Monday, May 26, 2014

Ruminating on HIPAA compliance

I was a bit confused on the intricacies of what entities are covered under HIPAA. The following article helped me clear a few cobwebs and also helped me appreciate the fact that it's impossible to protect all healthcare information all the time.

The crux of the HIPAA regulation is that your information is only protected by a 'covered entity'. HIPAA defines 3 types of covered entities - Payer, Provider and Clearing House.

Posting interesting snippets from the site:

Health information that is protected when held by a covered entity. It may have no privacy protections when the information is held by a someone who is not a covered entity. In other words, health privacy protections depend on who has the information and not on the nature of the information. 

It is important to understand that HIPAA does not automatically cover all health care providers. A free health clinic may not be subject to HIPAA because it doesn’t bill anyone. A doctor who charges every patient $25 cash and does not submit a bill to any insurance company may not be covered by HIPAA. A first aid room at your workplace may or may not be covered by HIPAA.

Most school health records are not subject to HIPAA. Instead, school records (private schools are a major exception) are usually covered by another federal privacy law, the Family Educational Rights and Privacy Act (FERPA). 

The list of unregulated health record keepers is shockingly long. These include gyms, medical and fitness apps and devices not offered by covered entities, health websites not offered by covered entities, Internet search engines, life and casualty insurers, Medical Information Bureau, employers (but this one is complicated), worker’s compensation insurers, banks, credit bureaus, credit card companies. many health researchers, National Institutes of Health, cosmetic medicine services, transit companies, hunting and fishing license agencies, occupational health clinics, fitness clubs, home testing laboratories, massage therapists, nutritional counselors, alternative medicine practitioners, disease advocacy groups, marketers of non-prescription health products and foods, and some urgent care facilities

Friday, May 23, 2014

Ruminating on Rate Limiting

As architects, when we define the API strategy for any organization, we also need to design the 'Rate Limiting' features for that API. The concept of Rate Limiting is not new and the term has been used in networking world for long to represent the control of rate of traffic over the internet.

Other common examples of Rate Limiting that we see very often are as follows:
  1. Limit consecutive wrong password entries to 3.
  2. Maximum size of an email attachment.
  3. Max number of emails one can send in a day.
  4. Max number of search queries one can fire every minute.
  5. Max. broadband download size per day, etc. 
Rate Limiting is also an important line of defense from a security perspective. Jeff Atwood has a good blog post on 'Rate Limiting' available at:

For services or APIs, there are standard ways in which we can rate limit the requests. For e.g.
  • Based on API key: This is how Twitter rate limits their API. Each account with a API key can only make x requests/{time period}. For e.g. 10 requests every 5 mins, 500 requests per day, etc.
  • Based on IP address: This may not work behind a proxy due to NATing.

Tuesday, May 20, 2014

Appending the current date to the file-name in a DOS batch program

I was writing a utility batch for my backup folders and wanted to have the current date appended to the filename. Using just %DATE% was throwing errors as the default output of the date command contains a space on Windows. For e.g. echo %DATE% would return "Tue 05/20/2014".

The following format of the %DATE% command did the job for me. A good trick to have in your sleeve :)
echo %date:~-10,2%-%date:~-7,2%-%date:~-4,4%

This formatting essentially trims chars from the end and then truncates. Just copy-paste fragments of the above string to understand how this works. For e.g. echo %date:~-10%

I had used this to create a date-stamped jar file as follows.
jar -cvf backup_%date:~-10,2%-%date:~-7,2%-%date:~-4,4%.jar data/*

Wednesday, May 14, 2014

Ruminating on Insurance Agents, Brokers, Producers

In the insurance industry, the terms 'Agent', 'Broker' and 'Producer' are used interchangeably many a times. But in different markets, they have different meanings and also governed by different regulations. Jotting down the information I have gathered after discussions and Q&A sessions with my friends in the Insurance industry.

  • Agents have a primary alliance with the insurance carrier, whereas Brokers have a primary alliance with the insurance buyer. But in the Healthcare industry, both the terms are used interchangeably and agents/brokers are also called as 'Producers'.
  • Agents can be 'captive' or 'independent'. A captive agent only represents a single insurer. He is typically on the salary rolls of the carrier and earns a commission on every policy he sells. An independent agent can represent multiple insurance carriers. Independent insurance agents are not on the insurance carriers salary rolls and earn only commissions. Several insurance carriers may authorize an agent to sell for them. 
  • Independent insurance agents may also work with insurance intermediaries, that aggregate quotes from multiple insurance carriers and allows the agent to compare and select the best fit for the customer. Independent agents also provide packaged policies - for e.g. combining auto and home insurance as a single policy. The customer benefits with lower premiums. 
  • Both captive and independent agents have a contract with the insurance carrier that details out the the binding authority of the agent - essentially the authority to bind a policy on the insurer’s behalf.
  • Brokers typically do not have the authority to bind policies. Since brokers cannot bind policies, they have to obtain a binder from the insurance carrier. A binder is a legal document that serves as a temporary insurance policy for around 30 days, and must be signed by a representative of the insurer. A binder is replaced by a policy, once the policy is generated.
  • Brokers may or may not earn commissions from the insurance carrier. They get a flat fee from the insurance buyer for their services. 
  • Brokers can be retail or wholesale. Retail brokers directly engage with the end customers. Sometimes for very specialized insurance needs, retail brokers may contact a wholesale broker. For e.g. a wholesale broker can specialize in auto-manufacturing liability insurance, etc. 
  • Commissions are of two types - a flat (base) commission that is paid for every policy sold and a incentive commission if a particular volume is met or other growth targets are met. There is a lot of debate on the incentive commissions received by independent agents and brokers. This is because these bonuses may affect the neutrality of broker who is supposed to represent the insured. In many countries there are regulations around brokers providing disclosures to customers on the commissions that they would earn. 

Friday, May 02, 2014

Ruminating on the #hashtag economy

The '#' (hash) symbol was originally created for twitter users to categorize their messages. It was used by Twitter users to identify keywords and trending topics. After Twitter, users on other Social channels such as Instagram, Tumblr and Pinterest jumped on the bandwagon and started using #hashtags to participate in online conversations on a topic. A good article explaining the origin of hashtag is available here.

Ironically Facebook adopted #hashtags quite late in the game. But today Facebook has full support for hashtags and when we click on a hashtag, we see a feed of all posts (what people are saying) about that event or topic. Hashtags have become so popular that recently Obama encouraged citizens to use the hashtag "#1010Means" to protest against low minimum wages.

Needless to say hashtags are a powerful concept for advertisers to capitalize on. It helps advertises to market their products/services to the right audience; who are interested in a particular subject.

Organizations have also stated using the power of hashtags in Social channels for building innovative services that bring in new sources of revenue or help improve customer satisfaction rates. This whole new paradigm is known as the "#hashtag economy". 

For e.g. Amex has creatively used hashtags to send promotions to their customers.

Kotak Bank has created a Customer Self-Service platform on Twitter; wherein customers can tweet the right hashtags to perform banking transactions such as checking balance, request for checkboook, etc.