I know this is old news, and our filing on the encryption issue has been acknowledged by the FCC.  As the lone physician (or at least MD) on the board, I was uncomfortable with our perception that since Amateur Radio Operators are not a “covered entity”, HIPPA did not specifically apply to our (Amateur Radio) communications, and security thereof. 

 

As a physician, I am responsible for all  PHI (Protected Health Information) that I release, whether from my private practice or from the hospital.

 

As our federal government is becoming more involved in overregulation and imposing large fines for seemingly harmless acts, medical entities seem to be leading the way in having new regulations imposed on them (My apologies to any bankers in the audience).

 

The new kid on the block is the “Health Information Technology for Economic and Clinical Health” (HITECH) Act.

 

Here are a few paragraphs from Medical Economics Magazine:

 

 

[HITECH: The Health Information Technology for Economic and Clinical Health (HITECH) Act supports the enforcement of HIPAA requirements by increasing the penalties for healthcare organizations that violate HIPAA privacy and security rules. The HITECH Act is in response to developments in health technology and the increased use, storage, and transmittal of electronic health information.

The 2013 HITECH Final Rules, which went into effect March 26, 2013, impose significant new obligations on covered entities, business associates, and subcontractors. A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.

The rules governing business associates take effect September 22, 2014. You need to ensure that independent contractors and/or agents who furnish services to your practice are aware of the requirements of the compliance program with respect to HIPAA and the protection of PHI.]

 

 

 

The read on this seems to be related only to storage of medical data, transmission of that data and who has access.  It does not appear to specify whether services are rendered voluntarily or for hire.  Whether this has any relevance to amateur radio communications on behalf of the health care community, I am uncertain.  I’m sure that Chris can weigh in on this issue.

 

At the very least, this makes me very nervous.  Healthcare providers are reminded daily that we are responsible and will be fined for any number of things that we do or don’t do on a day to day basis.  With decreasing reimbursements and increasing practice costs (particularly computer and IT costs), a private practice cannot keep up.  So, we are targets.

 

So, just food for thought.

 

’73 de JIM N2ZZ