Privacy Briefs: May 2019

By Jane Anderson

◆ HHS announced it is extending the public comment period by 30 days for two proposed regulations aimed at promoting the interoperability of health information technology and enabling patients to electronically access their health information. The new deadline for the submission of comments—June 3—will allow additional time for the public to review the proposed regulations, HHS says. The extension of the public comment period coincides with a release by the HHS Office of the National Coordinator for Health Information Technology of the second draft of the Trusted Exchange Framework and Common Agreement, along with a related notice of funding opportunity. HHS OCR also has released a set of frequently asked questions. See the announcement at https://bit.ly/2IIdiPB.

◆ Amazon Inc.’s digital assistant Alexa has added new health care skills, which are being rolled out in a limited capacity at six different health care organizations. According to Amazon, the new Alexa health care skills that launched in April include the ability to check the status of a home delivery prescription and request Alexa notifications (in use at pharmacy benefits manager Express Scripts), the ability to manage health improvement goals and earn personalized wellness incentives (in use at a large employer insured by Cigna), the ability to provide updates to providers on progress following surgery (in use at Boston Children’s Hospital), the ability to locate an urgent care center and schedule a same-day appointment (in use at Providence St. Joseph Health and at Atrium Health), and the ability for patients with diabetes to track blood sugar levels and receive personalized health information (in use at Livongo, a digital health company). Amazon is currently providing a HIPAA-eligible environment to select skill developers as part of an invite-only program. Learn more at https://amzn.to/2FQ45lj.

◆ Chicago-based Rush System for Health says personal information from about 45,000 patients may have been compromised in a data breach. The health system said in a recent financial filing that exposed data may include names, addresses, dates of birth, Social Security numbers and health insurance information. Rush said the breach, which occurred after an employee of one of Rush’s financial services vendors improperly shared a file with an unauthorized third party, did not include medical information. The breach likely occurred in May 2018, and was discovered on Jan. 22. Read more at https://bit.ly/2H1LTpk.

This document is only available to subscribers. Please log in or purchase access.
Purchase Login


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings