As required by law, the Department of Health and Human Services (HHS) has begun publicly listing breaches of private health information (PHI), generally in medical records, when the breach totals 500 or more individuals.

Though breach notification rules under HITECH (Health Information Technology for Economic and Clinical Health Act) went into effect in September 2009, a grace period provided HHS (and the FTC in cases involving vendors) with a window of discretion. Consequently, when the grace period expired on Feb. 22, HHS began posting breaches involving 500 or more individuals.

According to HITECH regulations, breaches involving 500 or more people must be reported immediately, but breaches involving fewer than 500 persons need only be reported annually.

The breach notifications are available here on the HHS Web site.

What I found a bit curious about the list is a series of five thefts/unauthorized accesses occurring on Sept. 27 at a "private practice" in Torrance, Calif. The list of breaches involves, in succession, 6,145, 5,166, 5,257, 857, and 952 individuals, but the question lingers about why they were listed separately. My conclusion is that the theft/unauthorized access occurred at roughly the same time, but involved five different sets of records. It would be hard to imagine five separate occasions of theft involving the same private practice on the same day. However, anything is possible.

For your convenience and compliance, Personnel Concepts has compiled all HITECH breach regulations into one compact but comprehensive HITECH Act Security Rule Poster. Get yours today so your employees know their rights and responsibilities under HITECH.

Just got my hands on a list of the "Top 10 Bailout Money Recipients" detailing the companies that have received the largest grants from ARRA (American Recovery and Reinvestment Act) funds.

Topping the list is an organization called Savannah River Nuclear Solutions, LLC (SRNS). SRNS operates the Department of Energy’s Savannah River Site in Aiken, South Carolina, which–get this–manages the nation’s nuclear weapons stockpile. (Somehow I don’t think all the nation’s weapons are in Aiken, however.) This group received a cool $1.5 billion in hush money grants ($1,407,839,884 to be precise).

Coming in second but still topping the billion mark at $1,359,715,229 was CH2M Hill Plateau Remediation Company, which is tasked with cleaning up the Central Plateau of the Hanford Site in Washington, reportedly the largest clean-up project in the U.S. (So what are they cleaning up and who made the mess to begin with, pray tell?)

There’s a huge drop-off in third place, with UT-Battelle LLC receiving a paltry $437,675,000 for running the Idaho Cleanup Project (ICP).

Most of the top ten recipients received their funds from the Department of Energy, and most were engaged in clean-up or cover-up operations. Take as an example number seven, Babcock & Wilcox Technical Services Y-12 ($270M). Y-12 operates the National Security Complex in Oak Ridge, Tennessee, where it is engaged in reducing risk from "Cold War legacies" through demolition and disposal. (Demolition and disposal of what, nerve gas or other agents?)

There are probably some interesting tales to be uncovered in this list of the top ten, but I doubt that any media group will bother to do the investigating necessary. They’re too busy angling for their own bailout from Uncle Sam, so no one has to pay off the media to be hush.

Provisions in the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was part of the stimulus package passed in February, created new security and breach rules for those covered by HIPAA (the Health Insurance Portability and Accountability Act of 1996), but afforded everyone a six-month window to achieve full compliance that runs into 2010.

Nonetheless, a Medicaid payment processor in California named CalOptima has mostly complied with the breach rule after the company discovered the loss of claims forms for some 68,000 persons. The digitized forms contained personally identifying information on the 68,000 and were lost during shipment by the United States Postal Service.

CalOptima has posted a breach notification on its Web site and also has notified federal and state agencies. The company says it will also notify each of the 68,000 affected individuals. The postal service, for its part, says it will continue to search for the missing data disks.

It is unclear whether CalOptima also notified the media of the breach, which is required when a data loss affects 500 or more people.

Employers who offer health insurance are covered by both HIPAA and the new breach rule, so you may want to sign up for Personnel Concepts’ HIPAA Compliance Poster and Subscription Service to keep yourselves and your employees informed of all rights and responsibilities.

POSTSCRIPT: The missing CDs with encrypted data later were found at a secure postal facility in Atlanta, apparently untampered with. CalOptima subsequently scrapped its plan to mail out individual breach notices to the 68,000 affected individuals.

Vice President Joe Biden even visited the factory to proclaim a great victory for the American Recovery and Reinvestment Act (ARRA), and the new owners pledged to hire back everyone laid off in December 2008.

However, despite plans for Republic Windows and Doors to be back in full operation by May or June 2009, the Chicago-based factory has so far managed to hire only 15 or so of the 240 workers let go when the previous owner shut the place down and moved to a non-union site.

Serious Materials, a California firm, early this year bought Republic in hopes of producing green doors and windows to meet demand from the weatherization subsidy in ARRA. So far, not much in the way of orders has trickled in, however, leaving the firm with a truncated workforce.

Was Serious just being too optimistic? Time will tell, but you can read the full story here.

I just went through the list of items covered in the final version of the stimulus plan (so called) and added up all the sums that were targeted at projects that could actually lead to jobs. I came up with $146.2 billion, which figures out to be 18.5 percent of the whole pie. The rest goes to what could be called the welfare state.

The implication here is pretty obvious: The Democrats decided to expand their favorite federal programs (some implemented by the states with fed dollars) while masquerading the whole thing as a “job-creating” stimulus package.

The question remains whether the targeted projects will “create or save” three million jobs (I also heard that Obama had raised that promised figure to four million). I’ve got a feeling that the $146.2 will just go to support unionized workers who are already working. At any rate, how does one prove that something “saves” four million jobs?

Here are the areas where money will be spent on job-creating or -saving projects: 1) Create a new “smart” power grid (to replace our current “dumb” one, I guess), $30 billion; 2) Repair and make energy efficient public housing, $6.3 billion; 3) Extend broadband services, $7 billion (again, does this create or save jobs?); 4) Implement electronic health records (EHRs), $19 billion; 5) Modernize roads and bridges, $29 billion; 6) Improve public transit and rail, $16.4 billion; 7) Restore lean water and modernize flood control, $18 billion; and 8 and last) Modernize federal and public buildings, $9.5 billion (again, already-existing union workers who will now get triple-time).

I guess that’s why White House Chief of Staff Rahm Emanuel warned early on that “this is no time to waste a good crisis.”

*N.B.: I loosely included the health IT’s portion, $19 billion, but as I further thought about it, this really doesn’t create any jobs; it just goes to buy equipment and services that are already available. If I delete this sum, the total going to “jobs” is reduced to $127.2, or 16 percent.

Those who were fretting that the extinction of Tom Daschle as potential secretary of Health and Human Services might delay health care reform needn’t worry.

The inclusion of several stealth provisions in the stimulus package now sailing through Congress will implement, mostly unnoticed, provisions from Daschle’s government-heavy idea of reform in his book, Critical: What We Can Do About the Health-Care Crisis.

His idea to prescribe which treatments and medications can and cannot be used by individual doctors lives on through the electronic health records (EHRs) initiative, which would be overseen by a National Coordinator of Health Care Technology. This latter person/office would monitor everything going on in the EHRs to make sure every doctor is following government guidelines and giving cost-effective care. And every doctor means your doctor.

Not only that, but the stimulus package includes the creation of a Federal Coordinating Council for Comparative Effectiveness Research to define and dictate cost-effective care: What physicians and hospitals can and cannot do.

In other words, this is the stealth implementation of Daschle’s plan to create a board similar to the one in Great Britain that dictates every medicine and every procedure for every known medical problem so that they are both efficient and cost-effective (but most of all cheap). Now, on the surface, this sounds reasonable until you face the actual results as a patient.

The British agency Daschle fell in love with (with the totally disingenuous acronym of NICE) has done things like, well, forbidding treatment of macular degeneration because the medicine was too expensive until the patient went blind in one eye. (This policy was reversed finally after three years of public outrage.)

Betsy McCaughey, former lieutenant governor of New York and now an adjunct senior fellow at the Hudson Institute, calls this “Ruin Your Health With the Stimulus Plan.” She explains:

The goal, Daschle’s book explained, is to slow the development and use of new medications and technologies because they are driving up costs. He praises Europeans for being more willing to accept “hopeless diagnoses” and “forgo experimental treatments,” and he chastises Americans for expecting too much from the health-care system.

There’s little wonder, then, that President Obama continually and frantically insists that the stimulus package be hurried through Congress–he doesn’t want anyone actually reading it. As his chief of staff quipped, this is “no time to waste a good crisis.”

As these pages have been predicting since the git-go, the only way anybody in government–using government solutions–can make health care both “accessible and affordable” is by restricting and rationing what’s available.

Hey, if you successfully lower health care expectations, maybe enough people will start kicking off before they reach 65, and the government won’t have to pay Social Security or Medicare.

Nice plan.

The latest version of the economic stimulus legislation includes 187 pages called the Health IT for Economic and Clinical Health Act, or HITECH, with $20 billion in funding to implement a nationwide system of electronic health records (EHRs).

This is something that President Obama spoke of frequently during his campaign, and now it appears to be coming into fruition.

The Congressional Budget Office (CBO) envisions that, within a decade, some 90 percent of physicians and 70 percent of hospitals and other providers will become electrified (that word doesn’t quite work, does it?) as a result of HITECH. In other words, they will be using electronic health records (EHRs).

HIPAA, the Health Insurance Portability and Accountability Act of 1996, comes into play here, but when HIPAA was written, no one was really envisioning a nationwide data base of health records available online. However, here it all comes.

The law also creates an Office of the National Coordinator for Health IT to oversee matters and enforce rules.

Finally, the law comes with a stick as well as a $20-billion carrot. At some point in the future, those who choose not to go electronic will get docked in their Medicare and Medicaid payments.

Ouch. That’ll teach ‘em.