New York, NY, June 14th, 2010 – Latinos in Information Sciences and Technology Association’s President and CEO, Jose A. Marquez-Leon proudly announced today that Federal Communications Commission Chairman Julius Genachowski will deliver remarks on the National Broadband Plan at LISTA’s upcoming 3rd Annual National Tech-Latino 2030 Legislative Forum on Capitol Hill, Washington, DC at 6:00 pm – 8:30pm on Tuesday June 22nd 2010.
“It is a great honor to have Chairman Genachowski address our members at our 3rd Annual National Tech-Latino 2030 Legislative Forum,” said Tony Jimenez LISTA National Board of Directors Chairman. “Chairman Genachowski has been an advocate for the Latino community and understands the critical role broadband plays in developing businesses and improving the economy for all Americans.”
“We are extremely pleased to have Chairman Genachowski address our members at our 3rd Annual National Tech-Latino Legislative Forum,” said Jose A. Marquez Leon. “Chairman Genachowski recognizes the role of the nation’s Latino technology sector and how broadband will help the Latino community continue to develop businesses and our positive impact on the economy of the United States. He understands that closing the digital divide once and for all will give all Americans the chance to achieve the American Dream of financial independence and economic empowerment.”
“Having Chairman Genachowski participate in LISTA’s Tech-Latino Legislative Forum is a testament to the recognized impact Latinos will have in our nation’s high-tech future,” said Danny Vargas. He added, “We sincerely appreciate the Chairman’s interest and dedication to ensuring that the FCC continues to engage all segments of American society and encourages Latinos to take a leading role in not only telecommunications but all aspects of innovation.”
The 3rd Annual National Tech-Latino Legislative Forum will provide Latino IT professionals an opportunity to dialogue with members of Congress about key concerns in the industries of Science, Technology Math and Engineering. It will also provide LISTA an opportunity to continue to raise awareness of the digital divide and how to bridge it, develop ideas on how to stimulate the growth of technology business, and be a catalyst of change in the high-technology and science sectors.
Event Information
3rd Annual National Tech-Latino Legislative Forum is generously sponsored by MicroTech, Capitol Wire PR. Uber Operations, Broadband for America, NTIA, ADE, State Farm, Aetna and Comcast
Date: Tuesday, June 22 2010
Time: 6pm – 9 pm
Opening Reception Venue:
Rayburn House Office Building,
Room B-338, Basement, Washington, DC 20515
To Attend Please Visit: www.techlatino2030.org
About Chairman Genachowski
Julius Genachowski was nominated by President Barack Obama as Chairman of the Federal Communications Commission on March 3, 2009, and sworn into office on June 29, 2009.
Chairman Genachowski has two decades of experience in public service and the private sector. Prior to his appointment, he spent more than 10 years working in the technology industry as an executive and entrepreneur. He co-founded LaunchBox Digital and Rock Creek Ventures, where he served as Managing Director, and he was a Special Advisor at General Atlantic. In these capacities, he worked to start, accelerate, and invest in early- and mid-stage technology and other companies. From 1997-2005, he was a senior executive at IAC/InterActiveCorp, a Fortune 500 company, where his positions included Chief of Business Operations and General Counsel.
Genachowski’s public service spanned broadly across government. His confirmation as FCC Chairman returns him to the agency where, from 1994 until 1997, he served as Chief Counsel to FCC Chairman Reed Hundt, and, before that, as Special Counsel to then-FCC General Counsel (later Chairman) William Kennard. Previously, he was a law clerk at the U.S. Supreme Court for Justice David Souter and Justice William J. Brennan, Jr. , and at the U.S. Court of Appeals for the D.C. Circuit for Chief Judge Abner Mikva. Genachowski also worked in Congress for then-U.S. Representative (now Senator) Charles E. Schumer (D-N.Y.), and on the staff of the House select committee investigating the Iran-Contra Affair.
Genachowski has been active at the intersection of social responsibility and the marketplace. He was part of the founding group of New Resource Bank, which specializes in serving the needs of green entrepreneurs and sustainable businesses, and has served on the Advisory Board of Environmental Entrepreneurs (E2). He also served as a board member of Common Sense Media, a leading non-partisan, non-profit organization seeking to improve the media lives of children and families.
Genachowski received a J.D from Harvard Law School (magna cum laude), where he was co-Notes Editor of the Harvard Law Review. He received a B.A. from Columbia College (magna cum laude), where he was Editor of Columbia Spectator’s Broadway Magazine, re-established Columbia’s oldest newspaper (Acta Columbiana), and was a writer and researcher for Fred Friendly. He was also a certified Emergency Medical Technician who served on the Columbia Area Volunteer Ambulance, and taught cardiopulmonary resuscitation (CPR).
About Latinos in Information Sciences and Technology Association (LISTA)
LISTA (www.a-lista.org) promotes the utilization of the technology sectors for the empowerment of the Latino community. We are an organization that is committed to bringing various elements of Technology under one central hub to facilitate our partners, members and the community with the leverage and education they need to succeed in a highly advanced technologically driven society.
The United States Hispanic Advocate Association (USHAA)
Luis J. Diaz has over 20 years of extensive experience in a wide range of complex matters including intellectual property law, technology related joint ventures and strategic alliances, mergers and acquisitions, sales and marketing, and government relations. Mr. Diaz provides legal and business counsel to business units, » read more »
~~~~~~~~~~
So What’s Wrong With Arizona’s New Immigration Law?
Arizona’s recently enacted immigration law (SB 1070, as amended by HB2162) makes the failure to carry immigration documents a crime and requires the local police to check immigration status and to detain anyone on mere “reasonable suspicion“ of being in the country illegally following a “lawful stop, detention or arrest.” The law has generated great debate. Advocates say it is needed to fight crime resulting from illegal immigration. Opponents say it will result in the violation of civil liberties. It is an issue that requires a subtantial analysis based on facts, an understanding of American history, and a review of legal precedents involving the abuse and limits of police power.
FACTS & ISSUES
As confirmed by a recent study from PEW Research Center, the fact is that one in four Americans believe that Hispanics are the racial/ethnic group subject to the most discrimination in America. The study found that 32% of Hispanics 16 or older say they or someone they know has experienced discrimination. Less than half of Hispanics believe that police officers in their community treat Latinos fairly. And, most police chiefs around the country, concerned about the chilling effect of this law, oppose it because of its negative impact on their ability to fight crime, obtain witness cooperation, and other concerns.
Despite recent amendments to fix the more obvious problems of SB 1070, the law still provides no guidelines as to what is meant by “reasonable suspicion” in the context of alien status: is it 3 or more Hispanics in a car, a red bandana, a plaid shirt, a migrant worker in the field, or someone speaking Spanish? The reality is that “reasonable suspicion” likely will mean those looking like, sounding like, or acting like the stereotypical undocumented immigrant. However, police officers will be trained to write down things not related to race on their reports like the swerving car, a crooked license plate, talking on a mobile, the seatbelt being unfastened, or some other similar statement that will be difficult to disprove in a court of law and that will pit the relative credibility of a uniformed officer against that of a stereotypical poor immigrant. Notably, Governor Brewer has already announced training on the the subject of “reasonable suspicion” for police officers that one assumes are already experts on the subject.
If the Arizona law is really targeted at crime prevention stemming from the border, then it would be logical and workable if it simply required “probable cause” of some “criminal activity” before police could check immigration status. While the difference between “probable cause” and “reasonable suspicion” may not seem apparent to a lay person, these are two very different legal standards.
HISTORY & PRECEDENTS
Millions of Americans have shed blood in many wars to preserve the civil rights we now treasure. There are 200 years of Fourth Amendment jurisprudence supporting the proposition that police powers must be narrowly limited to prevent abuse of individual rights – something our founding fathers recognized. Also, the mission of police officers is to fight crime – not to act as immigration agents. Thus, any law that creates supercops with immigration superpowers and that, in its actual application, makes it possible to target, arrest, search and seize persons with certain physical attributes is by its nature suspect and should require a higher standard. On a cursory reading of the law, we are reminded of the phrase made famous by Hitler’s infamous Gestapo: “Show me your papers, are your papers in order?” The main difference is that with SB 1070 no “jewish star of David” is necessary for an Arizona supercop to identify the stereotypical immigrant.
Like the Japanese interment laws of the 1940’s, the Arizona law undermines the very notions of equal justice and basic fairness that are fundamental values of every American. As with the interment laws, this legislation is being driven by fear and hysteria and it is expressly directed at a group of people whose physical attributes identify them on first glance as members of a specific racial group. The failure of political leadership in Arizona has allowed people that may “look Mexican” to be singled out whether citizens or not.
Based on our history, we can now anticipate the development of a laundry list of “permissible factors” that can be cited after the fact to justify a “reasonable suspicion” even though race was in fact the first glance consideration in the initial stop. As noted, Governor Brewer has announced training on the the subject of “reasonable suspicion.” It is forseeable that Arizona’s effort to create supercops with immigration powers will spread like a cancer to other states across the country that do not border Mexico, thereby greatly magnifying the potential civil rights violations to all Hispanic citizens that may look “illegal.”
If left unchecked, history teaches that this law could place this great nation on the same slippery slope created by the interment laws, the House Un-American efforts of Senator McCarthy, and similar dark episodes in our history where fear has been used to justify the breach of American civil rights. The eventual apology will ring hollow as it has in times past. In 1988 Congress ultimately passed and President Ronald Reagan signed legislation which apologized for the interment of Japanese Americans and acknowledged that the government actions were based on “race prejudice, war hysteria, and a failure of political leadership.”
SO WHAT IS THE SOLUTION?
The problem starts in Mexico. Thus, any real solution to the problem of illegal immigration and related criminal activity must involve (i) securing our borders, (ii) enacting stronger anti-crime measures, (iii) passing immigration reforms that make economic sense, and (iv) imposing economic sanctions against trade countries that contribute to these types of problems. The Arizona law does not address any of these issues. Instead, it targets the victims of failed policies by both Mexico and the United States. This is equivalent to trying to stop drug trafficking by targeting users and not pushers. We must call on Congress to pass comprehensive immigration legislation to fix our broken immigration laws and to hold our preferred trade partners like Mexico accountable, whether or not it hurts the economic interests of some large Mexican companies and their American partners in the short run.
USHAA is an award-winning non-profit providing economic advocacy, benefits and education programs to ensure that its business and individual members have equal access to contracts, jobs, education and other opportunities provided by our great nation.
New York, N.Y. – Today Latinos in Information Sciences and Technology Association (LISTA) President and CEO, Jose Marquez-Leon released the following statement in response to the May 24, 2010 letter to the Federal Communications Commission on the importance of broadband adoption and deployment over regulation.
LISTA is pleased to see 74 members of Congress join together and speak with one voice on the importance of broadband technology to transform the communities where we live and work. Broadband technology can revitalize the Hispanic community – providing access to first class schools and job training for high-paying American jobs.
Members of Congress have shown the Federal Communications Commission the importance of broadband – and the importance of focusing on policy goals before implementing net neutrality rules that threaten delay and deter broadband investment. We simply can not afford to keep high-speed Internet out of reach from the communities with schools and businesses that need to be online.
Congress has shown the Commission that there is much work to be done to bring broadband to all of America – I hope they will take the leadership to promote access and adoption with sensible policies that encourage investment, innovation, and collaboration.
JULIUS GENACHOWSKI, chairman of the Federal Communications Commission, cannot win for losing.
Internet service providers (ISPs), including Comcast and AT&T, insist that a light touch is needed when regulating the Internet to guard against innovation-stifling intervention. Some public interest groups and businesses, including Google, argue that the FCC must seriously police the Internet to ensure ISPs do not discriminate against certain technologies. (Disclosure: The Washington Post Co. has interests in broadcast and cable television and businesses that depend on the Internet, all of which could be affected by FCC action or inaction.)
The debate intensified dramatically last month after a D.C. federal appeals court struck down the FCC’s relatively relaxed regulatory approach.
From Mr. Genachowski’s perspective, the ruling left the agency with a distasteful choice: Either abandon efforts to regulate broadband or reclassify the service to subject it to more muscular legal provisions typically reserved for telephone companies and other common carriers. Mr. Genachowski, in an effort at compromise, chose a third way: apply only a few of the common-carrier provisions to parts of broadband delivery.
This approach is also unacceptable. For some eight years, the agency has argued that broadband constitutes an “information service” and that it should be subject only to a light regulatory touch. To reverse course now by classifying broadband as a telecommunications service would require the agency to throw out years of its own data and analysis. While agencies have broad latitude in reevaluating regulatory schemes, reversals should be linked to significant market shifts. The facts do not support such a conclusion, and the FCC should not now try to shoehorn broadband into an existing — but incompatible — regulatory scheme.
What is needed is a fourth way: The agency, industry, consumer groups and other interested parties should work with Congress to craft clear but limited rules tailored to broadband. Advocates of increased oversight worry that the often-protracted legislative process will leave a gaping regulatory void that ISPs will exploit to engage in mischief. This is nonsense. It ignores the ISPs’ need to provide good service to keep their customers, and it does not take into account the healthy oversight provided by those consumers and Internet watchdog groups. The Federal Trade Commission and the Justice Department also have the power to police anticompetitive or fraudulent acts.
At the moment, the FCC appears powerless to follow through with its national broadband plan, which includes the goal of expanding service to minority and poor communities. While we do not agree with much of the plan, there are worthwhile elements, including reporting, monitoring and transparency requirements, that the FCC could not enact without explicit legal authority. This is yet another reason why the agency should make a trek to Capitol Hill.
Washington, DC [CapitalWirePR] May 24, 2010 – Recently, the Federal Communications Commission (“FCC”) treated Puerto Rico and its elected representatives with disregard and disrespect. It held that Puerto Ricans don’t deserve the same quality of access to telecommunications services that other Americans enjoy. This is wrong and this must be reversed.
Congress created the FCC for the express purpose of ensuring that “all the people of the United States” have comparable access to telecommunications services “without discrimination on the basis of race, color, religion, national origin, or sex.” In furtherance of this fundamental right, Congress directed the FCC to provide funding to ensure universal access to communications services. And Congress specifically required the FCC to provide the financial support necessary to ensure that equal quality telecommunications services in “insular areas,” like Puerto Rico, are both available and affordable.
The FCC, however, turned its back on this duty and the Commonwealth. The FCC decided not to provide the funding necessary to ensure Puerto Rico has equal quality universal telephone service. Instead, the Commission said that having affordable wire line telephone service isn’t important in Puerto Rico because, in the FCC’s view, we can make do with cell phone service. What the FCC did not say is that this is a double standard that discriminates against Puerto Rico because the FCC’s policies on the mainland have ensured affordable access to both wire line and wireless services.
At bottom, we have a real need for the support Congress directed the FCC to provide. Despite the advances seen in other parts of the country, many in Puerto Rico still lack access to basic telephone and Internet services. In fact, Puerto Rico has the largest population of persons who lack access to any wire line telecommunications service—a staggeringly high 200,000 individuals and approximately 200 communities. Moreover, many of these same communities lack access to wireless telecommunications due to weak coverage in the inland mountains.
Had the FCC followed Congress’s direction, Puerto Ricans would be assured of the affordable access to equal quality telecommunications they are entitled to. And we are not just talking about voice services. Before the FCC made its decision, the Puerto Rico Telephone Company offered a commitment to use these funds to deploy voice and broadband-capable infrastructure. This would not only have ensured access to wired telephone service, it would have provided a running start toward efforts to bring broadband to more of the citizens of the Commonwealth.
On the same day that the FCC turned its back on the people of Puerto Rico, it granted a substantial increase in financial support to wire line systems in Wyoming—despite the fact that Puerto Rico has seven times the population of Wyoming and 40 percent of Puerto Rico’s population is living below the poverty line. For those of us who want to ascribe a neutral, objective basis to the FCC’s decision-making, this decision simply makes no sense.
It is time to let the FCC know that it can no longer relegate Puerto Ricans to steerage while the rest of the United States goes first class. Thankfully, the fight is not over and we are not alone. Representatives in Washington—including Resident Commissioner Pedro R. Pierluisi, Representative Nydia M. Velázquez, Representative Luis V. Gutierrez, and Representative José E. Serrano—have been working hard to urge the FCC to treat Puerto Ricans fairly, as federal law requires. The FCC’s decision to ignore these requests reveals a profound disrespect not only for those living in Puerto Rico but for these representatives as well. We must urge them to continue to fight for us and support them in the coming days as they tell the FCC to do its job and reverse its discriminatory decision.
###
The author is President and CEO of the National Puerto Rican Coalition, Inc., a nonpartisan, non-profit organization based in Washington, D.C., whose mission is to strengthen and enhance the social, political, and economic well-being of Puerto Ricans throughout the U.S and Puerto Rico, with a special focus on the most vulnerable.
As new HIT makes ever greater inroads into the nation’s healthcare system, there is bound to be an expanding array of stories that highlight the advantages HIT brings to patients and doctors alike.
But rather than taking too much comfort as favorable evidence piles up, policymakers should regularly wonder what percentage of the population is still not reaping the benefits.
Take this story from San Francisco. For HIT proponents, it just doesn’t get much better. A single mother with a sick child on her hands uses all available hi-tech tools to get the boy’s situation diagnosed so that, much to his chagrin, he can get back to school without missing a single class.
The story goes on to describe how doctors and patients are communicating via videoconferencing, IM, e-mail, Facebook, and Twitter, and the result, particularly for those patients with EHRs, is a system brimming with convenience, new efficiencies and improved care.
But here’s the question that should nag at policymakers no matter how many of these stories they read: What percentage of the population are we not reaching with all our new tools?
On the one hand, there will never be a time for a definitive answer to that question, because HIT will keep evolving and the healthcare system will have to evolve with it. On the other hand, however, policymakers should already be trying to figure out how to measure, at least roughly, who’s using HIT beyond the healthcare providers who are making the up-front investment.
For purposes of comparison, at least when it comes to patient use of HIT, they might want to take a look at how the “digitizing” of the nation’s school systems has changed or not changed the relationship between parents and teachers. With three kids in school and a veteran teacher for a wife, our admittedly unscientific hunch is that HIT runs the risk of being used much like “Edu-IT” is being used. That is, those who are plugged in general are plugged in when it comes to their children’s education. They access their grades on-line, for example, and they communicate regularly with their teachers via e-mail.
But ask a teacher, and you may well hear the lament that the parents who really need to be more engaged in their kids’ education aren’t using the latest technologies to plug in, and the chances are they won’t be any time soon.
So will the same divide develop as HIT becomes more prevalent? Obviously, there’s no way to know for sure. The question, however, should be one of the first things policymakers think of whenever they read another HIT success story.
EVERY ADVANCE IN healthcare information technology presents a new challenge to a patient’s privacy. The recent initiatives promoting electronic health records (EHRs) and personal health records (PHRs) are no exception. While the use of these records could potentially revolutionize the way physicians treat patients and both patients and physicians manage medical data, they will also put unprecedented amounts of personal information at the fingertips of thousands of third parties. An increased number of individuals with access to health information will only increase the likelihood that, whether inadvertently or purposefully, data security will be breached. The federal Health Insurance Portability and Accountability Act (HIPAA), state health information privacy laws, and state security breach laws all aim to protect an individual’s data from various incidents in which personal information may be compromised. However, the mere existence of these laws does not mean that a person’s health data is necessarily safe. Scores of high profile security breaches have occurred over the past several years, including breaches resulting in unauthorized access to massive amounts of private data at pharmaceutical companies, major data brokers such as ChoicePoint, hospitals, and the Veteran’s Administration. In the dawning era of EHRs and PHRs, physicians, hospitals, insurers, claims processing companies, and various information technology entities must be ready to combat threats to electronic health information. The reality is that many are unprepared.
There is a growing tension between the rapid growth in the use of EHRs and PHRs and the tightening regulation of the security of personal information. In order to effectively navigate the emerging technology and opportunities afforded by EHRs and PHRs, entities conducting business involving such records must be equipped to prevent or mitigate any threat to personal data that may occur, as we will discuss in greater detail below.
Electronic health Records and Personal health Records: Overview and Trends
EHRs are typically defined as clinical patient health records in electronic format that are originated, managed and maintained principally by healthcare providers. They may include information about a patient such as medical history, lifestyle, demographics, any prescription medication, test results, and billing information, and in some instances, they are made accessible to patients.
EHRs have many attributes; if used effectively they can reduce medical errors and costs, as well as increase efficiency. Their advantages range from eliminating confusion resulting from a physician’s handwriting to enhanced searchability, making it easier for a provider to assess possible drug interactions or for a consistent pattern of symptoms. Depending on the platform, another advantage EHRs may offer is accessibility. If they can be transmitted outside of a particular entity’s local information system, they have the potential to be shared with providers and other healthcare entities throughout the world.
PHRs are clinical patient health records in an electronic format that are created by patients themselves, but are maintained by an outside vendor such as an HMO member site or an information technology entity such as Microsoft or Google. They are accessed principally by the patient, but in some formats can be accessed by providers and/or insurers depending on what level of access the patient provides to healthcare entities. PHRs have advantages similar to those of EHRs if a patient grants his or her providers full access to records.
Adoption of EHR platforms has been historically slow. In late 2006, approximately 11 percent of hospitals had a fully implemented EHR system, according to a survey conducted by the American Hospital Association.1 In study by the Healthcare Financial Management Association in 2006, hospitals cited lack of national information standards and code sets, lack of funding, concern about physician usage, lack of interoperability and concerns about privacy as obstacles to EHR adoption.2 Less than 30 percent of office- based physicians reported using EHR systems in a recent study by the National Center for Health Statistics, and only 12.4 percent used comprehensive EHR systems.3 However, the use of EHR systems by office-based physicians has increased over 50 percent in the past five years.4 A wave of recent local, state and federally-sponsored initiatives should help to increase the implementation rate of EHRs. New York State and New York City have been particularly active in encouraging expanded use of EHRs by healthcare providers. At the end of February 2008, Mayor Bloomberg announced that New York City was ready to equip 1,000 Medicaid providers with an EHR system by the end of 2008. Already more than 200 primary care doctors in New York City are using EHRs, and the city says it is on track to reach its goal of 1,000 providers serving more than a million patients by the end of the year.5 Furthermore, Mayor Bloomberg is collaborating with a coalition of House Democrats to help achieve the goal of linking 75 percent of the nation’s health care providers through an e-record system within a decade. On the state level, New York Governor David Patterson awarded $105 million in grants in late March 2008 to 19 community based health information technology projects to help build a statewide EHR system.6 Grant recipients include Regional Health Information Organizations (RHIOs) such as the Bronx Regional Health Information Organization and Brooklyn Health Information Exchange, which facilitate the exchange of health information electronically within a specific geographic area.
Last year, a groundbreaking bill was introduced in the Senate by U.S. Senator Kennedy that, if passed into law, would “recommend specific actions to achieve a nationwide interoperable health information technology infrastructure” and “make recommendations concerning standards, implementation specifications, and certification criteria for the electronic exchange of health information for adoption by the federal government.”7 The “Wired for Health Care Quality Act” would also authorize the Department of Health and Human Services (HHS) to award grants to facilitate the “widespread adoption of interoperable health information technology.”8 Essentially, it would serve to boost implementation of EHRs throughout the U.S. using a common platform. At the time of publication, the sponsors of this legislation were hopeful that the legislation would pass by unanimous consent in the coming weeks.
Various private entities are now offering their own versions of PHR platforms. These platforms would allow consumers to manage and access their health records online. It would also give consumers the option of giving providers and insurers access to their records as well. Microsoft (through its website HealthVault), Google and a variety of HMOs are all developing such platforms, with security and privacy controls tailored to the needs of the consumer. Additionally, the Medical Banking Project, a policy group that focuses on the integration of banking technology, infrastructure and credit with healthcare administrative operations, is also conceiving of a private PHR- type platform, which it calls “consumer-directed healthcare (CDH) platforms.” CDH platforms aim to go a step further than the PHR-platforms offered by Microsoft and Google, as they would not only give a consumer control of his or her health records, but also engage the consumer more fully in the financial aspects of his or her healthcare-related activities. A CDH platform would combine information from an individual’s health plan and personal health accounts such as Health Savings Accounts (HSAs) and Flexible Spending Accounts (FSAs). The main objective of a CDH platform would be “to provide a coordinated link between the healthcare and financial services systems to offer the most comprehensive consumer-directed solution.”9 Such a platform would also benefit from enhanced security from the banks that help to administer CDH platforms. Banks would protect health-related information much as they presently protect financial information.
However, despite the recent surge in EHR and PHR initiatives, efforts still remain highly fragmented. The available EHR and PHR frameworks are driven by different philosophies, potentially compete with each other, and appeal to different types of users, therefore creating different standards for privacy and security. The current lack of coordination between these various frameworks may lead to an increased risk of security breaches, as communication between multiple and possibly incompatible platforms could lead to data leaks and subsequent tampering with records by outside parties. The patchwork of state laws as well as the general lack of regulation in this area beg for federal legislation to set a uniform standard that will harmonize these efforts.
Security Breach Laws, HIPAA and Their Application to EhRs and PhRs
Because private PHRs such as those offered by Microsoft are not explicitly regulated under HIPAA, which governs the use and disclosure of an individual’s identifiable health information, health records created by consumers using these services would not be protected by HIPAA’s privacy and security provisions. HIPAA generally applies to “covered entities”, i.e. providers, health plans and clearinghouses, and breaches in the privacy and security of patient records by these entities result in significant penalties.10 However, when an entity such as Microsoft enters into an agreement with a consumer, it is not subject to the obligations of a covered entity; it would not even need to enter into a business associate agreement, which extends HIPAA protections from a covered entity to its business partners. Thus, without the protection of HIPAA, consumers may be left vulnerable and could potentially shift blame in any privacy breach situation to the providers viewing their PHRs (unless comparable state law protections extended to entities like Microsoft). While publicly-sponsored initiatives such as the ones in New York would be more strictly regulated (as they would be most likely subject to HIPAA indirectly through these public entities” activities as business associates of covered entities as well as other state privacy laws), questions remain about just how secure their EHR platforms are.
The Wired for Health Care Quality Act, described above, would have amended HIPAA so that “an operator of a health information electronic database” would essentially become a covered entity.11 This would have resulted in entities that offer PHR platforms such as Microsoft becoming subject to HIPAA and would create a new class of businesses that would be required to adopt more stringent policies and procedures related to the privacy and security of certain health data. However, at the time of publication, an amendment authored by Senator Leahy significantly altering the privacy provisions of the bill had been accepted by Senator Kennedy in order to “ensure the privacy of individual protected health information.”12 Senator Leahy stated in a recent press release that the amendment would prevent “operators of personal health information databases” from giving sensitive health records “to virtually anyone under the [HIPAA] Privacy Rule.”13 This amendment eliminates the requirement that operators of PHR databases would be automatically covered under HIPAA. Rather, it would require that HHS submit to the Senate recommendations for privacy and security protections for PHRs, including whether it is appropriate to apply certain privacy regulations promulgated under HIPAA to PHRs and “the extent to which the implementation of separate privacy and security measures is necessary.”14
Certain covered entities dealing with EHRs and PHRs must also be prepared for heightened scrutiny of their security policies and procedures related to HIPAA. Earlier this year, the Office of E-Health Standards and Services of the Centers for Medicare and Medicaid Services (CMS) distributed a sample Interview and Document Request list for HIPAA Security Onsite Investigations and Compliance Reviews.15 This list indicates that CMS may request that a covered entity which contracts with CMS produce evidence of policies and procedures that address prevention, detection, containment and correction of security violations as well as other technical documents that address security matters.
Regardless of whether an entity operating an EHR or PHR platform is a “covered entity,” all such entities would be subject to state security breach notification laws (currently enacted in 43 states, the District of Columbia and Puerto Rico) which require disclosure to consumers of any breach in their personal data. Under most states’ laws, “personal information” includes only basic identifying information, but under the amended California security breach notification law, breaches in health insurance information and medical information16 are also covered. Therefore, any entity that has clients or patients who reside in California would be subject to these heightened requirements. The Arkansas security breach notification law also has similar requirements regarding medical information. Regardless of which state security law(s) apply to a particular entity, the increased aggregation of data in EHR and PHR platforms as a result of the initiatives described above will leave more personal data vulnerable to security breaches.
An entity that deals with medical data should be prepared to adapt its policies and procedures to the changes in California law. If the entity has a national presence, it is more than likely to have customers or patients from California. Also, because California was the first state to codify a security breach notification law, and most states followed its lead, one could expect that other states will soon follow its example of including “medical information” in the definition of “personal information.”
The challenges in complying with California’s recently enacted amendments are already apparent. Even an advisory group affiliated with the California Office of Privacy Protection, which assists with the implementation and enforcement of the California security breach notification law, has struggled with formulating recommendations as to how best to comply with the new requirement that businesses and state agencies protect against and notify California residents of security breaches in medical information. Prior to being amended, the California breach notification law and related guidance was geared toward breaches affecting financial information. According to Joanne McNabb, Chief of the California Office of Privacy Protection, a breach of medical information is “a different kind of breach in a lot of ways . . . . The risk it poses is not the same” as a financial data breach.17 The advisory group found that there is not an obvious way to “flag” a person’s medical record in the same way a person’s financial records would be flagged in the event of a security breach. Still, the recommendations are likely to include suggestions that breach notices be as specific as possible, stating what types of records were breached. Pam Dixon, a member of the California Office of Privacy Protection advisory group, said that the amended California law “may drive the debate nationally toward a uniform system like the credit bureaus for medical information.”18
Lack of Preparedness and Increased Enforcement
While entities increasingly adopt EHR platforms and promote the use of PHRs, they may not be prepared to assume the security risks associated with these types of data systems. In a 2008 study conducted by Kroll Fraud Solutions/HIMSS Analytics to better understand the status of patient data security at hospitals, the hospitals surveyed reported an average level of preparedness to deal with a security breach of 5.88 on a one to seven ascending scale.19 Yet the same study indicated that only 56 percent of these hospitals had notified patients whose information was compromised as a result of a security breach.20 13 percent of the respondents to the survey reported that their organization had a security breach in the previous 12 months, with a patient’s name and high level patient information, such as diagnosis, most frequently compromised.21 Also, according to the Government Accountability Office (GAO), in 2004–2005, 47 percent of Medicare Advantage contractors, 42 percent of Medicare fee-for-service contractors, and 38 percent of TRICARE contractors reported experiencing a privacy breach.22 While hospitals and health plan contractors may have policies and procedures in place to combat security breaches, the Kroll survey and the GAO report would seem to indicate that the implementation of such policies and procedures is insufficient.
As healthcare institutions lag behind in their preparedness to deal with data security issues, HHS has stepped up its enforcement efforts to counter noncompliance with HIPAA. In 2007, the total number of resolutions of possible Privacy Rule and Security Rule violations totaled 7,176, compared with only 4,761 resolutions in 2004. Of those resolutions, there were 2,199 investigations in 2007, compared to just 1,392 investigations in 2004.23 HHS is clearly responding to the proliferation of data security incidents that occur with increasing frequency as more health records become digitized and thus susceptible to compromise.
The short history of enforcement of security breach notification laws on the state level has been quite robust. Unlike HIPAA, which puts the onus on a covered entity to come up with its own solution to mitigate a violation of the Privacy and Security Rules, security breach laws mandate disclosure to individuals and, in some instances, to law enforcement agencies. Companies found to have violated a notification law may face civil penalties, injunctive relief and attorney’s fees and costs.
Recommendations for Implementation, Prevention and Response
Businesses that retain individuals’ healthcare data, especially those that interface with EHRs and/or PHRs, should revisit their existing policies and procedures to ensure that they are not only compliant with existing federal and state law, but also to anticipate inevitable changes to the privacy and security regulations and increased enforcement activities. As individuals and healthcare providers become more comfortable with putting personal health information in electronic format, they will expect a heightened level of security to accompany this data. Businesses must be vigilant about protecting this data, as a security incident of any magnitude may cause substantial reputational damage. Providers, insurers, and any other businesses that possess personal health information should consider taking the following measures in order to smoothly transition to a work environment incorporating EHRs and PHRs:
First, an entity should determine exactly what types of data it possesses (if it is a covered entity, it should inventory its protected health information). The entity should also assess whether sensitive information is encrypted and the level of accessibility of such data.
Next, an entity should assess its vulnerability to a security breach. It should look across its organization to identify strengths and weaknesses, i.e. not only should an information technology department be prepared to deal with increases in electronic data and potential security threats, but also departments such as human resources, claims processing, and recordkeeping that view and use individuals’ health information.
An entity should review its physical, technical and administrative safeguards. It should make sure that passwords, encryption, physical locks and barriers allow only authorized personnel access to sensitive data and equipment.
After the steps outlined above, an entity should revise its policies and procedures to reflect any new information gained and processes developed through its own assessment. For example, if the entity determines that it is inadequately prepared to respond to a security breach, it should create or revamp any related guidelines and protocols, such as, with respect to an entity handling medical information of California residents, how to notify a California resident of a breach in his or her medical information.
An entity should periodically train new and existing employees to effectively administer electronic data and comply with rules, regulations and policies and procedures. Existing employees should be required to attend “refresher” courses on policies and procedures related to privacy and security matters.
A business should reevaluate its contracts that include provisions regarding healthcare data and assess what types of provisions it could incorporate into its agreements regarding potential security breaches—how it will coordinate with the other party to prevent and/or notify individuals of security breaches.
Specifically with respect to EHRs and PHRs, providers and insurers should assess whether they wish to develop their own systems, contract with an outside vendor, or try to become part of a state or federal program that facilitates the use of electronic records.
If a provider or insurer does not wish to adopt its own EHR system, it should weigh the risks and benefits of encouraging its patients to utilize a PHR web-based system such as Health Vault. The provider or insurer should be comfortable with uploading patient records to an accessible web site and ensure it obtains necessary authorizations from the patient before transferring health records. The provider or insurer should also be aware of the potential for out-of-date, incomplete or inaccurate records from other providers or insurers to be kept on an individual’s PHR account and plan accordingly for associated risks.
Entities involved with all sectors of the healthcare industry information. should start strategizing now about how they can best coordinate their operations in anticipation of either adopting an EHR or PHR platform or merely interacting with consumers or other entities that use EHRs or PHRs now. Understanding how privacy and security laws affect a business in connection with EHRs and PHRs is crucial, as most healthcare operations deal with patient records at some point or another and will inevitably deal with EHRs and PHRs in the future. Preparedness is key. Making sure your business is in full compliance with existing privacy and security laws and anticipating changes to relevant laws are necessary steps to effectively navigate the increasingly regulated environment of digital healthcare information.
Linda A. Malek is a partner at Moses & Singer LLP, chair of the firm’s Healthcare practice group and co-chair of the firm’s Privacy practice group. Jay D. Meisel is an associate in the firm’s Healthcare and Privacy practice groups. Moses & Singer counsels a variety of entities in the healthcare industry and other industry sectors on matters related to privacy and security. For more information on this topic, please contact Linda A. Malek at lmalek@mosessinger.com or 212-554-7814 or Jay D. Meisel at jmeisel@mosessinger.com or 212-554-7823. For further information about Moses & Singer LLP, please visit www.mosessinger.com.
1American Hospital Association. “Continued Progress: Hospital Use of Information Technology” (2007) at 3.
2Health Financial Management Association. “Overcoming Barriers to Electronic Health Record Adoption” (2006) at 2.
16Medical information may include medical history, diagnosis, policy number, subscriber number, and claims and appeals histories.
17Laura Mahoney. Advisory Group Struggles to Pen Guidance On California’s Medical Breach Notice Law. BNA’s Privacy and Security Law Report. Volume 7 Number 18 (2008).
18Id.
192008 HIMSS Analytics Report: Security of Patient Data (Commissioned by Kroll Fraud Solutions), Apr. 2008, 21.
20Id. at 4.
21Id.at 19.
22Government Accountability Office, Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid and TRICARE (GAO-06-676, Sept. 2006).
Moses & Singer LLP ( Disclaimer Viewing this article or contacting Moses & Singer LLP does not create an attorney-client relationship. This article is intended as a general comment on certain recent developments in the law. It does not contain a complete legal analysis or constitute an opinion of Moses & Singer LLP or any member of the firm on the legal issues herein described. This article contains timely information that may eventually be modified or rendered incorrect by future legislative or judicial developments. It is recommended that readers not rely on this general guide in structuring or analyzing individual transactions but that professional advice be sought in connection with any such transaction. Attorney Advertising It is possible that under the laws, rules or regulations of certain jurisdictions, this may be construed as an advertisement or solicitation. )
The Digital Business Law Group (DBLG) co-authored the HIPAA Survival Guide with Deborah Leyva, RN, BSN, a health care and technology thought leader.
FOR IMMEDIATE RELEASE
The guide provides a concise overview of HIPAA’s Privacy and Security Rules with discussion of the implications resulting from the HITECH Act’s enhanced enforcement of HIPAA.
HITECH transforms HIPAA from a paper tiger, under a historically lax enforcement regime, to legislation that is likely to be rigorously enforced; a critical part of the Obama administration’s Electronic Health Record (EHR) initiatives contained within ARRA. Among other substantive regulations, HITECH provides for: 1) mandatory HIPAA audits; 2) expanded compliance requirements for business associates; 3) authority of State Attorney Generals to bring civil actions on behalf of residents; and 4) monetary penalties or settlements regarding HIPAA violations transferred to HHS’ Office of Civil Rights for enforcement purposes (see http://www.hipaasurvivalguide.com/hitech-act-text.html).
Developing an effective HITECH/HIPAA compliance strategy is a necessity for all HIPAA covered entities and business associates. The HIPAA Privacy and Security Rules are now included within HHS’ “meaningful use” definition–which effectively means HITECH based EHR incentive payments may be at risk if a provider or facility is found to be non-HIPAA compliant. Lost in much of the HITECH discussion to date are the transformational privacy implications of HITECH’s “Subtitle D.”
Carlos Leyva, Managing Shareholder of DBLG (http://www.digitalbusinesslawgroup.com), says: “There is a clear need for wider discussion of HITECH/HIPAA EHR compliance issues. The HIPAA Survival Guide (http://www.hipaasurvivalguide.com) was made freely available in order to ‘jumpstart’ the conversation. Subsequent releases of the guide will link directly to applicable sections of the regulations. Health care providers of all sizes will need an easy to use toolset if they are going to effectively cope with the compliance challenges that lie ahead.”
# # #
About The Digital Business Law Group, P.A. (DBLG)
DBLG focuses on Internet law and electronic privacy/data security compliance. The firm helps clients do business online safely, securely and in accordance with applicable law. It also advises clients regarding technological complexities that have legal implications. The firm is located in the greater Tampa, FL area. To learn more about DBLG visit the firm’s website.
Local hospitals shut out of federal funding for program; costs pose problem across the board, but benefits outweigh obstaclesPuerto Rico’s private hospitals are pushing for a share of federal funding they say is vital to meet a 2015 deadline for all medical institutions and practitioners around the nation to implement electronic health records (EHRs) under the U.S. Health Information Technology for Economic & Clinical Health Act (Hitech).
Hitech, passed as part of President Barack Obama’s American Recovery & Reinvestment Act (ARRA) last year, calls for the development of a national electronic health-records system throughout the mainland U.S., Puerto Rico and other territories by encouraging the adoption of EHRs through incentive payments to physicians.
Although physicians and medical practices in Puerto Rico are eligible for federal incentives, the island’s hospitals were shut out of the program, leaving them $200 million short of what they expected to get to implement EHRs, hospital officials say.
At stake is a vital modernizatio! n initiative and potential cuts in Medicare payments starting in 2015 if the EHR deadline isn’t met.
Congress left the hospitals in Puerto Rico and the other territories out of the Hitech legislation because it was easier to draft a definition based on just the 50 states and Washington, D.C., according to Puerto Rico Hospitals Association President Jaime Plá Cortés.
“When the Hitech Act was approved, we thought we were in. But we were wrong,” said Plá, adding the congressional record doesn’t shed any light on how and why local hospitals were shut out.
Surprised by the exclusion, island hospitals are lobbying hard for funding to meet a federal requirement that does apply to the island’s medical facilities and practitioners. Plá has taken the case to Capitol Hill during various visits to Washington, D.C.
“Members of Congress agree there is no reason we should be left out,” he said.
“We feel it isn’t fair because we aren’t eligible for the financial aid but do have t! o comply with the law,” said Ashford Presbyterian Community Ho! spital E xecutive Director Pedro González, the incoming Hospitals Association president for 2011.
Resident Commissioner Pedro Pierluisi is aiming to fix the problem through legislation to amend Hitech. His H.R. 1501, or the Puerto Rico Medicare Reimbursement Equity Act of 2009, was co-sponsored by the three stateside Puerto Rican members of Congress— Rep. Luis Gutiérrez, D-Ill., and New York Democratic Reps. José Serrano and Nydia Velázquez—and has been sent to the U.S. House Ways & Means Committee.
“This lack of eligibility apparently stems from an involuntary mistake since Puerto Ricans pay the payroll taxes that finance this program,” said Pierluisi, adding the island Health Department, meanwhile, has received $7.7 million through ARRA for the implementation of EHRs in public medical facilities.
“There is no law that obligates anyone to incorporate EHRs,” said Dr. José Piovanetti, chief medical information officer at the island Health Department.
While no sanctions will be! levied for noncompliance, Medicare-funding cuts will come into play and will increase annually after the EHR incentives run out by the 2015 deadline, he said, noting hospitals with mostly older patients would be particularly hard hit.
EHR implementation at a midsize hospital costs roughly $10 million-$12 million, according to Piovanetti. Even with the federal funding issue unresolved, some local private hospitals are pushing ahead with EHR implementation, including Ashford, which has earmarked more than $2 million for the project.
“We are currently in phase five of six and the project will be completed by early 2011,” González said.
Plá said some hospitals might receive EHR funds through Medicaid, but “the local government is still deciding how the funds are going to be distributed.”
“Only hospitals with at least 10% of patients covered by Medicaid may be eligible for that money,” he said.
Other challenges for EHR implementation
Beyond the federal fundi! ng issue, the island’s medical community faces other significa! nt chall enges in implementing EHRs.
Piovanetti believes Puerto Rico should move quickly toward EHRs, but acknowledged the process poses obstacles across the medical field.
“It requires a change in the whole operation of the institution and the adoption of a new mechanism as well as a new dynamic in the doctor-patient relationship,” he said.
It can take up to two months to implement EHRs in a small practice while the process can extend to nine months in a primary-care clinic, according to industry executives.
The Health Department official said doctors fall into one of three categories in terms of the new system: The adopters, who are young and embrace technology; the sideliners, who will wait and see how the project develops; and the late adopters, who see the system as a headache rather than a benefit and will incorporate it only reluctantly.
“This is normal in a change of this sort. But the mid- and long-term benefits outweigh everything else,” said Piovanetti, adding th! at once widely adopted, people won’t be able to work without EHRs.
A potential problem with an HER system, according to Piovanetti, is that they are designed by technology specialists, not by health experts, which can complicate diagnosis and treatment efforts by doctors.
The Health Department chief medical information officer, however, brushed aside security and privacy concerns, saying EHRs are safeguarded from hackers and dramatically more secure than paper records.
‘Bar set too high’
A big obstacle to the implementation of EHRs in Puerto Rico is that “meaningful use” must be established to qualify for incentives under the Hitech Act, a standard that will be tough to meet, according to Plá.
“Meaningful use isn’t a possibility right now for island or U.S. mainland medical practices. The bar was set too high,” he said, adding the Federal Hospitals Association agrees with his assessment.
According to the Hitech regulations, medical practices should be us! ing EHRs by 2011, exchanging information through EHRs by 2013 ! and empl oying EHRs as a full tool for patients by 2015 to comply with the “meaningful use” standard. If doctors in medical practices don’t comply with 100% of the regulation they won’t receive a cent in federal incentives, Plá said.
Plá said the Puerto Rico Hospitals Association has submitted amendments to the regulations to make Hitech compliance easier, which includes extending the timeframe to implement the system.
“There are practices that will be able to comply with the meaningful-use clause, though many won’t,” Piovanetti said.
“If medical practices wait until 2011 to start the transformation process, there is a high probability they won’t receive any funds because they won’t be set on time,” he said. “Whoever hasn’t started yet is late, for both the meaningful-use compliance and the certification.”
However, the certifier of the correct use of EHRs, the U.S. Health & Human Services Department, hasn’t completed its regulation.
“Most certified providers are transitory ! while the department finishes the regulations,” Piovanetti said.
Despite the challenges, medical-industry officials say the benefits of EHRs outweigh the costs.
EHRs, which integrate the patient information from all health providers and can be exchanged, shouldn’t be confused with electronic medical records (EMRs), which carry patient information offered from one health provider.
“Our patients can be anywhere and, with just the touch of a button, we can assure they will be covered and taken care of correctly,” said Wanda Mims, the top official in Puerto Rico of the U.S. Department of Veterans Affairs, the only institution on the island that currently handles EHRs.
Former Humana President Dr. Víctor Gutiérrez worked for more than 10 years to establish a system that compiles all the clinical data for a patient into a single file.
“Many have long seen this as a logical process so patients and health professionals can have easy access to information and prevent duplic! ation. We wanted quality to go up but costs to go down,” Gutié! rrez sai d. Obama’s inclusion of EHRs in the ARRA stimulus package accelerated the process by making it a priority for medical practices to share information through a national database.
“You are able to look at a full patient profile. For patients, it will prevent any inconveniences in terms of picking up and taking documents from one place to another. It will also lower costs and will help a lot in quality of service,” Gutiérrez said.
Gutiérrez acknowledged the high hardware, software and training costs tied to EHR implementation but argued “there has to be a safe method for data storage and the Hitech Act can help cover these costs.”
“The government is providing us with the power to transform health services to attend to patient’s needs,” said Laura Morales, president of Smart Health, a company that provides health-information systems. She added that the current manual-records process is vulnerable to errors, privacy violations, duplication of prescriptions and treatments an! d is marked by fragmentized information.
For Piovanetti, the adoption of EHRs is also a matter of maintaining the competitiveness of the island’s healthcare system.
“Puerto Rico is too focused on its problems and isn’t looking beyond our coast to see how we rate,” said Piovanetti, arguing that the island lags far behind the medical industries in Europe, Mexico, Canada and other jurisdictions.
According to a study published by the World Economic Forum, Puerto Rico ranks 43 out of 133 in the network readiness index. Countries such as Tunisia, Qatar and Barbados are more technologically ready than Puerto Rico.
“This is a long process and it won’t be easy. There are a lot of people who aren’t technologically advanced,” Plá concluded.
Message : Gracias por su patrocinio. Fué un placer servirle
LISTA — Will be in Washington DC this Sunday March 21 2010 Marching for Immigration Rights… See you at the Capital.
Remember Today We March — Tomorrow We Vote
We are excited about heading to Washington D.C. to ensure we have our collective voice heard on a very important and pressing issue within our community: COMPREHENSIVE IMMIGRATION REFORM!
To borrow a phrase from the U.S. Hispanic Leadership Institute’s recent conference theme, “Adelante: The Time is NOW!” The time is NOW for us to take a moment and ensure there is enough political pressure and commitment from our elected officials to make comprehensive immigration reform possible in 2010. The moment is historic and I want to be there. Tens of thousands of others from all over our nation will be there as well.
Will YOU join us?
GALEO, ABLE, and GLAHR are coordinating buses and the response from our community has been amazing! Overall, we potentially will have a collective of 20 buses or more leaving the Metro Atlanta area for this March! Will you join us and reserve your space? This will be an historic trip and hope that you would join us! Make your reservation TODAY!
Even before we get to DC, OUR collective voices are being heard loudly and clearly. President Obama met with Senators working on the legislation and indicated that our March is a big reason for the urgency. We will make our mark in Washington D.C. on March 21st and then bring that energy home to Georgia to make immigration reform a reality in 2010. We will also follow through with engaging in the 2010 Elections.
YOUR voice and contribution is needed.
Get on the bus with us and be a part of history! If you cannot be on the bus, please make a contribution to help us take someone in your stead.
