Friday, January 31, 2014

TX State Mental Hospital Privacy Breaches

During the last six months, there have been five incidents where patients' health records have been breached at Texas' 10 public psychiatric hospitals, according to a review of records by the Austin American-Statesman newspaper.

The breached data included personal health information such as names, diagnoses and treatments. A spokeswoman for the Texas Department of State Health Services, says the agency is doing all it can to figure out what happened and to find ways to fix the problem.

"It was at least the fifth time in six months that sensitive personal records have made their way out of the state’s 10 public psychiatric facilities, according to documents obtained by the American-Statesman."
- PHIprivacy.net
Breaches of personal health data make patients reluctant to share their information with healthcare organizations. While policies and preventive measures are an important part of protecting patient data detective controls are critical. One such detective control is proactive privacy data breach detection using low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) TX: State mental hospitals faulted for patient privacy breaches - www.PHIprivacy.net, 01/27/2014

Thursday, January 30, 2014

FTC Data Security Authority Over HIPAA-Covered Entities

A September 2013 blog covered the original Federal Trade Commission (FTC) claim about a lab failing to protect data on 9,000 patients. On January 16, 2014 the FTC ruled to reject the lab's argument that that the FTC's enforcement action conflicts with health information security regulations under HIPAA.

The FTC stated "Congress has never enacted any legislation that, expressely or by implication, forecloses the Commission fro challenging data security measures that it has reason to believe are "unfair...acts or practices." They also stated "companies may well be obligated to ensure their data security practices comply with both HIPAA and the FTC Act. But so long as the requirements of those statutes do not conflict with one another, a party cannot plausibly assert that, because it complies with one of these laws, it is free to violate the other."

The "failure to employ reasonable and appropriate measures to prevent unauthorized access to personal information" violated the agency's regulations.
- Federal Trade Commission
The ruling provides a closer look at the FTC's rationale for its authority over health data security. Many believed health data security was only regulated by HIPAA under the Health and Human Services Office of Civil Rights. But according to Kirk Nahra, a partner with Wiley Rein, the ruling is "significant" because "the FTC is saying that everyone regulated by HIPAA has to worry about us too."

The FTC claims the lab "Did not use readily available measures to prevent and detect unauthorized access to personal information." One readily available method to detect unauthorized access, even by authorized users, is low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) FTC Affirms Data Security Authority Over HIPAA-Covered Entities - www.iHealthBeat.org, 01/29/2014

Wednesday, January 29, 2014

70% of Irish Report Data Privacy Breaches

Over two thirds of Irish people believe they have suffered an invasion of privacy, with unsolicited emails and text messages being the most common result of such privacy breaches, according to a survey by the Office of Data Protection Commissioner.

The survey found the distrust in public organizations, including the Revenue Commissioners and government departments, is identical to organizations in the private sector.

"One in five Irish people do not trust public sector bodies to guard their personal information." - Office of the Data Protection Commissioner
Up to 89% of Irish surveyed said medical data privacy was "sacrosanct." Organizations worldwide can now proactively detect medical and other data privacy breaches with low-cost on-demand SaaS analytics services.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Almost 70pc Irish people claim data privacy breaches - www.independent.ie, 01/27/2014

Tuesday, January 28, 2014

Data Privacy Day 2014

Data Privacy Day, held annually on January 28, encourages everyone to make protecting privacy and data a greater priority. DPD is an effort to empower and educate people to protect their privacy and control their digital footprint.
"Data Privacy Day is an international effort to empower and educate people to protect their privacy and control their digital footprint." - StaySafeOnline.org
Data Privacy Day is led by the National Cyber Security Alliance, a nonprofit, public-private partnership dedicated cybersecurity education and awareness, and advised by a distinguished advisory committee of privacy professionals. For helpful privacy tips see StaySafeOnline.org.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Respecting Privacy, Safeguarding Data, Enabling Trust - www.StaySafeOnline, 01/28/2014

Monday, January 27, 2014

Dealing in Identity Theft Replaces Dealing Drugs

Five people have now pleaded guilty to identity thefts that were uncovered when a confidential source (CS) tried to buy illegal drugs.

The CS was told by the dealer he had no drugs but did have personally identifiable information (PII) for sale, and would instruct the CI on how to file a fraudulent tax return.

"An examination of the PII revealed that it was from a medical services provider."
-FBI documents
Rather than learning from the FBI that their customers' identities were stolen, organizations can proactively detect data privacy breaches with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Last of five pleads guilty in medical ID theft tax fraud - www.Sun-Sentinel.com,01/25/2014
(b) Two Defendants Sentenced in Identity Theft Tax Refund Fraud Scheme Involving Thousands of Patients’ Personal Identity Information - www.FBI.gov,01/28/2014

Massive Patient Data Breach in Canada

The private health data on 620,000 Canadians has been breached and reportedly the breach was undisclosed for four months. The information included patient names, dates of birth, health card numbers, medical diagnoses and billing codes.

The Alberta Canada Health Minister, Fred Horne, has called for a formal investigation under the Health Information Act; the Privacy Commissioner Jill Clayton has launched an investigation.

"Privacy of patient records in Alberta must be paramount...the 620,000 Albertans impacted by the events of last fall should have been immediately informed that their personal information had been put at risk."
- Alberta Health Minister Fred Horne
Horne stated "the privacy of patient records in Alberta must be paramount" and privacy experts agree patients must know that their data will be protected or they'll be reluctant to share it with healthcare organizations.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Group in hot water over massive breach - www.HealthcareITnews.com,01/24/2014

Friday, January 24, 2014

ID Theft by Medical Billing Clerk

Is a background in law enforcement necessary to prevent being a victim of ID theft? It certainly helped Paul Vick, a former FBI agent and Wichita detective.

Vick manages finances for his father, a long-term care facility resident. When the bank notified Vick about possible fraudulent charges using his father's identity the son started investigating. Vick determined that a Tiandra Crawford, a medical billing clerk for a pharmacy services company, stole the father's credit card information.

Though not responsible for the bogus charges "This was not a victimless crime. The merchants in this time of economic uncertainty are taking a loss for people stealing from peoples' identities and also their credit card information."
- Paul Vick, victim of identity theft
Rather than wait for third parties, such as this former detective, to discover insider theft of personally identifiable information organizations are proactively detecting data breaches with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Wichita man believes identity thief was medical billing employee - www.kake.com, 12/18/2013

Thursday, January 23, 2014

PwC: Healthcare IT Staff Shortages Hampers Initiatives

Healthcare leaders report IT talent shortages have cancelled or delayed strategic initiatives (34%) and slowed innovation (25%), according to the Price Waterhouse Cooper (PwC) 2014 Global CEO Survey.

The demand for more IT staff has been driven by factors including the Affordable Care Act, state and federal regulations, and electronic health records (EHRs).

"34 percent of leaders in the healthcare industry say they "canceled or delayed a key strategic initiative" due to talent constraints ."
- PwC Global CEO Report
Forty-seven percent said that recruiting has been more difficult and staffing expenses "rose more than expected." These factors have healthcare organizations augmenting in-house staff with SaaS services. For proactive privacy data breach detection and user access compliance/attestation organizations can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Talent shortage hampers healthcare IT initiatives - www.FierceCIO.com, 01/14/2014

Wednesday, January 22, 2014

ID Theft Ring Sentenced

Adrienne Pritchett and Jamille Ferguson, members of an identity theft ring have been sentenced to 57 and 36 months in prison, respectively. They have also agreed to pay full restitution to their victims.

According to court documents, Pritchett stole the identities of more than 450 clients of her employer, an insurance provider catering to employees of the U.S. Department of State, Department of Defense, and Agency for International Development, many of whom are stationed overseas. Pritchett’s boyfriend, co-defendant Christopher Bush, used the stolen identities to make fraudulent driver’s licenses. Members of the theft ring, including Ferguson, used the fraudulent driver’s licenses to open credit lines at retailers and obtain merchandise and gift cards at victims’ expense. On several occasions, Pritchett sold this stolen merchandise to her colleagues.

"Pritchett stole the identities of more than 450 clients of her employer, an insurance provider catering to employees of the U.S. Department of State, Department of Defense, and Agency for International Development, many of whom are stationed overseas." - U.S. Attorney’s Office, Eastern District of Virginia
It seems the thefts of personally identifiable information was discovered by law enforcement, rather than by the insurance company. Organizations that want to proactively detect privacy data breaches, instead of learning about it from third parties, can utilize low-cost on-demand SaaS analytics services.
Download a white paper on privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Follow-up: Two Members Of Identity Theft Ring Targeting Government Employees Sentenced - www.databreaches.net, 01/14/2014

Tuesday, January 21, 2014

WSJ: Hottest Job, Compliance Officer

While some sectors of the US economy struggle to create jobs one category is booming: compliance, according the the Wall Street Journal (WSJ).

Fines and penalties and a generally heightened regulatory environment are driving organizations in every industry to augment their compliance departments. The Bureau of Labor and Statistics reports the U.S. unemployment rate for compliance professionals was 5.7% in last year's third quarter, compared with the overall jobless rate of 7.2% in the same period.

"The regulatory environment in the U.S. is driving the hiring. The outlook is very bright for anyone entering into compliance as a career."."
- Paul McDonald, Robert Half International Inc.
Salaries are increasing for the compliance field, growing an average of 3.5% annually since 2011. At a large company, a chief compliance officer can expect to earn from about $162,000 to $232,000 this year, according to Robert Half International.

Experienced compliance professional are in short supply says Cory Gunderson, head of risk and compliance practice at Protiviti, "We're in a battle royal for talent in the compliance space, across the board." To alleviate shortages, and free in-house compliance staff, companies are utilizing low-cost on-demand SaaS analytics services to provide them with actionable intelligence.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Compliance Officer: Dream Career? - www.WallStreetJournal.com, 01/15/2014

Monday, January 20, 2014

Court Clerk Sentenced for ID Theft

A Florida county employee of the Clerk of Courts was sentenced to three years and one day in federal prison for federal identity theft charges.

Porscha Kyles, used her position at the traffic and misdemeanor division to access the driver's license database for personal information including Social Security numbers and dates of birth. She then sold the information on more than 100 Florida drivers to Derek Denisevich, knowing it would be used to file fraudulent tax returns.

"According to a federal court filing, Kyles knew Denisevich planned to use the information she sold him to file unauthorized tax returns with the IRS and pocket the refunds." - Sun Sentinel
In May 2012 Ms. Kyle's supervisors noted her irregular database activity which led to her dismissal and arrest. Organizations seeking proactive detection of data breaches and user activity monitoring can utilize low-cost on-demand SaaS analytics services.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ex-clerk from Broward gets three years in ID theft case - www.SunSentinel, 01/17/2014

Friday, January 17, 2014

Medical Clerk Indicted for ID Theft, Tax Fraud

A medical clerk at a state department of corrections has been indicted for stolen identity refund fraud crimes.

Sasha Webb used her access to inmates' identification and then sold the information to Jacqueline Slaton and Harvey James, who filed fraudulent tax returns.

"Webb had access to the means of identification of inmates and sold the information to Jacqueline Slaton and Harvey James, who then used the inmates’ information to file hundreds of false tax returns that claimed over one million dollars in false refunds."
-Office of Inadequate Security
It appears that the privacy data breach was discovered as a result of the tax fraud investigation, not by the department of corrections internal audit. Organizations who seek proactive data breach detection, rather than learn about in from third parties, can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Alabama Medical Clerk and Another Indicted in Stolen Identity Tax Refund Fraud Schemes - SOURCE_NAME_AND_DATE

Thursday, January 16, 2014

EHR Incentives Near $20B

Payments by the federal government to hospitals and health professionals for implementing an electronic health record (EHR) continue to grow in 2014 and have reached almost $20 billion.

The majority of US providers now use digital health record systems and the data show the "inexorable progress made every month," said Paul Tang, MD, policy committee chair, at the Tuesday HIT Policy meeting.

"The "inexorable progress" of the federal EHR incentive program continues, with payments to providers moving ever closer to $20 billion." - Healthcare IT News
As part of qualifying for these EHR incentives recipients must fulfill requirements including a privacy and security risk assessment. Healthcare organizations can meet various requirements by utilizing low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) EHR payments soar to near $20B - www.HealthcareITnews.com, 01/16/2014

Physician Improperly Shared Patient Data with Wife

A Washington state hospital has notified 2,500 patients that one of their physicians breached patient privacy by sharing personal health information (PHI) with his wife.

The information shared includes: patient account number (a number used solely by the hospital for purposes of identification), date of service, CPT code and description of health care services that the patient received.

"the physician had improperly shared PHI with his wife between January 2010 and November 2013." - PHIprivacy.net
It is unclear why the breaches were allowed to continue for three years or how they were discovered. Healthcare organizations seeking to proactively detect data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Required HIPAA breach notification or political dirty trick? - www.PHIprivacy.net, 01/15/2014

Wednesday, January 15, 2014

Health IT Funding, $2.2B in 2013

Venture capital (VC) funding of healthcare IT was $2.2 billion in 2013, nearly doubled that in 2012, according to a report by Mercom Capital Group report.

A number of investments were made in electronic health record (EHR) companies as the trend to have patient records available electronically. While EHRs can facilitate care delivery and improve outcomes maintaining the privacy of electronic records is a critical part of EHR success.

"After record fundraising totals in 2013, healthcare IT companies have now received $4 billion in venture funding since 2010." - Raj Prabhu, CEO, Mercom Capital Group
Healthcare organizations can proactively detect breaches to patients' private information with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Health IT banks record VC cash in 2013 - www.HealthcareITnews.com, 01/14/2014

Tuesday, January 14, 2014

Hospital Workers Fired for Missing Computer

A Georgia hospital has terminated two employees after a computer with patient data has gone missing.

Thousands of patients have been notified that their personal information may have been compromised

" Hospital officials say an investigation found that the computer contained names, addresses, and possibly medical diagnosis information of nearly 6,800 people."
- Modern Healthcare
The hospital stated the employees were fired for not following policies regarding computers; while rearranging their office they left the computer in a box in a hallway.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ga. Hospital Fires 2 Workers Over Missing Computer - www.ModernHealthcare.com, 01/11/2014

Monday, January 13, 2014

Nurse Sentenced for Patient ID Theft, Tax Fraud

One of two nurse aides at a Virginia hospital has been sentenced to 81 months in prison for stealing patients' personal information and using it to submit fraudulent tax returns.

The second nurse aide has pleaded guilty and will be sentenced later this month. Both aides, who received tax refunds in patients names, admitted to assistance from others in the US and Nigeria.

"The two aides used their positions to obtain the personal information including dates of birth and social security numbers from thousands of patients." - WTKR TV
It is unclear if the the hospital learned of the patient privacy breaches from internal audits or were alerted by law enforcement as the result of a tax fraud investigation. Organizations can proactively detect breaches of data breaches with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Beach General nurse aide sentenced for using patients’ personal info to commit tax fraud - www.WTKR.com, 01/14/2014

Friday, January 10, 2014

Companies Failing at Cybersecurity

Employees at all levels believe their companies' information is at risk according to a survey by Stroz Friedberg.

Surprisingly, many threats to enterprise data are coming from senior management. The majority of senior managers, 51 percent confessed they’ve taken work files with them after leaving a job.

"The majority of senior managers, 51 percent, confessed they’ve taken work files with them after leaving a job."
- www.TheLaw.com
Taking files after leaving a company, and thereby risking the loss of valuable intellectual property, proved to be twice as common a behavior for senior managers as it was for office workers in general. To detect inappropriate access to intellectual property and other sensitive enterprise data, organizations can utilize low-cost on-demand SaaS analytics services.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Companies Failing to Make the Grade on Cybersecurity - www.TheLaw.com, 01/08/2014

Thursday, January 9, 2014

"Privacy" the Word of 2013

dictionary.com has declared "privacy" the word of 2013. Read why some are saying there's never been a better time to be a privacy advocate.
"For privacy advocates, these are heady days."
-www.TheLaw.com
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Opening the Privacy Files - www.TheLaw.com, 01/03/2014

Tuesday, January 7, 2014

FL Health Dept Workers Steal Identies for Tax Fraud

Two Florida Health Department workers admitted to 2,300 identity thefts from the health department's record system.

Shanterica Smith and Gerald Williams stole, patient information such as names, Social Security numbers, and dates of birth. They said they were paid to steal the information for others who used it for a tax fraud scheme.

"Smith and Williams each pleaded guilty to a federal fraud charge, admitting they took names, Social Security numbers and birth dates of health department patients."
- Orlando Sentinel
It seems the Health Department learned of the identity thefts was as a result of the tax fraud investigation started in 2011, rather than from their internal audits. Organizations that want to proactively detect data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Health department workers admit to stealing patient info - www.orlandosentinel.com, 12/20/2013

Monday, January 6, 2014

FTC: 20 Years Monitoring Required in Patient Data Breach

A medical billing company has agreed to a settlement with the US Federal Trade Commission (FTC) related to a 2011 data breach that affected 23,000 patients.

Although there is no monetary penalty, the settlement requires 20 years of security program evaluation by a certified third party. The company has agreed to implement a number of steps to protect the patient data it handles. In addition to employee training programs, the company must implement risk assessment and prevention and detection programs to protect data from breaches. For the risk of data breaches from insiders, or those posing as insiders, proactive detection is available as low-cost on-demand SaaS analytics services.

"...settlement is an important reminder that the [HHS] Office for Civil Rights is not the only game in town when it comes to enforcement of health information privacy and security."
- Adam Greene, Privacy Attorney, Davis Wright Tremaine.
The FTC can initiate health data breach investigations, or do so based on referrals by agencies such as the Department of Health and Human Services (HHS). "The FTC commonly issues breach investigation settlements that include corrective actions aimed at having organizations better protect consumer's personal information," says Allison Lefrak, FTC attorney.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Accretive Health Breach: FTC Settlement - www.GovInfoSecurity.com, 01/02/2014

Friday, January 3, 2014

Health IT Market $31.3B by 2017

The US health IT market is forecast to grow to $31.3 billion by 2017, up from $21.9 billion in 2012, according to a report by Research and Markets.

Among the factors that have contributed to health IT growth include federal government incentives and initiatives as well as the demand for adoption of computerized provider order entry technology.

"The report estimated that the North American health IT market will grow at a compound annual growth rate of 7.4%."
- iHealthBeat.org
The report enumerated several barriers to health IT progress such as breaches of patient information as well as a lack of health IT professionals. To decrease these barriers low-cost on-demand SaaS analytics services can be utilized for proactive privacy breach detection and user access compliance; such services free, rather than burden, a healthcare organization's staff.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) North American Health IT Market To Reach $31.3B by 2017 - www.iHealthBeat.org, 1/02/2014

Thursday, January 2, 2014

Health Data Breaches to Surge in 2014

Bigger breaches of health data and patient privacy are expected in 2014, according to an Experian report "2014 Data Breach Industry Forecast" (registration required).
"The healthcare industry, by far, will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014."
- Experian report
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Healthcare Data Breaches To Surge In 2014 - Information Week, 12/26/2013

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.