 ...
Main AmLegalHist CompPrivConst EngLegalHist LawContempSoc LawNetSoc TWiki

BrendanMulliganSecondPaper 8 - 07 Sep 2011 - Main.IanSullivan

Line: 1 to 1

Changed:

<
<

META TOPICPARENT	name="SecondPaper"

>
>

META TOPICPARENT	name="SecondPaper2009"

Ready for review.

BrendanMulliganSecondPaper 7 - 09 May 2010 - Main.EbenMoglen

Line: 1 to 1

META TOPICPARENT	name="SecondPaper"

Ready for review.

Establishing a Private, Workable Online Medical Database

Establishing a Private, Workable Online Medical Database

Changed:

<
<

-- By BrendanMulligan?

>
>

-- By BrendanMulligan

In its 1999 report, “To Err is Human: Building a Safer Health System”, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost production, disability, and additional health care costs. According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care. Fewer than 2% of the nation's 5,000 non-VA hospitals have what could be considered a full-fledged system.

Line: 32 to 32

This rule is indefensible even with paper files but increased, easy, and remote access to personal health data make it particularly dangerous. As we move towards integrated EHR system, this provision must be changed. Congress could start by revisiting the House’s 2004 STOHP Act, which makes consent the core of disclosure. In effect, the change would require individuals to give or withhold consent before their personal health information is used or disclosed before each routine purposes, instead of a one-time consent as in effect now.

Deleted:

<
<

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" on the next line:

# * Set ALLOWTOPICVIEW = TWikiAdminGroup, BrendanMulligan

Note: TWiki has strict formatting rules. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of that line. If you wish to give access to any other users simply add them to the comma separated list

\ No newline at end of file

Added:

>
>

There are really two topics here, and it would be worth the effort of choosing between them. The HIPAA issue you raise is a matter subject to political deadlock. Any legislation that tries to move in the area will immediately be subject to encrustation with all the other conflicting claims by all the other parties who believe that free market capitalism means that government should never do anything that hurts their business, which has generated enough money to put a cousin or a brother in the Senate. All you can really do is to reprint earnest staff reports that will never get enacted. VistA? , on the other hand, can be developed, as you point out, by executive action alone, if the Administration is prepared to take some heat from people whose proprietary software businesses would be wiped out by it. There are technical issues you should have described to some extent, and you should have discussed OpenVistA? , which is the Free World's attempt to meet some of those technical problems. You might also have discussed the possibility of following in the steps of Finland, which now runs its national system of hospitals on its version of the VistA? we developed and put into the public domain for them. Obviously I think this aspect of the situation would make the VistA? portion of the essay the one to expand, but either way, you will do a far more effective job if you don't have to give away half the space.

\ No newline at end of file

BrendanMulliganSecondPaper 6 - 25 Mar 2010 - Main.BrendanMulligan

Line: 1 to 1

META TOPICPARENT	name="SecondPaper"

Ready for review.

Line: 26 to 26

The government responded to these concerns with changes to Health Insurance Portability and Accountability Act of 1996 (HIPAA). Any time private health information is “accessed, acquired, or disclosed” by or to an unauthorized person,” the Department of Health and Human must be notified. If the breach affects more than 500 residents of the same state, major media outlets must be notified. This will be enforced by penalties of $50,000 for actions of willful neglect, undefined, but presumably the failure to adopt safeguards required by law.

Changed:

<
<

Problems of HIPAA-Acceptable Private Health Information Sharing

>
>

Lingering Problems with HIPAA-Acceptable Private Health Information Sharing

The above change may increase hospital vigilance in protecting medical privacy (e.g.), but it fails to stop the easiest breach of private health information. HIPAA permits patients’ personal health information to be shared among more than 600,000 organizations without patients’ consent. 45 C.F.R. § 164.506 states that with limited exceptions “a covered entity may use or disclose protected health information for treatment, payment, or health care operations as set forth in paragraph (c) of this section.” Health care operations are defined extremely broadly, including activities such as business planning, management and administration, the sale or transfer of a covered entity, fundraising, and data analysis for plan holders or other sponsors. There are almost no discernible restrictions.

 BrendanMulliganSecondPaper 5 - 25 Mar 2010 - Main.BrendanMulligan
 Line: 1 to 1
  
   META TOPICPARENT    name="SecondPaper" 

Ready for review.
Line: 10 to 10
  In its 1999 report, “To Err is Human: Building a Safer Health System”, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost production, disability, and additional health care costs. According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care. Fewer than 2% of the nation's 5,000 non-VA hospitals have what could be considered a full-fledged system.

 Proprietary Contribution to a Broken System 
 Changed: 
<
< Vendors’ commercial systems are proprietary and designed to not talk to other vendors' systems. Further, the Healthcare Information and Management Systems Society (HIMSS), which is a powerful healthcare organization focused on fostering the optimal use of information technology (IT) and management systems for the betterment of healthcare, is ostensibly independent, but acts as a lobby for proprietary owners. HIMSS hosts the largest and most well-publicized health IT conferences in the country. They charge large sums of money to buy space at conferences and limit the electronic health record vendor association to companies which “design, develop and market their own proprietary Electronic Health Record software application.”
>
> Vendors’ commercial systems are proprietary and designed to not talk to other vendors' systems. Further, the Healthcare Information and Management Systems Society (HIMSS), which is a powerful healthcare organization focused on fostering the optimal use of information technology (IT) and management systems for the betterment of healthcare, is ostensibly independent, but acts as a lobby for proprietary owners. HIMSS hosts the largest and most well-publicized health IT conferences in the country. They charge large sums of money to buy space at conferences and limit the electronic health record vendor association to companies which “design, develop and market their own proprietary electronic health record (EHR) software application.”
  
 Changed: 
<
< People are dying because we lack proper IT infrastructure and the government should take steps to catalyze this process by (1) incentivizing the use of VistA?  public domain software to improve functionality and streamline formatting and (2) safeguarding privacy.
>
> People are dying because we lack proper IT infrastructure. The government should take steps to catalyze conversion to a functioning EHR system by (1) incentivizing the use of VistA?  public domain software to improve functionality and streamline formatting and (2) amending HIPAA to safeguard privacy.
  
 Changed: 
<
<  Lip Service to Open Source Acceptance 
The open source movement has gained some traction in relation to the government’s policy on health IT. First, the stimulus calls for a study on the availability of open source health IT systems to be completed by Oct. 1, 2010. This includes comparing the total cost of ownership of open source to existing proprietary commercial products, ideally providing open source systems with the opportunity to demonstrate much superior value to price ratios. 
>
>  Bungled EHR Policy Solutions 
To promote the conversion to accessible EHRs, the government initiated two major changes via the stimulus package. First, it commissioned a study on the availability of open source health IT systems to be completed by Oct. 1, 2010. This includes comparing the total cost of ownership of open source to existing proprietary commercial products, ideally providing open source systems with the opportunity to demonstrate much superior value to price ratios. Second, the government earmarked $20B for doctors and hospitals that switch to "functional online databases". The provisions dictate that hospitals must only perform “one test of certified EHR technology's capacity to electronically exchange key clinical information.” See Table 2. This standard does not meet the hospitals' own bar for internal use of electronic systems.
  
 Changed: 
<
< Second, the stimulus empowered the support the development and routine updating of qualified EHR technology. The government earmarked $20B to incentivize the switch to functional online databases. The provisions however, dictate that hospitals must only perform “one test of certified EHR technology's capacity to electronically exchange key clinical information.” See Table 2. The government set a much lower bar for interoperability and sharing information, despite the much higher bar for the way docs and hospitals use electronic systems internally. 

However, the government already developed the best comprehensive health IT system, VistA? , and did nothing to promote its use. The VistA?  system, its interface, and all updates (500–600 patches per year) are provided as public domain software and used by many private hospitals. VistA?  successfully integrates the databases throughout the Veteran's Health Administration, which runs the largest medical system in the US. In focusing on internal benchmarks, the government inexplicably misses its chance to create an operational system. The stimulus dollars should instead incent hospitals to integrate onto VistA? —which has been established for as little as “1/10th the price” of proprietary software.  
>
> Perplexingly, the government already developed the most well-used, cost-effective, and comprehensive health IT system, VistA, and did nothing to promote its use. The VistA?  successfully integrates databases throughout the Veteran's Health Administration, the largest hospital system in the US. Its interface, and all updates (500–600 patches per year) are provided as public domain software and used by many private hospitals. The stimulus dollars might have incented hospitals to integrate onto VistA? —which has been established for as little as “1/10th the price” of proprietary software. Instead, perhaps to ward off well-rehearsed critiques of socialism, the government threw money into a proprietary black hole that promises lower standards than the government demands of itself.
   Lost, Stolen, and Mislaid Private Health Information 
 Changed: 
<
< Secondly, a health database must address concerns over medical privacy. Much of the debate surrounding health care information centers on safeguarding data from being “lost, stolen or mishandled.” See also, Robert A. Gerberry, Legal Ramifications of the Formation of Digital Hospitals, 14 Health Law 27, June, 2002. “Faced with stories of confidential medical records being accidentally posted on a web site, and being emailed to all members of a computer network, patients continue to fear the misuse of confidential medical information. Online providers need to protect against the electronic misappropriation of health information by complying with confidentiality laws that seek to protect patient information.” 
>
> A health database must also address concerns over medical privacy. Much of the debate surrounding health care information centers on safeguarding data from being “lost, stolen or mishandled.” See also, Robert A. Gerberry, Legal Ramifications of the Formation of Digital Hospitals, 14 Health Law 27, June, 2002. “Faced with stories of confidential medical records being accidentally posted on a web site, and being emailed to all members of a computer network, patients continue to fear the misuse of confidential medical information. Online providers need to protect against the electronic misappropriation of health information by complying with confidentiality laws that seek to protect patient information.” 
  These concerns are legitimate. In a recent survey of IT professionals, “seventy percent said senior management does not view privacy and data security as a priority. Eighty percent of respondent organizations had experienced at least one incident of lost or stolen electronic health information in the past year.” Over the last few years, the personal health information of “hundreds of thousands of people” has been compromised because of security lapses at hospitals, insurance companies and government agencies. 

The government responded to these concerns with changes to Health Insurance Portability and Accountability Act of 1996 (HIPAA). Any time private health information is “accessed, acquired, or disclosed” by or to an unauthorized person,” the Department of Health and Human must be notified. If the breach affects more than 500 residents of the same state, major media outlets must be notified. This will be enforced by penalties of $50,000 for actions of willful neglect, undefined, but presumably the failure to adopt safeguards required by law. 

 Problems of HIPAA-Acceptable Private Health Information Sharing 
 Changed: 
<
< The above change may increase hospital vigilance in protecting medical privacy (e.g., http://www.arkhospitals.org/calendar/calendarpdf/july%2030-09hitech%20changes.pdf), but it fails to stop the easiest breach of private health information. HIPAA permits patients’ personal health information to be shared among more than 600,000 organizations without patients’ consent. 45 C.F.R. § 164.506 states that with limited exceptions “a covered entity may use or disclose protected health information for treatment, payment, or health care operations as set forth in paragraph (c) of this section.” Health care operations are defined extremely broadly, leaving almost no discernible restrictions. It includes activities such as business planning, management and administration, the sale or transfer of a covered entity, fundraising, and data analysis for plan holders or other sponsors. 
>
> The above change may increase hospital vigilance in protecting medical privacy (e.g.), but it fails to stop the easiest breach of private health information. HIPAA permits patients’ personal health information to be shared among more than 600,000 organizations without patients’ consent. 45 C.F.R. § 164.506 states that with limited exceptions “a covered entity may use or disclose protected health information for treatment, payment, or health care operations as set forth in paragraph (c) of this section.” Health care operations are defined extremely broadly, including activities such as business planning, management and administration, the sale or transfer of a covered entity, fundraising, and data analysis for plan holders or other sponsors. There are almost no discernible restrictions.
  
 Changed: 
<
< This rule is indefensible even with paper files, but increased access to personal health data on an integrated system makes it particularly dangerous. Therefore, any change to HIPAA should alter this provision. Congress could start by revisiting the House’s 2004 STOHP Act, which makes consent the core of disclosure. In effect, the change would require individuals to give or withhold consent before their personal health information is used or disclosed before each routine purposes, instead of a one-time consent as in effect now.
>
> This rule is indefensible even with paper files but increased, easy, and remote access to personal health data make it particularly dangerous. As we move towards integrated EHR system, this provision must be changed. Congress could start by revisiting the House’s 2004 STOHP Act, which makes consent the core of disclosure. In effect, the change would require individuals to give or withhold consent before their personal health information is used or disclosed before each routine purposes, instead of a one-time consent as in effect now.
  
You are entitled to restrict access to your paper if you want to.  But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
    META TOPICPARENT    name="SecondPaper" 

Ready for review.
-   META TOPICPARENT
+ name="SecondPaper"
 In its 1999 report, “To Err is Human: Building a Safer Health System”, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost production, disability, and additional health care costs. According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care. Fewer than 2% of the nation's 5,000 non-VA hospitals have what could be considered a full-fledged system.

 Proprietary Contribution to a Broken System
-<
<
+Vendors’ commercial systems are proprietary and designed to not talk to other vendors' systems. Further, the Healthcare Information and Management Systems Society (HIMSS), which is a powerful healthcare organization focused on fostering the optimal use of information technology (IT) and management systems for the betterment of healthcare, is ostensibly independent, but acts as a lobby for proprietary owners. HIMSS hosts the largest and most well-publicized health IT conferences in the country. They charge large sums of money to buy space at conferences and limit the electronic health record vendor association to companies which “design, develop and market their own proprietary Electronic Health Record software application.”
->
>
+Vendors’ commercial systems are proprietary and designed to not talk to other vendors' systems. Further, the Healthcare Information and Management Systems Society (HIMSS), which is a powerful healthcare organization focused on fostering the optimal use of information technology (IT) and management systems for the betterment of healthcare, is ostensibly independent, but acts as a lobby for proprietary owners. HIMSS hosts the largest and most well-publicized health IT conferences in the country. They charge large sums of money to buy space at conferences and limit the electronic health record vendor association to companies which “design, develop and market their own proprietary electronic health record (EHR) software application.”
-<
<
+People are dying because we lack proper IT infrastructure and the government should take steps to catalyze this process by (1) incentivizing the use of VistA?  public domain software to improve functionality and streamline formatting and (2) safeguarding privacy.
->
>
+People are dying because we lack proper IT infrastructure. The government should take steps to catalyze conversion to a functioning EHR system by (1) incentivizing the use of VistA?  public domain software to improve functionality and streamline formatting and (2) amending HIPAA to safeguard privacy.
-<
<
+ Lip Service to Open Source Acceptance 
The open source movement has gained some traction in relation to the government’s policy on health IT. First, the stimulus calls for a study on the availability of open source health IT systems to be completed by Oct. 1, 2010. This includes comparing the total cost of ownership of open source to existing proprietary commercial products, ideally providing open source systems with the opportunity to demonstrate much superior value to price ratios.
->
>
+ Bungled EHR Policy Solutions 
To promote the conversion to accessible EHRs, the government initiated two major changes via the stimulus package. First, it commissioned a study on the availability of open source health IT systems to be completed by Oct. 1, 2010. This includes comparing the total cost of ownership of open source to existing proprietary commercial products, ideally providing open source systems with the opportunity to demonstrate much superior value to price ratios. Second, the government earmarked $20B for doctors and hospitals that switch to "functional online databases". The provisions dictate that hospitals must only perform “one test of certified EHR technology's capacity to electronically exchange key clinical information.” See Table 2. This standard does not meet the hospitals' own bar for internal use of electronic systems.
-<
<
+Second, the stimulus empowered the support the development and routine updating of qualified EHR technology. The government earmarked $20B to incentivize the switch to functional online databases. The provisions however, dictate that hospitals must only perform “one test of certified EHR technology's capacity to electronically exchange key clinical information.” See Table 2. The government set a much lower bar for interoperability and sharing information, despite the much higher bar for the way docs and hospitals use electronic systems internally. 

However, the government already developed the best comprehensive health IT system, VistA? , and did nothing to promote its use. The VistA?  system, its interface, and all updates (500–600 patches per year) are provided as public domain software and used by many private hospitals. VistA?  successfully integrates the databases throughout the Veteran's Health Administration, which runs the largest medical system in the US. In focusing on internal benchmarks, the government inexplicably misses its chance to create an operational system. The stimulus dollars should instead incent hospitals to integrate onto VistA? —which has been established for as little as “1/10th the price” of proprietary software.
->
>
+Perplexingly, the government already developed the most well-used, cost-effective, and comprehensive health IT system, VistA, and did nothing to promote its use. The VistA?  successfully integrates databases throughout the Veteran's Health Administration, the largest hospital system in the US. Its interface, and all updates (500–600 patches per year) are provided as public domain software and used by many private hospitals. The stimulus dollars might have incented hospitals to integrate onto VistA? —which has been established for as little as “1/10th the price” of proprietary software. Instead, perhaps to ward off well-rehearsed critiques of socialism, the government threw money into a proprietary black hole that promises lower standards than the government demands of itself.
  Lost, Stolen, and Mislaid Private Health Information
-<
<
+Secondly, a health database must address concerns over medical privacy. Much of the debate surrounding health care information centers on safeguarding data from being “lost, stolen or mishandled.” See also, Robert A. Gerberry, Legal Ramifications of the Formation of Digital Hospitals, 14 Health Law 27, June, 2002. “Faced with stories of confidential medical records being accidentally posted on a web site, and being emailed to all members of a computer network, patients continue to fear the misuse of confidential medical information. Online providers need to protect against the electronic misappropriation of health information by complying with confidentiality laws that seek to protect patient information.”
->
>
+A health database must also address concerns over medical privacy. Much of the debate surrounding health care information centers on safeguarding data from being “lost, stolen or mishandled.” See also, Robert A. Gerberry, Legal Ramifications of the Formation of Digital Hospitals, 14 Health Law 27, June, 2002. “Faced with stories of confidential medical records being accidentally posted on a web site, and being emailed to all members of a computer network, patients continue to fear the misuse of confidential medical information. Online providers need to protect against the electronic misappropriation of health information by complying with confidentiality laws that seek to protect patient information.”
 These concerns are legitimate. In a recent survey of IT professionals, “seventy percent said senior management does not view privacy and data security as a priority. Eighty percent of respondent organizations had experienced at least one incident of lost or stolen electronic health information in the past year.” Over the last few years, the personal health information of “hundreds of thousands of people” has been compromised because of security lapses at hospitals, insurance companies and government agencies. 

The government responded to these concerns with changes to Health Insurance Portability and Accountability Act of 1996 (HIPAA). Any time private health information is “accessed, acquired, or disclosed” by or to an unauthorized person,” the Department of Health and Human must be notified. If the breach affects more than 500 residents of the same state, major media outlets must be notified. This will be enforced by penalties of $50,000 for actions of willful neglect, undefined, but presumably the failure to adopt safeguards required by law. 

 Problems of HIPAA-Acceptable Private Health Information Sharing
-<
<
+The above change may increase hospital vigilance in protecting medical privacy (e.g., http://www.arkhospitals.org/calendar/calendarpdf/july%2030-09hitech%20changes.pdf), but it fails to stop the easiest breach of private health information. HIPAA permits patients’ personal health information to be shared among more than 600,000 organizations without patients’ consent. 45 C.F.R. § 164.506 states that with limited exceptions “a covered entity may use or disclose protected health information for treatment, payment, or health care operations as set forth in paragraph (c) of this section.” Health care operations are defined extremely broadly, leaving almost no discernible restrictions. It includes activities such as business planning, management and administration, the sale or transfer of a covered entity, fundraising, and data analysis for plan holders or other sponsors.
->
>
+The above change may increase hospital vigilance in protecting medical privacy (e.g.), but it fails to stop the easiest breach of private health information. HIPAA permits patients’ personal health information to be shared among more than 600,000 organizations without patients’ consent. 45 C.F.R. § 164.506 states that with limited exceptions “a covered entity may use or disclose protected health information for treatment, payment, or health care operations as set forth in paragraph (c) of this section.” Health care operations are defined extremely broadly, including activities such as business planning, management and administration, the sale or transfer of a covered entity, fundraising, and data analysis for plan holders or other sponsors. There are almost no discernible restrictions.
-<
<
+This rule is indefensible even with paper files, but increased access to personal health data on an integrated system makes it particularly dangerous. Therefore, any change to HIPAA should alter this provision. Congress could start by revisiting the House’s 2004 STOHP Act, which makes consent the core of disclosure. In effect, the change would require individuals to give or withhold consent before their personal health information is used or disclosed before each routine purposes, instead of a one-time consent as in effect now.
->
>
+This rule is indefensible even with paper files but increased, easy, and remote access to personal health data make it particularly dangerous. As we move towards integrated EHR system, this provision must be changed. Congress could start by revisiting the House’s 2004 STOHP Act, which makes consent the core of disclosure. In effect, the change would require individuals to give or withhold consent before their personal health information is used or disclosed before each routine purposes, instead of a one-time consent as in effect now.
 You are entitled to restrict access to your paper if you want to.  But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.

 BrendanMulliganSecondPaper 4 - 26 Jan 2010 - Main.BrendanMulligan
 Line: 1 to 1
  
   META TOPICPARENT    name="SecondPaper" 
 Changed: 
<
< WORK IN PROGRESS
>
> Ready for review.
  
 Deleted: 
<
< It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles.  The headings below are there to remind you how section and subsection titles are formatted.
  
 Changed: 
<
<  Establishing a Safe, Private Online Medical Database 
>
>  Establishing a Private, Workable Online Medical Database 
-- By BrendanMulligan? 
  
 Changed: 
<
< -- By BrendanMulligan - 09 Jan 2010
>
> In its 1999 report, “To Err is Human: Building a Safer Health System”, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost production, disability, and additional health care costs. According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care. Fewer than 2% of the nation's 5,000 non-VA hospitals have what could be considered a full-fledged system.
  
 Changed: 
<
< In its 1999 report, To Err is Human: Building a Safer Health System, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost household production, disability, and additional health care costs. [http://en.wikipedia.org/wiki/To_Err_is_Human] According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care. Medical errors only compose part of the picture. Hundreds of thousands die every year for improper medications, adverse drug reactions, infections that occur in hospitals. [http://demo.clear-health.com/dohcs2009/pt3.mp3]
>
>  Proprietary Contribution to a Broken System 
Vendors’ commercial systems are proprietary and designed to not talk to other vendors' systems. Further, the Healthcare Information and Management Systems Society (HIMSS), which is a powerful healthcare organization focused on fostering the optimal use of information technology (IT) and management systems for the betterment of healthcare, is ostensibly independent, but acts as a lobby for proprietary owners. HIMSS hosts the largest and most well-publicized health IT conferences in the country. They charge large sums of money to buy space at conferences and limit the electronic health record vendor association to companies which “design, develop and market their own proprietary Electronic Health Record software application.”
  
 Changed: 
<
< People die because the lack of infrastructure. But even though banking and retailers have successfully implemented electronic records, fewer than 2% of the nation's 5,000 non-VA hospitals have what could be considered a comparable full-fledged system. [http://online.wsj.com/article/SB124104350516570503.html] We need a health care IT system founded on two characteristics: (1) universal adoption of a routine means of digitization clinical information and (2) a system robust enough to protect the sanctity of medical information.
>
> People are dying because we lack proper IT infrastructure and the government should take steps to catalyze this process by (1) incentivizing the use of VistA?  public domain software to improve functionality and streamline formatting and (2) safeguarding privacy.
   
 Changed: 
<
<  Universality 
We should—and I believe will—move to an open source base for our health IT system. Proprietary factors have long inhibited the development of a universal system (killing many people). Vendors’ commercial systems do not easily talk to other vendors' systems. Further, the stakeholders that matter, do not want to use open source software. The Healthcare Information and Management Systems Society (HIMSS) is a powerful healthcare organization exclusively focused on fostering the optimal use of information technology (IT) and management systems for the betterment of healthcare. HIMSS hosts the largest and most well-publicized health IT conferences in the country. HIMSS, though ostensibly independent, is completely dependent upon money from proprietary donors. http://vendor.himss.org/
>
>  Lip Service to Open Source Acceptance 
The open source movement has gained some traction in relation to the government’s policy on health IT. First, the stimulus calls for a study on the availability of open source health IT systems to be completed by Oct. 1, 2010. This includes comparing the total cost of ownership of open source to existing proprietary commercial products, ideally providing open source systems with the opportunity to demonstrate much superior value to price ratios. 
  
 Changed: 
<
<  Congressional Response 
It has earmarked nearly $20 billion in stimulus funds as an incentive for hospitals to use electronic records by 2011. 
The most common response to this problem has been funding a nationwide health information network in which a variety of health care providers could update and access a singular database. For example, Section 937(f) of the Senate’s health care reform bill states: ‘‘[The government] shall provide for the coordination of relevant Federal health programs to build data capacity for comparative clinical effectiveness research, including the development and use of clinical registries . . . to develop and maintain a comprehensive, interoperable data network to collect, link, and analyze data on outcomes and effectiveness from multiple sources, including electronic health records.” (1683-1684 of the bill [http://www.forhealthfreedom.org/BackgroundResearchData/SenateHealthReform/SenateHealthReformBill_11-19-09.pdf.])
>
> Second, the stimulus empowered the support the development and routine updating of qualified EHR technology. The government earmarked $20B to incentivize the switch to functional online databases. The provisions however, dictate that hospitals must only perform “one test of certified EHR technology's capacity to electronically exchange key clinical information.” See Table 2. The government set a much lower bar for interoperability and sharing information, despite the much higher bar for the way docs and hospitals use electronic systems internally. 
  
 Changed: 
<
<  Potential Problems 
A nationwide health information network comes with a host of issues. Much of the debate surrounding health care information centers on safeguarding data from being lost, stolen or mishandled. [http://www.huffingtonpost.com/2009/11/13/health-industry-winning-r_n_357476.html] See also, Robert A. Gerberry, Legal Ramifications of the Formation of Digital Hospitals, 14 Health Law 27, June, 2002. “Faced with stories of confidential medical records being accidentally posted on a web site, and being emailed to all members of a computer network, patients continue to fear the misuse of confidential medical information. Online providers need to protect against the electronic misappropriation of health information by complying with confidentiality laws that seek to protect patient information.” 
These concerns are legitimate. In a recent survey of IT professionals, seventy percent said senior management does not view privacy and data security as a priority. [http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/Electronic%20Health%20Information%20at%20Risk%20FINAL%201.pdf] Eighty percent of respondent organizations had experienced at least one incident of lost or stolen electronic health information in the past year. [http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/Electronic%20Health%20Information%20at%20Risk%20FINAL%201.pdf] Over the last few years, the personal health information of hundreds of thousands of people has been compromised because of security lapses at hospitals, insurance companies and government agencies. [http://www.nytimes.com/2009/01/18/us/politics/18health.html] 
However, security need not even be breached to release private health information. The dissemination of this information is governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) medical privacy rule. HIPAA permits patients’ personal health information to be shared among more than 600,000 organizations without patients’ consent. 45 C.F.R. § 164.506 states that with limited exceptions “a covered entity may use or disclose protected health information for treatment, payment, or health care operations as set forth in paragraph (c) of this section.” Health care operations are defined extremely broadly, leaving almost no discernible restrictions. It includes activities such as business planning, management and administration, the sale or transfer of a covered entity, fundraising, and data analysis for plan holders or other sponsors. [link]. 
>
> However, the government already developed the best comprehensive health IT system, VistA? , and did nothing to promote its use. The VistA?  system, its interface, and all updates (500–600 patches per year) are provided as public domain software and used by many private hospitals. VistA?  successfully integrates the databases throughout the Veteran's Health Administration, which runs the largest medical system in the US. In focusing on internal benchmarks, the government inexplicably misses its chance to create an operational system. The stimulus dollars should instead incent hospitals to integrate onto VistA? —which has been established for as little as “1/10th the price” of proprietary software.  
  
 Changed: 
<
< “However, because regional health information organizations could increase circumstances under which patient data may be inappropriately accessed, some parties have argued that regional health information organizations should adopt additional procedures to help ensure that data are used only for the intended purposes.” 
>
>  Lost, Stolen, and Mislaid Private Health Information 

Secondly, a health database must address concerns over medical privacy. Much of the debate surrounding health care information centers on safeguarding data from being “lost, stolen or mishandled.” See also, Robert A. Gerberry, Legal Ramifications of the Formation of Digital Hospitals, 14 Health Law 27, June, 2002. “Faced with stories of confidential medical records being accidentally posted on a web site, and being emailed to all members of a computer network, patients continue to fear the misuse of confidential medical information. Online providers need to protect against the electronic misappropriation of health information by complying with confidentiality laws that seek to protect patient information.” 
These concerns are legitimate. In a recent survey of IT professionals, “seventy percent said senior management does not view privacy and data security as a priority. Eighty percent of respondent organizations had experienced at least one incident of lost or stolen electronic health information in the past year.” Over the last few years, the personal health information of “hundreds of thousands of people” has been compromised because of security lapses at hospitals, insurance companies and government agencies. 

The government responded to these concerns with changes to Health Insurance Portability and Accountability Act of 1996 (HIPAA). Any time private health information is “accessed, acquired, or disclosed” by or to an unauthorized person,” the Department of Health and Human must be notified. If the breach affects more than 500 residents of the same state, major media outlets must be notified. This will be enforced by penalties of $50,000 for actions of willful neglect, undefined, but presumably the failure to adopt safeguards required by law. 

 Problems of HIPAA-Acceptable Private Health Information Sharing 

The above change may increase hospital vigilance in protecting medical privacy (e.g., http://www.arkhospitals.org/calendar/calendarpdf/july%2030-09hitech%20changes.pdf), but it fails to stop the easiest breach of private health information. HIPAA permits patients’ personal health information to be shared among more than 600,000 organizations without patients’ consent. 45 C.F.R. § 164.506 states that with limited exceptions “a covered entity may use or disclose protected health information for treatment, payment, or health care operations as set forth in paragraph (c) of this section.” Health care operations are defined extremely broadly, leaving almost no discernible restrictions. It includes activities such as business planning, management and administration, the sale or transfer of a covered entity, fundraising, and data analysis for plan holders or other sponsors. 

This rule is indefensible even with paper files, but increased access to personal health data on an integrated system makes it particularly dangerous. Therefore, any change to HIPAA should alter this provision. Congress could start by revisiting the House’s 2004 STOHP Act, which makes consent the core of disclosure. In effect, the change would require individuals to give or withhold consent before their personal health information is used or disclosed before each routine purposes, instead of a one-time consent as in effect now.
  
You are entitled to restrict access to your paper if you want to.  But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
    META TOPICPARENT    name="SecondPaper"
-   META TOPICPARENT
+ name="SecondPaper"
-<
<
+WORK IN PROGRESS
->
>
+Ready for review.
-<
<
+It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles.  The headings below are there to remind you how section and subsection titles are formatted.
-<
<
+ Establishing a Safe, Private Online Medical Database
->
>
+ Establishing a Private, Workable Online Medical Database 
-- By BrendanMulligan?
-<
<
+-- By BrendanMulligan - 09 Jan 2010
->
>
+In its 1999 report, “To Err is Human: Building a Safer Health System”, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost production, disability, and additional health care costs. According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care. Fewer than 2% of the nation's 5,000 non-VA hospitals have what could be considered a full-fledged system.
-<
<
+In its 1999 report, To Err is Human: Building a Safer Health System, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost household production, disability, and additional health care costs. [http://en.wikipedia.org/wiki/To_Err_is_Human] According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care. Medical errors only compose part of the picture. Hundreds of thousands die every year for improper medications, adverse drug reactions, infections that occur in hospitals. [http://demo.clear-health.com/dohcs2009/pt3.mp3]
->
>
+ Proprietary Contribution to a Broken System 
Vendors’ commercial systems are proprietary and designed to not talk to other vendors' systems. Further, the Healthcare Information and Management Systems Society (HIMSS), which is a powerful healthcare organization focused on fostering the optimal use of information technology (IT) and management systems for the betterment of healthcare, is ostensibly independent, but acts as a lobby for proprietary owners. HIMSS hosts the largest and most well-publicized health IT conferences in the country. They charge large sums of money to buy space at conferences and limit the electronic health record vendor association to companies which “design, develop and market their own proprietary Electronic Health Record software application.”
-<
<
+People die because the lack of infrastructure. But even though banking and retailers have successfully implemented electronic records, fewer than 2% of the nation's 5,000 non-VA hospitals have what could be considered a comparable full-fledged system. [http://online.wsj.com/article/SB124104350516570503.html] We need a health care IT system founded on two characteristics: (1) universal adoption of a routine means of digitization clinical information and (2) a system robust enough to protect the sanctity of medical information.
->
>
+People are dying because we lack proper IT infrastructure and the government should take steps to catalyze this process by (1) incentivizing the use of VistA?  public domain software to improve functionality and streamline formatting and (2) safeguarding privacy.
-<
<
+ Universality 
We should—and I believe will—move to an open source base for our health IT system. Proprietary factors have long inhibited the development of a universal system (killing many people). Vendors’ commercial systems do not easily talk to other vendors' systems. Further, the stakeholders that matter, do not want to use open source software. The Healthcare Information and Management Systems Society (HIMSS) is a powerful healthcare organization exclusively focused on fostering the optimal use of information technology (IT) and management systems for the betterment of healthcare. HIMSS hosts the largest and most well-publicized health IT conferences in the country. HIMSS, though ostensibly independent, is completely dependent upon money from proprietary donors. http://vendor.himss.org/
->
>
+ Lip Service to Open Source Acceptance 
The open source movement has gained some traction in relation to the government’s policy on health IT. First, the stimulus calls for a study on the availability of open source health IT systems to be completed by Oct. 1, 2010. This includes comparing the total cost of ownership of open source to existing proprietary commercial products, ideally providing open source systems with the opportunity to demonstrate much superior value to price ratios.
-<
<
+ Congressional Response 
It has earmarked nearly $20 billion in stimulus funds as an incentive for hospitals to use electronic records by 2011. 
The most common response to this problem has been funding a nationwide health information network in which a variety of health care providers could update and access a singular database. For example, Section 937(f) of the Senate’s health care reform bill states: ‘‘[The government] shall provide for the coordination of relevant Federal health programs to build data capacity for comparative clinical effectiveness research, including the development and use of clinical registries . . . to develop and maintain a comprehensive, interoperable data network to collect, link, and analyze data on outcomes and effectiveness from multiple sources, including electronic health records.” (1683-1684 of the bill [http://www.forhealthfreedom.org/BackgroundResearchData/SenateHealthReform/SenateHealthReformBill_11-19-09.pdf.])
->
>
+Second, the stimulus empowered the support the development and routine updating of qualified EHR technology. The government earmarked $20B to incentivize the switch to functional online databases. The provisions however, dictate that hospitals must only perform “one test of certified EHR technology's capacity to electronically exchange key clinical information.” See Table 2. The government set a much lower bar for interoperability and sharing information, despite the much higher bar for the way docs and hospitals use electronic systems internally.
-<
<
+ Potential Problems 
A nationwide health information network comes with a host of issues. Much of the debate surrounding health care information centers on safeguarding data from being lost, stolen or mishandled. [http://www.huffingtonpost.com/2009/11/13/health-industry-winning-r_n_357476.html] See also, Robert A. Gerberry, Legal Ramifications of the Formation of Digital Hospitals, 14 Health Law 27, June, 2002. “Faced with stories of confidential medical records being accidentally posted on a web site, and being emailed to all members of a computer network, patients continue to fear the misuse of confidential medical information. Online providers need to protect against the electronic misappropriation of health information by complying with confidentiality laws that seek to protect patient information.” 
These concerns are legitimate. In a recent survey of IT professionals, seventy percent said senior management does not view privacy and data security as a priority. [http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/Electronic%20Health%20Information%20at%20Risk%20FINAL%201.pdf] Eighty percent of respondent organizations had experienced at least one incident of lost or stolen electronic health information in the past year. [http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/Electronic%20Health%20Information%20at%20Risk%20FINAL%201.pdf] Over the last few years, the personal health information of hundreds of thousands of people has been compromised because of security lapses at hospitals, insurance companies and government agencies. [http://www.nytimes.com/2009/01/18/us/politics/18health.html] 
However, security need not even be breached to release private health information. The dissemination of this information is governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) medical privacy rule. HIPAA permits patients’ personal health information to be shared among more than 600,000 organizations without patients’ consent. 45 C.F.R. § 164.506 states that with limited exceptions “a covered entity may use or disclose protected health information for treatment, payment, or health care operations as set forth in paragraph (c) of this section.” Health care operations are defined extremely broadly, leaving almost no discernible restrictions. It includes activities such as business planning, management and administration, the sale or transfer of a covered entity, fundraising, and data analysis for plan holders or other sponsors. [link].
->
>
+However, the government already developed the best comprehensive health IT system, VistA? , and did nothing to promote its use. The VistA?  system, its interface, and all updates (500–600 patches per year) are provided as public domain software and used by many private hospitals. VistA?  successfully integrates the databases throughout the Veteran's Health Administration, which runs the largest medical system in the US. In focusing on internal benchmarks, the government inexplicably misses its chance to create an operational system. The stimulus dollars should instead incent hospitals to integrate onto VistA? —which has been established for as little as “1/10th the price” of proprietary software.
-<
<
+“However, because regional health information organizations could increase circumstances under which patient data may be inappropriately accessed, some parties have argued that regional health information organizations should adopt additional procedures to help ensure that data are used only for the intended purposes.”
->
>
+ Lost, Stolen, and Mislaid Private Health Information 

Secondly, a health database must address concerns over medical privacy. Much of the debate surrounding health care information centers on safeguarding data from being “lost, stolen or mishandled.” See also, Robert A. Gerberry, Legal Ramifications of the Formation of Digital Hospitals, 14 Health Law 27, June, 2002. “Faced with stories of confidential medical records being accidentally posted on a web site, and being emailed to all members of a computer network, patients continue to fear the misuse of confidential medical information. Online providers need to protect against the electronic misappropriation of health information by complying with confidentiality laws that seek to protect patient information.” 
These concerns are legitimate. In a recent survey of IT professionals, “seventy percent said senior management does not view privacy and data security as a priority. Eighty percent of respondent organizations had experienced at least one incident of lost or stolen electronic health information in the past year.” Over the last few years, the personal health information of “hundreds of thousands of people” has been compromised because of security lapses at hospitals, insurance companies and government agencies. 

The government responded to these concerns with changes to Health Insurance Portability and Accountability Act of 1996 (HIPAA). Any time private health information is “accessed, acquired, or disclosed” by or to an unauthorized person,” the Department of Health and Human must be notified. If the breach affects more than 500 residents of the same state, major media outlets must be notified. This will be enforced by penalties of $50,000 for actions of willful neglect, undefined, but presumably the failure to adopt safeguards required by law. 

 Problems of HIPAA-Acceptable Private Health Information Sharing 

The above change may increase hospital vigilance in protecting medical privacy (e.g., http://www.arkhospitals.org/calendar/calendarpdf/july%2030-09hitech%20changes.pdf), but it fails to stop the easiest breach of private health information. HIPAA permits patients’ personal health information to be shared among more than 600,000 organizations without patients’ consent. 45 C.F.R. § 164.506 states that with limited exceptions “a covered entity may use or disclose protected health information for treatment, payment, or health care operations as set forth in paragraph (c) of this section.” Health care operations are defined extremely broadly, leaving almost no discernible restrictions. It includes activities such as business planning, management and administration, the sale or transfer of a covered entity, fundraising, and data analysis for plan holders or other sponsors. 

This rule is indefensible even with paper files, but increased access to personal health data on an integrated system makes it particularly dangerous. Therefore, any change to HIPAA should alter this provision. Congress could start by revisiting the House’s 2004 STOHP Act, which makes consent the core of disclosure. In effect, the change would require individuals to give or withhold consent before their personal health information is used or disclosed before each routine purposes, instead of a one-time consent as in effect now.
 You are entitled to restrict access to your paper if you want to.  But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.

 BrendanMulliganSecondPaper 3 - 25 Jan 2010 - Main.BrendanMulligan
 Line: 1 to 1
  
   META TOPICPARENT    name="SecondPaper" 

WORK IN PROGRESS


It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles.  The headings below are there to remind you how section and subsection titles are formatted.
 Changed: 
<
<  Paper Title 
>
>  Establishing a Safe, Private Online Medical Database 
  -- By BrendanMulligan - 09 Jan 2010
 Added: 
>
> In its 1999 report, To Err is Human: Building a Safer Health System, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost household production, disability, and additional health care costs. [http://en.wikipedia.org/wiki/To_Err_is_Human] According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care. Medical errors only compose part of the picture. Hundreds of thousands die every year for improper medications, adverse drug reactions, infections that occur in hospitals. [http://demo.clear-health.com/dohcs2009/pt3.mp3]
  
 Changed: 
<
<  Introduction 
In its 1999 report, To Err is Human: Building a Safer Health System, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost household production, disability, and additional health care costs.  [http://en.wikipedia.org/wiki/To_Err_is_Human] According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care. 
>
> People die because the lack of infrastructure. But even though banking and retailers have successfully implemented electronic records, fewer than 2% of the nation's 5,000 non-VA hospitals have what could be considered a comparable full-fledged system. [http://online.wsj.com/article/SB124104350516570503.html] We need a health care IT system founded on two characteristics: (1) universal adoption of a routine means of digitization clinical information and (2) a system robust enough to protect the sanctity of medical information.
  
 Changed: 
<
<  Establishing a Nationwide Health Information Database 
>
>  Universality 
We should—and I believe will—move to an open source base for our health IT system. Proprietary factors have long inhibited the development of a universal system (killing many people). Vendors’ commercial systems do not easily talk to other vendors' systems. Further, the stakeholders that matter, do not want to use open source software. The Healthcare Information and Management Systems Society (HIMSS) is a powerful healthcare organization exclusively focused on fostering the optimal use of information technology (IT) and management systems for the betterment of healthcare. HIMSS hosts the largest and most well-publicized health IT conferences in the country. HIMSS, though ostensibly independent, is completely dependent upon money from proprietary donors. http://vendor.himss.org/

 Congressional Response 
It has earmarked nearly $20 billion in stimulus funds as an incentive for hospitals to use electronic records by 2011. 
  The most common response to this problem has been funding a nationwide health information network in which a variety of health care providers could update and access a singular database. For example, Section 937(f) of the Senate’s health care reform bill states: ‘‘[The government] shall provide for the coordination of relevant Federal health programs to build data capacity for comparative clinical effectiveness research, including the development and use of clinical registries . . .  to develop and maintain a comprehensive, interoperable data network to collect, link, and analyze data on outcomes and effectiveness from multiple sources, including electronic health records.” (1683-1684 of the bill [http://www.forhealthfreedom.org/BackgroundResearchData/SenateHealthReform/SenateHealthReformBill_11-19-09.pdf.])

 Potential Problems
    META TOPICPARENT    name="SecondPaper" 

WORK IN PROGRESS


It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles.  The headings below are there to remind you how section and subsection titles are formatted.
-   META TOPICPARENT
+ name="SecondPaper"
-<
<
+ Paper Title
->
>
+ Establishing a Safe, Private Online Medical Database
 -- By BrendanMulligan - 09 Jan 2010
->
>
+In its 1999 report, To Err is Human: Building a Safer Health System, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost household production, disability, and additional health care costs. [http://en.wikipedia.org/wiki/To_Err_is_Human] According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care. Medical errors only compose part of the picture. Hundreds of thousands die every year for improper medications, adverse drug reactions, infections that occur in hospitals. [http://demo.clear-health.com/dohcs2009/pt3.mp3]
-<
<
+ Introduction 
In its 1999 report, To Err is Human: Building a Safer Health System, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost household production, disability, and additional health care costs.  [http://en.wikipedia.org/wiki/To_Err_is_Human] According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care.
->
>
+People die because the lack of infrastructure. But even though banking and retailers have successfully implemented electronic records, fewer than 2% of the nation's 5,000 non-VA hospitals have what could be considered a comparable full-fledged system. [http://online.wsj.com/article/SB124104350516570503.html] We need a health care IT system founded on two characteristics: (1) universal adoption of a routine means of digitization clinical information and (2) a system robust enough to protect the sanctity of medical information.
-<
<
+ Establishing a Nationwide Health Information Database
->
>
+ Universality 
We should—and I believe will—move to an open source base for our health IT system. Proprietary factors have long inhibited the development of a universal system (killing many people). Vendors’ commercial systems do not easily talk to other vendors' systems. Further, the stakeholders that matter, do not want to use open source software. The Healthcare Information and Management Systems Society (HIMSS) is a powerful healthcare organization exclusively focused on fostering the optimal use of information technology (IT) and management systems for the betterment of healthcare. HIMSS hosts the largest and most well-publicized health IT conferences in the country. HIMSS, though ostensibly independent, is completely dependent upon money from proprietary donors. http://vendor.himss.org/

 Congressional Response 
It has earmarked nearly $20 billion in stimulus funds as an incentive for hospitals to use electronic records by 2011.
 The most common response to this problem has been funding a nationwide health information network in which a variety of health care providers could update and access a singular database. For example, Section 937(f) of the Senate’s health care reform bill states: ‘‘[The government] shall provide for the coordination of relevant Federal health programs to build data capacity for comparative clinical effectiveness research, including the development and use of clinical registries . . .  to develop and maintain a comprehensive, interoperable data network to collect, link, and analyze data on outcomes and effectiveness from multiple sources, including electronic health records.” (1683-1684 of the bill [http://www.forhealthfreedom.org/BackgroundResearchData/SenateHealthReform/SenateHealthReformBill_11-19-09.pdf.])

 Potential Problems

 BrendanMulliganSecondPaper 2 - 20 Jan 2010 - Main.BrendanMulligan
 Line: 1 to 1
  
   META TOPICPARENT    name="SecondPaper" 
 Added: 
>
> WORK IN PROGRESS
  
It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles.  The headings below are there to remind you how section and subsection titles are formatted.
Line: 9 to 10
  -- By BrendanMulligan - 09 Jan 2010
 Changed: 
<
<  Section I 
>
>  Introduction 
In its 1999 report, To Err is Human: Building a Safer Health System, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost household production, disability, and additional health care costs.  [http://en.wikipedia.org/wiki/To_Err_is_Human] According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care. 
  
 Changed: 
<
<  Subsection A 
>
>  Establishing a Nationwide Health Information Database 
The most common response to this problem has been funding a nationwide health information network in which a variety of health care providers could update and access a singular database. For example, Section 937(f) of the Senate’s health care reform bill states: ‘‘[The government] shall provide for the coordination of relevant Federal health programs to build data capacity for comparative clinical effectiveness research, including the development and use of clinical registries . . .  to develop and maintain a comprehensive, interoperable data network to collect, link, and analyze data on outcomes and effectiveness from multiple sources, including electronic health records.” (1683-1684 of the bill [http://www.forhealthfreedom.org/BackgroundResearchData/SenateHealthReform/SenateHealthReformBill_11-19-09.pdf.])
  
 Added: 
>
>  Potential Problems 
A nationwide health information network comes with a host of issues. Much of the debate surrounding health care information centers on safeguarding data from being lost, stolen or mishandled. [http://www.huffingtonpost.com/2009/11/13/health-industry-winning-r_n_357476.html] See also, Robert A. Gerberry, Legal Ramifications of the Formation of Digital Hospitals, 14 Health Law 27, June, 2002. “Faced with stories of confidential medical records being accidentally posted on a web site, and being emailed to all members of a computer network, patients continue to fear the misuse of confidential medical information. Online providers need to protect against the electronic misappropriation of health information by complying with confidentiality laws that seek to protect patient information.” 
  
 Changed: 
<
<  Subsub 1 
>
> These concerns are legitimate. In a recent survey of IT professionals, seventy percent said senior management does not view privacy and data security as a priority. [http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/Electronic%20Health%20Information%20at%20Risk%20FINAL%201.pdf] Eighty percent of respondent organizations had experienced at least one incident of lost or stolen electronic health information in the past year. [http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/Electronic%20Health%20Information%20at%20Risk%20FINAL%201.pdf] Over the last few years, the personal health information of hundreds of thousands of people has been compromised because of security lapses at hospitals, insurance companies and government agencies. [http://www.nytimes.com/2009/01/18/us/politics/18health.html]
  
 Changed: 
<
<  Subsection B 
>
> However, security need not even be breached to release private health information. The dissemination of this information is governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) medical privacy rule. HIPAA permits patients’ personal health information to be shared among more than 600,000 organizations without patients’ consent. 45 C.F.R. § 164.506 states that with limited exceptions “a covered entity may use or disclose protected health information for treatment, payment, or health care operations as set forth in paragraph (c) of this section.” Health care operations are defined extremely broadly, leaving almost no discernible restrictions. It includes activities such as business planning, management and administration, the sale or transfer of a covered entity, fundraising, and data analysis for plan holders or other sponsors. [link].
  
 Changed: 
<
<  Subsub 1 


 Subsub 2 



 Section II 

 Subsection A 

 Subsection B 
>
> “However, because regional health information organizations could increase circumstances under which patient data may be inappropriately accessed, some parties have argued that regional health information organizations should adopt additional procedures to help ensure that data are used only for the intended purposes.”
    META TOPICPARENT    name="SecondPaper"
-   META TOPICPARENT
+ name="SecondPaper"
->
>
+WORK IN PROGRESS
 It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles.  The headings below are there to remind you how section and subsection titles are formatted.
 -- By BrendanMulligan - 09 Jan 2010
-<
<
+ Section I
->
>
+ Introduction 
In its 1999 report, To Err is Human: Building a Safer Health System, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost household production, disability, and additional health care costs.  [http://en.wikipedia.org/wiki/To_Err_is_Human] According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care.
-<
<
+ Subsection A
->
>
+ Establishing a Nationwide Health Information Database 
The most common response to this problem has been funding a nationwide health information network in which a variety of health care providers could update and access a singular database. For example, Section 937(f) of the Senate’s health care reform bill states: ‘‘[The government] shall provide for the coordination of relevant Federal health programs to build data capacity for comparative clinical effectiveness research, including the development and use of clinical registries . . .  to develop and maintain a comprehensive, interoperable data network to collect, link, and analyze data on outcomes and effectiveness from multiple sources, including electronic health records.” (1683-1684 of the bill [http://www.forhealthfreedom.org/BackgroundResearchData/SenateHealthReform/SenateHealthReformBill_11-19-09.pdf.])
->
>
+ Potential Problems 
A nationwide health information network comes with a host of issues. Much of the debate surrounding health care information centers on safeguarding data from being lost, stolen or mishandled. [http://www.huffingtonpost.com/2009/11/13/health-industry-winning-r_n_357476.html] See also, Robert A. Gerberry, Legal Ramifications of the Formation of Digital Hospitals, 14 Health Law 27, June, 2002. “Faced with stories of confidential medical records being accidentally posted on a web site, and being emailed to all members of a computer network, patients continue to fear the misuse of confidential medical information. Online providers need to protect against the electronic misappropriation of health information by complying with confidentiality laws that seek to protect patient information.”
-<
<
+ Subsub 1
->
>
+These concerns are legitimate. In a recent survey of IT professionals, seventy percent said senior management does not view privacy and data security as a priority. [http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/Electronic%20Health%20Information%20at%20Risk%20FINAL%201.pdf] Eighty percent of respondent organizations had experienced at least one incident of lost or stolen electronic health information in the past year. [http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/Electronic%20Health%20Information%20at%20Risk%20FINAL%201.pdf] Over the last few years, the personal health information of hundreds of thousands of people has been compromised because of security lapses at hospitals, insurance companies and government agencies. [http://www.nytimes.com/2009/01/18/us/politics/18health.html]
-<
<
+ Subsection B
->
>
+However, security need not even be breached to release private health information. The dissemination of this information is governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) medical privacy rule. HIPAA permits patients’ personal health information to be shared among more than 600,000 organizations without patients’ consent. 45 C.F.R. § 164.506 states that with limited exceptions “a covered entity may use or disclose protected health information for treatment, payment, or health care operations as set forth in paragraph (c) of this section.” Health care operations are defined extremely broadly, leaving almost no discernible restrictions. It includes activities such as business planning, management and administration, the sale or transfer of a covered entity, fundraising, and data analysis for plan holders or other sponsors. [link].
-<
<
+ Subsub 1 


 Subsub 2 



 Section II 

 Subsection A 

 Subsection B
->
>
+“However, because regional health information organizations could increase circumstances under which patient data may be inappropriately accessed, some parties have argued that regional health information organizations should adopt additional procedures to help ensure that data are used only for the intended purposes.”

BrendanMulliganSecondPaper 1 - 09 Jan 2010 - Main.BrendanMulligan

Line: 1 to 1

Added:

>
>

META TOPICPARENT	name="SecondPaper"

Paper Title
- Section I
  - Subsection A
    - Subsub 1
  - Subsection B
    - Subsub 1
    - Subsub 2
- Section II
  - Subsection A
  - Subsection B

It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.

Paper Title

-- By BrendanMulligan - 09 Jan 2010

Section I

Subsection A

Subsub 1

Subsection B

Subsub 1

Subsub 2

Section II

Subsection A

Subsection B

# * Set ALLOWTOPICVIEW = TWikiAdminGroup, BrendanMulligan

Revision 8	r8 - 07 Sep 2011 - 00:43:58 - IanSullivan
Revision 7	r7 - 09 May 2010 - 23:23:56 - EbenMoglen
Revision 6	r6 - 25 Mar 2010 - 06:01:46 - BrendanMulligan
Revision 5	r5 - 25 Mar 2010 - 01:48:40 - BrendanMulligan
Revision 4	r4 - 26 Jan 2010 - 05:55:45 - BrendanMulligan
Revision 3	r3 - 25 Jan 2010 - 00:38:13 - BrendanMulligan
Revision 2	r2 - 20 Jan 2010 - 04:50:36 - BrendanMulligan
Revision 1	r1 - 09 Jan 2010 - 18:49:45 - BrendanMulligan

This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.

Syndicate this site RSS ATOM