USA moves towards “Health Care for All”

The much debated “Obama Care” or “Affordable Care Act” on which the US Government faced a “Shut Down” recently has started getting active. The Act which envisages that every US citizen will get a health insurance at affordable cost without being excluded because of reasons such as “Pre Existing deceases”.

The “Market Places” set up for enrolling public to the scheme where they could apply for eligibility screening and applying for relevant insurance plans has seen nearly 1.9 million persons going through the eligibility determination process since October 1, 2013. An additional 803,077 have been assessed for medicaid and CHIP (Children’s Health Insurance Program) upto November end. Of these, 365,000 have already selected plans from the State and Federal market places .

For those who complete the plan choice by December 23, coverage will commence from January 1, 2014. The enrolment plan will however continue upto March 31, 2014. Those who fail to complete the process and obtain insurance through the process may have to pay a fine of $95 per adult , $47.50 per child or 1% of income whichever is higher.

The implementation of the Obama Care is likely to have a positive impact on the employment creation in USA in several disciplines.

The activity in health care management in USA is now going on at a hectic pace and will have its positive impact on the Indian IT industry also. However Indian entrepreneurs who want to make use of this opportunity need to gear up with better Privacy and Security control measures to meet the strict HIPAA-HITECH Act standards.


Share Button
Print Friendly

US Shutdown

The forced shutdown of US Government has now entered the second day and is threatening to affect other economies. For general information we may state that US Shut down has arisen because the House of Representatives dominated by the Republican party has refused to pass the Government budget before the expiry of the earlier budgetary sanction (September 30). The reason is that Republic party does not approve the so called “Obama Care” bill officially known as the “Patient Protection and Affordable Care Act” (ACA) and expenses associated with it which are part of the budget. The shut down has affected 800,000 federal workers  and is expected to cost the economy about $1 billion a week. This is the first such event since 17 years and is likely to leave an indelible mark on the Obama administration.

The Affordable Care Act envisages mandatory health insurance for all Americans to commence from January 1, 2014. The Act has already come into effect with the  enrollments under the Health Insurance Exchange  commencing from 1st October 2013.

For Details visit here. 

More information here 

Obama care Facts

The Act itself is a revolutionary legislation which aims at providing health care security to every American. It envisages that obtaining health insurance coverage is mandatory and for those who cannot afford, there would be a certain subsidization.

“The law is expected to eliminate pre-existing conditions, stop insurance companies from dropping cover when a person is sick, protect against gender discrimination, expand free preventative services and health benefits, expand Medicaid and CHIP, improve Medicare, mandate larger employers insure employees, create a marketplace for subsidized insurance providing tens of millions individuals, families and small businesses with free or low-cost health insurance, and decrease healthcare spending and the deficit.”

The Republican party is opposed to the law since it is felt that the Democrats steam rolled its passage ignoring the opposition when it was passed in 2010. The economic feasibility of the proposal is also under debate. (Similar to the Food Security Bill controversy in India).

A legal challenge led by the law’s Republican opponents ended in June 2012 when the Supreme Court validated the law’s keystone provision – a requirement that Americans not receiving health coverage from their employers or the government purchase individual plans or pay a fine.

Now the Republic party which has a majority in the House of Representatives has put its foot down on the passage of the budget and the result is the shut down of all non essential Government activity. Employees of non essential Government services are now on  “Leave without Pay” disrupting the economic activities of different kinds. It is also feared that by October 17, there will be a need for another endorsement from the House of Representatives on raising the Government borrowing limits and if it does not occur there could be defaults on US treasury bonds and a global repercussion in terms of increased interest rates etc. If the crisis is not defused by then, the consequences could be disastrous even for Stock markets in India.

Since many of the provisions of the Act have already commenced from October 1, 2013, Obama and the Republicans have reached a stage where neither can retract without losing face. It is a serious political crisis which is likely to determine the results of the next Presidential elections and hence neither party is willing to give in.

In India we have faced many similar challenges in the Parliament where the finance bill has been under the mercy of the opposition parties. However, opposition parties have always avoided the crisis by letting the finance bill pass even though they are opposed to the Government policies in general which indirectly increase Government spending in the budget. Whether it is the Food Security Bill or the Corruption, the ultimate burden is on the people with increased tax burdens but the opposition has never expressed the resolve to shoot down a Finance bill which can force the Government to resign. But in US it appears that neither the President is weak to retract nor the opposition meek to let things pass.

The outcome of the crisis is uncertain. Optimists hope that the crisis would be resolved within a short time of a day or two in which case the crisis may pass off. If it persists beyond October 17, we may be in for a major economic crisis that may hit even India.

The silver line for India is that once the Obama Care provisions get implemented, there would be a huge business potential for Indian IT Companies and BPOs and the prospects of the IT industry will get a boost just like the Y2k issue.

P.S: It was interesting to observe the reactions of the American people on the street when they were asked by CNN if they liked Obama Care or Affordable Care Act. Almost all said that they supported Affordable Care Act and opposed Obama Care without realizing that both were the same. This shows not only how much the average American is ignorant as much as the effect of naming  social welfare activitities in the name of political leaders. We in India are used to many many Rajiv Gandhi schemes and such schemes will be opposed by people just for the reason of the name. There is a lesson for politicians in India in this.


Share Button
Print Friendly

HIPAA-US$1.2 m damage for not sanitizing photocopier hard disk

A HITECH Act violation by a health plan in New York resulted in a potential data breach of 344,579 individuals has resulted in the HHS imposition of penalty of Rs $1,215,780 as a settlement.

The breach occurred when the Plan which had leased several photocopiers and used it during its operations decided to return the photocopiers to the lessors. The hard disks that are attached to the photocopier were not sanitized before being returned which resulted in an impermissible disclosure of PHI.

OCR had taken up an investigation of this breach which had been reported in April 2010 after a media disclosure. The settlement has also suggested a corrective action as follows.

 (1) conduct a comprehensive risk analysis of the Plan’s privacy and security risks and vulnerabilities and

(2) use best efforts to retrieve all hard drives that were contained on photocopiers previously leased by the Plan that remain in the possession of the leasing agent and safeguard all electronic PHI contained therein.

Related Article 

The report of CBS News filed in April 2010 had indicated  that the agency purchased 4 used photocopiers from a warehouse in New Jersy and extracted thousands of documents from the hard disks which contained sensitive information from various agencies including the NY Police department and the previously referred Affinity Health Plan.

The incident highlights the need for all companies handling sensitive personal information realize that the Photocopying machines of current days carry a hard disk which copies every document that is photocopied in the machine and hence needs to be sanitized before the photocopier is discarded. If they fail to do the damages can be crippling.


Share Button
Print Friendly

Indian Company causes HIPAA breach

An Indian contractor of a medical transcription company (M2ComSys) is said to have caused a breach of  PHI belonging to 32000 patients of US based Cogent healthcare leading to data breach notification by the US company.

It is stated that the data was stored on Internet without adequate security and landed up in Google search.

Related Report

The incident underscores the need for Indian companies to get themselves HIPAA-HITECH compliant as business associates if they have not done so far.


Share Button
Print Friendly

Data Breach Report within 60 minutes

Reporting of Data Breach incidents has been one of the most contentious aspects of the HITECH Act provisions. The initial provisions on the data breach notifications were kept in abeyance for nearly 2 years predictably because the industry did not want to expose its failures to the public. Hence the mandatory disclosures to be made on the website of the Company, on the website of the regulator, and the news papers were all resented. However, the US regulators have been firm on the data breach notification norm.

In the recently proposed rule on health insurance exchange released in US it is stated that the data breach should be reported to the HHS within one hour of its identification and this has raised lot of eye brows on the feasibility of such reporting. (Report)

This proposed rule sets forth financial integrity and oversight standards with respect to Affordable Insurance Exchanges; Qualified Health Plan (QHP) issuers in Federally facilitated Exchanges (FFEs); and States with regard to the operation of risk adjustment and reinsurance programs. Comments from the public have been invited until July 19, 2013.

Data Breach Reporting is an essential part of information security management at the industry level but the concerns of the industry need to be understood in the proper perspective. Quick reporting of data breach has its advantages at the industry level since similar breaches in other organizations can some times be prevented by timely action by the regulator. For this purpose the “One Hour Rule” must be considered as good.

However it is necessary to understand that the dissemination of a “Potential/Suspected Breach information” needs to be kept within the regulator until the exact nature and extent of the breach is ascertained. The regulator may initiate corrective action if necessary but without the disclosure of the victim. Once the regulator confirms on his own through preliminary examination of evidence that the “Potential/Suspected Breach” as a “Real Breach”, then the formal disclosure measures may be initiated.

It is therefore necessary for HHS to introduce a simple “Potential/Suspected Data Breach Notification Scheme” to implement the One hour rule. It is possible that there may be many false alarms in the process but the industry should be given the confidence that “False Alarms” will be properly identified and killed without a reputation damage being caused to the organization.

Let’s hope that HHS will take this industry demand into consideration and issue the necessary modified guidelines.


Share Button
Print Friendly

HIPAA-HITECH Act Data Breach Audit

The Final Rule on HIPAA-HITECH Act released by HHS after a prolonged public discussion makes some changes in the way the Data Breach notification needs to be handled by Covered Entities and Business Associates.

The key points of the Final Rule are as follows:

1. Breach notification is not required under the final rule if a covered entity or business associate, as applicable, demonstrates through a risk assessment that there is a low probability that the protected health information has been compromised, rather than demonstrate that there is no significant harm to the individual as was provided under the interim final rule.

2. The onus of proving that an “Impermissible use or disclosure” of PHI is not a “breach” lies with the covered entity. In other words, all impermissible uses are “breaches” unless the entity “Demonstrates” that there is a low probability that the PHI has been compromised.

This essentially means that whenever an “Impermissible” use or disclosure is observed, the entity should initiate a “Data Breach Audit” process and document if the impermissible use is in fact a “Breach”. Such a “Data Breach Audit” will determine if there has been a breach and whether the probability of compromise is significant.


Share Button
Print Friendly