Metasteward LLC  

Looking at health information technology (HIT) through the "donut hole"!

e-OlderAmerican Blog Mission HITSP.org 

 

Suggestion: Right click and open each hyperlink in a "New Tab". Links having (or soon to have) content are identified with an *.

2011 *
2010 *
2009 *
2008 *
2006-2007 *
2005-2006
2001-2005
1998-2001 *
1996-1998
1994-1996 *
1987-1994 *
1976-1987
1970-1976 *
1965-1970
1960-1965
1956-1960
1935-1956 *

Summary of Activities and Projects in 2008 

January 29, 2008 - In my capacity as a volunteer data entry operator, I received an email forwarded by the Director of the Senior Outreach Program from the Nutrition Specialist mandating that effective March 1, 2008, the Social Assistance Management System (SAMS) be used to track client information from the new "Nutrition Screening Form" that all programs had been required to implement by January 1, 2008.

Data entry instructions were located at: http://dhfsbadr.org/docs/sams/nutritioncheck/.  That Website appeared to me to be an official site of Department of Health and Family Services (DHFS) Bureau of Aging and Developmental Resources (BADR), but as I was to find out, was actually a site privately owned by the SAMS' system administrator. The intended use of the tracking system was to show nutrition "outcomes" at both the local and state levels.

January 31, 2008 - I sent an email to the Nutrition Specialist and SAMS system administrator telling of the visceral reaction I experienced that the SAMS' tracking process violated my rights to privacy. I attached a DHFS form that followed proper protocol as to specifying the law underlying the form and the consequences that would follow if the form was not completed.

February 18, 2008 - While working as a volunteer data entry operator, I inadvertently gained access and control of the Web programs and host computers at Harmony Inc.’s data centers.  Security holes had already been identified by the current systems administrator and–as I recently found–by a systems installer, as recorded in his service order notes, dated 3/24/2004.  In a list of the top ten security flaws in Web programs, the security hole I inadvertently found is described as, “Broken access control – in which restrictions on authorized users are not enforced.  Cyber thieves are well aware of semantic technologies and crawl the Web looking for such vulnerabilities.   

The following letters and documents will form the basis for a case study (which I hope to complete by January 2010) concerning the failure of the federal Administration on Aging (AoA) to take the lead in defining a minimum data set (MDS) and in setting security requirements for Older American Act Programs.  AoA’s failure has resulted in Wisconsin’s State Unit on Aging (SUA) and Dane County’s Area Agency on Aging (AAA) in configuring a software-as-a-service (SaaS) system in such a way as to systematically deprive the elderly and disabled of their constitutional rights to privacy.  Both Wisconsin’s SUA and Dane County’s AAA are currently implementing an electronic record tracking system that ignores and violates both state and federal privacy laws.

Letter to: Rea Holmes, Executive Assistant, DHFS and Tonya Harmon, CEO, Harmony Inc.

BADR's Privacy Statement - 071508

Attachments:

  1-ScreenShotsRemoteAccess.pdf

            2-HolmesHarmonLetters.pdf

            3-FairfaxCountyAudit2006.pdf

            4-OpenRecordsRequest.pdf

 Open Records:

             5-Nutrition Committee Minutes.pdf

             6-BADR’s Contract for the Social Assistance Management System (SAMS).pdf

             7-Minutes of DHFS Data Stewardship Council.pdf

 Other Records:

             8-Report to HIPAA Metadata Registry Coalition.pdf

             9- Comments to Area Agency on Aging Board - Legislative Committee – 11/12/2008

             10-Comments to Health and Human Needs Committee – 11/18/2008

                   Attachment: HHN111808

                   Minutes of 11/18/2008 Meeting

             11-Comments to HHN, HSB, LTS and AAA Boards – 12/02/2008

                   Attachment: Combined Boards 120208

             12-Comments to Area Agency on Aging Board - Legislative Committee – 12/17/2008

Following are reference documents:

Privacy Assessment Requested by Governor Doyle

            Letter from Governor Doyle to Secretary Michael Morgan - April 15, 2008

            State of Wisconsin Privacy Assessment - April 14, 2008

                By: Metavante Milwaukee, WI 

Privacy Laws in Wisconsin – Legislative Reference Bureau

            Legislative Reference Bureau Brief - July 2008

             Documents on the Administration on Aging (AoA) Web Site

            State Aging Information Systems Management Study – December 2006

            NAPIS State Reporting Tool Training Manual

 Documents on the National Health Policy Forum (HHPF) Web Site

Wisconsin Site Visit Report – August 2007  See page 13 for impressions of Wisconsin’s Health Information Technology (HIT)

 Issue paper on the Dane County Department of Human Services Web Site

           2008 Family Care Issue Paper

 Health Information Technology (HIT) Reports Web Page on HHS.gov site

           http://www.hhs.gov/healthit/resources/reports.html

 National Committee on Vital and Health Statistics Web Site

          Enhancing Protections for Uses of Health Data – A Stewardship Framework

                      -Summary for Policy Makers- April 2008 

 HHS Announces Privacy and Security Framework – December 16, 2008

          Secretary Leavitt Announces New Principles

          Draft Model Personal Health Record (PHR) Privacy Notice & Facts-At-A-Glance                                                 

 

 

 

 

Last modified: 01/01/11