Thursday, May 31, 2012

Breach of Customer Data Privacy Went Undetected for Three Years at Canadian Insurer

For 3 years a Canadian insurer failed to detect data privacy violations by one of their employees. The employee used his legitimate access to corporate applications to look at the private information of 12 customers without a "justifiable work purpose".

The insurer claims to have "internal processes that track access to [customer] records". So why did this employee's privacy violations go on for 3 years without being detected?

One clue is the the company's announcement which does not indicate HOW they caught the rogue employee just that the "breach of privacy was brought to the attention of the Commission’s Chief Executive and Privacy Officer". Perhaps the passive voice is being used because their "internal processes" were not the source of the discovery.
"We have zero tolerance when it comes to unauthorized access to confidential client information." - Organization's Privacy Officer
If the insurer was depending on employees to discover and report data privacy violations, it is not surprising it took years. A good Identity and Access Intelligence service would have caught the rogue employee 3 years earlier and demonstrated "Zero Tolerance" for breaches of customer data privacy.

Learn how to detect privacy violations when they happen, not 3 years after the fact. Download a whitepaper on service that proactively identifies unauthorized breaches of customer data privacy, even by employees - with no hardware and no on-site software.

Sources:
(a) Workplace Health, Safety and Compensation Commission addressing privacy breach - Insurers website, February 3, 2012
(b) Workplace safety commission reports privacy breach - The Telegram, February 3, 2012

Wednesday, May 30, 2012

What if a Fellow Healthcare Worker is a Patient?

A registered nurse wrote an insightful piece about what to do (or more importantly not do) when a healthcare collegue is a patient.

She speaks from first hand experience as she seen five terminations as a result of inappropriate in-house chart accesses, including one where it was her own medical privacy that was violated.
"Have a reason to open a chart or don’t do it. If you open it by accident, find out your facility’s procedure for documenting accidental chart accesses and use it. Don’t have time? Do you have time to find a new job?" - Megen Duffy, RN, BA, BSN, CEN
Her Advice to Her Peers
  • If you see a colleague is admitted to another floor do not go there to visit. You may have good intentions, but it’s still illegal.
  • If your coworker wants to tell you about her appendectomy, let her bring it up on her own time, just as if it happened at another hospital.
  • If you are curious about a coworker's lab results or medication history do not open the chart and look.
  • If your work friend is in the hospital, do not barge into the room to say hello. Act like a regular visitor and go through the proper channels
As she concludes - "Corporate compliance officers now routinely investigate chart accesses for all employees admitted to or seen through an institution. Names on the list who were not involved in the patient’s treatment have some ’splaining to do."
Download a white paper on automated chart access investigation. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) A Twist on HIPAA: When a Colleague Is Your Patient - Blog @ Online LPN to RN, May 22, 2012

Tuesday, May 29, 2012

Medical Network Enables Privacy Breach Across Hospitals

Insight on the Potential Privacy Implications of Health Information Exchanges

An employee of a Connecticut medical practice used her computer privileges to access her estranged family's electronic medical records at a nearby hospital.

The victims became suspicious when the employee tried to use the information against them in a legal matter.

The victims then requested time consuming audits of all access to their medical records at both the medical practice and the hospital. This resulted in the discovery of at least 14 privacy breaches of their electronic medical records between 2007 and 2012.
"How does this go on for so long without her being caught? Now she knows things about my health that my own son doesn't know. That's creepy."
- Victim of Patient Data Privacy Breach
Even though the victims were never patients of the perpetrator's medical practice, she was able to access another healthcare organization's medical record system to violate the medical privacy of her brother, sister-in-law, and nephew. This is an important case because the ability of a healthcare workers to access medical records at other healthcare organizations will expand dramatically with the introduction of Healthcare Information Exchanges (HIE).

Finally, more than two months after confirming the medical record breaches, the perpetrator was arrested on charges of committing a fifth-degree computer crime for the "unauthorized access to a computer system". This Class B misdemeanor has a maximum penalty is up to 6 months in prison and a fine of up to $1,000.
"Your records may be seen by hundreds of strangers who work in health care, the insurance industry, and a host of businesses associated with medical organizations."
- Privacy Rights Clearinghouse
The victim stated that both the medical practice and the hospital should have detected that her family's records were being accessed inappropriately long before she brought it to their attention. Their own patient privacy breach audits, she said, should have caused them to question why the perpetrator was accessing a relative's records and put an immediate stop to it.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Waterford woman charged in privacy case - The Day, May 12, 2012
(b) HIPAA Basics: Medical Privacy in the Electronic Age - Privacy Rights Clearinghouse

Inside Staff a Bigger Threat than Hackers

According to a survey of IT professionals at Infosecurity Europe the insider threat is still the largest factor facing organisations today.

71% of the people surveyed worry that it’s their own staff who pose the biggest threat to their data.

This far outweighs that of hackers (28%), consultants and other third parties (7%), and just 5% cited the government.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
The survey was conducted amongst 300 IT professionals at Infosecurity Europe in April 2012. Sources:
(a) A quarter of companies fear major security breaches could cost customers their lives - AlienVault, May 29 2012

Monday, May 28, 2012

New York Times - Tax Fraud Reaps Billions by Exploiting Identities Stolen by Employees

Criminals are filing thousands of false tax returns and receiving hundreds of millions of dollars in wrongful refunds according to law enforcement officials interviewed by the New York Times.

The I.R.S. failed to detect 1.5 million fraudulent returns with refunds worth more than $5.2 billion in 2010 according to J. Russell George, the Treasury inspector general for tax administration.
"The police say employees steal the information and sell it. Most vulnerable are records from health care facilities, assisted-living centers, schools, insurance companies, pension funds and large stores."
The thieves file a return very early so they can receive the refund before the real taxpayer files. Often the refund is in the form of a hard-to-trace prepaid debit card (introduced by the government to help people without bank accounts). The fraudulent tax returns list vacant houses as the tax payers address so the criminals can pick up the refund in an untraceable fashion.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) With Personal Data in Hand, Thieves File Early and Often - New York Times, May 26, 2012

Sunday, May 27, 2012

Police Misuse of Computer Database Violates Data Privacy

A police officer is accused of accessing the "Crimefile" computer system to violate the privacy of his wife's tenant. The officer is also accused of obtaining the personal information of a relative, without authority.

The person making the compliant said that the landlord of an apartment he wanted to rent told him that she knew about his criminal past. He said: "She told me ... everyone deserves a second chance and that was why she was letting me sign the lease."

The officer denies 11 charges under the Data Protection Act of accessing the Police Station computer system without the consent of the data controller, between October 1 and November 16 2009 and obtaining personal information without authority.
Download a white paper on privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Police officer on trial for using files to vet one of his wife's tenants - STV.TV, April 20, 2012

Saturday, May 26, 2012

Insider Stole Customer Data for Tax Fraud in Georgia

A healthcare employee in Georgia improperly accessed patient information with the intent to file fraudulent tax returns. The employee appears to have stolen patient names, dates of birth, and social security numbers of patients treated between July 2005 and April 2012.

The healthcare firm's data security and audit controls appear to have missed the warning signs of data theft as the organizations says it only became unaware of the ongoing insider theft from law enforcement in April 2012.
"We have reinforced and refined our privacy policies and staff procedures for handling patient information with care to prevent such an incident from happening in the future.." - Company website
The employee has since been fired. No specifics have been released on how the organization will detect future breaches of patient privacy by insiders.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) An Important Notice to Phoebe Putney Home Health Care Patients Regarding Confidentiality of Patient Information - Phoebe Putney Memorial Hospital Website, May 25, 2012

Friday, May 25, 2012

228,000 Medicaid Beneficiaries had Personal Information Breached by Medicaid Employee in North Carolina

Over 228,000 Medicaid beneficiaries had their personal information stolen by a South Carolina employee of the Department of Health and Human Services. The employee allegedly gathered names, phone numbers, addresses, birth dates and Medicare ID numbers for us in identity theft

The cost is potentially millions of dollars of fines by federal and state agencies for not safeguarding the information properly on top of $800,000 to $1 million spent on credit protection services for the individuals affected.

The employee, a former member of the local Democratic Party executive committee, was charged with five counts of violating medical confidentiality laws and one count of disclosure of confidential information.
"An employee completely abused the information that they had and used it for personal gain. We’re going to make sure this does not happen again." - Gov. Nikki Haley
Governor Haley told her cabinet agency heads that supervisors at state agencies risk their jobs if they are not vigilant about security. “If (agencies) have a supervisor who has this happen on their watch, they will get fired,” she said.

The directory of the state's Health and Human Services said state employees inappropriately using information pose a greater threat than external hackers but he does not have a monitoring system that could have picked up on the breach.
Detect inappropriate access by authorized insiders, just like the one in this blog posting. Download a white paper on privacy breach detection monitoring service works with no hardware and no on-site software.
Sources:
(a) Personal data for 228,000 in SC compromised - State employee charged; HHS to help protect IDs - The State, April 20, 2012
(b) Haley wants ‘example’ made of ex-state worker - The State, May 01, 2012

Thursday, May 24, 2012

$750,000 Settlement over Hospital Failure to Protect Patient Data Privacy

A hospital in Massachusetts pays $750,000 over allegations it failed to protect its patients' personal and confidential health information including Social Security numbers, financial account numbers, and medical diagnoses.

In addition the hospital must undergo a review and audit of its security measures and to report the results and any corrective actions to the Attorney General.
"Hospitals and other entities that handle personal and protected health information have an obligation to properly protect this sensitive data." - Massachusetts Attorney General Martha Coakley
The lawsuit was filed under the Massachusetts Consumer Protection Act and the federal Health Insurance Portability and Accountability Act.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) South Shore Hospital to Pay $750,000 to Settle Data Breach Allegations - The Official Website of the Attorney General of Massachusetts, May 24, 2012

Wednesday, May 23, 2012

Customer Service Representative Steal Customer Data for ID Theft

A customer service representative (CSR) misused customer-supplied credit card or bank account payment information. The CSR at the Alaskan telephone company is alleged to have used the customer information for personal purchases.

"This isn't a hacking or a situation where our electronics systems have been compromised. Just common thievery."
- Company spokesperson

The telephone firm sent letters to about 400 customers recommending the customers check their accounts for unusual activity. The company believes fewer than 20 may have actually been affected.
Download a white paper on customer privacy breach detection. Learn how to proactively identify unauthorized breaches of customer data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) GCI warns some customers about potential misuse of account info - Anchorage News Daily, May 23, 2012

Healthcare IT Investment Will Be Unaffected by Affordable Care Act Ruling of the Supreme Court

The Supreme Court ruling will not affect the deployment of electronic health record systems and the government's "meaningful use" program because the 2009 HITECH Act is an entirely separate piece of legislation from the 2010 Affordable Care Act, says Carla Smith, executive vice president of the Healthcare Information and Management Systems Society
"I think that what we're going to find is that even if it is struck down, these people are still going to make decisions and still buy EHRs." - Jennifer Covich Bordenick, CEO of the eHealth Initiative
To read more see:
High Court Ruling Not Expected To Impair Health IT

Tuesday, May 22, 2012

Officer Resigns Over Patient Data Privacy Breach

The chief technology officer (CTO) for the state of Utah resigned following a breach that violated the medical privacy of 780,000 Medicaid recipients and participants in the Children’s Health Insurance Program.

The Governor asked the CTO to resign and stepped down. He also announced a replacement, former information technology director for the Department of Workforce Services.
"The people of Utah rightly believe that their government will protect them, their families and their personal data. As a state government, we failed to honor that commitment. - Utah Gov. Gary Herbert
In addition the Governor created a new post of health data security ombudsman. This ombudsman will oversee individual case management, credit counseling and public outreach.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Governor Details Comprehensive State Response to Data Breach - Utah Governor's Website, May 15, 2012
(b) Utah technology director resigns in wake of data theft at state health department - Washington Post, May 15, 2012

Monday, May 21, 2012

Medicare Patient Identities Stolen by Healthcare Insider

Medicare patients in Idaho and Missouri had their patient records stolen by an employee of a large healthcare organization. The organization has notified only 68 patients believed to have had their identities stolen.

Disappointingly, "despite and exhaustive effort" it is unable to identify other patients who may be at risk. Unfortunately, the inability to identify patients affected by a breach is all too common because of the number of disparate medical systems involved and the lack of good data analytics.

For this reason hospitals are turning to Identity and Access Intelligence (IAI) solutions that can proactively identify breaches and inappropriate access that violates patient data privacy, even by authorized employees. Such IAI services can quickly and easily identify all the patients affected.
"A former employee, during the course of his employment, may have accessed information in a database in a way that was inconsistent with his job duties." - Company Press Release
Information stolen included full names, Social Security numbers, addresses, telephone numbers, dates of birth and Medicare Health Insurance Claim Numbers.

NOTE: This healthcare organization had a previous breach by an employee involving over 150 students at the University of California, Irvine. The insider stole tax rebates by filling false tax returns in the names of the student using information stolen from the patient records.
Download a white paper on patient privacy breach detection. Learn how to IAI proactively identifies unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Some UnitedHealthcare Customers Have Identities Stolen - Local New 68, May 18, 2012
(a) Update: UnitedHealthcare notifies Medicare members of data breach; company says 68 people in Missouri affected - Local New 68, May 18, 2012

Sunday, May 20, 2012

Hospital Finance Employee in Boston Steals Patient Info for Identity Theft

A hospital's patient financial coordinator was arrested for inappropriately accessing patients' hospital records and using them to commit identity theft. 3,600 patients were notified by the hospital and the hospital is paying for one year of credit monitoring.

The scam that led to their arrest involved setting up electrical service for their apartment using a patient's information and sending the bills to yet another person's addresses. When the bills were not paid for 4 months the electricity company would close down the account and go after the patient for non-payment. The hospital employee would then repeat the fraud by opening a new account with a different patient's information.
"We are saddened and disappointed that this former employee appears to have chosen to violate both our trust and that of our patients." - Hospital president and CEO
Of course, once the electric utility got the police involved the entire scheme quickly fell apart since the perpetrators were living at the address getting the electricity. Duh? The police then determined that the only similarity between all the victims was that they were patients at the same hospital. At which point the police contacted the hospital.

Unfortunately the traditional hospital response of additional training to reenforce the importance of safeguarding patient information is likely to have little effect on staff with criminal intentions.
Moreover, it is not realistic to prevent employees in the finance department from viewing sensitive patient financial information as they need access to insurance numbers and the like to do their job.
For this reason hospitals are turning to Identity and Access Intelligence solutions that can proactively identify inappropriate access that violates patient data privacy, even by authorized employees.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hospital worker from Quincy charged with ID theft - The Patriot Ledger, May 19, 2012

Saturday, May 19, 2012

Bloomberg - How Your Medical Privacy is Stolen

Bloomberg's article on medical data privacy explains why medical records fetch $50 a piece on the black market - because few other documents contain as much private data as a health record.

Medical records can include a full name, date of birth, Social Security number, insurance provider, account numbers, credit-card numbers, employer information, and detailed medical diagnosis.

The Bloomberg article points out 10 ways your medical data privacy can be breached, here is just one:
"The staffs at hospitals and the doctor's office aren't always looking out for your best interests. Employees have been caught using patient information to file bogus medical claims and tax returns, create "ghost" employees, sell to gang members and pry into the lives of celebrities.." - Bloomberg
Bloomberg points out that medical providers are breached more than other types of organizations, including retailers and the government. In fact the Privacy Rights Clearinghouse, a nonprofit consumer rights group, has documented 690 breaches medical providers since 2005. That involves a total of 23 million medical records.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) 10 Ways to Lose Your Medical Records - Bloomberg, May 15, 2012
(b) What Happens When My Health Data Falls Into the Wrong Hands - Bloomberg, May 15, 2012

Friday, May 18, 2012

1,000 Government Employees Disciplined for Unauthorized Access to Citizens' Private Data

Over 1,000 government employees have been disciplined for ’snooping’ on private citizens’ medical and social security data for over 2 years in UK government's applications and databases.

All of these employees had been given authorized access to the sensitive personal data only after passing a lengthy vetting process. But they went beyond the boundaries of their job and made “unauthorised disclosures of official, sensitive, private and/or personal information”.
"Just about anyone with access to a wealth of personally identifiable information has the opportunity to make a lot of money selling that data on the black markets."
Extremely sensitive medical and personal data at both the UK’s Department for Work and Pensions and The Department for Health were the targets of the unauthorized access.

The information was brought to light via a Freedom of Information request Channel 4’s investigative series, Dispatches

The UK Data Protection Act makes it a crime to obtain or disclose personal data without permission or procure disclosure to other persons. The penalties for a criminal offense are unlimited fine in a higher Crown court and limited to £5,000 ($7,900) in a lower magistrates court.
Download a white paper on privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) UK government staff caught snooping on citizen data - zDNet, May 17, 2012
(a) UK government breached from the inside, 1,000+ workers disciplined - VentureBeat, May 18, 2012

Thursday, May 17, 2012

Tax Refunds Fraud Use Medical Records Stolen from Texas Hospital

Criminals stole tax refunds by filing false tax returns using information stolen from medical records at a Houston area hospital.

The hospital confirmed an employee had inappropriately accessed 741 patients' medical records. The employee was subsequently terminated for unrelated reasons and the hospital did not know about his violation of patient privacy until notified by the police.
"At the time of the employee’s termination, it was unknown by [the] Hospital that the employee had engaged in the unauthorized release of patients’ protected information. The hospital was alerted about this occurrence by the police authority."
- Hospital Chief Compliance Officer
The employee was an intake coordinator who misused her legitimate access to patients’ personal information inappropriately between March 15 to Aug. 18, 2011. The hospital only learned of the medical data theft 7 months later in April, 2012.

The type of information in the possession of the former employee includes forms with personal information such as name, address, date of birth and social security number along with insurance information.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) PI Breach - IntraCare North Hospital website
(b) Houston-area hospital warns patients about privacy breach - Houston Chronicle, May 8, 2012

Health Info Tech is Top Spending Priority in 2012

Not-for-profit hospitals ranked investing in health IT as their top capital spending priority, according to a survey conducted by Fitch Ratings.

On a scale of one to five, with one being of the greatest importance and five being of the least importance, investments in IT were of the greatest importance with an average rating of 1.7.
"Expanded IT capabilities are a key cornerstone of healthcare reform...[and]... IT is expected to help hospitals decrease costs.." - Fitch Rating
Make sure you healthcare IT is not being used inappropriately. Learn about patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy - with no hardware and no on-site software.

Sources:
(a) Capital Expenditure Trends Among Nonprofit Hospitals - Fitch Rating, May 17, 2012

Wednesday, May 16, 2012

Identity Thief Uses Chicago Hospital Patients' Data to Pay Bills

A hospital employee was charged with identity theft for paying her bills with data stolen from hospital patients. The Chicago resident is charged with 1 charge each of aggravated identity theft and identity theft and faces up to 7 years in prison.

Police say that all victims had been patients at the hospital and that the suspect had opened electric, gas or telephone service in the victim's names. The employee had been with the hospital for 4 years when municipal utility officials reported “suspicious credit card activity” involving her water bill payments.
"An employee of a Chicago hospital has been charged with using the personal information of patients, some of them being treated for cancer, to pay personal bills." - Office of Cook County State’s Attorney Anita Alvarez
Working with the credit card company the police determined that the credit cards transactions had originated at her home or a laboratory at the Chicago hospital. The resulting search of the suspects home yielded credit card numbers, Social Security numbers, and birth dates of more than 50 patients.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hospital Employee Charged With Theft Of Patients' Personal Information - Cook County State's Attorney's Office, May 14, 2012
(b) Northwestern Memorial employee charged with theft of patients' identities - Chicago Tribune, May 15, 2012
(b) Northwestern hospital worker charged with stealing patients’ identities - Chicago Sun Times, May 15, 2012

Tuesday, May 15, 2012

Rogue Employee Violates Patient Data Privacy at New York Hospital

A hospital employee violated patient privacy by inappropriately looking at their medical records while they were at Kingston, New York medical facilities.

The hospitals would not reveal how many patients had their medical privacy violated by the employee.
"We take privacy and security of your personal medical information very seriously, and we apologize this situation. We will continue to maintain a high level of vigilance over our patients’ personal information." - notification letter from hospital
Information that could have been accessed included patients’ names, Social Security numbers, dates of birth, addresses, phone numbers, account information, health insurance information, credit card information, lab test results and diagnoses.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Privacy of medical records compromised at Kingston and Benedictine hospitals, health center in Rhinebeck - Daily Freeman, April 20, 2012

Sunday, May 13, 2012

7 Fired for Violating of Medical Privacy of Overweight Patients in Ontario

7 hospital employees were fired for looking at the medical records of patients not under their care. The 7 succumbed to their curiosity about a severely overweight patient.

Unfortunately the patient was so disturbed by this violation of her privacy that she is now reluctant to seek treatment at the hospital. The hospital's vice-president publicly condemned the employees' behavior and says such abuses are rare.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Seven fired after privacy breach at Peterborough, Ont., hospital - Winnipeg Freepress, May 5, 2012

Tuesday, May 8, 2012

Gillette Children’s Specialty Healthcare Receives Donation of Patient Privacy Breach Detection Service from Veriphyr

Veriphyr, a leading provider of identity and access intelligence (IAI), today announced that it has donated its patient privacy breach detection service to Gillette Children’s Specialty Healthcare in partnership with Children’s Miracle Network Hospitals (CMNH). The Veriphyr service protects patients’ personal health information (PHI) by detecting inappropriate access by hospital employees and other insiders. Veriphyr applies “big data” analytics to identify potential privacy and regulatory compliance violations, as well as data breaches.
"Gillette is confident that Veriphyr's privacy breach detection and user access compliance services will support our commitment to protecting our patients' PHI." - Paul Higby, Change Management and IS Security for Gillette Children’s Specialty Healthcare
“We are excited that our affiliation with Children's Miracle Network Hospitals has resulted in this generous donation from Veriphyr and we look forward to partnering with them on access control efforts going forward,” Paul Higby, Change Management and IS Security for Gillette Children’s Specialty Healthcare.

Gillette Children’s Specialty Healthcare is an independent, not-for-profit hospital located in St. Paul, Minnesota, with clinics in Duluth, Burnsville, Maple Grove, Minnetonka, and services for adult patients at their St. Paul - Phalen Clinic. Gillette is uniquely focused on treating children with disabilities and complex medical conditions.
"Every child deserves to have their medical privacy protected. We are pleased to be able to donate Veriphyr services to Gillette Children’s Specialty Healthcare through our partnership with Children’s Miracle Network Hospitals." - Alan Norquist, CEO of Veriphyr
The Veriphyr solution, delivered as a secure cloud service, delivers reports on privacy breaches and inappropriate access to patient data in all EMR, clinical, or business applications within days, not months. It requires no changes to a hospital’s IT infrastructure and no on-site software or hardware.
"The Veriphyr service helps healthcare organizations identify privacy and security problems that could result in identity theft or a loss of medical privacy." - Clark Sweat, Chief of Corporate Partnerships for Children’s Miracle Network Hospitals
“We are extremely pleased Veriphyr has joined our cause to help deserving institutions like Gillette Children’s Specialty Healthcare,” said Clark Sweat, Chief of Corporate Partnerships for Children’s Miracle Network Hospitals.

About Gillette Children’s Specialty Healthcare
Gillette, an independent, not-for-profit hospital and clinics, is internationally recognized for its work in the diagnosis and treatment of children and young adults who have disabilities or complex medical needs. Gillette’s mission is to help children, adults and their families improve their health, achieve greater well-being, and enjoy life. For more, visit www.gillettechildrens.org.

About Children’s Miracle Network Hospitals (CMNH)
Children’s Miracle Network Hospitals (CMNH) is a non-profit organization that raises funds for children’s hospitals, which in turn, uses the funds how they are needed most. . CMNH has raised over US$4 billion which is distributed directly to a network of 170 hospitals across North America. www.childrensmiraclenetworkhospitals.org.

About Veriphyr
Veriphyr is a leading provider of Identity and Access Intelligence (IAI) that enables organizations to discover data privacy breaches and inappropriate access to data in applications, databases, and systems. Veriphyr uses data analytics to transform identity, rights, and activity data from commercial and custom applications into actionable intelligence for privacy, compliance, risk, and security management.

Editorial Contact:
Marc Gendron
Marc Gendron PR
781-237-0341
marc@mgpr.net


###
Veriphyr is a trademark of Veriphyr, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Tuesday, May 1, 2012

In Healthcare Id Theft is an Insider Threat

Interesting insight from a recent piece in Dark Reading on how insiders are the biggest risk related to id theft, especially in hospitals and other healthcare organizations.
"A majority of cases that we investigate end up being insiders rather than external hacking or anything of that nature." - Brian McGinley, senior vice president of data risk management for Identity Theft 911
"If we characterize a trend based on the breaches we've seen, it's probably been related to insiders being recruited or placed by organized fraud and ID theft rings. They're out to steal patient information, employee information and doctor information--all very rich fodder for identity theft."
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Healthcare Unable To Keep Up With Insider Threats - Dark Reading, May 1, 2012

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.