Wednesday, April 30, 2014

Nearly One-third Drop Healthcare Provider After Breach

Nearly one-third ditch their healthcare providers after they've been breached, according to a report by Javelin Research.

"The straw breaking the camel's back is customers now in droves are being inconvenienced [by breaches]. They never thought it could happen to them... Now they think, 'This can happen to me,'" says Al Pascual, senior analyst of security, risk, and fraud at Javelin Strategy & Research.

"30% said they will seek a new doctor or hospital if it gets breached."
- Javelin Strategy and Research
Catch data theft by healthcare insiders before the theft becomes a HIPAA violation. Use a privacy breach detection service that detects ID theft by employees and contractors.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Consumers Ditch Their Breached Retailers, Banks and Doctors - www.DarkReading.com, 04/29/2014

Tuesday, April 29, 2014

Strong Job Growth in Health IT

The health IT industry had 186,300 jobs in 2012 and those positions will increase by 22 percent by 2022, according to the latest analysis of data on the medical records and health information technicians field by the US Bureau of Labor Statistics.

Most Health IT professionals in 2012 worked in hospitals (37 percent), physician offices (22 percent), nursing and residential care facilities (9 percent) and government (5 percent).

"There will be an additional 41,100 health information management jobs in the U.S. by 2022, a 22% increase over 2012."
- US Bureau of Labor Statistics
The bureau has a summary of its findings with information about health IT educational requirements, skills, and certifications.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Strong Growth in HIM Jobs Seen - www.HealthDataManagement.com, 04/25/2014

Thursday, April 24, 2014

Class Action Suit Pending in Hospital Privacy Breach

A privacy breach by an employee of a Canadian hospital has an Ottawa law firm moving forward with a class action lawsuit.

The employee, who inappropriately accessed 144 patient files, has been terminated. While many hospital staff have access patients' medical records, employees are only supposed to access patient files if they are part of that patient's circle of care.

"I have a representative plaintiff who is distraught about the disclosure of patient records. My intention is to move forward with a class action.” ."
- Michael Crystal, Ottawa attorney
The hospital reported the breaches went back to 2008. It is unclear why they had not been detected earlier, perhaps because they conduct "random audits" rather than a census of staff accesses of patient records. Healthcare organizations can can proactively detect data privacy breaches of every user access to patient records with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Class action suit in the works over privacy breach - www.SaultStar.com, 04/18/2014

Wednesday, April 23, 2014

DeSalvo : Patient Data Privacy is Important to Regulators

The new head of the Office of National Coordinator for Health IT (ONC), Karen DeSalvo, says privacy and security are vital to all their major projects.

According to Dr. DeSalvo, the more widespread use of electronic medical records (EHRs) has improved healthcare delivery but also makes privacy of patients' health information a priority.

"We consider privacy and security an important part of the work that we do."
- Karen DeSalvo, MD, Office of the National Coordinator for Health IT
DeSalvo noted that patients are willing to share their medical information to contribute to research but want their privacy protected. To ensure that access to a patient's EHR is appropriate healthcare organizations can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) ONC's DeSalvo on Privacy, Security - www.HealthInfoSecurity.com, 04/21/2014

Tuesday, April 22, 2014

Prison for Tax Fraud Using Patient Data Stolen from Medical Services Provider by Employee

A Lauderhill, Florida man, Andrew Ware, will spend almost six years in prison, followed by three years probation, for his role in an ID theft and tax refund fraud scheme; he is the sixth in the ring to be sentenced>.

His cousin, Latonya Ware, was an employee of a medical services provider and stole patients' identities to file fraudulent tax returns, according to federal prosecutors.

"The group submitted fraudulent tax refund claims for $137,132 and made $49,561 in unauthorized credit and debit card purchases."
- Sun Sentinel
It seems the medical services company first learned of the identity thefts from law enforcement. Healthcare organizations don't have to wait until law enforcement arrives, they can proactively detect patient identity thefts with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
> Sources:
(a) Lauderhill man gets five years in ID theft, tax fraud scheme - www.SunSentinel.com, 04/18/2014

Monday, April 21, 2014

Restaurant Employee ID Theft, Tax Fraud

Tekia Jones pleaded guilty to identity theft of 118 fellow employees' names, social security numbers at a national fast food restaurant chain. With an accomplice, Ivory Covigton, the stolen identities were then used to file 57 fraudulent tax returns for a refund fraud scheme. Sentencing is scheduled for June 24, 2014.
"Jones had access to employees’ names, social security numbers and dates of birth, but did not have permission to possess the employees’ information outside of her employment."
- US Attorney's Office, Southern District of Florida
From the court documents it appears the restaurant chain was unaware of the identity thefts until law enforcement contacted them. However, rather than learn of employee or customer identity thefts, organizations can proactively detect such thefts, even by authorized users, with low-cost on-demand SaaS analytics services.
Download a white paper on identity theft detection. Learn how to proactively identify unauthorized breaches of personal information, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former National Fast Food Restaurant Chain Employee And Co-Defendant Plead Guilty In Identity Theft Tax Fraud Scheme - www.Justice.gov, 04/16/2014

Friday, April 18, 2014

Key Attributes of Compliance Officer?

"A corporation C-suite is no longer complete without a chief compliance officer (CCO)," according to Alexandra Wrange, of Trace, a non-profit compliance organization.

Wrage notes finding a CCO who will foster a culture of compliance requires just the right skillset.

"Fostering a culture of compliance can be a daunting task and requires just the right skillset."
- Alexandra Wrage, President, Trace, non-profit compliance organization
She lists Flexibility, Diplomacy, Tenacity, Sensitivity, and Vision, as key attributes for a CCO. What would be on your list of key attributes for a chief compliance officer?
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Finding the Right Chief Compliance Officer - www.CorpCounsel.com, 04/16/2014

Thursday, April 17, 2014

Health IT Among Hottest Careers

High job growth in the health IT field is expected to continue in the next decade, according to the US Bureau of Labor Statistics.

Healthcare organizations are looking to hire health IT professionals who have the “right stuff” -- in addition to education and experience communication skills and integrity contribute to a successful career.

"Due to the convergence of government regulations, mobility, and emerging technologies to improve patient health information as well as patient care, a robust health IT market has been created."
- HIMSS
The shortage of experienced health IT professionals available for hire has led some organizations to utilize SaaS services. One example is low-cost on-demand SaaS analytics services for proactive detection of identity theft and privacy breaches.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) A Successful Career in Health IT Takes the Right Stuff - www.HIMSS.org, 04/15/2014

Wednesday, April 16, 2014

Navy Yard Shooter's Health Records Snooped

Subsequent to Aaron Alexis killing a dozen people at the Washington Navy Yard last September, the Air Force noted a spike in the number of personnel inappropriately accessing his electronic medical record (EMR).

Such snooping is illegal under the Health Insurance Portability and Accountability Act (HIPAA) and was so extensive that the Air Force Medical Operations Agency Director Brig. Gen. Sean Murphy to issued a medical command reminder of policy and law.

The illicit peeks were a “violation of the most fundamental trust our patients place in us every day. Breaches of this nature are clearly in violation and are plain and simply wrong."
- Air Force Medical Operations Agency Director Brig. Gen. Sean Murphy
With EMRs now widely used in federal and private health facilities, breaches of patient privacy are on the rise, from "one-time looks to the jaw-dropping unauthorized breach of 4.5 million Tricare records in 2011 — the largest compromise of health information recorded since reporting requirements changed in 2009."

Healthcare organizations can proactively detect inappropriate access, even by authorized users, with low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Your medical files may be at risk - www.MilitaryTimes.com, 04/15/2014

Tuesday, April 15, 2014

Pew: Nearly 1 in 5 Experienced Online Data Breach

Data theft is on the rise according to a January 2014 study by the Pew Research Center.

18% of 1,002 US adults surveyed reported personal information — social security numbers, credit card data, and banking information — had been stolen online. That’s a big increase from the 11 percent reported in a July 2013 survey.

"18% of adults reported personal information — social security numbers, credit card data, and banking information — had been stolen online."
- Pew Research Center
21% of online adults said they’ve had their email or social networking accounts compromised or hijacked without their permission. According to Mary Madden, a senior Pew researcher, the survey reflects "that a rising share of the public say they have experienced a personal data breach."
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Nearly 1 in 5 U.S. adults say their info has been stolen online - www.VentureBeat.org, 04/14/2014

Monday, April 14, 2014

Exempt Medical Apologies?

Governor Scott Walker of Wisconsin signed a bill on April 8th that allows doctors and other healthcare providers to apologize to patients without worrying if the statements could be used against them in court.

The new law makes apologies, condolences or expressions of sympathy inadmissible in civil proceedings and in administrative hearings concerning the healthcare provider's actions.

"The new law makes apologies, condolences or expressions of sympathy inadmissible in civil proceedings and in administrative hearings concerning the healthcare provider's actions."
- Channel 3000 News
Supporters say the law will encourage open communication between doctors and patients. Opponents, including trial attorneys, say this will make it harder for patients to bring successful malpractice lawsuits. What do you think?
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Governor signs web privacy, DNA collection, medical apology bills - www.Channel3000.com, 04/08/2014

Saturday, April 12, 2014

Employee Shared Patients' Info with Competitor

An employee of a urology practice in Tennessee gave the names and addresses of 1,144 patients to a competing medical practice to solicit those patients.

This unauthorized sharing of patient information is a violation of federal HIPAA privacy laws, even though Social Security numbers, financial, or other medical information was not included.

"An employee at a Knoxville urology practice released names and addresses of more then 1,100 patients to a competing medical provider." - Insurance News Net
The breach of patient data, which occurred during 2013 and 2014, was not discovered by the medical practice until patients calling about receiving solicitation letters from a competing provider.

Organizations who want to detect breaches of confidential, rather than learn about them from third parties, can utilize low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) SOURCE_TITLE - www.InsuranceNewsNet.com, 04/12/2014

Friday, April 11, 2014

Health IT Staff Shortage

The shortage of qualified healthcare IT professionals will negatively impact healthcare reform efforts, according to a report by iHealthBeat.

Thirty-one percent of healthcare organizations have put a project on hold owing to the difficulty of finding talent with IT as well a healthcare background, according to a HIMSS study.

"By the end of this year, there will be a national shortfall of 51,000 qualified health IT professionals."
- iHealthBeat.org
The Office of the National Coordinator for Health IT (ONC) has provided millions of dollars in grants for training and education programs. But healthcare organizations are taking more immediate steps to address staff shortages such as using using low-cost on-demand SaaS services. One example of this, for proactive detection of privacy breaches and user access compliance reporting, is SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Shortage of Health IT Professionals Imperils Health Care Reform Effort - www.iHealthBeat.org, 04/09/2014

Thursday, April 10, 2014

EU Breach Notification Guidance Issued

Under changes to EU law effective August 2013, all providers of publicly available electronic communications services in the EU have to inform national regulators within 24 hours of detecting a personal data breach.

The EU Working Party on Data Protection said it would be "good practice" for all organisations to follow the March 2014 published guidance on breach notification.

"Under changes to EU law effective August 2013, all providers of publicly available electronic communications services in the EU have to inform national regulators within 24 hours of detecting a personal data breach."
- European Union, Working Party on Data Protection
Organizations, worldwide, can proactively detect personal data breaches with low-cost on-demand SaaS analytics services.
Download a white paper on privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) EU watchdog issues guidance on the notification of data breaches to individuals - www.Out-Law.com, 04/2014/40

Wednesday, April 9, 2014

FTC Can Sue Over Poor Data Security

A U.S. court has ruled that the Federal Trade Commission (FTC) can proceed with a lawsuit against a corporation for allegedly failing to safeguard consumers' personal information.

The corporation had asked for the case to be dismissed arguing the FTC did not have jurisdiction to sue over lax security leading to a data breach.

"I'm pleased that the court has recognized the FTC's authority to hold companies accountable for safeguarding consumer data."
- FTC Chairwoman Edith Ramirez
It seems the FTC is taking more of an interest in ensuring consumers' data is protected. In September 2013 we noted an FTC case against a medical laboratory for "not using readily available measures to prevent and detect unauthorized access to personal information."

Given the FTC's ability to sue regarding protecting consumer data, organizations need to review their preventive and detective controls. A detective control for unauthorized access to customer data, even by authorized users, is low-cost on-demand SaaS analytics services.

Download a white paper on privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) U.S. FTC can sue hotel group over poor data security, court rules - www.Yahoo.com, 04/07/2014

Tuesday, April 8, 2014

DOJ: Tax Refund Fraud All Time High

US Attorney General Eric Holder has warned consumers and businesses that fraudulent tax refunds based on stolen identities (SIRF) is at an all time high.

Holder urged Americans to protect themselves by reporting suspicious activity and learning more at the IRS website, the Justice Department's Tax Division website, and STOPFRAUD.GOV.

"The Justice Department has seen the scale, scope, and execution of these [identity theft tax] fraud schemes grow significantly.."
- Eric Holder, US Attorney General
Unfortunately, healthcare organizations have been contributing to the SIRF problem. Some of their employees steal patient identities for SIRF by themselves or sell the IDs to others. Healthcare organizations who want to proactively detect identity theft, rather than learn about it from law enforcement, can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Dept. of Justice: IRS tax refund fraud at all-time high - www.NetworkWorld.com, 04/07/2014

Monday, April 7, 2014

Employee Accessed Personal Information Without Permission

Although a California hospital learned in September 2012 that an employee accessed patient information without permission, only now is the hospital notifying patients about the breach. Information such as Social Security numbers, driver’s license numbers, addresses, birth dates and limited medical information was inappropriately accessed.
"The hospital declined to answer why they waited more than a year to inform patients or whether police were notified."
- Orange County Register
Federal privacy law forbids unauthorized viewing of patient medical records; California allows the state Department of Public Health to fine hospitals for breaches of patients' privacy. Healthcare organizations seeking proactive detection of identity theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) La Palma Intercommunity Hospital informs patients of 2012 records breach - www.OCregister.com, 04/03/2014

Friday, April 4, 2014

ONC Offers Risk Assessment Tool

The Office of the National Coordinator for Health IT (ONC) is offering a tool for small and medium sized healthcare providers to assess information security risks.

The no-cost tool has questions to guide providers through each HIPAA requirement, as well as storage for answers and risk remediation plans, and ability to produce a report for auditors.

"Protecting patients' protected health information is important to all health care providers, and the new tool we are releasing ... will help them assess the security of their organizations."
- Karen DeSalvo, National Coordinator for Health IT
According to Karen DeSalvo, National Coordinator for Health IT, the "tool...has been designed to help health care providers conduct a risk assessment to support better security for patient health data." As part protecting patient data, even small and medium sized healthcare organizations can proactively detect identity theft and breaches with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
> Sources:
(a) ONC Unveils Security Risk Assessment App for Health Care Providers - www.iHealthBeat.org, 03/31/2014

Thursday, April 3, 2014

Another Sentence in Patient ID Thefts, Tax Fraud Scheme

Marquis Onigirin Moye, 24, of Pompano Beach, is the latest to be sentenced for his participation in a stolen identity tax refund (SIRF) scheme. Moye, who pled guilty to identity theft, was sentenced to 54 months in prison followed by three years of probation.

Others involved in this scheme have already been sentenced. The scheme involved an employee of a medical services provider giving user names and passwords to Tiffany Shenae Cooper so she could steal patient identities used by others in the ring to submit fraudulent tax returns.

"Cooper admitted to illegally logging on to the medical services provider’s computer network and downloading PII for the purpose of committing various types of fraud."
- US Attorney's Office, Southern District Florida
It is unclear why the medical services company, which as of 01/28/14 has not submitted a breach notification to the Department of Health and Human Services (HHS), did not detect the identity thefts prior to law enforcement. Healthcare organizations seeking proactive detection of identity thefts can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Final Defendant Pleads Guilty in Identity Theft Tax Refund Fraud Scheme Involving Thousands of Patients’ Personal Identity Information - www.Justice.gov, 03/29/2014

Wednesday, April 2, 2014

Privacy Class Action Need Not Show Harm?

In what is believed to be a first, data breach victims will be compensated without a claim for realized financial harm.

In Curry v. AvMed a $3 million class-action settlement was approved by a Florida federal district court. The case reflects an evolution of consumer privacy “harm” that is taking place in the courts and at the FTC.

"A Florida federal district court approved a $3 million class-action settlement believed to the first of its kind: one that compensated victims of a data breach without a claim for realized financial harm."
- PrivacyAssociation.org
"High-profile data breaches continue to hit the newsstands; class-action lawsuits follow; the Federal Trade Commission (FTC) and state attorneys general launch enforcement actions, and consumers complain in record numbers to federal and state legislators. The question of which breaches are actionable and what harms are compensable is more important than ever," according to an International Association of Privacy Professionals article "The Evolving Nature of Consumer Privacy Harm".

What do you think? Must privacy data breaches demonstrate financial harm to be considered actionable?

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) The Evolving Nature of Consumer Privacy Harm - www.PrivacyAssociation.org, 04/01/2014

Tuesday, April 1, 2014

Tax Fraud with Vets Stolen IDs

A convicted killer who used stolen veterans’ medical records to commit tax fraud has been sentenced to 7.5 years in federal prison.

Reportedly, this case involves a corrupt hospital employee who was selling records but who has not yet been charged. Two others related to this case have been convicted; one has been sentenced and the other is awaiting sentencing.

"The judge was horrified at the fraud, which was part of a wave of identity theft tax refund fraud that washed over the Tampa area the last few years."
- Sun Coast News
Unfortunately this is not the first insider breach at the Tampa veterans hospital. Last year an employee as well as two volunteers stole veterans' identities for tax fraud schemes. Healthcare organizations can proactively detect identity thefts, before the police arrive, by utilizing low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Man gets prison for commiting tax fraud with vets’ stolen medical records - www.SunCoastNews.com, 04/01/2014

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.