Thursday, October 31, 2013

Employee Breaches 3,600 Patient Records

Over a three year period an employee breached the privacy of 3,600 patients of a Minnesota healthcare organization.

A certified medical assistant had unauthorized access to electronic patient records between February 2010 and September 2013. She was able to access demographic information, clinical information, health insurance information and the last four digits of social security numbers. The employee has been terminated.

"Between February, 2010 and September, 2013, employee had unauthorized access to name, address, telephone number, date of birth), clinical information, health insurance information, and the last four digits of these patients’ social security number."
-Healthcare Informatics
It is unclear why this unauthorized access was allowed for three years or what prompted the investigation that discovered the data privacy breaches. Healthcare organizations that want proactive data privacy breach detection, even by authorized users, can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Allina Health Notifies 3,000 Patients of Security Breach - www.Kare11.com, 10/27/2013

Wednesday, October 30, 2013

Big Data and a 'Defensible' Breach Response

Your response to data breaches will be scrutinized by regulators so a 'defensible response' to breaches is necessary warns former prosecutor Kim Peretti.

Ms. Peretti suggests detailed incident response, breach response and breach notification plans; a breach response checklist is essential to "knowing what steps to take in the initial stages so that you can ensure the proper decisions are being made in how to approach the investigation."

"Hire investigators that can apply big data to forensics "so a five-month investigation can turn into a five-week investigation."
- BankInfoSecurity.com
She outlines a number of common mistakes organizations make during breach investigations. Among them are failing to preserve all the evidence as well as not applying big data to forensics "so a five-month investigation can turn into a five-week investigation."

Organizations can now utilize low-cost on-demand SaaS big data analytics services for rapid answers during a breach investigation.

Learn how Veriphyr Identity and Access Intelligence delivers data breach insights - with no hardware and no on-site software.
Sources:
(a) Building a 'Defensible' Breach Response - www.BankInfoSecurity.com, 10/23/2013

Monday, October 28, 2013

Play Games. Heal Kids. "Extra Life" Gaming Event, Nov 2


What Will You Play on November 2nd?
Extra Life began in 2008 as a way of honoring a young lady named Victoria Enmon. Tori’s battle against acute lymphoblastic leukemia and has become an annual gaming event to support Children's Miracle Network Hospitals.

This year, when you sign up to play video games for 25 hours on Nov. 2, 2013, you won’t just be raising money for kids. You’ll be supporting LOCAL kids and their families. Kids right in your own backyard.

All the money you raise for Extra Life 2013 will go directly to the Children’s Miracle Network Hospital of your choice. Do you want to have more fun than you can handle while helping some of the bravest (and smallest) warriors in your community? All you have to do is click here.

"Be a Hero. Play Games to Raise Money for Local Kids." - ExtraLife.org
Children’s Miracle Network Hospitals
Children’s Miracle Network Hospitals is a charity that raises funds for more than 170 children's hospitals. Donations to Children’s Miracle Network Hospitals are used to provide charitable care, purchase life-saving equipment, and fund research and education programs that save and improve the lives of 17 million children each year.

Why Veriphyr Supports Children’s Miracle Network Hospitals
Like our customers, Veriphyr is committed to doing the right thing for our customers and communities. Veriphyr gives back to the communities by contributing a part of each sale to the Children’s Miracle Network Hospitals in the customer's community as well as donating our proactive privacy breach detection SaaS analytics service to CMNH hospitals.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) ExtraLife.org - www.extra-life.org, 10/28/2013

Friday, October 25, 2013

Google Agrees to Sign HIPAA BAA

In September 2013, Google offered for the first time to sign a HIPAA Business Associate Agreement (BAA) available for Google Apps. That's good news for organizations unwilling to deploy Google Apps without such an agreement. It is also a smart competitive move, as it matches Microsoft, which offers to sign a BAA for Office365.
"Your organization can adopt Gmail, Calendar, and Drive, confident that IIHI and PHI in those apps will be protected by the BAA." - TechRepublic
More information can be found on Google's site.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Google agrees to sign BAA as means to HIPAA compliance - www.TechRepublic.com, 10/2/2013

Thursday, October 24, 2013

Tiger Team Considers 'Accounting of Disclosures' Rule

The Health and Human Services (HHS) "Tiger Team" for Privacy and Security is surveying health IT stakeholders to assess its recommendations on providing patients with information about who accessed their healthcare data.

The HITECH Act mandates HHS must create an "accounting of disclosures" policy. The proposal would provide patients with the right to obtain a consolidated access report on who has viewed their health data.

"The proposal would provide patients with the right to obtain a consolidated access report on who has viewed their health data.." - Government Health IT
Many have expressed concern that most health care facilities do not have the technology infrastructure necessary to comply with the access report requirement. Fortunately there is a low-cost on-demand SaaS analytics services that can rapidly deliver reports across any platform or channel.
Download a white paper on a SaaS accounting of disclosures reporting service. Learn how to provide patients with a complete report of who accessed their medical records, without the need for additional onsite hardware/software, and no additional work for your staff.
Sources:
(a) Tiger Team Collecting Comments on 'Accounting for Disclosures' Rule - www.iHealthBeat.org, 10/23/2013

Wednesday, October 23, 2013

Report: California AG on Curbing Medical ID Theft

The California Attorney General (AG), Kamala Harris,released recommendations to prevent, detect and reduce medical identity theft.

As electronic health record (EHR) use increases identity theft is not just a financial issue but a quality of care issue as incorrect demographic, diagnosis and treatment data can be in a patient’s EHR.

"As the Affordable Care Act encourages the move to electronic [health] records, the health care industry has an opportunity to improve public health and combat medical identity theft with forward-looking policies and the strategic use of technology."
- Kamala Harris, California State Attorney General
The AG's report outlines a number of steps to combat the identity theft problem including "forward-looking policies and the strategic use of technology." One such technology is SaaS analytics services to proactively detect patient data privacy breaches, even by authorized users.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) California AG Releases Report on Curbing Medical Identity Theft - www.CaliforniaHealthLine.org, 10/22/2013

Tuesday, October 22, 2013

Another Insider Privacy Breach at Florida Hospital

A former employee of a Florida medical center took the personal information of almost 1,000 patients; the breach was uncovered by local and federal law enforcement.

The medical center reported that these patients' basic information, including name, address, date of birth, insurance policy numbers and reason for visit was "inappropriately removed."

"Another insider breach in a Florida healthcare facility where the covered entity only learned of the breach via notification by law enforcement."
- PHIprivacy.net
Rather than waiting to learn of breaches from law enforcement, healthcare organizations can proactively detect inappropriate access, even by authorized users, with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Broward Health Medical Center Notified by Law Enforcement that Employee Stole Face Sheets - www.PHIprivacy.net, 10/18/2013

Monday, October 21, 2013

Court: Insurer Must Cover Privacy Breach, Despite Exclusions

The US District Court of Central California held that a general liability policy covered data breach claims alleging violations of California patients’ right to medical privacy. The court rejected the insurer’s contention that coverage was negated by an exclusion for liabilities resulting from a violation of rights created by state or federal acts. Also rejected was an attempt commonly made by insurers to exclude coverage for statutory penalties.

The ruling stemmed from a suit brought by patients who alleged violations of medical data privacy by their hospital, which in turn involved the hospital's insurer.

"An insurance policy’s statutory rights exclusion does not apply to data breach claims."
- Hunton and Williams, Attorneys
According to the law firm of Hunton and Williams the implications of the court's decision is "that data breach and other privacy violations should be covered under general liability insurance,and stands as the latest among a line of cases affording coverage for amounts paid as statutory penalties where those amounts are paid because of the injury sustained by the plaintiff>."

Such court decisions will heighten all stakeholders' awareness of privacy data breach liabilities. Organizations seeking proactive detection of breaches can utilize low-cost on-demand SaaS analytics.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Insurance Policy's Statutory Rights Exclusion Does Not Apply to Data Breach Claims - Hintona.com, 10/07/

Friday, October 18, 2013

Health IT Investment Tops $737M

Q3 set a record for VC investment in health IT with 150 separate deals and over $737 million, according to Mercom Capital Group.

Private investment in health IT has increased as electronic health record (EHR) adoption reaches critical mass and federal incentive dollars from the HITECH Act are winding down. In addition to EHRs, data analytics were favored by investors.

"Funding into healthcare IT is on pace to double over last year."
- Raj Prabhu, CEO, Mercom Capital Group
Increasingly, data analytics, such as low-cost on-demand SaaS services utilizing Identity and Access Intelligence (IAI), provide healthcare organizations with better business as well as clinical insights.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) Record quarter sees VC cash top $737M - www.healthcareITnews.com, 10/15/2013

Thursday, October 17, 2013

Health IT Staff Shortages a Big Problem

Thirty-one percent of healthcare providers are putting IT initiatives on hold owing to staffing shortages; and another 19% have not done so but are considering the option.

These findings are from an online survey conducted by the Health Information and Management Systems Society (HIMSS).

"31% of healthcare providers are putting IT initiatives on hold owing to staffing shortages; 19% have not done so but are considering the option." - HIMSS
To maximize use of existing staff or respond to interim or long term shortages, healthcare organizations are utilizing services, especially those that are SaaS and on-demand. These include low-cost on-demand SaaS analytics services to proactively detect privacy breaches and for user access compliance and attestation reporting.

Is your organization putting IT initiatives on hold because of staffing issues? Are you utilizing or considering utilizing services to meet your requirements?

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Are Health Providers Putting IT Efforts on Hold Because of Staffing Shortages? - www.iHealthBeat.org, 10/17/2013

Wednesday, October 16, 2013

Over 14,000 VA HIPAA Privacy Breaches

An investigation has uncovered over 14,215 HIPAA privacy breaches at the Veterans Administration (VA) by employees and contractors between 2010 and May 31, 2013.

The breaches, which affected veterans and VA employees, included stealing veterans' identities from electronic health and financial records to make fraudulent credit cards. As Deven McGraw, Director of the Center for Democracy and Technology Health Privacy Project noted "Protecting the privacy of every American is important, but you would think that we would be very careful when it came to our veterans. They sure earned it."

"It's hard to argue against the notion that VA holds the dubious distinction of being the largest violator of the nation's health privacy laws."
- Deven McGraw, Director, Center for Democracy and Technology Health Privacy Project
Healthcare and other organizations can now proactively detect data privacy breaches, even by authorized users, with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Investigation Finds Thousands of HIPAA Privacy Breaches at VA - www.iHealthBeat.org, 10/15/2013

Tuesday, October 15, 2013

Data Breaches Inevitable, So Prepare Now

The bad news: if your organization hasn't had a privacy breach in the media yet, it probably will, according to Steven Bennett, a healthcare IT recruitment firm, speaking at the College of Healthcare Information Management Executives (CHIME) Fall CIO Forum.

Bennett noted that more than 650 healthcare organizations have experienced breaches involving 500 or more patient-identifiable medical records. According to the Office for Civil Rights at Health and Human Services, more than 22.5 million patients have been affected by these breaches.

"The loss of confidential information is a big news event."
- Steven Bennett, former reporter and now VP of a healthcare IT recruitment firm
One Forum attendee, Kelly Styles, VP and CIO at Connecticut Children's Medical Center, Hartford, advised to “be prepared.”

To head off being the focus of a big news story, preparation can include catching insiders when they first start snooping by utilizing low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Data Breaches "Inevidable," So Prepare Now, CIOs Told - www.ModernHealthcare.com, 10/09/2013

Friday, October 11, 2013

Coworkers as Patients Require Extra HIPAA Vigilance

An employee underwent surgery at her workplace, a California hospital, during which co-workers took what they considered playful photos. However, the employee patient was so humiliated she resigned and sued the hospital for violating state privacy and other laws.

While it is unclear how this case will be resolved, healthcare organizations must be particularly vigilant about all forms of HIPAA privacy violations when employees become patients. Frank Ruelas, compliance officer for Gila River Healthcare in Arizona, says adopting policies is insufficient. Ruelas notes "people would be exceptionally surprised if they knew how often employees inappropriately obtain or share other employees' medical information."

"Covered entities (CEs) should routinely run audits on their medical record systems that specifically track employees accessing other employees’ records."
- Frank Ruelas, HIPAA College
Additional safeguards and monitoring are necessary when workers are patients, similar to the measures applied to VIP patients are celebrities. This includes routine audits on medical record systems to track which employees are accessing other employees’ records. Healthcare organizations can utilize new low-cost on-demand SaaS analytics services to obtain these and other types of inappropriate access reports.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Workers Who Become Patients Require Extra Vigilance by CEs - www.AIShealth.com, 10/09/2013

Monday, October 7, 2013

Posing as Insider, Patient Data Breached

By posing as an insider, an individual breached 1,800 electronic medical records (EMR) at an Iowa hospital.

This person, who was not authorized to access medical records, may have viewed such information as patient name, address, dates of birth, Social Security number, driver's license number, insurance policy number, medical condition. It seems they gained access using passwords of authorized system users.

"The information that may have been accessed for the impacted patients include names, home addresses, dates of birth, medical and health insurance account numbers, and health information related to patient treatment." - ABC 9 News
The hospital discovered the unauthorized access during an audit and says it will now perform more frequent audits. Healthcare organizations that want proactive detection of unauthorized access to patient data, by insiders, or those posing as insiders, are utilizing low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) 70 Siouxland Patients Involved in UnityPoint Security Breach - www.kcautv.com,10/03/2013

Friday, October 4, 2013

Cop Convicted for Identity Theft, Tax Fraud

A Miami cop, who used the police database to steal 1,000 identities to obtain fraudulent tax refunds, was found guilty in Federal court.

Malinsky Bazile, 28, used his police access to the Florida state driver's license computer database to obtain personal information to file fraudulent tax returns. He admitted to making about $140,000 from the fraud between 2011 and 2012.

"Investigators said he abused his position of trust — and his police computer — to commit identity theft, stealing the personal information of hundreds of people and using it to file fraudulent income tax returns."
- Miami Sun-Sentinel
While law enforcement personnel may need broad authorized access to databases containing personal information, their access should be monitored to identify inappropriate record access. Organizations can now utilize low-cost on-demand SaaS analytics services to proactively differentiate the type of access activity of all users.
Download a white paper on dat privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Miami cop convicted of ID theft, tax fraud - www.MiamiHerald.com, 10/03/2013

Thursday, October 3, 2013

HuffPost: Why Patient Records No Longer Safe?

Huffington Post alerts a wider audience to the real threat to our privacy and identity posed by electronic medical records.


"Rogue employees are another legitimate threat to a person's medical records. In most cases, healthcare employees that are responsible for a data breach are doing so to 'get even' with their employer or co-workers." - Huffington Post
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software. Sources:
(a) Why Your Medical Records Are No Longer Safe - www.HuffingtonPost.com, 01/17/2013

Wednesday, October 2, 2013

ONC: Rural Meaningful Use Goal Excceded

Office of the National Coordinator for Health IT (ONC) announced they've exceeded their goal of assisting 1,000 rural and critical access hospitals (CAH) attest to the Meaningful Use of electronic health records (EHRs) by the end of 2014.

By July 31, 2013, 1,115 providers, 62% (approximately 822 of 1,332) of CAHs and 77% (approximately 293 of 383) of small, rural hospitals (usually with less than 50 staffed beds) had attested to meaningful use of EHRs.

"The small rural and CAHs that have achieved this milestone are well distributed across the country – success has not been limited to one region."
- Office of the National Coordinator for Health IT
Privacy and security requirements are part of achieving Meaningful Use. Healthcare organizations, of every size, can fulfill these important requirements with low-cost on-demand SaaS analytics services for proactive privacy breach detection and user access compliance and attestation reports.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) ONC Exceeds 2014 Goal for Rural Meaningful Use Attestation - www.iHealthBeat.org, 10/02/2013

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.