Wednesday, July 31, 2013

ID Theft: #1 FTC Complaint

For 13the consecutive year identity theft is the number 1 consumer complaint to the Federal Trade Commission, (FTC), with a 32% increase over 2011.

Of 2012 complaints, 46.4% involved government documents or benefits fraud. As to state rankings, Florida is first (72%), followed by Georgia (66%), and Mississipi(58%).

" Identity theft complaints continue to rank number one in the Federal Trade Commission's list of complaints, with a 32% increase over 2011." - Identity Theft Resource Center
According to CEO Eva Casey Velasquez "The Identity Theft Resource Center has also seen a growth in this type of identity theft crime as well. These types of cases very often involve the use of Social Security numbers making them more complex than other types of identity theft."
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Identity Theft is #1 Complaint Again...13 Years in a Row - 03/21/2013

Tuesday, July 30, 2013

Drugstore $1.4M for Love Triangle Privacy Breach

An Indiana jury awarded a customer $1.4 million after finding a major drugstore chain and a pharmacist violated her privacy when the pharmacist looked up and shared the woman’s prescription history.

The lawsuit spun out of a tangled relationship between the pharmacist, her husband and the man’s ex-girlfriend, the plantiff.

"As a provider of pharmaceutical service, the defendant owes a non-delegable duty to its customers to protect their privacy and confidentiality of its customers’ pharmaceutical information and prescription histories." - Lawsuit documents
It is noteworthy the jury ruled against the drugstore as well as the pharmacist. They determined the drugstore was negligent in training and supervising the pharmacist, who breached statutory and common law duties of confidentiality and privacy to the customer.

Should an employer be held responsible for the actions of its employees/contractors? Is a training program sufficient to demonstrate a company is protecting patient health information? Could companies make a stronger case if their oversight included proactive privacy breach detection? What's your opinion?

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Walgreens must pay woman $1.44 million over HIPAA violation - IndyStar, 07/29/2013

Monday, July 29, 2013

Medical Supply PHI Breach; Employees, Rivals Sued

In June 2013 the new owners of the San Jose Medical Supply Company (SJMS), a home healthcare services company, reported a breach that had occurred between August 2011 and December 2011. The breach resulted in unauthorized disclosure of customers’ personal and medical information when the business was under previous ownership.

The former owner died in August 2011, but the company continued operating through its employees and agents under the supervision of trustees. In August 2012 the new owner took over and by June 2013 “uncovered certain suspicious activity taken by the former employees, officers and/or agents of the prior owner, which may have compromised the security of customers' health information. ”

"The PHI that may have been improperly disclosed included full name, date of birth, Social Security number, home address, Medi-Cal ID number, physician’s name and contact information, prescriptions, past invoices to SJMS, diagnosis, disability code, and type and quantity of medical supplies ordered."
- PHIprivacy.net
The new owners allege that former SJMS associates gave customers' personal information to two rival vendors. A civil lawsuit has been filed against the former employees and two medical supply firms, Front Medical Supply and Baypoint Medical Supply.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) San Jose Medical Supply reports insider breach; sues former employees and two competitors - www.PHIprivacy.net, 07/19/2013

Friday, July 26, 2013

Hospital Billing Employee Stole Patient IDs

A hospital billing company employee, with an “extensive history of theft by deception,” stole protected health information (PHI), including credit card and social security numbers of patient records his employer was processing.

After learning of the breach the hospital terminated their contract with the billing company. The court upheld the contract termination stating the billing company “violated the essential trust patients place in their healthcare providers and healthcare providers place in the companies with which they contract to aid in the provision of healthcare.”

"The billing company learned from police that the employee “wrongly and without authorization” acquired PHI to obtain patients’ credit cards to make purchases."
- US DISTRICT COURT FOR THE SOUTHERN DISTRICT OF FLORIDA, Miami Division
In this case the the billing company learned of the identity theft from law enforcement. Healthcare organizations can proactively detect PHI breaches with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Court finds breach of HIPAA business associate agreement resulting from identity theft - www.lexology.com, 07/17/2013

Thursday, July 25, 2013

A National Data Breach Policy?

Currently there are no national information security or data breach laws. Should there be?

At a recent House subcommittee hearing technology experts again called for a national data breach notification law that would pre-empt state regulations, which vary in 46 states and Washington, DC. as to what companies must do to notify consumers about a data breach.

"There currently are no national information security or data breach regulations." -
CQ Roll Call
Although this most recent hearing did not address the impact of a national breach notification law on health data presumably any federal laws would cover health-related information not protected by HIPAA.

An example is personally identifiable records in health websites, which are impacted by breach laws in most states, could be affected by a more general federal breach law. Such health and fitness sites as well as mobile apps have are coming under increasing criticism and scrutiny for the laxity and opacity of their data sharing activities.

What do you think? Is a federal breach notification law needed? Will it contribute to protecting consumers' health data?

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) National Data Breach Policy Could Have Health Care Implications - www.iHealthBeat.org, 07/19/2013

Wednesday, July 24, 2013

HHS to Senate: Patient Data Privacy Top Priority

The security of patient records is one of the top priorities for the Department of Health and Human Services (HHS), said Office of the National Coordinator (ONC) chief Farzad Mostashari during a Senate Finance Committee hearing.

Mastashari discussed how health IT benefits patients and provides the tools necessary to transform the delivery of care.

"Underlying all our efforts is the core understanding that we will not succeed if patients do not trust that their health information will be kept safe and secure in an increasingly electronic and interoperable world."
- Farzad Mostashari, M.D., ScM., National Coordinator,
Office of the National Coordinator for Health Information Technology
He pointed out that all involved in healthcare have a responsibility to protect patient information. The HHS has used its regulatory authority "to expand protections afforded to individually identifiable health information" via the HIPAA Privacy and Security Rules.

As part of their efforts to protect patient privacy, healthcare organizations can now proactively detect data privacy breaches with low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Statement of Farzad Mostashari, M.D., ScM. National Coordinator, Office of the National Coordinator for Health Information Technology U.S. Department of Health and Human Services - Senate Finance Committee Hearing, 07/17/2013

Tuesday, July 23, 2013

Privacy Breach by Insider at One Hospital Affects 2,864

Recent breaches of patient privacy by insiders are affecting larger numbers of people, here is another example.

An employee of Long Beach Memorial Medical Center in California may have breached the private information of 2,864 patients, including their name, sex, date of birth, home address, phone number, account number, insurance information and the reason for admission.

"The hospital notified 2,864 patients of the breach of information, which included name, sex, date of birth, home address, phone number, account number, insurance information and the reason for admission." - Press Telegram
The breach has been going on for almost a year and it is unclear how the breach was discovered. The hospital is referring inquiries about the employee who breached the information to the Long Beach police department, who are investigating the case.

Healthcare organizations can now utilize low-cost on-demand SaaS analytics to proactively detect privacy breaches by insiders.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Patient data may have been breached at Long Beach hospital - www.presstelegram.com, 07/12/2013

Monday, July 22, 2013

Kardashian: "I Was Victim of Hospital Snooping"

We posted about the six people at Cedars-Sinai who were terminated for inappropriately accessing patient records; we now know one of the patients affected was Kim Kardashian.

It seems the Kardashian family suspected there were leaks from the hospital since media reports had information related to the birth of her daughter that Kim had not released publicly. TMZ reported

" Kim was contacted by the hospital to let her know she was one of the patients who had her records inappropriately accessed." - TMZ
According to TMZ Ms. Kardashian was "glad the hospital contacted her and is happy that action was taken against the workers."
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) http://www.tmz.com/2013/07/13/kim-kardashian-cedars-sinai-medical-center-hospital-records-leaked/ - www.TMZ.com, 07/13/2013

Friday, July 19, 2013

Patient ID Thefts Fund Disney Trip

A Staten Island couple, Amanda Zieminski, and her fiance Clyde Forteau, stole the IDs of 80 elderly patients and blew about $675,000 on vacations, courtside sports seats, and jewelry — but they left a trail of evidence on social media that led to their arrests.

Zieminski,before she was canned in 2012 for inflating her work hours,worked as a nurse at South Shore Physicians in Staten Island. She stole patients' personal information and passed it on to Forteau who filed fraudulent tax returns and the victims Social Security payments sent to his bank account.

"Zieminksi and Forteau are accused of stealing the Social Security numbers and credit card information of more than 80 elderly patients from a Staten Island medical center where Zieminski once worked."
- Staten Island police
Police identified Zieminski and Forteau after a year-long investigation; a Google search revealed photos of their purchases and vacations, including their engagement trip to Disney World, posted on the couple's public Facebook accounts, which matched items charged to stolen credit card accounts.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Couple Got Engaged at Disney Using Cash Scammed From Seniors - ABC News, 07/19/2013

Thursday, July 18, 2013

CMS: EHR Use Continues to Increase

The Centers for Medicare and Medicaid (CMS) released new data showing electronic health record systems (EHRs) are increasing being used by providers to improve care management and to share more information with patients.

Farzad Mostashari, National Coordinator for Health IT, said the data "show that health care professionals are not only adopting [EHRs] rapidly, they're also using them to improve care."

"Health care professionals are not only adopting [EHRs] rapidly, they're also using them to improve care."
- Farzad Mostashari, National Coordinator for Health IT
Under the 2009 federal economic stimulus package, health care providers who demonstrate meaningful use of certified EHR systems can qualify for Medicaid and Medicare incentive payments. According to the CMS, to date $15.5 billion has been paid to 310,000 providers for implementing EHRs.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) CMS Releases New EHR Data, Federal Officials Tout Progress - www.iHealthbeat.org, 07/17/2013

Wednesday, July 17, 2013

Health IT Funding Exceed $2B in 2013?

VC funding has set yet another record in Q2 - $623M for 168 deals this quarter, compared to 104 in Q1.

According to Raj Prabhu, CEO of Mercom Capital Group "The government’s initiative to open up healthcare data has been a contributor to the surge in activity and investments."

"VC funding in healthcare IT is now on pace to exceed $2 billion in 2013."
- Raj Prabhu, CEO of Mercom Capital Group
Among healthcare provider related ventures data analytics and electronic health record (EHR) companies continue to receive funding. Data analytics are being used to improve clinical outcomes as well proactively detect data privacy breaches.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) VC Funding Sets Yet Another Record - www.HealthcareITNews.com, 07/16/2013

Tuesday, July 16, 2013

Increased Health IT Hiring Brings Challenges

According to the first HIMMS Analytics Health IT Workforce Study, 79% of organizations are hiring.

But Jennifer Horowitz, senior director of HIMSS Analytics, says "as healthcare organizations become increasingly sophisticated with their IT initiatives, human resource leaders are experiencing a new set of hiring challenges"

"HIMSS researchers showed how these shortages are sometimes having an unwelcome effect of health IT initiatives' forward motion."
- Healthcare IT News
These challenges include putting IT initiatives on hold: approximately one-third of healthcare providers indicated delaying an IT initiative owing to staffing shortages. Many noted that this could create risks to patient care and revenue generation.

A lack of qualified IT workers was the biggest challenge to full staffing and one solution to this is outsourcing. Seventy-six percent of provider respondents currently utilize a service rather than hiring directly and 93 percent plan to outsource in the next year. Such services include low-cost on-demand SaaS analytics for proactive privacy breach detection and user access compliance/attestation reporting.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) 79 percent of IT organizations hiring - www.HealthcareITNews.com, 07/12/2013

Monday, July 15, 2013

Hospital Workers Lose Jobs for Breaching Kardashian Privacy?

The six fired for breaching patient records at Cedars-Sinai included four employees of physicians who have have staff privileges at the hospital, one was a Cedars-Sinai medical assistant, and one was an unpaid student researcher.

Five of the workers inappropriately accessed a single patient record; the other looked at 14. People with privileges should only access records of patients under their care so these activities were in violation of hospital policy.

Some speculate that Ms Kardashian's medical records, who delivered a baby at the hospital on June 15, were breached, but other than to say all breached patients had been notified, the hospital declined comment.

"Cedars-Sinai officials say that 14 patient medical records were 'inappropriately accessed' between June 18 and June 24."
- Los Angeles Times
Every patient, not just celebrities, has a right to privacy of their medical information. Healthcare organizations can deliver VIP treatment to all by proactively detecting privacy breaches with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Six people fired from Cedars-Sinai over patient privacy breaches - LA Times, 07/12/2013

Friday, July 12, 2013

$1.7M HIPAA Penalty for Wellpoint

Wellpoint, a managed care company, has agreed to pay the US Department of Health and Human Services (HHS) $1.7 million to settle potential HIPAA violations.

An investigation by the HHS Office of Civil Rights (OCR), conducted following a breach report submitted by Wellpoint, found that security weaknesses left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals. The "impermissibly disclosed ePHI" included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information.

"HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information ."
- Department of Health and Human Services, Office for Civil Rights
In their press release the HHS also noted that "Beginning Sept. 23, 2013, liability for many of HIPAA’s requirements will extend directly to business associates that receive or store protected health information, such as contractors and subcontractors."
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Wellpoint Inc. Settles HIPAA Case for $1.7M - www.HHS.gov, 07/10/2013

Thursday, July 11, 2013

KPMG: Organizations Unaware of Health Privacy Rules

KMPG, the contractor who performed HHS privacy and security compliance audits, reported that many of the healthcare providers, payers, and claims clearinghouses were unaware of health data privacy and security rules.

Of the 980 problems identified during the 115 HIPAA audits about a third were because health care organizations were unaware of certain regulations that applied to them.

"It appeared that some organizations wrote their data privacy and security policies only after being targeted for an audit. ."
- Linda Sanchez, Senior OCR Advisor
The analysis also found that 47 of the 61 audited health care providers had not completed a full and accurate risk assessment to identify potential data problems.

The required risk assessment includes ensuring that health workers only have access to data required for their job. There are now low-cost on-demand SaaS analytics services to detect user access exceptions and create complete reports for the attestation process.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Some Organizations Unaware of Health Data Privacy, Security Rules - www.iHealthBeat.org, 04/25/2013

Wednesday, July 10, 2013

Health IT Adoption Growing

The Robert Johnson Wood Foundation reports the rate of hospital electronic health record (EHR) adoption has tripled since 2010.

Among rural hospitals EHR adoption was 33.5% in 2012, a 257% increase from 2010; among urban hospitals adoption was 47.7% in 2012, a 180% increase from 2010.

The Foundation also reported that 42% of hospitals had all necessary EHR functions to meet Stage 1 of the meaningful use program, compared with 4.4% in 2010.

"...44% of hospitals used basic electronic health record systems in 2012, compared with 27% in 2011." - Robert Wood Johnson Foundation
EHR use increases the need to protect patient privacy. To ensure timely patient care healthcare workers often have broad access rights. Therefore proactive detection of inappropriate access, even by authorized users, is critical. Such breach detection is now available as a low-cost on-demand SaaS analytics service.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Several Studies Reveal Growing Adoption of Health IT in the U.S. - iHealthBeat.org, 07/09/2013

Tuesday, July 9, 2013

Call Center Employee Stole Health Insurance Members' SS#s

Call center services provider Connextions "had a long-running breach" that affected about 6,000 customers of Anthem Blue Cross Blue Shield of Indiana, Anthem Blue Cross Blue Shield of Ohio, and Empire Blue Cross Blue Shield of Indiana.

The breach apparently took place over a period of approximately one year, from November 2011 to October 2012. The Connextions employee stole social security numbers that were then used for criminal activity.

"The breach apparently took place over a period of approximately one year, from November 2011 to October 2012.."
- PHIprivacy.net
It appears Connextions was unaware of the breach until notified by law enforcement. Proactively detecting data breaches, even by authorized users, is now possible with low-cost on-demand SaaS analytics.
Download a white paper on data breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Three health insurers notifying patients after learning call-center employee stole members’ Social Security Numbers - www.PHIprivacy.net, 04/05/2013

Monday, July 8, 2013

Fired for Viewing Co-worker's Medical Record

Healthcare workers viewing the records of any patients they are not caring for can face stiff consequences, including losing ones job.

A Vicksburg Healthcare employee was fired for improperly accessing a co-worker's medical record. The worker sued the hospital for discrimination and retaliation but the court rejected those arguments.

The court "concluded that the plaintiff’s termination for violating HIPAA and refusing to admit doing so was legitimate and nondiscriminatory." - www.HealthcareWorkplaceUpdate.com, Jackson and Lewis Law Firm
Detailed audit reports of every employees' actions across a hospital's multiple systems can be critical for litigation, especially when discrimination charges are involved. Such reports, with relevant summaries and drill downs, are now possible with low-cost on-demand SaaS Identity and Access Intelligence analytics.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hospital Worker Fails To Show That Termination For HIPAA Violation Was Discriminatory - www.healthcareworkplaceupdate.com, 06/18/2013

Friday, July 5, 2013

Digital Health Investment: $849M First Half 2013

Rock Health reports there has been $849 million in digital health funding for the first half of 2013, a 12% increase over the same period in 2012.

Among the the biggest areas for digital health investment were analytics/big data and electronic health record systems.

"The biggest areas for digital health funding this year include analytics/big data"
- Rock Health, Digital Health Funding, Midyear Update
The interest in big data analytics makes sense as they are improving clinical care, yielding insights into healthcare business issues, and proactively detecting privacy data breaches.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Digital Health Startups Net $849M in Investments in First Half of 2013 - www.iHealthBeat.org, 07/02/2013

Wednesday, July 3, 2013

Clinicians Who Snooped on Jesse Ryder Await Fate

Four clinicians, who snooped in Jesse Ryder's hospital records while he was treated for injuries sustained during an attack, are awaiting disciplinary action next week.

None of these people had a role in Ryder's care, thus accessing his medical records is inappropriate according to New Zealand privacy laws.

"New Zealand District health boards have dealt with 20 privacy breaches already this year, according to data released under the Official Information Act. As a consequence, some of those staff - including nurses and doctors - were dismissed.." "
- Fairfax New Zealand Media
Unfortunately this hasn't been the only medical records privacy breach in New Zealand this year. There have been 20 breaches; staff were disciplined with actions ranging from written warnings to dismissal.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Nosy clinicians await fate -www.stuff.nz, 07/03/2013

Tuesday, July 2, 2013

Medical Records Breach Exposes Woman's Secrets

A woman didn't want her entire family to know about the baby she delivered at Tampa General five years ago and placed for adoption. But a relative, who was a nurse at the hospital, snooped in the electronic medical records (EMR) and revealed the woman's secret to others.

The patient contacted Tampa General and they fired the nurse for "inappropriate access" to records. But the patient said "The damage is done."

"Though many worry about anonymous hackers drilling into electronic medical records, this case shows that old-fashioned gossips remain a threat." - Tampa Bay Times
It seems the hospital was unaware of the breach until the patient brought it to their attention. Unfortunately this is often the case when healthcare organizations are not proactively auditing for inappropriate access.

While in 2011 Tampa General adopted an EMR that limits access based on job duties, this is an insufficient approach. Analysis of what healthcare workers' actually do, not just their assigned role, is necessary. Such analysis in now available as low-cost on-demand SaaS.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Medical records breach at Tampa General, USF exposes woman's secrets - Tampa Bay News, 06/28/2013

Monday, July 1, 2013

Is This Proactive Privacy Breach Detection?

A Canadian hospital employee was fired for inappropriately accessing patients' records of prescription medications that have been filled at community pharmacies in Saskatchewan.

The hospital noted "a regular audit" in mid-June found that the privacy breaches had occurred "over the previous couple of months."

"The accesses had occurred over the previous couple of months."
- Greg Hoffort, CEO, St. Joseph's Hospital, Estevan, Canada
Just how proactive should breach detection be? Some are saying the hospital did a good job even though the breaches took place months before detection. What do you think?
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Breach of privacy at St. Joseph's - www.sasklifestyles.com, 06/28/2013

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.