The folks over at HIMSS and MGMA have teamed up to produce what they call the HIMSS Privacy & Security Toolkit for Small Provider Organizations.  The toolkit provides medical practices with a wealth of information about HIPAA, HITECH, meaningful use, privacy and security.  Below is the letter from both the HIMSS and MGMA CEOs describing the security toolkit.

Message from the CEOs

As small provider organizations increasingly leverage electronic health records and other information technologies, they face significant challenges in their efforts to secure patient information. This is coupled with their efforts to comply with a myriad of existing and newly revised federal requirements. There is also a renewed emphasis on the importance of maintaining the confidentiality of electronic health information due to patient concern and media attention. Providers also recognize that protecting against a breach of health information will require employee training and the development of effective safeguards and reporting processes.

Targeting the needs of these small providers, HIMSS and the Medical Group Management Association (MGMA) (www.mgma.com) have partnered to create the HIMSS Privacy & Security Toolkit for Small Provider Organizations. This useful and practical toolkit will assist first in understanding the rapidly changing privacy and security environment, and then help providers implement an appropriate set of policies and procedures that best meet the needs of their organization. Since smaller organizations may not typically have the resources or technical expertise found in larger institutions, this toolkit will act as a roadmap and resource for clinical and administrative staff to navigate the complex privacy and security laws and regulations and to understand the security components required to participate in Medicare’s “Meaningful Use” EHR incentive program.

We hope this toolkit proves helpful as providers move forward with their health information privacy and security preparations.

I am a strong believer that the more medical practices understand privacy and security issues, the more they will do to protect patient information. So the HIMSS security toolkit is a welcome addition. The only issue I have with it is that it has too much information. With too much information it makes it hard to digest all of the content. In a rough count I came up with around 50+ links to documents ranging from CMS Security Series paper #7 “Implementation for the Small Provider” (12/10/2007) to Meaningful Use Introduction (2/12/2011).  Each of the links provides great information but the problem is that it is too much information. I am not sure who is going to read all that information and be able to digest it and formulate a plan for protecting patient information. I think this information has to be summarized and put into a form that is easy to understand.

They do offer a method of adding additional tools to the toolkit so maybe someone will put a good summary together.  Maybe they will utilize video to make it easier to understand and make it somewhat entertaining. Reading 50 links and over 500 pages of information is just not that much fun.

InformationWeek is reporting that University of California-Davis has decided to stop using Google Gmail over privacy concerns.  The University was engaged in a trial of the paid Gmail program for 30,000 of its faculty and staff members. 

Some interesting quotes from the story:

• Many faculty “expressed concerns that our campus’s commitment to protecting the privacy of their communications is not demonstrated by Google and that the appropriate safeguards are neither in place at this time nor planned for in the near future,” the letter said.

 

• “Though there are different interpretations of these sections, the mere emergence of significant disagreement on these points undermines confidence in whether adopting Google’s Gmail service would be consistent with the policy,” the letter states.

 

•  The UC Davis IT leaders’ letter additionally stated that “outsourcing e-mail may not be in compliance with the University of California Electronic Communications Policy.” The policy forbids the university from disclosing or examining the contents of e-mails without the account holder’s consent, and from distributing e-mails to third parties.

This could have major ramifications to Google if other Universities, Medical Practices, Legal Practices and other profession service companies reach the same conclusion regarding the lack of Privacy with Gmail.