Two recent note-worthy surveys:
- U.S. News and World Report has released a nationwide survey of the quality of hospital delivery of five common services.
- Fierce Health Payer reports on two surveys of healthcare provider attitudes toward health insurers / their golden geese.
Modern Healthcare reports on Carefirst's report of a large and sophisticated cybersecurity breach. Experts quoted in the article blame the insurer for keeping massive volumes of data data too long. The FEHBlog certainly recognizes the benefits of data minimization. However, laws require health insurers to collect massive amounts of data. Most recently, the IRS has required insurers to collect millions of family member Social Security Numbers in order to document their compliance with the ACA's individual shared responsibility mandate (IRS Form 1095-B). What's more, ERISA and OPM's FEHBP rules include a six year record retention period. Looming over these requirements is the federal False Claims Act's 10 year record retention requirement. The law does not permit data minimization.
The Justice Department recently issued guidance on best cybersecurity practices. Health Data Management offers ten steps to protect health data. It's a hot issue indeed.