Author: P Hasselbacher

Next Round in Norton Healthcare v. UofL.

Only Superficially About Cooperation with UK?both-logos-150

The lawsuit stemming from UofL’s claim that Norton had violated its land-lease agreement with the Commonwealth, and the initiation of a process by the University to wrest physical ownership of Kosair Children’s Hospital from Norton is on the docket for Franklin County Circuit Court on March 18. Norton is asking for a judicial determination that its non-binding Letter of Intent (LOI) to cooperate more closely with the University of Kentucky over children’s health does not violate is ground lease with the Commonwealth or any other agreement with UofL. Because the Commonwealth actually holds the lease, the Finance and Administration Cabinet intervened as a defendant on the side of UofL. Continue reading “Next Round in Norton Healthcare v. UofL.”

Family and Medical Leave Act Provisions Extended to All Same-Sex Married Couples.

Regardless of what the U.S. Supreme Court decides in resolving the lower court differences over whether individuals of the same sex can marry in all states, the tidal wave of change in both public opinion and law sweeping over the country only gets higher. The U.S. Supreme Court recently found in U.S. v. Windsor that gay and lesbian couples that were legally married could not be denied the ability to file their federal income taxes jointly from other states, even those which refused to recognize that marriage. To do so for federal tax purposes was found to be a denial of equal protection under the law and therefore unconstitutional. Since marriage status is relevant to a multitude of other civil matters, it is not surprising that other regulations or laws might be revised. So it came to pass last week when the U.S. Department of Labor (DOL) published its final rule on eligibility to take advantage of the Family and Medical Leave Act (FMLA). The rule goes into effect March 27, 2015.  A Fact Sheet and Frequently Asked Questions are available on the DOL website. Continue reading “Family and Medical Leave Act Provisions Extended to All Same-Sex Married Couples.”

Former UofL Vice-President Files Whistleblower Complaint Against UofL.

circuit-courtThere is no longer any doubt in my mind that the unscheduled executive session tacked on at the end of the February University of Louisville Board meeting was called to deal with the matters of the firing of Vice President for Human Relations Sam Connally and the allegations he brought to the attention of the Board members. As reported earlier today by Insider Louisville, the Courier Journal, and the Kentucky Center for Investigative Reporting, Mr. Connally filed a not-unexpected lawsuit yesterday against the Board of Trustees as agents of the University. A quick trip downtown yielded a copy of the complaint. It makes for interesting reading and provides more detail than a previous letter by Connally to the Courier Journal published elsewhere and which found its way to the UofL Trustees before their meeting.

Somewhere in this article I need to make the appropriate comment that any such complaint tells only one side of the story– a fact readily acknowledged by Mr. Connally. However, in this case, we have a pretty good idea what the University will say in the form of the investigation prepared on its behalf by its outside attorney. I read that report and also the 100 pages of supporting documents.  It covers the same basic set of events as Connally’s complaint with a different spin indeed. There are obviously matters of fact and interpretation to be worked through. Win or lose, in my opinion and based on documents I have seen, UofL is not going to come out of this looking very good. Continue reading “Former UofL Vice-President Files Whistleblower Complaint Against UofL.”

History of Major Breaches of Healthcare Privacy.

Yesterday I wrote about the major breach of privacy of protected personal medical information involving the major health insurer, Anthem, by an as yet unknown hacker. As many as 80 million individual patients were put at risk.  I expressed my opinion that such breaches are to be expected in our current healthcare world. Subsequently, in coverage of the matter by Modern Healthcare, it was noted that the largest previous breach resulting from hacking was a 2014 episode at Community Health Systems of Tennessee. That cyber-attack — involving a mere 4.5 million records — is thought to have originated in China.

Being a curious sort, I extracted all the HHS reports of breaches involving more than 100,000 records. It can be viewed here. There have been 40 instances of such breaches  reported to the Office of Civil Rights in HHS, 10 of these greater than a million. A total of 33.6 individuals were exposed. In these breaches, the covered entity compromised was a Business Associate in 19, Healthcare Provider in 14, and a Health Plan in 7.

While physical theft of records in one form or another remains a common type of major breach, it is clear that the ability to penetrate network servers by theft, hacking or by unauthorized access provides the best high-yield approach for data-thieves. It is also clear that business associates of healthcare providers and plans are a weak link. Why am I not surprized?

Inspection of the names of the covered entities reveals a wide range of entities including: health plans, medical centers, state & federal government agencies, contractors & consultants, and drug stores.

It should be noted that the fact that a breach occurred did not necessarily mean that the data was misused— a thief may have just wanted the laptop! However, potential misuse is always a possibility. Recall that only breaches involving more than 500 individuals appears on this government list, and that the number of breaches of any size not reported or recognized is completely unknown.

Peter Hasselbacher, MD
Feb 17, 2015