Friday, May 31, 2013

Privacy Breach by Nurse: Court Date Set

We previously reported that a nurse at Eastern Health in Newfoundland and Labrador, Canada, was charged with inappropriately accessing over 100 patient records.

The nurse's attorney has entered a not guilty plea and a court trial date has been set for September 2013.

"A former Eastern Health employee has pleaded not guilty to unlawfully obtaining health information...A September 2013 trial date has been set." - PHIprivacy.net
An investigation into the nurse's activities was initiated after a patient complained that someone knew too much about their medical information.

The hospital said they now routinely audit who is accessing patient records. Such auditing can now be accomplished easily with low-cost, on-demand SaaS privacy breach detection analytics.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Court Date Set for Nurse Involved in Privacy Breach - PHIprivacy.net, 05/23/2013

Thursday, May 30, 2013

NYPD Officer Arrested: Unauthorized PII Access

NYPD Detective Edwin Vargas was arrested for accessing, without authorization, the National Crime Information Center (NCIC) database, a federal database, to obtain information about at least two NYPD officers.
"Detective Vargas ... illegally obtained information about two officers from a federal database to which he had access based on his status as an NYPD detective." - Manhattan U.S. Attorney, Preet Bharara
Regarding Vargas' inappropriate access to fellow officer information, FBI Assistant Director in Charge George Venizelos said, "the defendant didn’t need to pay anyone to gain access to the NCIC database. But access is not authorization, and he had no authorization.”

The challenge of detecting unauthorized data access by authorized users is easily addressed proactively, or forensically, with low-cost, on-demand SaaS data breach detection analytics.

Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) NYPD Detective Charged with Hacking - Office of Inadequate Security, 05/21/2013

Wednesday, May 29, 2013

Love Triangle ID Theft, Police Chief Arrested

The Stockton Illinois Chief of Police, Robert Beeter, was arrested and charged with identity theft that occurred when he was deputy chief of the Elgin Illinois Police Department. The charges stem from an extra-marital affair that involved Beeter and two other Elgin officers, who eventually divorced.

During divorce proceedings information, thought to be confidential, was disclosed. The party whose private information was revealed asked the state attorney general and the Elgin police to investigate Beeter. The investigation uncovered Beeter's inappropriate access of police data systems.

"Beeter used the Law Enforcement Agencies Data System to gain information on a specific individual for his personal use." - WTVO Channel 17 News
Organizations can proactively detect inappropriate access to data, even by authorized users, with low-cost, on-demand SaaS analytics services.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Stockton Police Chief Arrested for Identity Theft Stemming from Love Triangle - MyStateLine.com, 05/22/2013

Tuesday, May 28, 2013

More Tax Fraud Using Stolen Medical Records

A nursing aide has been accused of stealing identity information belonging to patients at a Winter Haven Florida nursing home.
"Investigators found personal information and names belonging to more than 100 people who lived at the nursing home."
- 10 News, WTSP.COM
Law enforcement officials say Portia Charlton used the stolen information to file false tax returns; she has received close to $70,000 from the IRS.

It is unclear if the identity thefts were first discovered by the nursing home or law enforcement.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Nursing Assistant Portia Charlton Accused of Stealing IDs from Residents at Nursing Home, Filing False Tax Returns - WTSP.com, 05/27/2013

Friday, May 24, 2013

Nurse Texts Private Info, But Doctor Sued

A man sought treatment for a sexually transmitted disease at a clinic. A nurse at the clinic texted messages to the patient’s girlfriend, who was the nurse’s sister-in-law, about his condition.

The nurse was fired for her actions but the man sued the clinic for breach of fiduciary duty to maintain the confidentiality of his personal health information. The case is progressing through the courts and is being watched closely by the medical and legal communities.

"If the court does find there is an actionable right directly against a medical facility for the disclosure of medical information by a nonphysician, that would have huge implications throughout New York state and throughout the country."
- T. Andrew Brown, Plaintiff's Attorney
Legal experts such as attorney Brad M. Rostolsky say this case is a reminder to physician practices and medical offices to educate employees properly about privacy regulations and ensure that they know the consequences of such breaches.

ProAssurance, a medical liability carrier, recommends "all employees sign a confidentiality agreement as a condition of employment and again at the time of their performance evaluations. Supervisors should actively monitor for staff violations and discipline violators in a consistent manner."

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Staff slipups on patient privacy can get doctors sued - American Medical News, 04/22/2013

Thursday, May 23, 2013

Medical Record Worth $55

Dr. Deborah Peel, Founder, Patient Privacy Rights, and Marc Rotenberg, Executive Director, Electronic Privacy Information Center, discussed privacy concerns over patient information on The Willis Report, Fox Business News. You can view the entire interview here; it is particularly interesting starting at 5:36.
"Medical records can be purchased for from $14 - $55."
- Dr. Deborah Peel, Founder, Patient Privacy Rights
Dr. Peel pointed out that a person's medical record is now the most valuable information, and a targeted for identity thieves. Mr. Rotenberg noted that all companies need stronger protections in place as they currently run a high risk for privacy data breaches.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) How Private Are Your Medical Records? - The Willis Report, 05/20/2013

Wednesday, May 22, 2013

Officer Snoops Police Database on Ex-Wife, Her Boyfriend

In addition to inappropriately accessing personal data on his ex-wife and her boyfriend, Clearwater Florida police commander Crean used a law enforcement database for "questionable purposes" more than 100 times.

Over two years, sometimes while off duty, Crean snooped in the drivers license database, which contains social security numbers, dates of birth, addresses and photographs. He is being disciplined for obtaining information about people unconnected to his law enforcement work.

"Investigators found that Crean disproportionately sought information about women between the ages of 24 and 33." - Tampa Bay Times
It can be difficult to detect snooping by people who are authorized to use a database, but there are now low-cost on-demand SaaS services that easily reveal such inappropriate activity so that it can be dealt with rapidly.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Clearwater officer to be disciplined for improper use of database - Tampa Bay Times,05/17/2013

Tuesday, May 21, 2013

Health IT Spending: Drivers Beyond Meaningful Use

BCC Research recently predicted total spending on clinical health IT will soar to $26.1 billion a year in five years, up from $9.5 in 2011 and $11.2 in 2012. The high growth rate beyond 2015 reflects unmet demand for EHR systems, but that's only part of the story.

Presbyterian Intercommunity Hospital, a 409-bed Whittier, CA facility, gives us an example of what's next in health information technology spending. PIH has met government requirements for meaningful use and will do so for electronic health records in 2014. So they're turning their attention to a data warehouse for patient records which will allow for better management of the overall health of their patient population.

"Everybody assumes that when meaningful use is over, the bubble will pop, but there are a lot of other things driving growth. Accountable care organizations, there are about 200 right now (and) that's going to grow.."
- Jeffrey Loo, Analyst, S&P Capital IQ
Leveraging vast amounts of clinical, operational and financial data will be critical for health entities to successfully participate in accountable care organizations and meet various regulatory requirements. Big data analytics, in particular the new area of Identity and Access Intelligence (IAI), offer low-cost on-demand SaaS services to meet the unique needs of the healthcare industry.
Learn how Veriphyr Identity and Access Intelligence delivers business and clinical insights - with no hardware and no on-site software.
Sources:
(a) Riding the Wave - www.modernhealthcare.com, 05/20/2013

Monday, May 20, 2013

Patient Identities Breached in Indiana

About 180 patients of an Indiana healthcare provider have been notified about possible compromise of their identity information.

One of the provider's employees accessed computerized records and may have taken information such as social security numbers, dates of birth and credit card numbers.

"Since they didn’t say anything about technical safeguards, the assumption can be made that there were none in place.."
-Health IT Security
The healthcare organization was alerted to the possible identity thefts by law enforcement, not apparently from internal safeguards.

Organizations can avoid learning from third parties about such breaches, even by authorized users, by utilizing new low-cost on-demand SaaS proactive breach detection services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Community Health Sends Patients Data Breach Notifications - www.healthitsecurity.com, 05/17/2013

Friday, May 17, 2013

EMRs: Balancing Access with Patient Privacy

Robert Wah, MD, Chief Medical Officer for CSC Global Health organization, says it's critical that healthcare professionals keep in mind patients' privacy concerns.

Dr. Wah believes patients will become more accepting of EHRs as they experience the benefits of having such information as their past medical history, medications, allergies, etc. available to their various healthcare providers.

"Patients recognize if their health information were to be exposed or distributed inappropriately, it’s a bell you cannot un-ring."
- Robert Wah, MD, CSC, chief medical officer and medical director for the CSC Global Healthcare organization
However, Wah emphasized that best practices, including technology, be employed to protect data, which will contribute to patients being more comfortable with having their health information in electronic format.

Once such new technology, for proactive privacy breach detection, is low-cost on-demand SaaS service.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) EMRs: Balancing Improved Access with Patient Privacy Concerns - www.amnhealthcare.com, 03/26/2013

Thursday, May 16, 2013

Halamka, Hoyt: EHRs Benefiting Patients

John D. Halamka, CIO of Beth Israel Deaconess Medical Center, and John P. Hoyt, EVP of HIMSS Analytics, have seen what health IT can and will accomplish and are asking Congress to consider the "many positives of health IT" as reduced ACA-related spending is discussed.

Halamka and Hoyt point out that without health IT investment healthcare transformation is impossible and enumerate the elements to calculate the full value of health IT.

"Congress needs to consider the positives of health IT when considering reductions in ACA-related spending, especially as it comes to widespread use of EHRs. Change obviously has immediate costs, but investments in updated technology now will improve patient care in the long run." - John Halamka and John Hoyt
They note that electronic medical record (EHR) systems are helping to rein in costs and improve quality and safety of patient care.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Don't Forget Electronic Health Records Are Benefiting Patients - www.ihealthbeat.org, 05/15/2013

Wednesday, May 15, 2013

Pharmacists Adequately Protecting Patient Privacy?

An excellent review by Melinda C. Joyce, about steps pharmacy departments can take to protect patient privacy, was published on the American Pharmacists Association website.

Dr. Joyce first traces the history of HIPAA compliance and how it has become incorporated into pharmacy practice since the act's beginning in 1996.

"Conducting patient privacy checks may help monitor what’s happening in the pharmacy and identify potential issues. Review pharmacy staff members’ electronic access and ensure that it’s appropriate."
- Melinda C. Joyce, PharmD, FAPhA, FACHE Pharmacy Today Health-System Editor, Vice President, Corporate Support Services, Medical Center Bowling Green, KY
She highlights the importance not only of limiting access to patient data but that "managers and department directors must keep close tabs on who has what access." Dr. Joyce reminds readers that "over time, people, jobs, and functions can change, and to make sure that access changes as well."

Following Dr. Joyce's recommendations of access compliance and attestation as well as breach detection will contribute to pharmacy departments' protecting patient privacy. Such recommendations are now easier to accomplish with low-cost on-demand SaaS services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Patient Privacy and Sleepless Nights - www.pharmacist.com, 05/01/2013

Tuesday, May 14, 2013

Health IT Market: $56.7 Billion by 2017

A report by research firm MarketsandMarkets, published in Clinical Innovation & Technology, the global health IT market will grow to $56.7 billion by 2017.

While the US and Canada is estimated to account for the largest share of the market, Asia-Pacific will have the steepest growth owing to the region's rapid adoption of health IT systems. In part the outside North America growth will be driven by medical tourism as patients seek lower cost care.

"The global healthcare IT market is estimated to grow at a CAGR of 7.0% to reach $ 56.7 billion by 2017 from $40.4 billion in 2012 due to the significant demand for clinical information technology, administrative solutions and services."
- Markets and Markets, Research Firm
In North America factors contributing to growth include "government investment/incentives, increased patient engagement, higher demand for integrated health IT systems."

As health IT systems proliferate so do opportunities for privacy breaches. Proactive privacy breach detection can now be accomplished with low-cost on-demand SaaS services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Global Health IT Market Poised to Reach 56.7 Billion by 2017 - iHealthBeat.com, 05/13/2013
(b) Healthcare IT Market By Application [Provider IT (EMR, PACS, CPOE, RIS, CDSS, RCM, Claims Management, Payroll), Payer IT (CRM, Fraud Detection)], Delivery Mode (On-Premises, Web-Based Services & Cloud Computing) & Component – Global Forecasts to 2017 - Markets and Markets, May 2013

Monday, May 13, 2013

Medical ID Theft Growing, Especially Among Seniors

According to the FBI, 10 million are victims of identity theft each year. Among those thefts, medical identity theft is increasingly threatening all patients, especially seniors.

Last week the Federal Trade Commission (FTC) held a workshop on issues related to identity and medical identity theft among older citizens. The panelists considered the impact of new laws related to these issues, as well as best practices to detect, prevent, and remedy medical identity theft.

"Identity theft is the nation’s fastest-growing crime, claiming almost ten million victims per year, according to FBI statistics. Medical identity theft is the latest threat to affect patients—especially senior citizens." - PHIprivacy.net
Regarding detection of medical identity theft, there are now low-cost on-demand SaaS analytics services to accomplish this.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
The workshop also had a panel on how to reach consumers age 65 and older with additional educational information about these risks such as that currently on the FTC website.

Sources:
(a) FTC Panel Highlights Growing Problem of Medical Identity Theft, Especially Among Senior Citizens - PHIprivacy.net, 05/01/2013
(b) Medical ID Theft: Health Information for Older People - www.ftc.gov, 10/2008

Friday, May 10, 2013

EHR Incentives Top $13.7 Billion

EHR incentive payments continue to increase, past the $13.7 billion mark. Rob Anthony, from the CMS Office of e-health Standards and Services, said "We have a majority of hospitals registered at this point."

Some hospitals, primarily in rural areas, are not yet participating in the reimbursement program; the CMS is working to understand and address the challenges for these providers.

"86 percent of eligible hospitals have registered for the meaningful use program, and 77 percent have received reimbursement payments."
- Rob Anthony, CMS Office of e-health Standards and Services
Figures are not yet available for April but Anthony expects it to be another big month for reimbursements.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) EHR incentive payments surge to $13.7B - Healthcare IT News, 05/08/2013

Thursday, May 9, 2013

Florida: #1 in Identity Theft

Yesterday we noted Florida's rampant identity theft but we now know they're number one nationwide for this problem!

Federal Trade Commission's most recent Consumer Sentinel Network Data Book statistics revealed 70,000 incidents of identity theft in 2012, or 361 for every 100,000 residents. To put the enormity of these numbers in perspective Georgia, number two on the list, has only half the number, 194 per 100,000. Even CA, MI, and NY, the next states on the list, have only one-third of the identity theft of FL.

"Statistics paint an astonishing picture of risk in the Sunshine State...the magnitude of Florida's "lead" over the other 49 states is mind-boggling."
- Paul McNamara, NetworkWorld
In most identity thefts the data breach is discovered by a third party, such as law enforcement or the victim, rather than the data source organization.

Instead of hearing about an identity theft from others, organizations can now utilize low-cost on-demand SaaS proactive data breach detection services.

Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Florida's Identity Theft Rate Towers Over Lower 49 - NetworkWorld, 05/07/2013

Wednesday, May 8, 2013

Inmate ID Theft by Corrections Officer

Florida is known for rampant identity theft and tax fraud schemes and the situation is not helped when some of the bad guys are part of law enforcement.

A former Florida state corrections officer pleaded guilty to access device fraud and identity theft. He used his official position to access inmates' personal information such as social security numbers and birth dates, which he then sold, knowing it would be used for tax fraud.

"A former state corrections officer pleaded guilty to stealing hundreds of prison inmates’ identities."
- Office of Inadequate Security
It seems the identity thefts were discovered as part of an FBI investigation, not by the corrections department.

Organizations can now proactively detect data privacy breaches by their authorized users with low-cost on-demand SaaS services.

Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former corrections officer admits stealing South Florida inmate IDs - www.databreach.net, 05/07/2013

Tuesday, May 7, 2013

The Washington Post Advocates Violating Patient Privacy?

The seemingly cavalier attitude towards a patient's legal right to privacy in a Washington Post article by personal finance columnist Michelle Singletary is disturbing.

The article recounts how a patient treated for an eel in his buttocks had non care team hospital staff in New Zealand view his information and post it online. Ms. Singletary said "If you treated the man, how could you resist a show-and-tell with co-workers?"

A patient's privacy is not just a matter of respect, it's the law. Instead of taking the opportunity to gather and comment on facts, which more consumers should be aware of, Ms. Singletary chose to made light of a patient seeking treatment.

Ms. Singletary and others should not have to worry about where their medical problem will fall on a healthcare worker's titillation scale.

"Color of Money Question of the Week: Should the hospital have fired employees for not being able to resist telling the world about a definitely titillating story?."
- Michelle Singletary, Columnist, Washington Post
While all medical providers are trained about privacy laws and the majority deeply respect patients' rights there are unfortunately some, like those reprimanded in New Zealand, who breach such privacy. Thus proactive detection of inappropriate healthcare worker access to patient data is necessary.

Veriphyr's question of the week: "Is the Washington Post advocating violating patient privacy?"

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Loose Lips Sink Eel Squealers - The Washington Post, 04/25/2013

Monday, May 6, 2013

Q1 2013 Healthcare IT VC Funding Increased

Q1 2013 venture capital investments in healthcare IT were close to $500 million, compared with $1.2 billion for 2012.

Raj Prabhu, CEO of Mercom Capital, who published the funding report, says "Everybody's excited about this sector. It's one of the few areas that's hot, and everyone understands it has great potential. Considering what happened in the first quarter, we're on pace for this to be a great year."

"Venture capital funding in the healthcare IT sector continues to explode in another record quarter with almost half a billion dollars ($493 million) raised."
- Mercom Capital, 2013 Q1 Healthcare IT Funding, M&A Report
Information Week's research indicates that in healthcare "regulatory requirements dominate" but "the challenge is to innovate with technology, not just dot the i's and cross the t's."

Meeting the challenge to innovate with technology are new Identity and Access Intelligence (IAI) SaaS services for proactive privacy breach detection, user access compliance and attestation.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Mercom Capital, 2013 Q1 Healthcare IT Funding, M&A Report - Mercom Capital, 04/2013
(b) Health IT Investments Approach $500 Million In Q1 - InformationWeek.com, 04/19/2013

Friday, May 3, 2013

Health Data Breach Correlates With Fraud Cases

If you received a data breach notification in 2012 you're at risk for becoming a fraud victim (US residents). According to a Javelin Strategy and Research report, approximately 1 in 4 were victims, up from 1 in 9 just 2 years ago.

The report points out that criminals are becoming increasingly adept at using information from breaches of huge stores of healthcare data to commit identity fraud.

"There is an increasing correlation between being a data breach victim and being a fraud victim."
- Alphonse Pascual, Senior Analyst of Security, Risk and Fraud, Javelin Strategy and Research
Mr. Pascual asks "It's time for a change in how we protect ourselves and each other from data theft and fraud, who’s with me?" Veriphyr agrees.

One method to protect data from insider theft is proactive privacy breach detection using low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Report Finds Correlation Between Health Data Breaches, Fraud Cases - iHealthBeat,04/30/2013
(b) Financial Pain Ensues When Custodians of Health Fail to be Good Stewards of Privacy - Javelin Strategy and Research, 04/28/2013

Thursday, May 2, 2013

Largest Expenditures Will Go to Healthcare IT

The Premier Healthcare Alliance has published its Spring 2013 Economic Outlook.

The 540 primarily C-suite respondents voiced opinions on numerous healthcare delivery issues. When asked where their largest investment is expected over the next year, 43% cited information technology, up 21% from two years ago.

"...the largest expenditures are expected to go toward healthcare information technology, according to 43% of those surveyed...up 21% from two years ago.."
- Modern Healthcare
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Healthcare leaders expect big shift toward outpatient care - Modern Healthcare, 04/29/2013

Wednesday, May 1, 2013

Iris Scan No Solution to Insider Theft

Identity theft can leave healthcare organizations with unpaid bills and many are turning to biometric methods, such as iris scans, to prevent data breaches.

But some experts, including Pam Dixon, of the World Privacy Forum, say electronic records make it easier to steal many identities at once, and using biometrics will not deter an insider. “You can scam this just as you scam an ID card," she said and gave a recent example.

"Iris scanning isn’t foolproof. Medical identity theft is often an inside job, with employees of health-care providers stealing and selling the information." - Pam Dixon, Executive Director, World Privacy Forum
In 2007, a Cleveland Clinic Florida employee pleaded guilty to improperly obtaining information about more than 1,000 patients and selling it to her cousin. The data was used to submit $7 million in bills to the Medicare program.

To proactively identify unauthorized breaches of patient data privacy, even by authorized users, and/or when biometric methods are being employed, there are now low-cost on-demand SaaS services available.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Iris Scans Seen Shrinking $7 Billion Medical Data Breach: Health - Bloomberg BusinessWeek, 04/28/2013

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.