Hospital Lawsuit over Medical Records Breach in WV

A man in West Virginia is suing a hospital in Morgantown for negligence claiming the hospital allowed an employee to access his medical records on three occasions.

Interestingly both the victim and the hospital employee have the same last name. There have been no indications as to whether they are related.

The hospital employee passed along the information from the victim's medical records to several people who know the victim, causing him emotional distress and embarrassment, according to the suit.

The victim is seeking damages, award for emotional distress and embarrassment, legal fees, and pre- and post-judgment interest. The case is case number: 11-C-774

Download a white paper on patient privacy breach detection. Proactively identify unauthorized breaches of patient data privacy, even authorized users snooping on family and friends - with no hardware and no on-site software.

Sources:
(a) Morgantown man blames WVU for medical record breach - The Record - West Virginia's Legal Journal, 1/17/2012

Share

Big Data and Privacy at the World Economic Forum

A 2012 report released by the World Economic Forum, titled, “Big Data, Big Impact: New Possibilities for International Development,” outlines some of the possibilities data can bring around the globe to business and education. It also warns of its potential privacy implications.

"Privacy and security concerns must be addressed before firms, governments and individuals can be convinced to share data more openly." - from "Big Data, Big Impact," report by the World Economic Forum

Sources:
(a) At Davos, Discussions of a Global Data Deluge - New York Times, January 25, 2012

Share

New Board Members from Harvard, Microsoft, and UT Austin Join Patient Privacy Rights Foundation

The Patient Privacy Rights (PPR) Foundation, which positions itself as the nation’s health privacy watchdog, announced new board members from Harvard, Microsoft, and University of Texas at Austin.

The new board members include

• Latanya Sweeney, director of Harvard's Data Privacy Lab
• Andrew Dillon, Ph.D., Dean and Professor at the University of Texas School of Information
• Michael Stokes, Director of the Compliance Policy, Health Solutions Group at Microsoft

The board Chair Deborah C. Peel, MD. founded PPR in 2004 to "speak and advocate for the patient's right to health privacy". Dr. Peel has been chosen as one of Modern Healthcare's "100 Most Influential in Healthcare" four times in the last five years.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.

Sources:
(a) Patient Privacy Rights Foundation Welcomes New Board Members - Patient Privacy Rights, 1/23/2012

Share

Hospital Fined £18,000 Over Patient Privacy Breach

The breach involved the victims former partner, a health care assistant, who accessed his confidential medical files at the hospital. The hospital employee claimed she started improperly accessing the victim's files when he failed to come home one night and she checked the hospital system to see if he had been admitted to A&E

"No I'm not supposed to, but everybody does it." - Victim quoting his ex-partner about her breach of patient privacy

The victim had originally complained to the hospital in 2008 but was unhappy with the response. The health care assistant was only informally verbally disciplined, and that information was not released to the victim as it was stated to be confidential.

The court ruled: "The handling of the initial complaint and the conduct of the subsequent litigation have been far from satisfactory."

In response the victim began legal proceedings in April 2009 which, after several years, led to the fine, which was awarded under the Data Protection Act 1998.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.

Sources:
(a) Man's £18k payout after ex-girlfriend viewed his medical records - This is Plymouth, 1/28/2012

Share

MetLife Pays Penalty for Privacy Breach

Connecticut Attorney General George Jepsen and Consumer Protection Commissioner William Rubenstein announced an Assurance of Voluntary Compliance (“AVC”) with Metropolitan Life Insurance Co. (“MetLife”) over the disclosure of personal information

"This agreement reinforces the need to make clear to anyone in possession of personally identifiable information about their legal requirements to protect it and ensure that it s not made publicly available." - Attorney General Jepsen

MetLife will pay a civil penalty of $10,000 and reimburse people who paid to freeze on their credit file as a result of the incident.

Sources:
(a) Agreement Reached With Metropolitan Life Insurance Co. Over Release of Some Customers’ Personally Identifiable Information - 1/24/2012

Share

Data Privacy Breaches - Top Priority for 2012

Preventing and detecting internal breaches is one the top 5 priorities for healthcare organizations in 2012, according to Healthcare Information Security Today survey conducted by HealthcareInfoSecurity.

This is understandable since the Department of Health and Human Services' Office for Civil Rights (HHS/OCR) will begin a HIPAA compliance audit program in 2012 targeting both large and small healthcare organizations.

"Executives are seeing large breaches of patient data on front pages, and it is suddenly becoming a much stronger incentive for them to allocate resources to information security." - Adam Greene, former official at HHS/OCR

Download a white paper on patient privacy breach detection. Learn how to proactively identify breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.

Sources:
(a) 2012 Security Priorities: An Analysis - GovInfo Security

Share

Nurse Fired for Unauthorized Access to 108 Patient Records

“Unfortunately, a nurse accessed information on patients for whom she had no clinical responsibility,” explained an administrator at a hospital in Mount Pleasant, Texas.

When the nurse's actions were discovered she was immediately suspended and later terminated. Her case was then sent to the Texas Board of Nursing.

108 former patients have received a letter from informing them that their private medical records, including diagnosis and treatment notes, had been inappropriately accessed.

"The nurse said she was just ‘curious’ and looked at records she was not authorized to view. She has sworn that she did not do anything with that information."

While hospital staff can typically access any patient's records, under HIPAA they are authorized to access only the medical records of patients currently under their care.

"The hospital takes a very serious stance in our role of safeguarding patient’s personal information and using it in an appropriate manner. We have revised our audit procedures to minimize the risk of breaches of this nature.” - Hospital Privacy Officer

Download a white paper on patient privacy breach detection. Proactively identify unauthorized breaches of patient data privacy like this one - with no hardware and no on-site software.

Sources:
(a) Nurse terminated for unauthorized viewing of TRMC patient records - Daily Tribune 1/18/2012

Share

Attorney General Files Suit Over Patient Privacy Breach

Accretive Health is being sued by the Minnesota Attorney General, Lori Swanson, over a patient privacy breach that occured last summer.

The lawsuit alleges that the healthcare data breach affecting 23,500 patients at two Minnesota hospital systems violates federal and state patient privacy and informed-consent laws.

"Why should anyone other than a doctor have such basic and personal and intrusive information about a patient?" - Lori Swanson, Minnesota Attorney General

The lawsuit requests the court force Accretive Health to reveal what information it posesses, how it has been used and where it has been sent. Accretive Health spokesperson stated that the company has enhanced its security and promises to cooperate with the office of the Attorney General.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy - with no hardware and no on-site software.

Sources:
(a) Minnesota sues consulting firm over lost health data - Star Tribune, 1/19/2012

Share

Greene - "The End of Voluntary HIPAA Compliance"

Facinating interview with Adam Greene, a former senior health information technology and privacy at Health and Human Services' Office for Civil Right. He discusses the state of HIPAA compliance in light of the ramped up HIPAA enforcement by the government.

"It's becoming increasingly clear that the age of strictly voluntary compliance with respect to HIPAA has come to an end, and the threat of expensive settlements and corrective action plans with federal and state regulators is becoming an increasing reality."

Adam Greene, former official at HHS/OCR

Download a white paper on patient privacy breach detection. Proactively identify breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.

Sources:
(a) HIPAA Compliance: A New Attitude - Data Breach Today, 11/20/2011

Share

UCLA - "We had a lax culture around patient privacy..."

Don't miss this in depth article on how the UCLA Health System used a series of very public data breaches as a wake-up call for the health system and how it has dramatically changed in response.

"We had a very, very lax culture around privacy, and because we happened to treat an A-list of celebrities, it got national attention. But the reality was we were sloppy not only with celebrities, but also with a nurse looking at another nurse's records to see if she was really sick yesterday. That was our culture."

David Feinberg, MD, MBA, who became UCLA Health System CEO in 2007

Download a white paper on patient privacy breach detection.
Sources:
(a) Dealing with Data Breaches - HealthLeaders Media, January 13, 2012

Share

Hospital Worker Violates Medical Privacy of Ex-Husband

A hospital employee in Liverpool England was fined for unlawfully accessing the medical records of five members of her ex-husband's family.

The hospital launched an investigation after the defendant's former father-in-law complained about receiving nuisance calls which he suspected had been made by defendent.

"Unlawfully obtaining other people's information for personal gain is a serious offence which can have potentially devastating effects." - Steve Eckersley, head of enforcement at the Information Commissioner's Office.

After inquiries by the ex-husband's family the hospital checked audit trails linked to the defendant's smartcard ID. Analysis of the logs revealed that all of the patients whose details had been compromised were not at any time under the medical care of the defendant and that she had no work related reasons to access their records.

Other hospitals are taking a more proactive approach to detecting employee violations of patient privacy. Download a patient privacy white paper to learn more.

Sources:
(a) Liverpool hospital employee fined for data breach - The Guardian, 1/12/2012

Share

3 Best Ways to Prevent Healthcare Data Breaches

According to attorney Robert Belfort, the 3 best ways to prevent healthcare information breaches are:

• Conduct internal audits of employee access to medical records.
• Educate staff about sanctions they'll face if they're guilty of a breach.
• Encrypt data on mobile devices and media.

"The belief that ... there's a high risk that if you access a record improperly you will be caught through some sort of audit trail review can have an important impact on behavior." - Attorney Robert Belfort, an expert in HIPAA compliance, fraud and abuse.

Download a white paper on automated audits of employee access to medical records. Learn about a service that proactively identifies breaches of patient data privacy - with no hardware and no on-site software.

Sources:
(a) Complying With the HIPAA Breach Rule - Data Breach Today,1/13/2012

Share

HIPAA Accounting of Disclosure - A Legal Perspective

The accounting of disclosures requirement proposed under the HIPAA gives patients the right to request an access report documenting the names of every persons who accessed or viewed the patients electronic personal health information (ePHI).

"I would remind staff that they could be held directly liable for snooping in records they shouldn't have looked at. It puts them at very, very real risk of being dragged into a lawsuit." - Nathan A. Kottkamp, partner at McGuireWoods.

"It makes it that much easier to find a smoking gun demonstrating that your staff is not in compliance with HIPAA," Kottkamp says.

Take the initiative when it comes to patient privacy breach detection. Learn about a service that proactively identifies unauthorized breaches of patient privacy, even by authorized users - with no hardware and no on-site software.

Sources:
(a) Disclosure Report Could Reveal HIPAA Breaches - HealthLeaders magazine January 2012

Share

FBI - Internal Data Theft is the Real Danger to Business

There is a misconception that only e-commerce and banking companies are vulnerable to attacks but that the real danger now comes from theft of internal information such as personal data, research and development or intellectual property - Shawn Henry, executive assistant director of the FBI speaking at the Federal Bureau of Investigation’s International Conference on Cyber Security.

Learn how Veriphyr's Identity and Access Intelligence proactively identifies data breaches by insiders - with no hardware and no on-site software.

Sources:
(a) Defenses Against Hackers Are Like the ‘Maginot Line,’ NSA Chief Says - Wall Streeet Journal, 1/13/2012

Share

Insider Data Breach Highest in Healthcare

Medical and healthcare groups saw the largest incidence of insider theft, as did non-financial businesses according to a forthcoming study from the Identity Theft Resource Center (ITRC).

NOTE: The ITRC counts as sensitive only credit card, financial account numbers, social security numbers, medical insurance numbers, and driver's license numbers. It does not count email addresses, passwords, or other pieces of data.

Learn how Veriphyr's Identity and Access Intelligence proactively identifies data breaches by insiders - with no hardware and no on-site software.

Sources:
(a) Exclusive: Identity Theft Resource Center identifies leading data breach culprits in 2011 - Information Week, 1/12/2012
(b) Identity Theft Resource Center

Share

Big Data in Wall Street Journal

Key points about Big Data from an article today in the Wall Street Journal's All Things Digital:

1) Big Data adoption is driven by large and/or rapidly growing data being captured by automated and digitized business processes.

2) Delivering business value from big data requires advanced analytical to turn this raw information into usable knowledge.

3) Companies that are able to put big data technology to work will find significant revenue generating and cost savings opportunities

Learn how Verihphyr's Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.

Sources:
(a) Big Data Analytics: Trends to Watch For in 2012 - Wall Street Journal's All Things Digital, 2011/1/11

Share

Employee Abuse of IT Systems Highlighted by Deloitte Security Survey

"Employee abuse of IT systems and information" is one the top five "high threats envisioned for information security" according to Deloitte's fifth annual Global Technology, Media & Telecommunications (TMT) Security Survey

The report also finds that compliance with information security legislation and regulations is a top security initiative in 2012 for Technology, Media & Telecommunications companies.

"The ability to access information from anywhere at any time has become part of our daily lives—however, this ability also increases the threat to information security,” said Santino Saguto, TMT industry leader at Deloitte

To download the report see - http://www.deloitte.com/view/en_AE/ae/industries/technology-media-telecommunications/index.htm

Learn more about privacy breach detection as a service. Learn about a service that proactively identifies unauthorized breaches of sensitive data, even by authorized users - with no hardware and no on-site software.

Sources:
(a) Deloitte Security Survey, Raising the Bar, 2011 TMT Global Security Study – Key Findings - Deloitte, January, 2012

Share

Health Privacy Call to Action in 2012

Interesting piece on health privacy by Deven McGraw, Director of Health Privacy Project at the Center for Democracy & Technology

Devon faults the Office of the National Coordinator for Health IT and HHS for creating an environment of uncertainty by too much talk and not enough action.

She then lays out what she believes must be done in 2012.

"Building trust in health information sharing requires implementation of a comprehensive framework of privacy and security policies based on fair information practices (FIPs) and supported by privacy-enhancing technologies." - Deven McGraw

Be sure to download a Survey on Medical Records Privacy Breachs.

For more see - "2012: Time for Action on Health Privacy""

Share

$6.5B Federal Healthcare IT Market

The US government's health care IT market is expected to grow from $4.5 billion in 2011 to $6.5 billion by 2016 according to an article in the Washington Post.

The healthcare IT projects expected to be funded will require expertise in analytics, big data, modeling, and simulation.

For more see -
http://www.washingtonpost.com/business/capitalbusiness/federal-health-care-it-spending-set-to-grow/2012/01/03/gIQARiOsjP_story.html

Hospital Janitor Violates Patient Privacy for Identity Theft

A hospital janitor has pleaded guilty to wrongfully disclosing protected patient information for personal gain.

Federal prosecutors accused the janitor of stealing patients’ names, social security numbers, dates of birth and other personal information.

The janitor allegedly passed the stolen identities to his girlfriend who used them to open accounts under the patients’ names and buy a television, a ring and other merchandise.

Download a white paper on medical records privacy breach detection. Learn how this service proactively identifies unauthorized breaches of patient privacy, even by authorized users - with no hardware and no on-site software.

Sources:
(a) 2 plead guilty to misusing stolen patient data - WBRZ, 1/6/2012

Share

Gaming Customer Awarded Settlement Over Privacy Violation

A customer of a gaming club won a cash settlement after an employee of the club revealed details about the customer's winnings and losses to the customer's spouse while the couple were going through a divorce.

For more see http://m.smh.com.au/national/gambler-gets-payout-after-club-breaches-privacy-20120105-1pmyy.html

Learn how Verihphyr's Identity and Access Intelligence Service proactively identifies unauthorized breaches of customer privacy, even by authorized users - with no hardware and no on-site software.

Sources:
(a) Gambler gets payout after club breaches privacy - Sydney Morning Herald, 1/6/2012

Share

Doctor Caught Spying on Lovers' Medical Records

A Singapore doctor has been fined S$10,000 (about US$7,700) for breaching the privacy of two patients not under his care.

Based on a complaint from the KK Women's and Children's Hospital, where the doctor was employed, the Singapore Medical Council held a Disciplinary Committee Inquiry. He admitted to knowingly and intentionally accessing and reading the Electronic Medical Records (EMR) of the patients without their consent.

The doctor was romantically involved with the first patient, who was seeking treatment for a suspected sexually-transmitted disease. He accessed her records for concerns over his own health. He was also involved with the second patient, who was alleged to have harassed him after he ended their relationship. He accessed her medical records to find out the patient's appointments in order to avoid her.

Download a white paper on medical records privacy breach detection as a service. Learn about a service that proactively identifies unauthorized breaches of patient privacy, even by authorized users - with no hardware and no on-site software.

Sources:

(a) Doctor fined, censured for spying at patients' records - Channel NewsAsia, Jan 5, 2012
Be sure to get our RSS feed and follow us (@Veriphyr) on Twitter!

Share

Wall Street Journal on Analytics and Big Data

Veriphyr is part of a big change in the use of computing by businesses. The combination of advanced analytics with large volumes of business data.

Dennis Berman's article in the Wall Street Journal, "So, What's Your Algorithm?" discusses how companies are employing big data and analytics like Veriphyr's Identity and Access Ingelligence to yield new insights into their businesss.

"These systems can now chew through billions of bits of data, analyze them via self-learning algorithms, and package the insights for immediate use. Neither we nor the computers are perfect, but in tandem, we might neutralize our biased, intuitive failings... This is playing "Moneyball" at life."

For more see http://online.wsj.com/article/SB10001424052970203462304577138961342097348.html#ixzz1ibgy1YOh

Learn how Verihphyr's Identity and Access Intelligence as a service delivers business insights - with no hardware and no on-site software.

Sources:
(a) So, What's Your Algorithm? - Wall Street Journal, 1/5/2012

Share