Monday, March 31, 2014

Hospital Employees Steal Patient IDs, Share with Lawyers

Two employees of a hospital in Queens, New York, New York have been charged with illegally accessing medical records and personal identification information of emergency room patients, according to Queens District Attorney Richard A. Brown. These patients were subsequently contacted, sometimes while still in the ER, by "ambulance chasing attorneys" or "medical mills" seeking to represent them or to provide them outpatient services.
"The defendants are accused of blatantly violating their HIPAA obligations and illegally trolling patient records ."
- Richard A. Brown, District Attorney, Queens, New York
Personal information from more than 500 patients was stolen, such as Social Security number, date of birth, address, phone number, details of their injuries. What is unclear is why this theft of patient identities went on for so long - from 2012-2014. Healthcare organizations who want to proactively detect identity theft can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) HOSPITAL EMPLOYEES CHARGED WITH ILLEGALLY ACCESSING MEDICAL RECORDS AND PERSONAL IDENTIFICATION INFORMATION OF EMERGENCY ROOM PATIENTS - www.QueensDA.org, 03/28/2014

Friday, March 28, 2014

App Support Kills 38% of IT Budget

Application support and maintenance (ASM) costs 38% of an IT budget, a 29% increase, according to a survey of 300 CIOs.

The survey also found that ASM spending is led by IT rather than business led KPIs (key performance indicators).

In most organizations ASM is led by IT, rather than business, KPIs.
Moreover, 83% of CIOs said the traditional ASM processes are inefficient. One solution to these problems is to utilize low-cost all-inclusive SaaS services such as those available for proactive identity theft detection.
Download a white paper on patient privacy breach and identity theft detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) App support kills off 38 percent of IT budget for top firms - www.FierceCIO.com, 03/26/2014

Thursday, March 27, 2014

Gartner: Middle East Health IT Spending Growth

Middle East and Africa Health IT spending is projected to be $2.8B US in 2014 and IT services will grow 7.6 percent in 2014 to reach US $314 million, up from US $299 million in 2013, according to Gartner, the world's leading information technology research and advisory company.

The driver for this growth is technology adoption for private healthcare infrastructure and government investments.

"Growing private healthcare infrastructure and government investments is driving higher adoption of technology,."
- Gartner research director, Anurag Gupta
Regardless of the country, rapid growth in a healthcare organization can stretch IT resources making SaaS solutions a good choice. For proactive privacy breach and identity theft detection there are low-cost on-demand SaaS analytics services available.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Gartner Says Healthcare Providers in Middle East & Africa To Spend US $ 2.8 Billion on IT In 2014 - www.Gartner.com, 03/24/2014

Wednesday, March 26, 2014

Regulations Increasing Hospital IT Budgets

Senior IT executives say IT budgets for 2014 are higher than in 2013, according to a 2014 HIMSS Leadership Survey.

A variety of reasons were given for these budget increases. Among them was the need to comply with regulations, reported by almost half of respondents (49%).

"49% cited need to comply with regulations as reason for increased IT budget."
- Becker's Hospital Review
Another reason for budget increases mentioned was need for more staff to comply with regulations (39%). To address both these issues healthcare organizations are utilizing SaaS offerings. For proactive privacy data breach and identity theft detection, healthcare organizations are turning to low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Why Hospitals' IT Budgets Are Increasing: 13 Statistics - www.BeckersHospitalReview, 03/24/2014

Tuesday, March 25, 2014

$4M Breach Settlement by Hospital, BAAs

A California hospital and two Business Associates have paid $4 million to settle a class-action lawsuit related to a 2011 breach affecting 20,000 patients. The information breached included patient names, medical record numbers, hospital account numbers, emergency room admission/discharge dates, medical codes for the visit reasons, and billing charges.

Unlike many other states' privacy laws, California's Confidentiality of Medical Information Act "allows patients to bring an action against any entity that has negligently released individually identifiable medical information, seeking minimum damages of $1,000, with no proof of actual damage required," according to Brian Kabeteck, founder and managing partner of Kabeteck Brown Kellner LLP, the law firm representing plaintiffs in the suit.

"California...allows patients to bring an action against an entity that has negligently released individually identifiable medical information, with no proof of actual damage required." - Brian Kabeteck, attorney
Kabeteck points out this makes these actions much easier to pursue and that suits like this show there are repercussions for not protecting patient information. This case is also a reminder to business associates about the importance of safeguarding electronic protected health information (ePHI). Business associates and their subcontractors are directly liable for compliance with the HIPAA Omnibus Rule, with fines up to $1.5 million per violation, and vendors could face civil suits related to breaches. To proactively detect breaches of patient data, hospitals and their business associates can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Stanford Breach Lawsuit Settled - www.iHealthBeat.org, 03/24/2014

Monday, March 24, 2014

Ireland Police Breach Database Privacy

The Ireland Office of Data Protection identified inappropriate access to the police database in relation to well-known public figures and celebrities.

The findings, in a just published report, were described by Data Protection Commissioner Billy Hawkes as "particularly disturbing" since none of those whose data was breached had "major dealings" with gardai.

"Confidential information on six “high-profile” personalities on the Garda Pulse computer system was accessed “inappropriately” by members of the force."
- Irish Independent
Is your organization doing enough to prevent snooping or improper access to personal information? Inappropriate access to data, even by authorized users, can be detected proactively with low-cost on-demand SaaS analytics services.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Gardai checked private files on model more than 80 times - www.Independent.ie, 03/22/2014

Friday, March 21, 2014

Puerto Rico Levies $6.8M HIPAA Fine on Insurer

The Puerto Rico Health Insurance Administration (ASES) will impose a $6.8 million fine on a health insurer over a data breach by one of the insurer's subsidiaries. This fine is larger than any imposed for HIPAA violations by the Heath and Human Services Office of Civil Rights (HHS, OCR).

"The $6.8 million fine represents a fine of $500 per affected individual, as well as an additional $100,000 penalty because the insurance company failed to cooperate with the administration's investigation." ."
- Ricardo Rivera Cardona, executive director, Puerto Rico Health Insurance Administration
The ASES said the $6.8 million fine represents a fine of $500 per affected individual, as well as an additional $100,000 penalty because the insurance company failed to cooperate with the administration's investigation.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Puerto Rico Levies $6.8M Fine on Insurer for HIPAA Violations - www.iHealthBeat.org, 02/24/2014

Thursday, March 20, 2014

UK Police Snoop on Ex Lovers, Neighbors

UK police officers and staff broke data privacy rules to snoop on former lovers, neighbors, family, and public figures.

The employees carried out unauthorized background checks – and some data was passed on to third parties. Four of the constabulary staff employed by have been sacked for breaches of the Data Protection Act and 37 disciplinary measures have been started.

"Since 2010 a total of 25 staff and 13 officers have breached data laws."
- Cambridge News
It is unclear why the inappropriate access to data, which had been occurring since 2010, was not detected sooner. Organizations seeking proactive detection of data breaches, even by authorized users, can utilize low-cost on-demand SaaS analytics services.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) REVEALED: Snooping police breach privacy laws in Cambridgeshire to spy on former lovers, neighbours, family - and high-profile personalities - www.CambridgeNews.co.uk, 03/14/2014

Wednesday, March 19, 2014

Medical Data Breach Class-action Suit

A class-action suit has been filed against Los Angeles county and its contractor over the theft of medical data on 165,000 patients. The data may have included patients' names, Social Security numbers, medical and billing information, birth dates, addresses and diagnoses.

The data was stolen from a company hired by Los Angeles county to handle billing and collections. The suit alleges the company and the county did not notify affected patients in a timely fashion and that more stringent protection of private data is required.

"The suit is asking the court to order the county to require more stringent procedures to protect private and confidential data in future contracts."
- The LA Times
Class-action suits are increasingly being filed by patients in response to breaches of their privacy thus data protection strategies by organizations holding PHI (protected health information) require careful consideration. Protection against breaches of medical data by insiders can be detected proactively with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Class-action lawsuit filed over breach of patient medical data - www.LAtimes.com, 03/14/2014

Tuesday, March 18, 2014

Supermarket Employee Steals Payroll Data

An employee of a UK supermarket chain has been arrested for allegedly stealing salary and bank account details of 100,000 staff.

The insider data theft was only discovered when the supermarket chain learned it had been published online and sent to a local newspaper.

"Salary and bank account details for 100,000 of its staff were stolen ."
- The Telegraph
Rather than being taken by surprise about insider identity theft or privacy breaches, organizations can proactively detect them with low-cost on-demand SaaS analytics services.
Download a white paper on identity theft and privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Morrisons employee arrested over payroll data theft - www.Telegraph.co.uk, 03/17/2014

Nurse Breached Patient Privacy for Four Years

An LPN (licensed practical nurse), employed by a Virginia hospital, breached data in the electronic medical records (EHRs) of 919 patients over a four-year period from September 2009 through October 2013.

The nurse inappropriately accessed Social Security numbers, a summary of their patient history and other information.

"An LPN inappropriately accessed 919 medical records over a four-year period."
- Daily Press
It is unclear why the inappropriate access remained undetected for four years. Healthcare organizations seeking proactive detection of privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Riverside reports health records breach - www.DailyPress.com, 12/31/2013

Monday, March 17, 2014

Hospital Employee Steals 1,087 Patient IDs

A Michigan hospital employee stole 1,087 patient IDs. Data stolen included patient names, social security numbers, and dates of birth, as well as reasons for hospital visits.

The hospital was alerted to the theft by the police who were investigating an identity theft case. Only then did the hospital begin conducting an internal audit.

"Hospital identity theft and fraud is on the rise with patient information being sold, and used to receive medical care and benefits."
- MSN Money
All too often healthcare organizations first learn about identity theft from law enforcement, but this does not have to be the case. Proactive identity theft detection is available with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hospital Employee Steals 1,087 Patient Records - www.GuardianLV, 03/14/2014

Friday, March 14, 2014

County Government Settles HIPAA Violations

A Washington state county has agreed to pay $215,000 to settle potential HIPPA Violations. In addition the county will work with the Health and Human Services Department (HHS) to improve its HIPAA compliance program.

While investigating a reported breach, the Office of Civil Rights (OCR) found widespread non-compliance with HIPAA Privacy, Security and Breach Notification rules.

"OCR's investigation uncovered general and widespread non-compliance with the HIPAA Privacy, Security, and Breach Notification Rules." - Department of HHS
Healthcare organizations as well as Business Associates can comply with HIPAA privacy and security rules by utilizing low-cost on-demand SaaS analytic services for proactive data breach detection.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) County Government Settles Potential HIPAA Violations - www.hhs.gov, 03/07/2014

Thursday, March 13, 2014

EHR Market $22.3B by 2015

The worldwide electronic health record market (EHR) is estimated to reach $22.3 billion by the end of 2015, according to an Accenture report.

Annual growth rate is expected to be 5.5%. The US will remain the largest market, growing 7.1% annually to $9.3 billion by 2015.

"The biggest drivers of US EHR market growth are consolidation and meaningful use attestation." - Accenture report on EHR market growth
While EHR use can lead to improved healthcare outcomes it also facilitates theft of patients' identities. Healthcare organizations can proactively detect identity theft with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Global EHR Market To Reach $22.3B by End of 2015, Report Estimates - www.iHealthBeat.com, 03/05/2014

Wednesday, March 12, 2014

Ongoing Audits Increase AU Privacy Breach Costs

Australia's Privacy Principle Act (APP) amendments became law today (03/12/2014) with fines of up to $1.7 million for companies and $340,000 for individuals who breach the Act.

But ongoing audits could push the total cost of data breaches much higher, according to Baker & McKenzie partner Patrick Fair. Fair noted this is because "companies have so many points of collection and multiple layered data bases with different information stored in different places." To help organizations keep abreast of the Act, Fair suggests appointing a privacy officer.

"There has to be [a privacy officer] in the organisation who understands the [APPs] and is prepared to broker them into the business." - Patrick Fair, Baker & McKenzie
However, there are ways to minimize costs of ongoing audits for privacy breaches, even if data is in disparate systems and locations worldwide. Low-cost on-demand SaaS analytics services proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Cost of a Privacy Act breach could extend to ongoing audits: legal expert - www.TechWorld.com, 03/11/2014

Tuesday, March 11, 2014

OIG: Medicaid Info Security Lacking

The Office of the Inspector General (OIG), a government watchdog, reported dozens of info security vulnerabilities at state Medicaid agencies. The OIG called for action at the agencies to prevent fraud.

"The fact that some of the vulnerabilities were [the same at] the 10 state agencies suggests that other state Medicaid information systems may be similarly vulnerable," according to the OIG.

The report "may increase public awareness of these pervasive vulnerabilities across state agencies and lead the Centers for Medicare and Medicaid Services and all states to strengthen system security."
- Department of Health and Human Services' Office of the Inspector General
Vulnerabilities included lack of risk assessments and user log monitoring, and poor access controls, which increase opportunities for identity theft and fraud. Such problems can be addressed with low-cost on-demand SaaS analytics services which proactively detect identity theft, as well as report on access control risks and compliance.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Report on State Medicaid Information Security - www.OIG.HHS.GOV, 03/05/2014

Monday, March 10, 2014

Large Hospitals to Buy New EHRs

The electronic health record (EHR) market is on the verge of a new buying wave, beyond the IT spending related to meaningful use and the government incentive program. Nearly 50% of large hospitals might buy a more current (EHR) system to replace legacy systems.

The Klas Research report, "Acute Care EMR 2014: The Next Buying Wave," covers interviews with 277 providers from hospitals with at least 200 beds about EHR vendors they are considering and timeframe for purchasing.

"Where the last round of [EHR] purchases was fueled by meaningful use requirements and enticing reimbursements, this next round is being fueled by concerns about outdated technology and health system consolidation."
- Colin Buckley, KLAS Research
As EHRs become more widespread they improve healthcare delivery but also increase opportunities for identity theft of patients' personal information. Healthcare organizations seeking proactive detection of identity theft, before they learn of it from law enforcement, can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Acute Care EMR 2014: The Next Buying Wave - www.KlasResearch.com, 02/12/2014

Friday, March 7, 2014

EHR Incentives Exceed $22.5B?

Based on the latest projections by the Center for Medicare and Medicaid Services (CMS)EHR (electronic health record) incentive payments may exceed the current $22.5 billion estimated payout.

The incentive program, formed under the American Recovery and Reinvestment Act of 2009 (ARRA) has funded 89% of hospitals and 65% of physicians.

"To date, 4,477 hospitals of 5,011 total eligible ones have received more than $13.8 billion in payments under the Medicare or Medicaid programs, or both."
- Centers for Medicare and Medicaid Services
The growing use of EHRs has also made identity theft of patients' personal and medical information easier. Healthcare organizations can proactively detect identity theft by utilizing low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Centers for Medicare and Medicaid Services - www.cms.gov, 03/07/2014

Thursday, March 6, 2014

Target Exec Resigns After Breach

Target's technology chief has resigned amid breach investigations.

The company has started an external search for a chief compliance officer. In addition, the company has created the position of chief information security officer and is hiring outside for that position as well.

"There was not enough oversight, clearly, or enough controls."
- Amy Koo, a senior analyst at Kantar Retail in Boston
Although all facets of the Target breach are not yet known there have been reports that vendor credentials were used to inappropriately access Target systems. Knowing who can, and is, accessing which data is something that can be detected by utilizing low-cost on demand SaaS Identity and Access Intelligence analytics services.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) SOURCE_TITLE - www.StarTribune.com, 03/05/2014

Wednesday, March 5, 2014

Pharmacist Stole Patient IDs for Insurance Fraud

Chicago pharmacist Robert Kielar was sentenced to seven years in federal prison after being convicted of collecting more than $1.7 million through stealing the identities of unsuspecting pharmacy customers and making false claims to insurance companies for a drug he never dispensed.
" Kielar betrayed unsuspecting patients whose personal information he used."
- U.S. Attorney’s Office, Northern District of Illinois
It is unclear how the patients' identity theft was discovered but it could have been detected proactively with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Pharmacist Sentenced to Seven Years in Prison for Obtaining $1.7 Million From Health Insurers for Drug he Never Dispensed - www.justice.gov, 02/25/2014

Tuesday, March 4, 2014

Canadian Doctor Breaches Patient Privacy

A Canadian radio oncologist inappropriately accessed the files of 142 patients from hospital computers over a two-year period, starting in 2010.

The medical records the doctor viewed were all of women in their 20s and 30s and current or former hospital employees, according to CBC News. These patients were not under this doctor's care and Canadian privacy legislation stipulates "every use by a custodian of personal health information shall be limited to the minimum amount of information necessary to accomplish the purpose for which it is used."

A privacy breach by a doctor is unprecedented, according to the head of the province's regulatory body for doctors.
The inappropriate access was uncovered by "a routine audit a year ago" but the breaches started in 2010. Healthcare organizations can proactively identify unauthorized breaches of patient data privacy, even by authorized users, with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hospital privacy breach 'unprecedented,' regulatory body says - www.CBCNew.ca, 03/03/2014

Monday, March 3, 2014

Hospital Unaware of Privacy Breach Until Lawsuit

A California hospital only learned that a staff member had stolen PHI (Protected Health Information) after the staff member's lawyer said they'll use the stolen PHI in their case against the hospital.

The hospital is not not clear on how the breach occurred and that "it appears most of the PHI was taken in the approximate time period of 2012-2012."

An employee took PHI but the hospital only knows about it because the employee's lawyers want to use the stolen pHI in their case against the hospital..
Unfortunately it is not uncommon for healthcare organizations to learn of privacy data breaches from third parties such as law enforcement or lawsuits. For organizations seeking to proactively identify unauthorized breaches of patient data privacy, even by authorized users, low-cost on-demand SaaS analytics services are available.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) SOURCE_TITLE - SOURCE_NAME_AND_DATE

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.