Last month, I had the privilege of being invited to attend and make a presentation at an mHealth and the Law Workshop in Washington, D.C., convened by the American Association for the Advancement of Science, and supported by a grant from the Robert Wood Johnson Foundation. As part my presentation (October 7), I was asked to prepare a brief corresponding paper prognosticating the future of mobile medicine and health care. With permission of the AAAS, I am happy to share that paper with readers of Legal Bytes, and you can read the paper or download a copy for your personal use, right here: mHealth: Looking Forward [PDF].
The August 29, 2011 issue of BNA’s Health IT Law & Industry Report (Vol. 3, No. 36), describes some of the major legal and contractual issues raised when health care industry companies and professionals are considering moving to a cloud computing environment. Joseph I. (“Joe”) Rosenbaum was interviewed by the author, Kendra Casey Plank, for her article, entitled, “Attorney: Cloud Services Offer Affordable Solutions but Raise Privacy, Security Risks.” The article not only quotes Rosenbaum extensively, but also refers to Rimon’s White Paper series “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing,” which began in June 2010 (see "Transcending the Cloud" – Rimon Announces White Paper Series & Legal Initiative on Cloud Computing). The series is updated regularly with individual articles on topics ranging from government contracting and state tax, to the most recent White Paper entitled, “Health Care in the Cloud – Think You Are Doing Fine on Cloud Nine? Hey, You! Think Again. Better Get Off of My Cloud,” which Rosenbaum and Rimon Associate Vicky G. Gormanly wrote and which was posted on the Legal Bytes blog August 5, 2001 (Transcending the Cloud – Health Care on Cloud 9? Are You Doing Fine?). What’s the state of your health care compliance? Are you doing fine?
Read the White Paper and, if you have any questions or need help, contact Joe Rosenbaum or Vicky Gormanly, or the Rimon attorney with whom you regularly work.
If you are a music aficionado, you will remember that years ago, The Temptations sang “I’m Doing Fine on Cloud Nine.”
If you are a health care provider paying attention to the buzz about cloud computing, you may be concerned about migrating your technology, your data and your applications to a cloud environment. Or, let’s say you are just confused about the implications. You are not alone.
That’s precisely why our Cloud Computing initiative exists. To provide you with a guidance system – navigational tools to allow you to see sunshine, even on a cloudy day. So, as part of our ongoing commitment to keeping abreast of legal issues, concerns and considerations in the legal world of cloud computing, here, from Vicky G. Gormanly and Joseph I. Rosenbaum, is the next chapter in Rimon’s on-going series, “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing,” entitled “Health Care in the Cloud – Think You Are Doing Fine on Cloud Nine? Hey, You! Think Again. Better Get Off of My Cloud.” This white paper examines the considerations and concerns that arise for the health care industry and the industry’s associated suppliers, vendors and providers in the wake of complex and evolving regulation and scrutiny – most notably, in the privacy and data protection of medical information – of electronic health records.
As we do each time, we have also updated the entire work, so that in addition to the single ‘Health Care in the Cloud’ white paper, you can access and download a PDF of the entire “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing” compendium, up to date and including all the previous chapters in one document. After reading the article, instead of doing fine, you just may want to take the advice of The Rolling Stones and “Get Off of My Cloud” until you consult your legal advisors.
Of course, feel free to contact Vicky Gormanly or Joe Rosenbaum directly if you have any questions or require legal counsel or assistance related to this white paper. Make sure you subscribe via email or get the Legal Bytes RSS feed so you are always in touch with our latest information. Of course, if you ever have questions, you can always contact any Rimon attorney with whom you regularly work.
Yesterday, the Attorney General of the State of Connecticut filed suit against the Connecticut subsidiary of Health Net, charging it with violations of the privacy and security requirements of HIPAA. The action, filed yesterday in the United States District Court in Connecticut, comes on the heels of a security breach involving medical records and Social Security numbers. The suit also names United Health Group Inc. and Oxford Health Plans LLC, who acquired Health Net of Connecticut but who were not involved in the data breach.
If you forgot, last year the Health Information Technology for Economic and Clinical Health Act (HITECH), for the first time authorized individual state attorneys’ general to enforce the security and data privacy regulations under HIPAA, and this appears to be the first such action.
The lawsuit claims that Health Net in Connecticut failed to provide adequate security for the medical and financial records of hundreds of thousands of enrolled individuals, and failed to notify them promptly in connection with the breach. The breach, which took place last May, involved the disappearance of a computer hard drive. Health Net eventually reported the breach, posting a notice on its website and starting a staggered process of mailing letters to consumers November 30, 2009, almost six months after the security breach. For those of you involved in the collection, handling, maintenance, or use of personal, financial and medical information covered by HIPAA, new federal rules under the HITECH Act require “timely” notification of certain breaches, rules that have a compliance deadline of February 22, 2010.
Health Net attributed the delay in reporting to its inability to determine exactly what was on the computer hard drive that disappeared, thus not being sure if a notice was even required. One can only surmise that the mere fact that Health Net didn’t know what information was contained on a removable computer hard drive made its reasoning less than satisfactory to the Connecticut State Attorney General. Although Health Net appears to have conceded that the data was not encrypted, it did indicate that the data should not be visible without the use of specific software. However, Kroll Inc., a computer forensic firm retained by Health Net to investigate the breach, reported the data could be viewable with commonly available software.
Privacy, security and data protection of non-public, personally identifiable and sensitive information (e.g., health, financial data) are increasingly subject to stricter rules and regulations. The use of the Internet and web, making digital information more susceptible to undetected duplication, transmission and access – not to mention the obvious fact that carrying millions of pages of records would be impossible, while walking out with a single hard disk or CD-ROM on which the same data and information has been scanned or stored in digital form – can be virtually undetectable.
Do you know of any law firm that has a team of privacy and data security, identity theft and data breach legal professionals? A firm that has health care, financial services and insurance specialists, as well as lawyers steeped in digital technology, information security and e-commerce? A firm that has transactional, regulatory compliance and policy-oriented lawyers who can audit current practices and policies, assist in developing mechanisms needed to satisfy regulatory requirements, and provide legal support to help avoid a legal problem, and also regulatory, compliance and litigation professionals who can represent and defend clients if a problem arises? Now you do – Rimon. If you need more information, contact me, Joseph I. (“Joe”) Rosenbaum, or Mark Melodia or Paul Bond, or the Rimon attorney with whom you regularly work, if you need legal advice, information or support on this subject.