All Posts in Category: Health Basics

HIPAA Compliance Refresher- Brought to you By: CAM HIPAA Solutions 888-959-0220

HIPAA Compliance Refresher: Know the Basics

Nearly twenty years ago, the Health Insurance Portability and Accountability Act (HIPAA) was signed into law. The HIPAA Privacy and Security Rules have had a vast and lasting impact on a wide range of organizations. As such, the federal government initially allowed for a degree ofbooks flexibility as rules were clarified over time. Early on, many organizations took only minimal steps toward HIPAA compliance.

Read More
Accidental and Unauthorized Emails Create PHI Security Issues Brought to you by: CAM HIPAA Solutions- (888) 959-0220

Accidental and Unauthorized Emails Create PHI Security Issues

No covered entity wants to notify patients of a potential PHI security incident, yet even with the appropriate safeguards in place, problems could still occur. When this happens, it is important to properly notify potentially affected individuals and then make the necessary changes in existing safeguards to ensure that the same issue does not occur again.

Two different facilities recently dealt with a variety of health data security issues, which is a perfect example of how organizations need a well-rounded approach to security. Anything from human error to cyber attacks could create potential PHI security issues that will need to be handled in a timely manner.

 
New York facility notifies 90,000 patients of PHI data breach

A former employee at HHC Jacobi Medical Center in the Bronx reportedly put the PHI of 90,000 patients at risk after she improperly accessed and transmitted files containing PHI to her personal email account. The individual also sent the information to her email account at her new employer, which is a New York City agency, according to a New York City Health and Hospitals Corporation (HHC) statement from April 28.

Potentially exposed information includes patient names, addresses, dates of birth, telephone numbers, medical record numbers, treatment dates and types of services, and limited sensitive health information. HHC said that health insurance identification numbers, which may have included Social Security numbers, were also potentially exposed for some patients.

“The unauthorized disclosure was discovered by HHC’s information governance and security program that, among other things, monitors and detects all email communications that contain PHI and other confidential information that are sent from HHC’s information systems without proper authorization,” the statement read.

HHC added that there is no evidence showing that the data was misused in any way, or that it was viewed or sent to anyone other than the former employee.

“HHC has taken immediate measures to prevent the recurrence of this incident, including the automatic blocking of communications containing PHI and other confidential information from being sent from HHC’s information systems to any site or entity outside of the HHC security network other than for legitimate business purposes,” the organization said.

 

Immunization records accidentally sent to state registry

Approximately 1,000 patients at the UT Southwestern Medical Center had their immunization records mistakenly sent to a confidential Texas registry, according to The Dallas Morning News. Physicians, health departments and school districts all use the registry.

“UT Southwestern notified us of the issue, and we deleted the records from the ImmTrac system,” department spokeswoman Christine Mann told the news source. “It appears it was an error and the issue has been resolved.”

UTSW said that the issue was due to a computer glitch that occurred during “a routine upgrade to the system,” and that it learned about the records being shared after a patient inquiry on March 6. However, UTSW added that the records were transmitted to the state registry starting January 9.

The facility underlined the point that while the immunization records were mistakenly sent to the state registry, the system is “subject to strict confidentiality requirements” and that all data transmitted is done with “high-strength encryption.”

“We corrected the electronic issue in our system the same day it was discovered,” UTSW spokesman Russell Rian said in a statement, according to the news source. “And we worked diligently…to prevent any future occurrence.”

Read More

How much patient data is worth on the internet

How much patient data is worth on the internet? More than your credit profile!

The post appeared on June 26, 2014 in EMR & HIPAA

It’s one thing to have a laptop stolen with 8,000 patient records or for a disgruntled doctor to grab his patients’ records and start his own practice. It’s another when the Cosa Nostra steals that information, siphons money from the patient’s bank account and turns it into a patient trafficking crime ring. Welcome to organized crime in the age of big data.

Organized crime syndicates and gangs targeting medical practices and stealing patient information are on the rise. They’re grabbing patient names, addresses, insurance details, social security numbers, birth dates, etc., and using it to steal patients’ identities and their assets.

It’s not uncommon for the girlfriend of a gang member to infiltrate a medical practice or hospital, gain access to electronic health records, download patient information and hand it over to the offender who uses it to file false tax returns. In fact gang members often rent a hotel room and file the returns together, netting $40,000-$50,000 in one night!

Florida is hotbed for this activity and it’s spreading across the country. In California, narcotics investigators took down a methamphetamine ring and confiscated patient information on 4,500 patients. Investigators believe the stolen information was being used to obtain prescription drugs to make the illicit drug.

Read More
Unencrypted devices CAM HIPAA Solutions 888-959-0220

Unencrypted Devices Still a Breach Headache

The Ongoing Risk Posed by Lost, Stolen Mobile Devices

By , May 12, 2015. Unencrypted Devices Still a Breach Headache

While hacker attacks are grabbing most of the health data breach headlines so far in 2015, a far more ordinary culprit – the loss or theft of unencrypted computing devices – is still putting patient data at risk.

Incidents involving unencrypted laptops, storage media and other computing devices are still popping up on the Department of Health and Human Services’ “wall of shame,” which lists health data breaches affecting 500 or more individuals. Among the largest of the most recent incidents is a breach at the Indiana State Medical Association.

That breach involved the theft of a laptop computer and two hard drives from a car parked for 2-1/2 hours in an Indianapolis lot, according to local news website, The Star Press. Information on more than 38,000 individuals, including ISMA employees, as well as physicians, their families and staff, was contained in the ISMA group health and life insurance databases on those devices.

The incident occurred on Feb. 3 while ISMA’s IT administrator was transporting the hard drives to an offsite storage location as part of ISMA’s disaster recovery plan, according to The Star Press. An ISMA spokeswoman declined Information Security Media Group’s request to comment on the breach, citing that there are “ongoing civil and criminal investigations under way.”

A breach notification letter sent by ISMA indicates that compromised data included name, address, date of birth, health plan number, and in some cases, Social Security number, medical information and email address. ISMA is offering those affected one year’s worth of free credit monitoring.

Common Culprit

As of Feb. 27, 51 percent of major health data breaches occurring since 2009 involved a theft while 9 percent involved a loss, according to data presented by an Office for Civil Rights official during a session at the recent HIMSS 2015 Conference in Chicago. Of all major breaches, laptop devices were involved in 21 percent of the incidents, portable electronic devices in 11 percent and desktop computers in 12 percent, according to the OCR data.

Two of the five largest breaches to date on the Wall of Shame involved stolen unencrypted computing devices:

  • A 2011 breach involving the theft of unencrypted backup computer tapes containing information on about 4.9 million individuals from the car of a Science Applications International Corp. employee who was transporting them between federal facilities on behalf of military health program TRICARE.
  • The 2013 theft of four unencrypted desktop computers from an office of Advocate Health and Hospital Corp. in Chicago, which exposed information on about 4 million patients.

Many smaller breaches affecting less than 500 individuals also involve unencrypted computing devices, according to OCR.

Safe Harbor

The thefts and losses of encrypted computing devices are not reportable breaches under HIPAA. That’s why security experts express frustration that the loss and theft of unencypted devices remains a common breach cause.

“It is unfortunate that [encryption] is considered an ‘addressable’ requirement under HIPAA, as many people don’t realize that this does not mean optional,” says Dan Berger, CEO of security risk assessment firm Redspin, which was recently acquired by Auxilio Inc.

Under HIPAA, after a risk assessment, if an entity has determined that encryption is a reasonable and appropriate safeguard in its risk management of the confidentiality, integrity and availability of e-PHI, it must implement the technology. However, if the entity decides that encryption is not reasonable and appropriate, the organization must document that determination and implement an equivalent alternative measure, according to HHS.

Attorney David Holtzman, vice president of compliance at the security consulting firm CynergisTek, says he’s expecting to see soon an OCR resolution agreement with a healthcare provider that suffered several breach incidents caused by their failure to manage the mobile devices used by their employees on which electronic protected health information was stored or accessed.

Read More
Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website