Martin Memorial too mum: Hospital staff violated privacy of shark victim, an article from the Palm Beach Post. The article highlights the impact ubiquitous mobile devices with cameras are having on our society and the potential liability risks associated with the use/misuse of these devices by health care employees.
The article indicates that various hospital employees took photos of a shark bite victim when he arrived in the emergency room. The article discusses the action taken by the hospital in response to the incident. Another article indicates that the photos were emailed to others.
This type of situation is a nightmare for hospital administration, the privacy officer and legal counsel. The effort and investigation that likely went into figuring out who took photos, where those photos went and the procedure for recapturing/removing the photos from the various sources was time consuming and expensive (both in $$ and reputation) for the hospital.
As such, this incident provides a good example for training and reeducating health care employees on patient privacy issues. Health care employees and professionals must always remember to start from a framework of protecting the health and privacy of their patients. As the use of mobile devices with cameras and social media tools becomes more ingrained in our every day lives -- the ability for private information to be captured, transferred and spread in a viral fashion has become much easier. Caution must be used and this case highlights the importance of retraining staff and highlighting the importance of protecting your patient's privacy.
Showing posts with label hospital. Show all posts
Showing posts with label hospital. Show all posts
Friday, March 05, 2010
Thursday, January 07, 2010
2010 AHLA Hospitals and Health Systems Law Institute: Hot 2010 Health Law Legal Topics
Although it is cold today in West Virginia - I'm hoping it will be hot in Florida in February.I thought I would take a moment on this cold wintry day to write about the hot health topics that will be discussed at the American Health Lawyers Association (AHLA) Hospitals and Health Systems Law Institute scheduled for February 25-26, 2010 at the Doral Golf Resort & Spa in Miami, Florida (Conference Brochure PDF).
I will be speaking at the Hospitals Law Institute along with my colleague, Jody Joiner, Assistant Operations Counsel at Sisters of Charity of Leavenworth Health System. Our topic scheduled for Friday, February 26 is Hospital’s Friend or Foe: The Age of Social Media and Health 2.0 where we plan to cover:
- The social media technology tools used by health care providers and hospitals
- Pros/cons and legal implications of social media and health 2.0 services such as blogs, wikis, social networking, podcasting, video sharing, etc.
- Best practices and development of policies and procedures which address staff and employees using social media
The AHLA Hospital and Health System Law Institute overlaps with the AHLA Physicians and Physician Organizations Law Insitute which will be held on February 24-25.The Physician Law Insitute will include "hot" physician topics on on call payments, Accountability Care Organizations, HITECH, disruptive physician behavior intervention, Stark issues for physicians, hospital/physician mergers, FMV for physician compensation and much more.
You can register for one or both. As an AHLA Member I regularly attend the Physician/Hospital Law Institutes every year or so because of quality and breadth of health law related materials for those who work in the health care industry. More information, along with how to register, can be found at the AHLA website:
Hospitals and Health Systems Law Institute
Physicians and Physician Organizations Law Insitute
Wednesday, December 23, 2009
Tweet By Hospital Employee: What information is considered PHI?
Interesting Tweet HIPAA Breach story coming out of Mississippi involving Governor Haley Barbour. The incident involved a response to Governor Barbour's tweet by a University Medical Center employee.
Ves Dimov, M.D. at Clinical Cases and Images Blog posts about the story - Single tweet by hospital employee to Mississippi Governor allegedly violates HIPAA, forces her to resign.
The incident will provide a good case study for health privacy lawyers who regularly consider the question of what information is and is not protected health information (PHI) under 45 CFR 160.103. PHI is defined under HIPAA as:
Ves Dimov, M.D. at Clinical Cases and Images Blog posts about the story - Single tweet by hospital employee to Mississippi Governor allegedly violates HIPAA, forces her to resign.
The incident will provide a good case study for health privacy lawyers who regularly consider the question of what information is and is not protected health information (PHI) under 45 CFR 160.103. PHI is defined under HIPAA as:
The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."
Thanks for the tip @RLBates and @EdBennett.“Individually identifiable health information” is information, including demographic data, that relates to:
- the individual’s past, present or future physical or mental health or condition,
- the provision of health care to the individual, or
- the past, present, or future payment for the provision of health care to the individual,
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).
Monday, March 16, 2009
Hospitals: The State of Social Media Use
Ed Bennett at Found In Cache does a wonderful job of giving us a statistical glimpse of the increasing (skyrocketing) use of social media tools (YouTube, Facebook and Twitter) by hospitals across the country.His post, "Hospital Socia Media Stats," gives some interesting statistics into the adoption and growth of social media. To the right is a chart that he includes in the post. Check out the link for more interesting information.
For those of you who might not already know - a few months ago Ed started a tracking chart showing the adoption of social media by hospitals.
Friday, January 23, 2009
U.S. Hospitals: Using Facebook, YouTube and Twitter
Great post listing the U.S. Hospitals using social networking tools like YouTube, Facebook and Twitter. Check out the complete list of 150 hospitals and a related FAQ about the Hospital Social Networking List at Found In Cache: Notes from a Hospital Web Manager authored by Ed Bennett.
Thanks to @schwen for pointing out the list.
Thanks to @schwen for pointing out the list.
Saturday, February 02, 2008
Hospitals and Anonymous Blogging: An Update of the Paris Regional Medical Center Lawsuit
Just pick up the latest news from Greg Piche of the Holland & Hart Healthcare Law Blog about the pending libel lawsuit against an anonymous blogger filed by Paris Regional Medical Center, a subsidiary of Essent. For some background on the case check out Jeff Drummond's past post Hospital Sues Blogger.
The libel lawsuit filed last year by Paris Regional Medical Center seeks the unmasking of an anonymous blogger and nine other anonymous contributors or commentators on his/her blog.
The hospital sought the identity of the anonymous bloggers from Suddenlink who balked at disclosing the identity of the anonymous blogger until he/she was given notice and an opportunity to object. As a result the anonymous blogger appeared through an attorney and objected which were rejected by the trial court.
However, on appeal to the Court of Appeals for the Sixth Appellate District of Texas at Texarkana, In re: Does 1-10, No. 06-07-00123-CV (Dec 12, 2007) followed the standard set out in Doe. V. Cahill, 884 A 2d 451 (De. 2005), granted the writ of mandamus and ordered the trial court to vacate its order requiring Suddenlink to disclose the name and address of the anonymous blogger. Basically, the court sustained the anonymous bloggers First Amendment rights of free speech until such time as the hopsital can show in a hearing at the trial court level that it has actually been damaged by the content of the blog.
The court analyzed the situation as follows:
The libel lawsuit filed last year by Paris Regional Medical Center seeks the unmasking of an anonymous blogger and nine other anonymous contributors or commentators on his/her blog.
The hospital sought the identity of the anonymous bloggers from Suddenlink who balked at disclosing the identity of the anonymous blogger until he/she was given notice and an opportunity to object. As a result the anonymous blogger appeared through an attorney and objected which were rejected by the trial court.
However, on appeal to the Court of Appeals for the Sixth Appellate District of Texas at Texarkana, In re: Does 1-10, No. 06-07-00123-CV (Dec 12, 2007) followed the standard set out in Doe. V. Cahill, 884 A 2d 451 (De. 2005), granted the writ of mandamus and ordered the trial court to vacate its order requiring Suddenlink to disclose the name and address of the anonymous blogger. Basically, the court sustained the anonymous bloggers First Amendment rights of free speech until such time as the hopsital can show in a hearing at the trial court level that it has actually been damaged by the content of the blog.
The court analyzed the situation as follows:
The cases that have decided this issue range from placing an extremely light burden (indeed, virtually no burden at all) on the plaintiff, to requiring the plaintiff to tender proof of its allegations that would survive a summary judgment, or even more stringent requirements. At least one case has essentially concluded that the mere allegation of libel is sufficient. Alvis Coatings, Inc. v. John Does One Through Ten, No. 3:04CV374-H, 2004 U.S. Dist. LEXIS 30099 (W.D.N.C. Dec. 2, 2004). Other cases have articulated requirements that are so weak as to essentially require no more than allegations made in good faith (or not in bad faith), with some evidence to support the allegations. See Polito, 2004 Pa. Dist. & Cnty. Dec. LEXIS 340.
We cannot agree that either of these formulations is sufficient to survive any form of constitutional balancing. Thus, the question becomes the degree of actual proof that must be provided before the balance tips in favor of piercing the constitutional shield and disclosing the identity of the anonymous blogger.
We find ourselves more in alignment with the formulations set out in Cahill, 884 A.2d at 458-61. See extensive discussion about the application of this standard in Best W. Int'l, 2006 WL 2091695. The court in Cahill described the test as: "[B]efore a defamation plaintiff can obtain the identity of an anonymous defendant through the compulsory discovery process he must support his defamation claim with facts sufficient to defeat a summary judgment motion." Cahill, 884 A.2d at 460. This standard does not require a plaintiff to prove its case as a matter of undisputed fact, but instead to produce evidence sufficient to create issues that would preclude summary judgment.
Wednesday, January 02, 2008
Health IT Predictions for 2008 by Jane Sarasohn-Kahn
Jane Sarasohn-Kahn has a nice round up of health IT predictions for 2008 over at iHealthBeat. Be sure to check out Get Out the Crystal Ball: Predicting What's Next for Health IT - iHealthBeat.
One correction that I just pointed out to Jane is that Nick Jacobs IMHO is the grandfather of hospital CEO bloggers (started in May 2005) and that Paul Levy comes in a close 2nd. Both are great blogs providing wonderful insight into a variety of topics.
One correction that I just pointed out to Jane is that Nick Jacobs IMHO is the grandfather of hospital CEO bloggers (started in May 2005) and that Paul Levy comes in a close 2nd. Both are great blogs providing wonderful insight into a variety of topics.
Wednesday, November 21, 2007
Should Hospitals Blog?
Practical advice from Tony at Hospital Impact on the question of "should hospitals blog?" Good advice for anyone thinking about starting a health related or business blog.
I regularly follow both Nick Jacobs at Nick's Blog and Paul Levy at Running a Hospital cited in Tony's post. Both are examples of extremely successful blogging hospital CEOs who understand the Live Web medium. Take for example the fact that Paul commented on Tony's post four hours after it was published (see the post comments).
I agree with Tony's perspective and warning when he says:
I regularly follow both Nick Jacobs at Nick's Blog and Paul Levy at Running a Hospital cited in Tony's post. Both are examples of extremely successful blogging hospital CEOs who understand the Live Web medium. Take for example the fact that Paul commented on Tony's post four hours after it was published (see the post comments).
I agree with Tony's perspective and warning when he says:
It's a lot of work and there is no hard-core ROI, but for the right type of person, it pays off in other ways. Both of these CEOs can probably point to examples where their blog put out a PR fire before it could start. They've built trust and credibility through the blog. They've humanized the hospital through the blog. So when fires do come (and of course, they will), they're well positioned to engage authentically. We are entering an age where proactive transparency is rewarded and reactive transparency is lame.
One word of warning. Don't blog if your organization:
* Doesn't trust their employees.
* Doesn't want to hear bad news.
* Wants absolute control over their message and reputation (this isn't happening anymore anyways)
* (the kicker) Doesn't have someone who's really wired to do it.
Wednesday, October 10, 2007
George Clooney and HIPAA Minimum Necessary Rule
An attorney I work with sent me a link to the following Fox News article, Doctors, Hospital Workers Suspended for Viewing George Clooney's Medical Records. For more news check out Google News search.
The article indicates that 40 employees at Palisades Medical Center in North Bergen, NJ were suspended for violating the hospital's HIPAA policies and procedures.
Based on the information in the article I suspect that the employees were found to have violated the minimum necessary provisions under the HIPAA Privacy Rule. This section of the rule provides:
The article indicates that 40 employees at Palisades Medical Center in North Bergen, NJ were suspended for violating the hospital's HIPAA policies and procedures.
Based on the information in the article I suspect that the employees were found to have violated the minimum necessary provisions under the HIPAA Privacy Rule. This section of the rule provides:
For uses of protected health information, the covered entity’s policies and procedures must identify the persons or classes of persons within the covered entity who need access to the information to carry out their job duties, the categories or types of protected health information needed, and conditions appropriate to such access.As more news comes out about this I suspect this might serve as a good example of application of the minimum necessary requirements under HIPAA. If the employees further disclosed the information to third parties outside the hospital (including the media) other provisions of HIPAA might also come into play.
Sunday, September 23, 2007
Hospital Mashup: Google and HHS Hospital Data
NetDoc now as a mashup of Google Maps and HHS hospital data. As Shahid Shah says, these types of tools takes mountains of data and makes it more accessible and easier to digest by the average public health consumer. Here is the view/data of hospitals that are 100 miles from Charleston, West Virginia.
Here is the summary of what the tool provides:
Here is the summary of what the tool provides:
When it comes to treating heart attacks, pneumonia, surgery and other emergencies, you want to find the best medical care available.
To help you make these decisions, visit the NetDoc.com Hospital Rankings tool and enter your ZIP code to see how hospitals in your neighborhood rank on benchmarks set out by the U.S. Department of Health and Human Services in four categories: Heart Attack, Heart Failure, Pneumonia and Surgical Care Improvement/Surgical Infection Prevention.
Thanks to Shahid for the tip on this new tool.
Saturday, April 14, 2007
The Candid CIO
Thanks to Will Weider, CIO at Affinity Health System in Wisconsin, who blogs at Candid CIO for linking to my summary of Health Care Blogging and Web 2.0.
For those of you interested in hospital health care IT issues I would suggest reading Will's blog (or better yet pick up Will's RSS feed).
For those of you interested in hospital health care IT issues I would suggest reading Will's blog (or better yet pick up Will's RSS feed).
Tuesday, January 30, 2007
An Example of Transparency In Health Care
Fard Johnmar and I today had a discussion about the post, Running a hospital: Do I get paid too much?, by Paul Levy, CEO at Beth Israel Deaconness Medical Center in Boston. Fard mentioned that this is a great example of transparency in health care (Note: Mr. Levy raises an interesting note in the comments -- I cited to the transparency summary to give readers unfamiliar with the concept some background. Here is another interesting read on transparency that I found when looking for a link to "transparency in health care.)
I've not met Mr. Levy and only know him through his online blogging persona, but I'm impressed with his candid post and willingness to discuss the topic. If I was involved with the hiring of a CEO for one of my hospital clients I'd look for a person with Mr. Levy's communication skills. I'll be interested to check his comments section.
I've not met Mr. Levy and only know him through his online blogging persona, but I'm impressed with his candid post and willingness to discuss the topic. If I was involved with the hiring of a CEO for one of my hospital clients I'd look for a person with Mr. Levy's communication skills. I'll be interested to check his comments section.
Tags:
Subscribe to:
Posts (Atom)