Monday, March 27, 2017

Becker’s Hospital Review: HIPAA Violations--What Hospitals Can Learn from Financial Services

Steve Katz, the worlds first Chief Information Security Officer, offers valuable insights on addressing impermissible use of patient data by employess, contractors, and 3rd parties in his article in Becker's Hospital Review

Katz highlights how the impermissible use of patient data at a Florida hospital resulted in a $5.5 million-dollar fine by the US Department of Health and Human Services (HHS),,

Katz points out that detecting impermissible use of patient data by employees, contractors, and others is a significant challenge in a healthcare setting.

"The challenge is understanding each employee's job responsibilities in fine detail and knowing whether those responsibilities justify an employee's access to a particular piece of patient data at a given point in time."
- Steve Katz, Advisor for the NH-ISAC (National Health Information Sharing and Analysis Center)

Katz suggests that recent technical advances in data technology, in particular Structural Analytics, can help companies address the impermissible use of patient data for a fraction of the cost Wall Street firms paid years ago.

"Structural Analytics are enabling hospitals to automatically and accurately determine the specifics of each employee's job responsibilities by analyzing data in their EHR and other clinical and business systems."
- Steve Katz, Advisor for the NH-ISAC (National Health Information Sharing and Analysis Center)

The article concludes that new data analytics, such as Structural Analytics, enable hospitals to detect and deter patient privacy violations and data theft by automatically comparing an employee's access to patient data with their job responsibilities. This approach eliminates false positives and does not require adding more staff.

Learn how Veriphyr uses Structural Analytics to detect "impermissible use" of patient data in clinical and business applications by employees, contractors, and third parties.

Sources:
(a) HIPAA Violations and What Healthcare Can Learn From Financial Services - Becker's Hospital Review, 03/14/2017

Tuesday, February 21, 2017

$5.5M HHS HIPAA Settlement; Lack of Audit Controls Cited

A Florida hospital has paid the Department of Health and Human Services (HHS) a $5.5 million settlement for "protected health information (PHI) impermissibly accessed by employees and impermissibly disclosed to affiliated physician office staff" . The resolution agreement cited a lack of audit controls as a major factor in the determined settlement.
"they failed to implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports."
- OCR Acting Director Robinsue Frohboese
Robinsue Frohboese, OCR Acting Director, stated "access to ePHI must be provided only to authorized users, including affiliated physician office staff. Further, organizations must implement audit controls and review audit logs regularly. As this case shows, a lack of access controls and regular review of audit logs helps hackers or malevolent insiders to cover their electronic tracks, making it difficult for covered entities and business associates to not only recover from breaches, but to prevent them before they happen.”

Learn how Veriphyr uses Structural Analytics to detect "impermissible use" of patient data in clinical and business applications by employees, contractors, and third parties.

Sources:
(a) HHS $5.5M Settlement - HHS, 2/17/2017

Monday, January 30, 2017

Man Sentenced for Selling Patient Data Stolen from Medical Device Company

The crime was discovered when the man contacted a government confidential informant (CI) and offered to sell names, dates of birth, and social security numbers of 957 patients for about $15 per identity.   

A review of the data by the government found that that the patient data contained the medical records from Rotech Healthcare, a nationwide medical device company specializing in respiratory and sleep apnea.. 

Two employees of Rotech Healhtcare, misused their legitimate access to patient data to steal the patient data.  These co-conspirators were indicted and charged with conspiracy, computer intrusion, and identity theft crimes.

Learn how Veriphyr uses Structural Analytics to detect "impermissible use" of patient data in clinical and business applications by employees, contractors, and third parties.

Sources:
(a) U.S. Attorney’s Office, Middle District of Florida
(b) Thank you to Databreaches.net who was the source for this posting

Saturday, June 25, 2016

Healthcare Worker Convicted for Impermissible Use of PHI

A respiratory therapist was convicted for inappropriate access of patient health information while working at an Oregon, Ohio hospital. Over a 10 month period the healthcare worker inappropriately accessed the electronic health records of over 550 patients.

The therapist accessed a patient's health information on a hospital computer between the dates of May 10, 2013 to March 25, 2014.

The therapist could be sentenced up to one year in prison and up to $50,000 in fines. The conviction was the result of an investigation by the FBI.

Learn how Veriphyr uses Structural Analytics to detect "impermissible use" of patient data in clinical and business applications by employees, contractors, and third parties.

Sources:
(a) NBC24.com
(b) Thank you to Databreaches.net who was the source for this posting

US Government OK's Cloud for PII

Amazon Web Services (AWS) GovCloud, Microsoft's Azure GovCloud, and CSRA's ARC-P IaaS have U.S. government authorization allowing federal agencies to put highly sensitive data on their cloud-computing services, including data that involves the protection of life and financial ruin.

For more see - https://www.fedramp.gov/fedramp-releases-high-baseline/

Friday, March 4, 2016

Help Children's Hospitals - National Pancake Day, 3/8/2016

As an official partner of Children’s Miracle Network Hospitals, Veriphyr wants to encourage everyone to support IHOP’s National Pancake Day on Tuesday, March 8, 2016.

IHOP Restaurants and Veriphyr partners with Children’s Miracle Network Hospitals to help improve the lives of millions of sick children. We welcome the opportunity to collaborate with IHOP in support of this great cause and, frankly, we’d hate for you to miss out on free pancakes!

How it Works: IHOP invites guests to visit their local IHOP restaurant on National Pancake Day and receive a free short stack of its famous buttermilk pancakes from 7 a.m. – 7 p.m. In return, they ask that you make a voluntary donation to Children’s Miracle Network Hospitals (or, in select markets, another local charity) while at the restaurant.

For more information on National Pancake Day and to find a participating IHOP near you, please go www.ihoppancakeday.com

Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) National Pancake Day, 2016 - www.ihoppancakeday.com, 03/04/2016

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.