Archive for HIPAA

New York City Agency Simplifies the Data Warehouse

In New York City, the Human Resources Administration employs about 15,000 people who deliver Medicaid and other services to more than 3 million residents — and its enterprise data warehouse stores so much information that employees can potentially sift through hundreds of millions of rows inside just one table in a spreadsheet.

“Our largest table had more than three-and-a-half billion paid Medicaid claims,” said Anna Stern, assistant deputy commissioner of new initiatives in management information systems. “And the public assistance and food stamp data comes out of the state system, which is a mainframe system, so we’re dealing with old, complex systems [and] very big data.”

But that’s not the case any longer, thanks to Stern and her colleagues. Because the enterprise warehouse’s data groups often are much larger than employees need, they created dataSmart, a compact version of the warehouse that only contains the most needed data for staff members, while presenting users with a simpler interface.

The massive enterprise data warehouse had been around since 2001, so developers learned over time what the most popular data sets were to include in dataSmart. “We took everything we’ve learned over the years and built a streamlined model,” said Data Warehouse Director Jane Neimand. “We’re very pleased with it.”

DataSmart, which went live with Phase I on Feb. 14, 2012, is housed on the same Oracle database as the enterprise data warehouse, and only department employees can access the systems. Both versions are side-by-side, and users must determine which to query for their needs.

Most people use the Oracle Business Intelligence Discoverer tool to access dataSmart, but other tools like SQL are available. In Discoverer, users query the system and receive the data in spreadsheet tables. DataSmart tables contain fewer rows than those in the data warehouse. “The step-by-step is going to be sort of the same, but each step is just simpler,” Neimand said. “[DataSmart] only has what they absolutely need. It’s not all this other data that they probably don’t need.”

For instance, the enterprise data warehouse holds more than 20 years of data history, which amounts to 1,500-plus data elements with tables containing hundreds of millions, and in one case billions, of rows. On the other hand, dataSmart holds three years of data history and only the most requested data elements.

Stern, Neimand and their co-workers work continually to keep dataSmart fresh. They rebuild the database from scratch each year to house only the past three years’ worth of information. “One advantage of doing that is that it keeps it small,” Neimand said, “but another advantage is that, let’s say some data element becomes important that was not important the last time we did a build, that gives us the opportunity to build in that new element.”

Education and experience have taught them which elements are the most important to include. Roughly 10 years ago, Stern learned in Data Warehousing Institute courses that only about 15 percent of a warehouse’s data is actually used. The administration therefore started developing dataSmart as a means to offer the most desired data more conveniently.

“We said, ‘What if we could come up with something simpler?’ And that’s what dataSmart is,” Stern said, noting that she believed many users lacked the analytical skills needed to access the original system effectively. “It is a distillation of everything we have learned from 10 [or] 11 years of running this data warehouse in this agency. Our premise is, small is beautiful.”

Phase I of dataSmart includes data from the welfare administration system; later phases will incorporate additional information, including GIS, supplementary security income and Medicaid data. Stern estimated that Phase II will go live on Labor Day, followed by Phase III at an as-yet-undetermined later date. The money for the phases came from the department’s budget, and Stern estimated that it will cost an additional $200,000 to complete the second phase.

Today, Stern oversees training programs that employees must complete before they can query either database, and the learning curve for dataSmart certification isn’t steep. Users complete four three-hour training sessions to learn dataSmart, compared to the nine two-hour sessions for the enterprise data warehouse. A division liaison must nominate someone for training before that person can be eligible for courses.

Business analysts are currently trained on Oracle’s Discoverer tool, but the company eventually will migrate the department to the Oracle Business Intelligence Enterprise Edition (OBIEE) platform. Stern and Neimand are unsure when exactly that will take place, but they wouldn’t be surprised if it took about a year to convert Oracle’s database modules to the new system. For example, Discoverer has files called “workbooks” that contain worksheets displaying data retrieved from the database, and migrating users’ personal workbooks to OBIEE will take a lot of work.

“Oracle cannot predict how well the Discoverer workbook will convert to OBIEE, so we’re going to try to get people to get rid of the workbooks they don’t need,” Stern said. “But that’s something that could take a lot of time.”

But no matter what happens, she and her team will work to ensure that dataSmart continues to deliver information conveniently. They’re even using Google’s search capabilities for inspiration.

“My goal would be to get as close to Google as we could get in terms of querying,” Stern said. “Google’s figured out how to give you all the information in the world with one little box on the screen. [It] makes all sorts of information that is complex acceptable to normal people. That’s the goal of dataSmart relative to the agency’s data.”

You may use or reference this story with attribution and a link to

View the original article here

QR Code Treasure Hunt Brings Teens to Libraries

A group of teens sign up for the iHunt program during a library event.

As a way to teach teens about library resources, the Chesterfield County, Va., public libraries gave them a challenge: Solve problems with the help of quick response (QR) codes.

QR codes are a unique series of patterns that — when scanned with a camera-ready smartphone or mobile device — pull up information such as facts about an object the QR code is attached to.

At the Chesterfield County Public Library, QR codes were deemed a fitting technology to use for teaching teens information about the county libraries.

“We wanted to try to reach them on their own terms, so we thought about using technology,” said Carolyn Sears, the library services administrator for community services. “… that’s how we got the QR code idea.”

In November, the county libraries tried a two-month program called “iHunt: Crack the CCPL Code.” The program  challenged teens to learn about library resources by completing a digital treasure hunt inside the library.

Librarians strategically placed signs equipped with QR code readers throughout the facility for the teens to find.

Participants started by answering a question about one of the library’s resources. By following the clues in the question, they could find the item the clues led to. They’d also find a sign with a QR code, which when scanned would give them the clues for the second question.

For example, the hunt tasked its participants to locate a specific DVD title. Once participants located the DVD, they’d find a QR code that would help them find the next item in the hunt.

Teens were allowed to use their own devices such as iPhone and iPod Touch, or could borrow a device from the library to complete the challenge. Sears said while the program wasn’t overly challenging – the hunts consisted of about eight questions – the big-picture goal was to show teens connect what’s available.

 “We wanted to do a teen program because teens are notoriously hard to reach in the library setting,” Sears said. “They don’t tend to know what resources are available and they don’t tend to use them as much as other groups do.”

The contest also came with an additional incentive. Winners received prizes such as an Amazon gift card.

Three of the county’s nine libraries hosted a hunt, bringing in a total of 54 participants. Chesterfield County libraries won’t make the QR code hunts a regular activity, but Sears said similar hunts will be conducted for specific occasions.

The program was funded through a $500 grant awarded by the Library of Virginia, an agency of the state government.

For more ideas on integrating QR codes into libraries, click here.

View the original article here

Finding a Home in Delaware Just Got Easier

Residents of Delaware have a new tool at their disposal when searching for a new home. A new website,, provides free listings for house rentals and house sales for landlords or property owners. In addition, renters can search for a new home to buy or rent by region or city.

“Access to affordable housing is critical to our economy and to the strength of our communities,” Gov. Jack Markell said. “We believe this service will help Delaware residents find the rental housing they need within their budget, within their time frame and in the community where they want to live.”

Powered by not-for-profit website, the website is supported by a free, bilingual call center. Listings can include photos and detailed information such as maps, whether pets are allowed, income restricted status, contact information for the landlord or owner, building history and more than 50 other details about each property.

“We’re excited about the ability of this service to connect our residents to housing opportunities,” Delaware State Housing Authority Director Anas Ben Addi said. “We encourage property providers to take advantage of the free advertising and list vacancies on to help make this service as useful as possible to all Delawareans.”

You may use or reference this story with attribution and a link to

View the original article here

Fire Department Tests QR Codes for Citizen Medical Data

Every second counts during medical emergencies, and quick access to medical information can be the difference between life and death.

Marin County, Calif., located just across the Golden Gate Bridge from San Francisco, is working to ensure first responders have access to this crucial information. In early June, the county’s fire department began piloting a yearlong project that offers residents tech-enhanced stickers that link to an online health profile.

Partnering with Lifesquare, a start-up company located in Menlo Park, Calif., Marin County is distributing free quick response (QR) code stickers, which when scanned by a camera-equipped mobile device, direct emergency responders to the resident’s online medical profile. As of August, the county had 1,100 enrollees in the program.

“We’ve utilized the Lifesquare technology, and it has worked well,” said Mike Giannini, Marin County’s emergency medical services battalion chief. “We’ve been able to get patient information and use it to our advantage.”

QR codes — which resemble a bar code — gained attention in city government in 2009, when Manor, Texas, CIO Dustin Haisler led efforts to have them placed throughout the city so residents and visitors could learn more about a location that held a QR code.

And these codes aren’t typically associated with capturing medical information, but more for disseminating information about historic landmarks and commercial products, such as in Manor. This is changing, however.

Marin County residents can participate in the program by creating a free online account on Lifesquare’s website. From there, they create a profile that includes essential health information such as allergies, medications and emergency contacts — whatever medical details they want to divulge. Information entered into the profiles is stored securely in Health Insurance Portability and Accountability Act compliant servers, according to Lifesquare.

Once a medical profile is created, Lifesquare mails the participant a package of stickers that feature their unique QR code. The idea is to place the stickers in convenient locations, such as wallets, bike helmets, refrigerators and car keys. If an individual is unconscious or incapacitated, paramedics can easily locate the sticker and scan it to bring up his or her medical information, said Ryan Chamberlain, spokesman for Lifesquare.

To access the medical information using the stickers, the county’s firefighters and emergency responders scan the QR code with a mobile device — and Lifesquare gave the county 50 iPhone units for use in the trial.

Currently, medical information can only be accessed by medical personnel participating in the pilot who have the Lifesquare EMS application on their mobile device.

Chamberlain said that unlike static medical information alerting methods like bracelets, the company’s QR code proprietary technology is cloud-based so users can update their online profiles at any time.

“[The QR code sticker] can go anywhere with you and it’s secure,” Chamberlain said. “If you’re sitting in a coffee shop, nobody can look over and read what your medical history is. It’s just a code, and only the professionals can get to that.”

Before experimenting with QR code technology, the county implemented a similar program — called Vial of LIFE (lifesaving information for emergencies) — to make medical information easily accessible to emergency responders, Giannini said.

According to the county fire department website, Vial of LIFE provides residents with kits that contain materials —like a refrigerator magnet, sticker for a front door and medical information form — that would help emergency responders find their medical data in the event of a crisis.

Giannini said because the fire department’s Vial of LIFE program is similar to the idea behind the stickers printed with QR codes, the department was a big proponent of working with Lifesquare to use the technology. In the near future, Giannini said he’d like to see information gathered from Lifesquare integrated into reports that responders must complete.

“We’re looking for them to create a bridge that will take all of that information from Lifesquare and populate the pertinent fields in our electronic patient care report,” Giannini said. “So that will provide us with not only more accurate information, but it will save us a significant amount of time during the course of patient care and over the long term.”

So why is Marin the first to pilot Lifesquare’s medical QR code program? Chamberlain said a combination of community interest and need were factors.

The county — a mountainous landscape and home to sites like film director George Lucas’ Skywalker Ranch — is also home to a vibrant senior citizen population and many cyclists. Chamberlain said these two populations alone made Marin County a good fit for the pilot’s launch.

Marin also is a stone’s throw away from Silicon Valley, a factor that could be seen as advantageous for bringing technology to the community.

Chamberlain said the next step to expanding the Lifesquare technology would be to connect it with an electronic patient care report system as a way to simplify how the medical information is transferred for a patient. If paramedics process the scene of an accident by first scanning a person’s Lifesquare QR code then directly upload that information to an electronic patient care report system, the information is more seamless and error free.

“You don’t have people trying to write out a long form of medications, prescriptions and medicine names, or misspelling a person’s name and things like that,” Chamberlain said. “So not only is it quicker for paramedics, it also removes that element of human error.”

Chamberlain said Marin County has just finalized a contract with an electronic patient care records company. Once a system is implemented, the Lifesquare technology will be synced with it.

So far, the program has only been deployed in Marin County, but Lifesquare ultimately plans to expand the QR code stickers to other counties. Chamberlain said for the technology to have optimal utilization, it will be important for major health-care providers to participate as a way to target critical mass.

“I think the bigger picture is it needs to be adopted in large scale,” Chamberlain said. “Marin County was a great test of how it works, but for it to really work well, we need to have everyone on board.”

You may use or reference this story with attribution and a link to

View the original article here

Hacking of Utah Health Insurance Exchange Raises Security Questions

With the news that the Utah health exchange — one of just two state-run online insurance marketplaces in operation — was recently hacked, states planning their own exchanges as prompted by the Affordable Care Act (ACA) might want to take a closer look at how they’ll handle cybersecurity.

The exchanges will hold digital records of a potential minefield of personal information — Social Security numbers, federal tax and income data and more. To gain approval from the U.S. Department of Health and Human Services (HHS) for their exchange, states must prove they meet five provisions related to privacy and security.

In short, the federal guidance for applications, which are due Nov. 16, requires that states provide “adequate safeguards” to protect personal information on the exchange. States must also secure a letter of acceptance from the IRS, affirming that they’re capable of protecting federal tax information, which will be used to determine eligibility for Medicaid and tax subsidies on the exchanges.

According to the exchange rules, “Personally identifiable information should be protected with reasonable operational, administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.”

States must comply with the federal Health Insurance Portability and Accountability Act (HIPAA), as well as the standards set out in the ACA, but they do have significant leeway in how they meet those parameters.

For example, Rhode Island (which is viewed as a case study for exchange planning) will require the company building the digital infrastructure for its exchange to hire a security manager. The vendors must also purchase an insurance policy that would cover up to $1 million in damages for any security failure.

California, which sent out its request for proposals for the exchange in January, is requiring its vendors to sign a confidentiality agreement. Broadly speaking, the California outline for its exchange says that its software vendors “should leverage government, industry and federally funded academic research on security, privacy and continuity of operations, with a strong link to available and emerging products and solutions.”

California is also requiring that the exchange be able to verify users’ identities with state agencies, such as the Department of Motor Vehicles, before allowing them to access confidential information. The software must also include layered firewalls and data encryption to protect the data in the exchange.

Utah officials stressed that no personal information was at risk during the hacking, which took place three weeks ago, according to the Salt Lake Tribune. Only informational pages, which outline insurance options available to consumers, were affected. State officials portrayed the breach as a “pure act of graffiti. Words were garbled, headlines were blurred.”

It wasn’t the first time that the state’s health sector had been compromised. Back in April, the state’s Medicaid database was breached, with hackers gaining access to the Social Security numbers of as many as 280,000 Utah residents. Less sensitive information, such as names and birth dates, for about 500,000 others was also exposed, according to the Tribune.

With an increasing push to digitize medical information, data breaches are one of the risks. As Kaiser Health News reported in June, HHS has received more than 22,000 complaints about privacy violations since HIPAA was enacted in 2003. Some of the largest breaches (which usually involve private health-care providers) compromised the information of millions of individuals.

“Strong privacy and security rules are crucial to the success of the new health insurance exchanges,” wrote Kate Black of the Center for Democracy and Technology, a nonprofit that advocates for Internet freedom. “If adequate privacy rules and security safeguards do not protect the information collected by exchanges, individuals will not have sufficient trust in an exchange to take advantage of its benefits.”

You may use or reference this story with attribution and a link to

View the original article here