Jim,

I don’t know if encryption is the true answer since it carries many other risks for the Amateur Radio Service. If used in certain circumstances, however, It may prove to at least show that we are respecting and showing some effort to keep health data secure.

In the meantime, as long as there is not individually identifiable patient data sent via Amateur Radio, we should be at low risk, or at least under the radar.

HIPAA has caused major heartburn among healthcare organizations.    We have always tried to keep health data secure, but when government gets involved…well……

I shouldn’t be saying this, because many years ago there was a medical practice in SC that actually sold health care records to a non-health care entity-I think a used car firm(!).  Our medical board took immediate action and closed that loophole—but it is examples like those that probably caused HIPAA to be formed in the first place.

’73 de JIM N2ZZ

Jim,

I think you put your finger on the problem.  We are dealing with a form of dichotomy.  Technically/legally, HIPPA does not apply to Amateur Radio communications; however, much information that could be transmitted by hams could potentially cause problems (at least embarrassment) to the originator if it falls into the wrong person's hands.

This leads me to a question:  In your experience and opinion, to what degree would it be necessary to encrypt information so that most originators would likely feel comfortable sending all but the most sensitive information via Amateur Radio?  For example, hams have a variety of digital modes available to our use.  A couple of these are fast enough and in a format that supports sending stored files at relatively high speeds.  Requests for materials as well as locations of people displaced in a disaster could be sent using such modes.  Even though the codes used to encrypt these messages is published, very few people (including amateurs not involved in relief activities) would have ready access to receiving and decoding equipment and be able to read the messages.

Do you think this form of "encryption" would be adequate to make you feel comfortable?

Clearly, there is information that should not be sent via Amateur Radio as I see it, but in the few localities of which I am aware that seem to dismiss ham communications summarily, there also is a lot of info that could go through hams.

Jim

Jim Weaver, K8JE

Director, Great Lakes Division

5065 Bethany Rd.

Mason, OH 45040

Tel. 513-459-1661; e-mail K8JE@arrl.org

ARRL:  The reason Amateur Radio Is

Members:  The reason ARRL is

From: arrl-odv-bounces@reflector.arrl.org [mailto:arrl-odv-bounces@reflector.arrl.org] On Behalf Of James F. Boehner MD
Sent: 26 September, 2013 6:03 PM
To: 'ARRL ODV'
Subject: [arrl-odv:21991] HIPAA/HITECH

I know this is old news, and our filing on the encryption issue has been acknowledged by the FCC.  As the lone physician (or at least MD) on the board, I was uncomfortable with our perception that since Amateur Radio Operators are not a “covered entity”, HIPPA did not specifically apply to our (Amateur Radio) communications, and security thereof. 

As a physician, I am responsible for all  PHI (Protected Health Information) that I release, whether from my private practice or from the hospital.

As our federal government is becoming more involved in overregulation and imposing large fines for seemingly harmless acts, medical entities seem to be leading the way in having new regulations imposed on them (My apologies to any bankers in the audience).

The new kid on the block is the “Health Information Technology for Economic and Clinical Health” (HITECH) Act.

Here are a few paragraphs from Medical Economics Magazine:

[HITECH: The Health Information Technology for Economic and Clinical Health (HITECH) Act supports the enforcement of HIPAA requirements by increasing the penalties for healthcare organizations that violate HIPAA privacy and security rules. The HITECH Act is in response to developments in health technology and the increased use, storage, and transmittal of electronic health information.

The 2013 HITECH Final Rules, which went into effect March 26, 2013, impose significant new obligations on covered entities, business associates, and subcontractors. A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.

The rules governing business associates take effect September 22, 2014. You need to ensure that independent contractors and/or agents who furnish services to your practice are aware of the requirements of the compliance program with respect to HIPAA and the protection of PHI.]

The read on this seems to be related only to storage of medical data, transmission of that data and who has access.  It does not appear to specify whether services are rendered voluntarily or for hire.  Whether this has any relevance to amateur radio communications on behalf of the health care community, I am uncertain.  I’m sure that Chris can weigh in on this issue.

At the very least, this makes me very nervous.  Healthcare providers are reminded daily that we are responsible and will be fined for any number of things that we do or don’t do on a day to day basis.  With decreasing reimbursements and increasing practice costs (particularly computer and IT costs), a private practice cannot keep up.  So, we are targets.

So, just food for thought.

’73 de JIM N2ZZ

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2014.0.4142 / Virus Database: 3604/6701 - Release Date: 09/26/13