Health IT

Alice Lipowicz

Health IT

By Alice Lipowicz

View all blogs

Kaiser official defends security practices for veterans health data

In the last several days, I have read a news article and a blog post that raise questions about Kaiser Permanente’s privacy and security policies regarding the medical records of its patients — including the records of about 450 veterans participating in a Kaiser/Veterans Affairs Department health data exchange pilot program in San Diego.

The articles suggest that Kaiser handles patient data security differently, and possibly more daringly, than other health plans.

I spoke with Dr. John Mattison, chief medical information officer for Kaiser Permanente Southern California, about the situation. He told me Kaiser uses a comprehensive system of privacy and security based on compliance with the Health Insurance Portability and Accountability Act and all applicable laws. The system includes using role-based access privileges like most other health systems, and Kaiser has been performing algorithmic surveillance of the systems to detect anomalies that could indicate unauthorized access, he said.

“We do not allow everyone to see everything,” Mattison said today. “We allow access based on roles — which include receptionist, medical assistant, quality assurance officer, coding or billing officers. We have security profiles, and you can only see what is allowed for that role.”

Typically, health systems have about 40 to 2,000 different user profiles and corresponding levels of access in their systems, Mattison said. Kaiser’s number of roles “is in the middle of that range.”

“We are using the same restrictions as the rest of the industry, and we are pretty much in the middle of the industry for integrated organizations,” Mattison said. Also, Kaiser is forging ahead in deploying its surveillance software to better detect anomalies, he added.

As for suggestions that Kaiser’s security is more “daring” than other health plans, Mattison disagreed with that assessment. “There are some false assumptions underlying that premise,” Mattison said.

The veterans who are sharing data with Kaiser through the Nationwide Information Health Network (NHIN) should be confident that their data is secure, Mattison said. That is because all of the NHIN’s stringent security and privacy protocols are being followed, he said. He noted that Kaiser and veterans health facilities have been exchanging records for many years in a paper format by mail. The paper records pass from mail room to mail room, with numerous clerks involved.

“Your records are more secure in being exchanged through the NHIN than through the U.S. mail,” Mattison said.

Posted on Mar 05, 2010 at 7:25 PM2 comments

What HHS' entry into e-health record certification means

If you are wondering whether HHS’ Notice of Proposed Rulemaking  (NPRM) released March 2 is a game changer for the certification of electronic health records (EHRs), the jury still seems to be out.

The Certification Commission for Health Information Technology (CCHIT) — which has been certifying EHRs since 2006 — expressed confidence in CCHIT’s prospects for accreditation.

“Having reviewed the NPRM regarding certifying bodies, we feel confident about our prospects of becoming accredited,” CCHIT’s Alisa Ray said in a statement. She called the notice “an important step” that will reduce uncertainty about the certification process.

Uncertainty may have been reduced, but  not banished. CCHIT’s future role in the certification program is a hot topic of conversation.

Dana Blankenhorn, a health information technology commentator, captured the issue in dramatic fashion on with an article titled “The Fall of CCHIT.” Blankenhorn described the half-empty room where a CCHIT official recently talked about upcoming plans for that organization.

Joseph Goedert, health IT writer for Health Data Management, also discussed CCHIT’s future in his article on the NPRM. “So, while CCHIT appears to be able to continue its operations under the proposed temporary certification program, its future isn't clear in the proposed permanent program,” Goedert wrote March 2.

Posted on Mar 03, 2010 at 7:25 PM0 comments

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
contracts DB


  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More


  • How Do You Support the Project Lifecycle?

    How do best-in-class project-based companies create and actively mature successful organizations? They find the right mix of people, processes and tools that enable them to effectively manage the project lifecycle. REGISTER for this webinar to hear how properly managing the cycle of capture, bid, accounting, execution, IPM and analysis will allow you to better manage your programs to stay on scope, schedule and budget. Learn More!

  • Sequestration, LPTA and the Top 100

    Join Washington Technology’s Editor-in-Chief Nick Wakeman as he analyzes the annual Top 100 list and reveals critical insights into how market trends have impacted its composition. You'll learn what movements of individual companies means and how the market overall is being impacted by the current budget environment, how the Top 100 rankings reflect the major trends in the market today and how the biggest companies in the market are adapting to today’s competitive environment. Learn More!