Thursday, February 24, 2011

How to Detect Insider Threats to Patient Data Privacy

Patient Data Breaches on the Rise
As you read our other blog entries, you'll notice a recurring theme – privacy and security breaches of patient information are on the rise. Unfortunately, this trend will only increase as health care entities and payers continue to adopt electronic health record technology. Can you reliably detect snooping of medical records without deploying new software or hardware and without creating additional work for your IT staff?
Veriphyr offers a solution to the problem of detecting unauthorized access to electronic protected health information (ePHI), wherever it resides, within medical records, systems, or applications.  For more information, see our medical records snooping factsheet.
Why Veriphyr
Veriphyr is the first service to detect enterprise user access vulnerabilities with a hosted, on-demand delivery model, not with site-deployed software or hardware.

When customers want a solution for user access review, the discussion eventually bogs down into a debate between vendors over competing technologies.  What the customer originally wanted – answers about who is accessing sensitive data – gets lost in the debate.

Veriphyr is about simplicity instead of complexity.  Veriphyr places technology issues in the background where they belong and returns the focus to what customers actually want – answers.


Wednesday, February 23, 2011

Higher Penalties for Patient Privacy Breaches HHS/OCR

Dramatic increases in financial penalties for HIPAA privacy and security violations are coming in 2011 according to an HHS Office for Civil Rights announcement at HIMSS11.

"Financial penalties for single privacy and security violations will be increased to $50,000 per violation, with a maximum penalty per year of $1.5 million per provision of the rules." - Adam Greene, Sr health IT and privacy advisor, HHS/OCR
Download a white paper on medical records privacy breach detection as a service. Learn how an on-demand, pay-per-use service can cost effectively address the HIPAA/HITECH privacy and security rules - with no hardware and no on-site software.
"These penalties could be enormous considering that many breach incidents are found to contain multiple violations." - Adam Greene, Sr health IT and privacy advisor, HHS/OCR

Sources:
(a) OCR Plans to Tighten Up HITECH Privacy, Security, Breach Regs - HealthData Management, February 2011

Saturday, February 19, 2011

Identity and Access Intelligence (IAI) is Highlighted at Gartner IAM Summit in the UK

The Gartner Identity & Access Management Summit in the UK is focused on helping companies improve their identity and access intelligence.
"Intelligence is one of the three pillars of IAM, but until recently it has had much less attention than administration or access. This must change. An improved identity and access intelligence quotient will deliver benefits, not just within your IAM program, but throughout your organization." - Summary from Gartner IAM Summit in UK
The Veriphyr Identity and Access Intelligence Service by focusing on auditing, monitoring and analytics results in a shorter "time to business value" than traditional Identity and Accesss Management (IAM) approaches focused on administration automation or access management.

Sources:
(a) Gartner Identity & Access Management Summit - Gartner Group, March, 2011

Friday, February 18, 2011

81% of Hospitals Plan to Achieve Meaningful Use of Electronic Health Records (EHR)

81% of hospitals plan to achieve meaningful use of electronic health records (EHR) over the next 10 years. This allows them to take advantage of $27 billion in incentive payments according to the Office of the National Coordinator for Health Information Technology (ONC).

65% of hospitals say that they adopt EHR in 2011 and 2012 in order to enroll in Stage 1 of the government's incentive programs. An additional 16% of hospitals plan to adopt EHR between 2012 and 2010.

A significant challenge in achieving Meaningful Use is the strict patient data privacy requirements. Hospitals will need to demonstrate they can effectively detect inappropriate accesss to patient data ("snooping").
Learn how to satisfy the Meaningful Use requirements for patient data privacy and the user access. Download Veriphyr's white paper on patient privacy and Meaningful Use.
32.4%of office-based physicians plan to adopt EHR in 2011 and 2012 in order to enroll in Stage 1 of the government's incentive programs. An additional 8.6% plan to adopt EHR between 2012 and 2010. In total 41% of office-based physicians plan to achieve meaningful use of EHR over the next 10 years.

29.6% of primary care physicians have already adopted a basic EHR, up 50% from 2008's 19.8% adoption rate. While basic EHRs provide a point-of-entry for physician offices, most would need to further upgrade their EHR systems -- or their use of the systems -- to qualify for meaningful use incentive payments.
"I believe we are seeing the tide turn toward widespread and accelerating adoption and use of health IT." - David Blumenthal, national coordinator for health IT
Sources:
(a) 81% Of Hospitals To Seek EHR Incentives - InformationWeek, January, 2011

Saturday, February 12, 2011

Companies Shift Focus to Identity and Access Intelligence (IAI)

Gartner predicts that by 2014, 50% of companies will shift Identity and Access Management (IAM) efforts to intelligence, rather than administration.

Focusing on Identity and Access Intelligence (IAI) — data collection, correlation, analytics and reporting — ensures that companies get quick answers to business questions, says Gartner.
The need for Identity and Access Intelligence (IAI) will grow as the "business places less emphasis on IT's need for operations efficiency and more emphasis on the organization’s needs for accountability and reliability of access." - Gartner, Inc.
According to Ant Allan, research vice president at Gartner, “The need to limit costs and deliver real world business results is forcing identity and access management (IAM) professionals to take a more strategic approach to IAM.”
Learn more about the leading provider of Identity and Access Intelligence (IAI) as a Service. See how IAI as a service delivers critical operational intelligence- with no hardware and no on-site software.
Sources:
(a) Gartner Predicts By 2014, Notable Project Failures Will Cause 50 Percent of Organizations to Shift their IAM Efforts to Intelligence, Rather than Administration - Gartner, February, 2011

Thursday, February 10, 2011

3 Fired for Snooping on Electronic Health Records (EHR) of College Football Players

A hospital in Iowa City terminated three employees for snooping on the electronic medical records (EMR) of football players at the University of Iowa. In addition, two other employees were placed on five-day, unpaid suspensions.

The football players had received extensive press coverage when they were hospitalized with a muscle disorder following grueling offseason workouts. The players were being treated for rhabdomyolysis, a stress-induced syndrome that can damage cells and cause kidney problems.
"There is no guarantee against it happening again, because, obviously, it has occurred. However, we want to reassure patients that their privacy is one of our top priorities. Privacy and confidentiality is at the very core; the very cornerstone of trust between the healthcare provider and the patient." - University spokesman
The University is looking into how the players condition. The Board of Regents President and school president said the situation was "a cause for grave concern."
Download a white paper on patient privacy auditing as a service. Learn how an on-demand, pay-per-use service can cost effectively address HIPAA/HITECH privacy objectives - with no hardware and no on-site software.
The Health Information Portability and Accountability Act (HIPAA) specifies that electronic personal health information should only be accessed by health care providers with a reason to review it. The Iowa City hospital is said to routinely screen for possible patient privacy violations, especially those with high public profiles.

Sources:
(a) University Hospitals to fire employees over privacy violations - Channel 7 KWWL, Febuary 3, 2011
(b) Press release from University of Iowa on privacy violations at U of I Hospitals and Clinics regarding 13 Hawkeye football players - The Gazette.com, January 28, 2011
(a) Iowa coach: Five players out of hospital - Associated Press, January 28, 2011

Friday, February 4, 2011

Hospital Faces Civil Lawsuit Over Patient Privacy

A former patient has filed a civil lawsuit against a regional medical center in Salisbury, North Carolina for negligence, defamation, slander and invasion of privacy. Also named in the lawsuit are the hospital's corporate parent and two hospital employees. The plaintiff alleged that the hospital inappropriately used and disclosed her electronic protected health information (ePHI) and a hospital employee harassed her and her family.
The plaintiff is asking for punitive and compensatory damages exceeding $10,000 from each defendant, as well as a restraining order and injunction preventing the defendants from disclosing or disseminating any of her confidential health records.
Patient Privacy Auditing Stops Lawsuits and Fines
Separately, the former patient filed a HIPAA Privacy Rule complaint with the U.S. Department of Health and Human Services Office for Civil Rights (HSS/OCR). A subsequent patient privacy audit did not show any hospital employees had inappropriately accessed the patient's electronic medical records (EMR). "We comply with federal laws that require healthcare providers to have the ability to produce audit trails for access to patient records,” said a hospital spokeswoman.
Can you cost effectively audit ePHI across all systems and devices containing ePHI?

Download a white paper on patient privacy auditing as a service. Learn how an on-demand, pay-per-use service can cost effectively address HIPAA/HITECH privacy objectives - with no hardware and no on-site software.
While Federal investigators found no violation, the hospital has agreed to provide training on safeguarding the privacy of electronic health records (EHR) to the employees in the departments covered by the complaint.

NEW DEVELOPMENTS IN THIS CASE (a)
The investigation into this violation of patient privacy rights at the hospital has been reopened by the U.S. Department of Health and Human Services Office for Civil Rights. Asked about the reopened investigation the hospital spokesperson said, “We will fully cooperate with the Office of Civil Rights and actively assist them throughout this investigation.”
Our employees and physician partners each take our obligation to protect every patient’s privacy seriously,” - Hospital spokesperson.
Sources:
(a) Federal agency reviews hospital complaint - salisburypost.com, February 2, 2011
(b) Hospital named in complaint over privacy - salisburypost.com, January 8, 2011

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.