Discerning Data

FDA Approves Software Application That Alerts Providers of Potential Stroke in Patients

On February 13, 2018 FDA approved a software application with clinical-decision support capability, in this case alerting providers of a potential stroke in patients. The system, “Viz.AI Contact,” is developed by a US/Israeli company named Viz.ai, which uses artificial intelligence and machine deep learning for analyzing medical images. Earlier in January, this system also received a CE Mark from the European authorities.

Stroke is caused by an interrupted blood supply to the brain; for example, due to a blood vessel’s rupture. Stroke is among leading causes of mortality and long-term disability in the U.S. and other countries. The Viz.AI Contact system analyzes brain computed tomography (CT) scans, identifies a suspected large vessel blockage, and sends a text notification to the health care specialist.

Continue reading “FDA Approves Software Application That Alerts Providers of Potential Stroke in Patients”

Involuntary Dissolution Does Not Absolve Business Associate of HIPAA Obligations

A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 to the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) in a no-fault settlement regarding potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Filefax, an entity involuntarily dissolved by the Illinois Secretary of State in August 2017, previously provided services to HIPAA covered entities, including storage, maintenance, and delivery of medical records. On February 10, 2015, OCR received an anonymous complaint alleging that an individual had transported medical records obtained from Filefax to a shredding and recycling facility to sell on February 6 and 9, 2015. OCR investigated the matter and confirmed that an individual had left medical records that contained the protected health information (PHI) of approximately 2,150 patients at the shredding and recycling facility. OCR’s investigation indicated that Filefax had either left the PHI in an unlocked truck in its parking lot or granted permission to an unauthorized person to remove the PHI from Filefax, and left the PHI unsecured outside of the Filefax facility.

Continue reading “Involuntary Dissolution Does Not Absolve Business Associate of HIPAA Obligations”

China Releases New Personal Information Privacy Standards

On January 25, 2018, China released the final version of the Personal Information Security Specification, new voluntary standards on the protection of personal information. The standards anticipate and address the “issues faced in personal information security during the rapid development of IT technology; with the protection of personal information as their core” and is meant to “regulate all phases of big data operations and related conduct, such as the collection, storage, processing, use and disclosure of personal information.” The standards will go into effect on May 1, 2018.

The standards will apply to organizations using information systems to process personal information; specific departments that involve network security, third party assessment organizations; and other organizations that deal with the oversight, management, and assessment of personal information security. Generally, they lay out the following 8 basic principles of personal information security.

Continue reading “China Releases New Personal Information Privacy Standards”

Drafting an Information Governance Program Charter

This is the second in an occasional series of blog posts providing practical guidance on how to create an information governance program and how successfully to execute on specific information governance projects.

In our first blog post in this series, we discussed managing share drives and getting rid of redundant, outdated and/or trivial information, otherwise known as “ROT.” Today, we will focus on the essential elements of an Information Governance Charter.

Continue reading “Drafting an Information Governance Program Charter”

FTC Nominees Identify Agency’s Top Challenges in Web Questionnaires

The Senate Commerce, Science & Transportation Committee has set confirmation hearings for February 14 for President Donald Trump’s four nominees to the Federal Trade Commission (FTC).

For the past year, there have been two commissioners leading the agency – Acting Chairman Maureen Ohlhausen and Commissioner Terrell McSweeny.

Continue reading “FTC Nominees Identify Agency’s Top Challenges in Web Questionnaires”

OCR Kick Starts 2018 with Severe $3.5 Million HIPAA Settlement and Corrective Action Plan

Fresenius Medical Center North America (FMCNA) agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and adopt a two-year comprehensive corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

The no-fault resolution agreement states that FMCNA reported five separate incidents that occurred between February 23, 2012 and July 18, 2012 at five distinct FMCNA facilities (FMCNA Covered Entities). FMCNA provides centralized corporate support to the FMCNA Covered Entities, including storing patient’s medical records, creating and disseminating HIPAA policies and procedures, and investigating the circumstances surrounding each breach reported to it by the FMCNA Covered Entities.

Continue reading “OCR Kick Starts 2018 with Severe $3.5 Million HIPAA Settlement and Corrective Action Plan”