Tuesday, February 21, 2017

$5.5M HHS HIPAA Settlement; Lack of Audit Controls Cited

A Florida hospital has paid the Department of Health and Human Services (HHS) a $5.5 million settlement for "protected health information (PHI) impermissibly accessed by employees and impermissibly disclosed to affiliated physician office staff" . The resolution agreement cited a lack of audit controls as a major factor in the determined settlement.
"they failed to implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports."
- OCR Acting Director Robinsue Frohboese
Robinsue Frohboese, OCR Acting Director, stated "access to ePHI must be provided only to authorized users, including affiliated physician office staff. Further, organizations must implement audit controls and review audit logs regularly. As this case shows, a lack of access controls and regular review of audit logs helps hackers or malevolent insiders to cover their electronic tracks, making it difficult for covered entities and business associates to not only recover from breaches, but to prevent them before they happen.”
Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) HHS $5.5M Settlement - HHS, 2/17/2017

Monday, January 30, 2017

Man Sentenced for Selling Patient Data Stolen from Medical Device Company

The crime was discovered when the man contacted a government confidential informant (CI) and offered to sell names, dates of birth, and social security numbers of 957 patients for about $15 per identity.   

A review of the data by the government found that that the patient data contained the medical records from Rotech Healthcare, a nationwide medical device company specializing in respiratory and sleep apnea.. 

Two employees of Rotech Healhtcare, misused their legitimate access to patient data to steal the patient data.  These co-conspirators were indicted and charged with conspiracy, computer intrusion, and identity theft crimes.

Sources:
(a) U.S. Attorney’s Office, Middle District of Florida 
(a) Thank you to Databreaches.net who was the source for this posting 


Saturday, June 25, 2016

Healthcare Worker Convicted for Accessing PHI

A respiratory therapist was convicted for inappropriate access of patient health information while working at an Oregon, Ohio hospital.  

Over a 10 month period the healthcare worker inappropriately accessed the electronic health records of over 550 patients

The therapist could be sentenced up to one year in prison and up to $50,000 in fines.

The conviction was the result of an investigation by the FBI.

For more see - http://nbc24.com/news/local/former-promedica-therapist-convicted-of-illegally-obtaining-patient-data

US Government OK's Cloud for PII

Amazon Web Services (AWS) GovCloud, Microsoft's Azure GovCloud, and CSRA's ARC-P IaaS have U.S. government authorization allowing federal agencies to put highly sensitive data on their cloud-computing services, including data that involves the protection of life and financial ruin.

For more see - https://www.fedramp.gov/fedramp-releases-high-baseline/

Friday, March 4, 2016

Help Children's Hospitals - National Pancake Day, 3/8/2016

As an official partner of Children’s Miracle Network Hospitals, Veriphyr wants to encourage everyone to support IHOP’s National Pancake Day on Tuesday, March 8, 2016.

IHOP Restaurants and Veriphyr partners with Children’s Miracle Network Hospitals to help improve the lives of millions of sick children. We welcome the opportunity to collaborate with IHOP in support of this great cause and, frankly, we’d hate for you to miss out on free pancakes!

How it Works: IHOP invites guests to visit their local IHOP restaurant on National Pancake Day and receive a free short stack of its famous buttermilk pancakes from 7 a.m. – 7 p.m. In return, they ask that you make a voluntary donation to Children’s Miracle Network Hospitals (or, in select markets, another local charity) while at the restaurant.

For more information on National Pancake Day and to find a participating IHOP near you, please go www.ihoppancakeday.com

Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) National Pancake Day, 2016 - www.ihoppancakeday.com, 03/04/2016

Monday, December 21, 2015

Heart Clinic Employee Illegally Disclosed Patient's Records

An employee at a Texas heart clinic argued with a patient, who is a pilot, and in retaliation, and without the patient's permission, she sent his medical records to the Federal Aviation Administration.

The now former employee pleaded guilty to wrongful disclosure of individually identifiable health information and three counts of making false statements, for lying to the FBI. She has been fined $50,000 and faces up to one year in prison.

"She [disclosed the patient's records] “with the intent to cause malicious harm,”." -Court documents
Healthcare organizations seeking to proactively detect privacy data breaches and identity theft can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Former heart clinic employee admits to illegally disclosing patient’s medical records - www.DallasNews.com, 12/18/2014

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.