Friday, February 28, 2014

Help Children's Hospitals - National Pancake Day, 3/4/2014

As an official partner of Children’s Miracle Network Hospitals, Veriphyr wants to encourage everyone to support IHOP’s National Pancake Day on Tuesday, March 4, 2014.

IHOP Restaurants and Veriphyr partners with Children’s Miracle Network Hospitals to help improve the lives of millions of sick children. We welcome the opportunity to collaborate with IHOP in support of this great cause and, frankly, we’d hate for you to miss out on free pancakes!

How it Works: IHOP invites guests to visit their local IHOP restaurant on National Pancake Day and receive a free short stack of its famous buttermilk pancakes from 7 a.m. – 10 p.m. In return, they ask that you make a voluntary donation to Children’s Miracle Network Hospitals (or, in select markets, another local charity) while at the restaurant.

For more information on National Pancake Day and to find a participating IHOP near you, please go to www.IHOPPancakeDay.com

Healthcare IT Spending to Grow

While federal electronic health record (EHR) incentive payments have been spent, healthcare IT capital spending will increase, according to a survey.

Survey participants noted that during the last three years IT assets accounted for up to 20% of the capital budget, a trend most believe will continue over the next three years.

"69% of respondents estimated their organizations' capital expenses would increase over the next three years."

- Modern Healthcare

Healthcare organizations can avoid CapEx by utilizing SaaS offerings. For example, proactive privacy breach detection and user access compliance is available as a low-cost on-demand SaaS analytics service.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Organizations' IT Spending Expected to Keep Growing - www.ModernHealthcare.com, 02/22/2014

Thursday, February 27, 2014

Google Offers BAA for Google Apps

Google removes a barrier to Google Apps adoption by offering to sign BAA for organizations that need to comply with HIPAA.

Cloud computing in healthcare is poised for explosive growth. By the end of 2013, analysts estimated the global market would hit nearly $4 billion, more than 21% growth from 2012, according to a September 2013 Kalorama report. By comparison, health IT spending in 2013 was only projected to increase by 11%.

"We’re looking forward to supporting customers who are subject to HIPAA regulations on Google Cloud Platform."
- Matthew O'Connor, Google
The final HIPAA omnibus rule took effect September 2013, making Business Associates (BA), as well as subcontractors, directly liable for violations of HIPAA rules. The rule expanded the BA definition to include health information organizations, e-prescribing gateways, personal health record (PHR) providers, patient safety organizations -- all those with access to protected health information.

BAs can protect the health information they handle by utilizing low-cost on-demand SaaS analytics services to proactively detect patient data privacy breaches.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Google Cloud Gets Onboard with HIPAA - www.HealthcareITnews.com, 02/11/2014

Wednesday, February 26, 2014

DOJ: SIRF is Tax Division Priority

SIRF?? The extent of the Stolen Identity Tax Fraud (SIRF) problem is so great the US Department of Justice has given it an acronym.

The Internal Revenue Service (IRS) has identified more than 550,000 taxpayers who have had their identities stolen for the purpose of claiming false refunds(2008-May 2012). SIRF is particularly rampant in Florida, it leads the nation in SIRF, as the hospitalized or the deceased are often targets.

"One of the Tax Division’s highest priorities is prosecuting people who use stolen identities to steal money from the United States Treasury by filing fake tax returns that claim tax refunds."
- Kathryn Keneally, Assistant Attorney General for the Tax Division
Unfortunately the ID theft is often not discovered until a fraudulent tax return is uncovered by the IRS. SIRF would occur less frequently if ID theft was discovered earlier. One way organizations can proactively determine if identities of their patients or customers have been breached by utilizing low-cost on-demand SaaS analytics.
Download a white paper on proactive data breach detection. Learn how to identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Stolen Identity Refund Fraud (SIRF) Enforcement - www.justice.gov, 02/20/2014

Tuesday, February 25, 2014

Veriphyr CEO Presented at America's Growth Capital Conference

On February 24, 2014, Alan Norquist, CEO of Veriphyr, presented at the America's Growth Capital Partners' (AGC) West Coast Conference on InfoSec and Technology.

AGC’s West Coast conference is invite only and brings together over 300 leading public and private technology companies, top global private equity investors, and strategic tech buyers.

The invite only AGC Partners' conference brings together leading public and private techonolgy companies, top private equity investors, and strategic buyers.
Veriphyr, a Gartner "Cool Vendor" for 2011, provides identity and access intelligence SaaS solution that proactively detects trusted insiders who breach customer data privacy or steal customer identities from commercial or home grown applications. The company's advanced data analytics transform identity, rights, and activity data into actionable intelligence for business managers responsible for privacy, compliance, risk, and security. Veriphyr's SaaS solution means there is no hardware or software to install and no new integration needed with existing systems. Veriphyr analyzes custom and commercial applications across a range of systems including mainframes, midrange, Linux/Unix, and Windows servers.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) AGC Partners' West Conference - www.AGCpartners.com, 02/24/2014

Monday, February 24, 2014

3/1/14 Deadline to Report HIPAA Breaches of Under 500

March 1, 2014, is the deadline to notify the Secretary of the Department of Health and Human Services (HHS) regarding breaches of protected health information (PHI) discovered in the 2013 calendar year and affecting under 500 individuals.

The notification requirements and the electronic submission form can be found here.

Reminder: March 1, 2014 is the deadline to notify the HHS of breaches affecting under 500 individuals that occurred in 2013.
Organizations can proactively detect patient data privacy breaches by utilizing low-cost on-demand SaaS Identity and Access Intelligence (IAI) services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) SOURCE_TITLE - SOURCE_NAME_AND_DATE

Friday, February 21, 2014

Privacy Concerns Delay UK Health Database

Privacy concerns have been raised about the United Kingdom's National Health Service (NHS) database, which will contain the medical records of all NHS patients.

The NHS argues the database will allow researchers to study the causes of disease, identify drug side effects, and detect outbreaks. To address privacy concerns the NHS is delaying the database for six months.

"Privacy groups have warned patients will have no way of knowing who has accessed their medical records."
- iHealthBeat.org
While privacy groups are concerned there is no way of knowing who accessed medical records, healthcare organizations can easily provide patients with this information (accounting of disclosures) by utilizing low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) U.K.'s NHS Delays Patient Record Database Amid Privacy Concerns - www.iHealthBeat.com, 02/19/2013

Thursday, February 20, 2014

Employee Pleads Guilty to Theft of 5,200 Identities

Drew Johnson, an employee of a company that manages self-funded healthcare plans, pleaded guilty to stealing the identities of 5,200 individuals.

Johnson abused the access to data his job granted him and took personal information including names, home addresses, dates of birth and Social Security numbers – information that could have been used for credit-card fraud or fake income-tax returns.

"Johnson’s job granted him access to the information, but he had no professional reason to view it,." - FBI agent
Proactively detecting inappropriate data access by authorized users used to be very difficult and time consuming but low-cost on-demand SaaS analytics services deliver actionable intelligence without burdening an organization's staff.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Man pleads guilty to identity theft of more than 5,000 TSYS employees - www.WTVM.com, 02/14/2013

Wednesday, February 19, 2014

More Lawsuits Over Driver's License Privacy Breaches

More Minnesota reporters are filing suits, against municipalities and the State Department of Safety, accusing police officers of inappropriate viewing their driver's license information.

Another TV reporter, Alix Kendall, also filed a similar lawsuit. Her attorney said Kendall was "shocked and disgusted to learn her driver's license information had been looked up more than 3,800 times."

"Personnel, charged with protecting and serving the public, knowingly abused their position of trust simply to satisfy their shallow desires to peek behind the curtain."
Jay Koll, TV reporter, KSTP Minnesota
Last year two other reporters filed suits against municipalities for inappropriate viewing of their driver's license information by law enforcement. The driver's license database contains current and former addresses, current and former driver’s license photographs, weight, height and, possibly, Social Security and medical information.

Rather than having a lawsuit bring staff's snooping to light, organizations can utilize low-cost on-demand SaaS analytics services for proactive breach detection, even by authorized users.

Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Another Minnesota Reporter Sues Over Driver’s License Privacy Breach - www.MediaBistro, 02/13/2014

Tuesday, February 18, 2014

Attorneys, Put Your Data House in Order

Lawyers are focusing on data privacy policy within their own firms.
"The policy must address the enterprise’s particular data challenges, such as retention of personal health information."
- Judy Selby and James Sherer, attorneys, BakerHostetier
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) SOURCE_TITLE - www.DataPrivacyMonitor.com, 02/05/2014

Monday, February 17, 2014

Employer Liability for Texting Health Info

John Doe was treated for a sexually transmitted disease (STD). A clinic nurse, who knew Doe’s girlfriend, texted her about the STD. When Doe learned of the texts he complained to the clinic and filed a federal diversity action.
The court stated a medical corporation “may also be liable in tort for failing to establish adequate policies and procedures to safeguard the confidentiality of patient information.."
- Workplace Privacy Data Management & Security Report
In Doe v. Guthrie, the Second Circuit Court of Appeals dismissed a patient’s claim against a medical corporation for alleged breach of fiduciary duty based on a non-physician employee’s unauthorized disclosure of confidential medical information. It did so because the NY State Court of Appeals answered the following certified question in the negative: “Whether, under New York law, the common law right of action for breach of the fiduciary duty of confidentiality for the unauthorized disclosure of medical information may run directly against medical corporations, even when the employee responsible for the breach is not a physician and acts outside the scope of her employment.”

Despite the ruling in this case, the court stated a healthcare organization “may also be liable in tort for failing to establish adequate policies and procedures to safeguard the confidentiality of patient information or to train their employees to properly discharge their duties under those policies and procedures,” thus healthcare organizations must be cautious.

Inadequate policies and procedures to protect patient information could expose organizations to damages in these kinds of suits, as well as penalties under HIPAA. One procedure organizations can utilize is proactive detection of patient data privacy breaches with low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Employee’s Unauthorized Texting of Confidential Health Information May Impose Employer Liability - SOURCE_NAME_AND_DATE

Friday, February 14, 2014

Police Officer Sentenced 12 Years for ID Theft, Tax Fraud

Malinsky Bazile, a former Miami police officer, was sentenced to 12 years in prison for stolen identity refund fraud (SIRF).

Bazile used his access to Florida driver's license database to steal identity information of 700 middle-aged women with common last names. He used the information to file fraudulent tax returns.

"According to trial testimony, in 2012, Bazile used his access as a police officer to Florida's driver's license database to steal the identity information of approximately 700 middle-aged women with common last names." - US Department of Justice, Southern District of Florida
Although Bazile was stealing names from January 2012 until October 2012 it seems the crime was not discovered until the federal authorities investigated the tax fraud. Organizations can proactively detect inappropriate data access, even by authorized users, with low-cost on-demand SaaS analytics services.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former City of Miami Police Officer Sentenced in Identity Theft Tax Refund Fraud Scheme - www.justice.gov, 02/07/2014

Thursday, February 13, 2014

Increased Cyber Threats, Increased Stress on IT Staff

IT professionals are being pushed to deliver new digital projects, according to a survey. In 2013, owing to security issues, 79% had been pressured to roll out new projects even if projects were not ready.

54% of IT professionals felt more pressure to protect their organizations in 2013 as opposed to 2012, and 58 percent believe pressure in 2014 will be greater. 58% cited customer data theft as a top concern — "more than reputation, fines and legal action combined."

"According to the survey the most worrying effect of potential security breaches for respondents was customer data theft, which 58% cited as a concern — more than reputation, fines and legal action combined."
- Corporate Counsel
Many respondents felt more staff could decrease the pressure to rapidly deliver solutions. While 3 of 4 organizations manage security in-house, 82% use or are looking to use outside services. For proactive data breach detection organizations are utilizing low-cost on-demand SaaS analytics services - actionable intelligence delivered without any burden on in-house staff.
Download a white paper on proactive data breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) More Cyber Threats, More Stress on IT Pros - www.CorporateCounsel.com, 02/13/2014

Wednesday, February 12, 2014

Poorly Vetted Contractor Health Data Breach Risk

A Deleware hospital learned a contractor had been arrested four years prior for identity theft.

The contractor was terminated, and the hospital investigated the extent of the contractor's access to patient information.

"Approximately 1,900 patients that a temporary contractor with a criminal record of identity theft had access to their personal and health information."
- Becker's Hospital Review
In addition to notifying 1,900 patients that a criminal had access to their personal and health information the hospital will conduct background checks on all contractors. While background checks might yeild information about a contractor's past it will not detect their activities once they have access to patient information. For proactive detection of all staff accesses to patient information there are low-cost on-demand SaaS analytics services available.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
In addition to notifying 1,900 patients that a Sources:
(a) Poorly Vetted Contractor Causes Potential Breach at Beebe Healthcare - www.BeckersHospitalReview, 02/10/2014

Tuesday, February 11, 2014

Almost 50% ID Thefts Are Medical Info

Medical-related identity theft accounted for 43% of all US identity thefts in 2013. That is greater than ID thefts involving banking and finance, the government and the military, or education, according to a survey by the Identity Theft Resource Center.

The U.S. Department of Health and Human Services (HHS) reports the medical records of between 27.8 million and 67.7 million people have been breached since 2009.

"If modern technology has ushered in a plague of identity theft, one particular strain of the disease has emerged as most virulent: medical identity theft.." - USA Today
Some hospitals rely on the honor system and training to deter staff breaches of patients' confidential medical information. Organizations seeking proactive detection of data privacy breaches can utilize low-cost on-demand SaaS analytics services for to audit every user, not just a sample of users.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) SOURCE_TITLE - www.USAtoday.com, 02/07/2014

Monday, February 10, 2014

UK Accident Victims' Data Theft

A UK constable, Sugra Hanif, and her lover Raza Khan, were convicted of conspiring to steal thousands of accident victims' information from police computers and then sell the information to solicitors' firms. A third defendant, Raza's wife, Paramjeet Kaur, faced the same charges but the jury has failed to reach a verdict in her case; prosecutors are considering a retrial.

The conspiracy, which began in January 2011, may have netted more than £1 million. The defendants set up a case management company to sell the accident victims' information that Hanif stole from police computers.

"All three of them have been involved in a conspiracy to obtain confidential police information." - Peter Asteris, Crown Prosecutor Service, United Kingdom
It not clear how the conspiracy was uncovered. Often it is a third party that alerts an organization to a data breach. Organizations that seek proactive detection of data breaches by insiders, even by those with authorized access, can utilize low-cost on-demand SaaS analytics services.
Download a white paper on data breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) No Verdict on Data Theft Accused - www.LittleHamptonGazette.co.uk, 02/03/2014

Thursday, February 6, 2014

Police Officer Sentenced for ID Theft, Tax Fraud

A former City of Miami police officer, Vital Frederick, has been sentenced to 81 months in prison for misusing access to the state drivers' license database.

According to the U.S. Attorney, Frederick exploited the police databases to steal identities and sell the information, believing they were to be used to commit tax fraud.

"As a sworn police officer, Vital Frederick, pledged to protect the public. Instead, he abused that trust to victimize those he swore to protect."
- US Attorney, Southern District Florida, Wilfredo Ferrer
Frederick's misuse of the drivers' license database was only discovered after a third party alerted the department about suspicious activity. Rather than depend on third parties, organizations can proactively detect privacy data breaches with low-cost on-demand SaaS analytics services.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former City of Miami Police Officer Sentenced on Corruption Charges - www.justice.gov, 01/30/2014

Wednesday, February 5, 2014

FTC Breach Ruling Leads to Lab Closure

The lab that the Federal Trade Commission ruled failed to protect data on 9,000 patients has announced it will close saying the FTC investigation was an "abuse of power." More information about the case is outlined in two previous blogs, one last week, and one in September 2013.

The lab accused the FTC of overstepping its authority and said the agency did not have the Congressional authority to regulate data security practices. The FTC ruled that it has authority over HIPAA-covered entities and that "Congress has never enacted any legislation that, expressely or by implication, forecloses the Commission fro challenging data security measures that it has reason to believe are "unfair...acts or practices."

"The FTC has spent untold taxpayer dollars...usurping power over patient information from the U.S. Department of Health and Human Services." - CEO, LabMD
Many believed health data security was regulated only by HIPAA under the Health and Human Services Office of Civil Rights but now have to consider the FTC can take action as well. The FTC claims the lab "Did not use readily available measures to prevent and detect unauthorized access to personal information." One readily available method to detect unauthorized access, even by authorized users, is low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Medical lab says FTC breach probe forced it to close - www.ComputerWorld.com, 01/31/2014

Tuesday, February 4, 2014

Insurer: Insider Breach of Social Security Numbers

A large accident and health insurer has disclosed an insider breach of customers' social security numbers.

A now former employee of the company "accessed personal information in an unauthorized manner," according to the January 17, 2014 notification to the New Hampshire Attorney General's Office.

The notification to the state does not indicate over what time period the unauthorized access occurred or how it was discovered.
It is unclear how the breach was discovered or over what time period the unauthorized access occurred. Organizations seeking proactive detection of data breaches by insiders, or those posing as insiders, can utilize low-cost on-demand SaaS analytics services.
Download a white paper on data breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Department of Justice, New Hampshire - www.Doj.NH.gov., 01/17/2014

Monday, February 3, 2014

Hospital's Second Data Breach in 4 Months

A Vermont hospital received a regulatory citation after an unannounced visit by the Center for Medicare and Medicaid (CMS) found that two employees had inappropriately accessed patient records. This was the second time in 4 months this hospital has had a breach of patients' data.

"Medical information from two patients' records was accessed by two people who did not have the need to know, they were not involved in the individuals' direct care."
- Fran Keeler, Vermont Division of Licensing and Protection
This breach has raised concerns about patient privacy among local residents, one man said "You have to know your records are safe. People shouldn't be looking at records that they're not entitled to look at."

While the hospital says "our corrective action is the implementation of a system that will do random audits to assure compliance for our patient care records" a better approach is an ongoing audit of all workers accesses of patient records, easily accomplished with low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) North Country Hospital Suffers Second Data Breach in 4 Months - www.BeckersHospitalReview, 01/31/2014

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.