Wednesday, November 27, 2013

UK: Punish Companies for Sensitive Data Loss

A majority of UK consumers surveyed said "not enough is being done to uniformly penalize organisations that suffer data loss."

Two-thirds of respondents called for legislation to force organisations to declare data breaches. UK consumer confidence was low with 48% thinking that at some point their personal data will be compromised.

"UK consumers have called for tougher punishments for companies that lose sensitive information."

- Office of Inadequate Security

EU law requires only affected customers to be notified; 64% of those polled would like everyone informed of breaches.

Organisations in any country can improve consumer confidence regarding protecting personal information by proactively detecting data breaches with low-cost on-demand SaaS analytics services.

Download a white paper on data breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Companies that lose sensitive information should be punished, say UK consumers - www.DataBreachs.net, 11/18/2013

Tuesday, November 26, 2013

State Employee Guilty in Patient Data Breach

The personal information of over 228,000 patients was breached by an employee of the South Carolina Health and Human Services Department.

Christopher Lykes Jr. has pleaded guilty to four counts of willful examination of private records by a public employee and one count of criminal conspiracy, according to South Carolina State Attorney General, Alan Wilson

"Authorities say the agency project manager compiled more than 228,000 Medicaid patients' personal information."
- Modern Healthcare
To proactively detect data breaches, healthcare organizations can now utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) Ex-state employee pleads guilty in S.C. data breach - www.ModernHealthcare.com, 10/10/2013

Monday, November 25, 2013

12,000 Employees' Personal Data Stolen

More than 12,000 Baltimore County employees had their personal data stolen by a former contract worker.

While working for the county Courtney Calbert stole personal information such as Social Security numbers, home addresses, county identification numbers, salaries, job classifications, job titles and employees’ race and gender. He also stole individual checking and bank routing numbers.

"Courtney Calbert, 34, of Dundalk made off with employees' banking information, Social Security numbers, and other personal information." - Baltimore County Police
The identity theft was discovered when law enforcement was investigating an unrelated theft involving Mr. Calbert. Rather than learn about data breaches from law enforcement, organizations can detect them proactively with low-cost on-demand SaaS analytics services.

Download a white paper on data breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former contract worker identified in theft of employee data - www.BaltimoreSun.com,11/14/2013

Friday, November 22, 2013

Cancer Center Identity Thefts, Two Women Charged

Two women have been charged with stealing personal information from a California cancer center, according to Santa Clara prosecutors.

Law enforcement discovered the stolen information and it is unclear if this personal health information (PHI) theft is related to a recent breach at a California hospital.

"More than 100 identity theft victims have been identified from all over the Bay Area, including San Francisco, Contra Costa, Alameda, Santa Clara and Santa Cruz counties." - KTVU, San Francisco
All too often law enforcement is the first to learn of a data breach. Organizations seeking proactive privacy data breach detection can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Women Charged in Cancer Center Identity Thefts - www.PHIprivacy.net, 11/18/2013

Thursday, November 21, 2013

$37B to Create More Data Scientists

$37.8 billion has been awarded to an academic initiative to help create more data scientists.

The White House Office of Science and Technology announced the project, funded by the Gordon and Betty Moore Foundation and the Alfred P. Sloan Foundation. Three universities will partner to "steer graduates into data science work and increase the use of advanced analytics and data management work."

"The demand for talent capable of gleaning useful information from businesses' increasingly large and diverse data sets--generated by sensors, electronic payments, online sales, social media and more--is outpacing the supply of workers."
- Chicago Tribute
A number of studies highlight the growing demand for business intelligence experts and data analysts. McKinsey & Co. report that by 2018, "the U.S. might face a hiring gap of approximately 35 percent in the number of available big data jobs versus candidates to fill them; that equates to approximately 140,000 unfilled jobs."

Organizations that need insights from their data now are utilizing low-cost on-demand SaaS analytics services.

Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) New initiative looks to create more data scientists - www.FierceCIO.com, 11/19/2013

Wednesday, November 20, 2013

Ethics and Compliance for Multigenerational Workforce

Keep workers from several generations focused on building a more ethical and compliant (E&C) organization can present challenges.

A white paper, "Leading and Engaging Today's Multi-Generational Workforce" discusses critical success factors for education programs.

"E&C learning is moving from a top-down experience to a shared one, and the digital and technological tools that come naturally by the millennial generation are helping make this change happen ." - Corporate Counsel
Although the generations vary in their approach to E&C fostering collaborative environment the paper describes several programs that capitalize on those differences. Having a forward-thinking approach to delivering and framing ethics and compliance messages that happens when generations collaborate appears to be good for an E&C program’s overall effectiveness.

Forward thinking compliance departments are also utilizing low-cost on-demand SaaS analytics services to obtain insights into compliance challenges.

Learn how Veriphyr Identity and Access Intelligence delivers compliance insights - with no hardware and no on-site software.
Sources:
(a) Keeping a Multigenerational Workforce Engaged in E&C - www.CorpCounsel.com,11/19/2013

Tuesday, November 19, 2013

WSJ: High Compliance Turnover. Why?

When top compliance staff resigns an organization's goal of building a strong compliance program can falter, according to a Wall Street Journal (WSJ) article.

Heading compliance for a company involved in a scandal can be particularly rough. Hector Sants left his chief compliance post after ten months citing "stress and exhaustion." Gary Peterson at HSBC left a similar post after two years. Such turnover makes it difficult for HSBC to revamp compliance after settling with US regulators for $1.9 billion.

"When you have people leaving or any kind of revolving door, the compliance program suffers and the progress suffers."
- Donna Boehme, a former chief compliance officer
To reduce top compliance staff turnover, Donna Boehme, now a principal at a compliance consulting firm, advises "the board should be asking why that person left."

A compliance department's workload can benefit from insights delivered by low-cost on-demand Identity and Access Intelligence (IAI) SaaS analytics services.

Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) The Morning Risk Report: When Top Compliance Employees Leave - www.wsj.com, 11/15/2013
(b) High Compliance Turnover? Ask Yourself Why - www.CorpCounsel.com, 11/18/2013

Monday, November 18, 2013

Woman Stole Patient Info to Obtain Loans

A Kentucky woman, while employed at a medical office, has been indicted for stealing patients' identity information which she used to obtain loans.

Between 2010 and 2012 she stole patient names, birth dates, and Social Security numbers, violating HIPAA regulations, according to the indictment filed in the US District Court for the Western District of Kentucky.

"disclosed her employer's patients' identifying information by providing names, birth dates and Social Security numbers to loan companies so she could obtain loans for her personal use and advantage."
- U.S. District Court for the Western District of Kentucky
It is unclear if this identity theft was first discovered by law enforcement rather than the medical office where she was working. Healthcare organizations can proactively detect privacy data breaches with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
> Sources:
(a) KY: Woman indicted for identity theft, stealing patient information to obtain loans - www.PHIprivacy.net, 11/16/2013

Friday, November 15, 2013

ACC Study: Compliance Moving Out of General Counsel Office

A number of companies are separating the chief compliance officer from the general counsel's office, according to a study co-sponsored by the Association of Corporate Counsel.

The survey found 39 percent of respondents report to the chief executive officer, while 36 percent report to the general counsel. Many experts disagree on separating the GC from the compliance function. In your organization, to whom does the compliance officer report to? Do you think that should change?

"There is still a significant number of CCOs who do report to general counsel. But what I hear from members is more and more they are making compliance a separate function."
- James Merklinger, ACC’s vice president and GC
To assist companies with tight compliance budgets the ACC has created a compliance portal with webinars, videos and presentations. Tight budgets can also benefit from low-cost on-demand SaaS analytics to deliver insights about compliance issues.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) ACC Study Sees Compliance Moving Out of the GC's Office - www.CorpCounsel.com,10/15/2013

Wednesday, November 13, 2013

Health IT Job Growth Underestimated

Analysis of online job postings confirms health IT job growth has exceeded projections, driven by the HITECH Act.

Schwartz et al estimated 48% of job growth was due to HITECH, with the remainder due to growth that would have continued at historical trends prior to HITECH. Other interesting findings between 2007-2011 included health IT jobs growing from 0.75% to nearly 2.5% of all healthcare job postings, a four-fold increase in the number of jobs posted.

"Reports show that the job market for those working with electronic health record (EHR) and related systems continues to be strong for employees and challenging for employers."
- William Hersh, MD, Professor and Chair, OHSU
Other reports show organizations are hiring and maintaining more health IT staff. But Towers Watson found organizations had problems attracting and retaining experienced IT employees, 67% and 38%, respectively. About 80% of providers reported the lack of fully qualified staff as a barrier to achieving organizational IT goals.

Health organizations facing IT staffing shortages often utilize SaaS solutions. Such offerings include low-cost on-demand SaaS analytics services for proactive privacy breach detection and user access compliance reporting.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Further Evidence That Health IT Job Growth Has Been Underestimated, and Some Ramifications - www.HitechAnswers.net, 10/09/2013
(b) Schwartz et al. Tracking labor demand with online job postings: the case of health IT workers and the HITECH Act - www.IndustrialRelationsJournal.com, 2013

Tuesday, November 12, 2013

Can Latest HIPAA Rule Cut Breaches?

Some predict that last month's updated HIPAA rule will lead to better protection of PHI (Protected Health Information).

The update expands the number of organizations directly responsible for compliance with HIPAA requirements, making them liable for failure to secure PHI. Instead of just health care providers, those responsible and liable now includes their Business Associates (BA) as well, such as vendors, contractors and consultants they hire, and even subcontractors of BAs, if they handle PHI.

Rachel Seeger, of Health and Human Services (HHS) Office of Civil Rights (OCR), said BAs and subcontractors are now "directly liable" for compliance with HIPAA privacy and security rules, including "Impermissible uses and disclosures (including more than the minimum necessary)."

"We need to 'build security in,' and make the secure way of doing business the way the business people will use by default. I'm not saying effective awareness training has no value but putting too much reliance on it is not a winning strategy."
- Martin Fisher, director of information security, Wellstar Health System
While some experts think security awareness training will lead to fewer breaches, others disagree. Danny Lieberman of Software Associates said "when there is a financial incentive to steal data and you have an insider or partner with access, then you have motivation and means and all you need is opportunity to have a crime."

Organizations that want proactive detection of insider privacy breaches are utilizing low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Can the new HIPAA rule cut PHI breaches? - www.CSOonline, 11/08/2013

Monday, November 11, 2013

WSJ: Increased Compensation for Compliance Professionals

Good news for compliance professionals: even those with limited experience in the field are predicted to see compensation increase by 3 to 4 percent next year, according to a Wall Street Journal article.

With demand strong for compliance staff at every level, there are opportunities for career changers, students and others without prior compliance experience but with skills applicable to the field.

"Compliance professionals, even those with limited experience in the field, are predicted to see compensation rise by 3 to 4 percent next year ."
- Wall Street Journal
An for those with a law degree adding a professional certification in ethics and compliance "can earn you up to 22 percent more take-home pay as a director or manager, and 11 percent more as an assistant or specialist."

Whatever their experience level, compliance professionals can proactively solve data breach detection by utilizing low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Help Wanted in Compliance, No Experience Needed - www.wsj.com, 10/22/2013

Friday, November 8, 2013

CMS: $16.5B in EHR Incentive Payments

Centers for Medicare and Medicaid Services (CMS) announced that as of September 2013 it had disbursed $16.5 billion in electronic health record (EHR) incentive payments to 325,124 eligible hospitals and medical professionals participating in the meaningful use program.

CMS Health Insurance Specialist Robert Anthony said they expect an "upward trend" in payments throughout December 2013 and January 2014.

"CMS had disbursed $16.5 billion in electronic health record incentive payments to 325,124 eligible hospitals and medical professionals participating in the meaningful use program."
- Clinical Innovation & Technology
The process of qualifying for meaningful use incentive payments includes a risk assessment and complying with privacy and security requirements. Organizations can comply with these requirements with low-cost on-demand SaaS analytics for user access compliance as well as proactive privacy breach detection.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) CMS Paid $16.5B in EHR Incentive Payments Through September - www.iHealthBeat.org, 11/7/2013

Thursday, November 7, 2013

HHS Top HIPAA Privacy and Security Issue

While electronic health records (EHRs) facilitate legitimate data exchange and viewing, they can facilitate unauthorized data exchange and viewing as well.

Healthcare IT News notes, "impermissible uses and disclosures of protected health information remains the top compliance issue pertaining to HIPAA privacy and security breaches, according to data from HHS."

They also note that systems' audit trails aid in catching those inappropriately accessing patient records. Unfortunately, although there are meaningful use audit log requirements, and the HIPAA Security Rule, HITECH Act and the Joint Commission have audit log and patient privacy requirements as well, for most organizations this hasn't translated into proactive detection of breaches. Why not?

"Impermissible uses and disclosures of protected health information remains the top compliance issue pertaining to HIPAA privacy and security breaches, according to data from HHS.."
- www.HealthcareITnews.com
While it's true systems' audit logs hold information about access to protected health information (PHI), the reports that systems can generate, even from the latest EHRs, are unable to deliver a unified view across all clinical and business systems and discern which user access is work related and which is a patient privacy breach. Moreover, the volume of raw data in logs is overwhelming, making analytics the only method for uncover what matters among the data.

For proactive privacy breach detection an Identity and Access Intelligence (IAI) approach is needed. IAI, offered as low-cost on-demand SaaS analytics services, includes behavioral analytics to deliver complete details on all users and patients.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Nosy employees? Follow the audit trail - www.HealthcareITnews.com, 11/05/2013

Tuesday, November 5, 2013

Lawsuit Highlights Need to Detect Insider Threats

An Atlanta healthcare organization has filed a lawsuit against a former employee that calls attention to the need to detect insider threats.

The lawsuit alleges the former employee misappropriated confidential data prior to leaving her job and used the information for financial fraud or ID theft, and violated state and federal laws, including HIPAA.

"The breached information includes "highly sensitive and confidential proprietary and trade secret information," including pediatric patient health information;...state license numbers healthcare providers; and attorney-client privileged information."
- Lawsuit filed by Atlanta pediatric system
Unfortunately studies suggest a majority of employees take corporate data from former employers. And it's not just departing employees that organizations need to worry about - current employees can inappropriately access patient and corporate information.

The threat of insider data theft requires prevention and proactive detection. Access to data must be restricted to the minimum needed to perform their job. Proactive detection of data breaches can be accomplished with low-cost on-demand SaaS analytics services. This approach applies behavioral analytics, not just static rules, to discern which access is work related and which is a data breach.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hospital Insider Breach Leads to Lawsuit - www.HealthcareInfoSecurity.com, 11/4/2013

Monday, November 4, 2013

CU4Kids Holiday Icon Campaign

Now through December 31, participating Credit Unions are encouraging members to donate $1 to their local Children's Miracle Network Hospital. The eight-week campaign in part of a collaborative effort in the credit union community to raise funds for children's hospitals, known as "Credit Unions for Kids."

In addition to the charity's yellow balloon icon, several seasonal-themed icons are available for a $1 donation, including a football, a snowflake, a snowman or a holiday light bulb. Members are invited to "purchase" an icon and write a name on it before it is displayed at the credit union.

Since 1996, credit unions fundraising under the Credit Unions for Kids have raised $110 million for Children's Miracle Network Hospitals. Dollars donated help create miracles by funding medical care, equipment, research and education that saves and improves the lives of children treated at 170 Children's Miracle Network Hospitals each year.

"Now through December 31, participating Credit Unions are encouraging members to donate $1 to their local Children's Miracle Network Hospital." - Credit Unions for Kids
Children’s Miracle Network Hospitals
Children’s Miracle Network Hospitals is a charity that raises funds for more than 170 children's hospitals. Donations to Children’s Miracle Network Hospitals are used to provide charitable care, purchase life-saving equipment, and fund research and education programs that save and improve the lives of 17 million children each year.

Why Veriphyr Supports Children’s Miracle Network Hospitals
Like our customers, Veriphyr is committed to doing the right thing for our customers and communities. Veriphyr gives back to the communities by contributing a part of each sale to the Children’s Miracle Network Hospitals as well as donating our proactive privacy breach detection SaaS analytics service to CMNH hospitals.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) About CU4Kids - www.cu4kids.org, 11/4/2013

Strategies to Reduce Exposure to Employment Claims

Employment claims against companies are increasing significantly and employers need to reduce their exposure, according to Martin W. Aron, an attorney representing employers in labor matters.

Aron outlines a number of strategies companies can employ, including those to avoid suits brought by regulatory agencies. He recommends conducting periodic audits to determine legal compliance.

"Successful companies have avoided becoming targets by conducting periodic self-audits to determine legal compliance and taking remedial measures when necessary."
- Martin W. Aron, attorney, Jackson Lewis
Wrongful termination or selective enforcement suits related to data privacy breaches can be aided by low-cost on-demand SaaS analytics services that quickly deliver conclusive evidence disproving wrongful termination, allowing the employer to settle the suit on their terms.
Learn how Veriphyr Identity and Access Intelligence delivers audits of employee activities - with no hardware and no on-site software.
Sources:
(a) 10 Strategies to Reduce Exposure to Employment Claims - www.law.com, 10/30/2013

Friday, November 1, 2013

Class Action Settlement for Lack of Data Breach Security

A class action suit, stemming from a data privacy breach at a health plan company, has been settled for $3 million. The settlement is significant because it awards payments to those who were not victims of identity theft.

The settlement payment "is based on a theory that the class had an expectation that some portion of their insurance premium would go to data security," said security attorney Ronald Raether, who was not involved in the case,

The plaintiffs' attorneys said "the plaintiffs should be refunded the portion of their premium that should have been spent on security but apparently wasn't."
- Deborah McGraw, Director, health privacy project at the Center for Democracy & Technology.
According to Raether this settlement could lead to similar cases. "..and thus the likelihood that companies will settle to avoid the catastrophic losses posed by a class action. The payment of $750,000 [to the plaintiffs'] attorneys will incentivize some attorneys to bring these cases."

Reuther noted "Unfortunately, many companies do not give info security enough attention and resources. Thus the other significant point is the injunctive relief to make security improvements." Organizations can now proactively detect data breaches with low-cost on-demand SaaS analytics services.

We previously posted about this and another data breach class action suit pending in the Southern District of Florida.

Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Settlement in AvMed Breach Suit - www.HealthcareITsecurity.com, 10/31/2013

Valvoline Instant Oil Change & CMN Hospitals!

Valvoline Instant Oil Change, the nation's second-largest quick-lube chain, service center technicians and employees in 14 states will ask customers of they would like to purchase a Miracle Balloon icon to support Children's Miracle Network Hospitals, a charity that raises funds for 170 children's hospitals, from November 1-29, 2013.

All funds raised during the November campaign will go directly to a Children's Miracle Network Hospital located in the Valvoline Instant Oil Change service center's area.

For a list of all Valvoline Instant Oil Change service center locations and hours of operation visit vioc.com

"All funds raised during the November campaign will go directly to a Children's Miracle Network Hospital located in the Valvoline Instant Oil Change service center's area." - Children's Miracle Network Hospitals
Children’s Miracle Network Hospitals
Children’s Miracle Network Hospitals is a charity that raises funds for more than 170 children's hospitals. Donations to Children’s Miracle Network Hospitals are used to provide charitable care, purchase life-saving equipment, and fund research and education programs that save and improve the lives of 17 million children each year.

Why Veriphyr Supports Children’s Miracle Network Hospitals
Like our customers, Veriphyr is committed to doing the right thing for our customers and communities. Veriphyr gives back to the communities by contributing a part of each sale to the Children’s Miracle Network Hospitals as well as donating our proactive privacy breach detection SaaS analytics service to CMNH hospitals.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Valvoline Instant Oil Change & CMN Hospitals! - www.ChildrensMiracleNetworkHospitals.com, 11/01/2013

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.