All Posts Tagged: hipaa breaches

doctor's mobile devices

1 in 5 Doctor’s Mobile Devices May Be At High Risk

As important a role as mobile plays in healthcare, it may also pose an equally serious threat, according to a report by Skycure, a mobile threat defense company based in Palo Alto, Calif. In fact, the report found that the doctors who use mobile devices—approximately 80% of doctors use mobile devices and 28% store patient data on their mobile device, according to the report– in their day-to-day practice are exposed to network threats that increase over time.

Read More
small hipaa violations

Small HIPAA Violations Can Cause BIG Problems

The large data breaches that compromise the protected health information (PHI) of thousands of people are the ones that receive all the attention, but the smaller violations of the Health Insurance Portability and Accountability Act (HIPAA) can be just as harmful, if not more so, to those involved. Healthcare leaders too often devote most of their attention to the large breaches and not enough to the more common, smaller violations, experts say.

Read More
ransomware hackers steal hospital

Ransomware Hackers Steal A Hospital. Again.

A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate.

The hacker who stole Hollywood Presbyterian asked for $3.6 million, but settled for a piddling $17,000 (40 bitcoin), presumably after they realized that their random infectious agent had kidnapped a giant, high-profile institution that would be able to motivate serious law-enforcement investigations that would move ever-closer to their true identity the longer the ransom negotiations continued.

Ransomware Hackers Steal Hospital Information, Again

Henderson, Kentucky’s Methodist Hospital has declared an “Internal State of Emergency,” having been shut down by a piece of ransomware called “Locky.” The hospital’s spokeslawyer, David Park, said that they’re addressing the ransomware attack using plans designed to help the hospital weather a tornado or other natural disaster.

The attackers are only asking for $1,600 (4 bitcoin) to unlock the hospital’s files.

Brian Krebs speculates that the attackers didn’t set out to hold a hospital to ransom, and have no real appreciation of how much they could be asking for (though the Kentucky hospital seems to have been less compromised than the one in Hollywood). He warns that in future, ransomware creeps will start targeting their attacks, aiming for victims who have more to lose, and more to spend, when their data is taken from them.

“We haven’t yet made decision on that, we’re working through the process,” with the FBI, he said. “I think it’s our position that we’re not going to pay it unless we absolutely have to.”

The attackers are demanding a mere four bitcoins in exchange for a key to unlock the encrypted files; that’s a little more than USD $1,600 at today’s exchange rate.

Park said the administration hasn’t ruled out paying the ransom.

Read More
alj upholds hipaa violations

ALJ Upholds HIPAA Violations: $239,800 In Civil Monetary Penalties

Home health care provider Lincare, Inc. must pay $239,800 in civil monetary penalties for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule, according to a February 3, 2016 press release from the U.S. Department of Health and Human Services (“HHS”). The announcement follows a January 13, 2016 administrative ruling granting summary judgment in favor of the HHS’s Office for Civil Rights (“OCR”). This is only the second time that OCR has sought civil monetary penalties for a HIPAA violation; OCR typically resolves violations through undertakings for voluntary compliance.

Lincare, a nationwide provider of respiratory care, infusion therapy, and medical equipment to in-home patients, came under investigation in 2008 after OCR received a complaint from the estranged husband of an Arkansas-based Lincare employee. Based on a subsequent investigation by OCR, OCR alleged that the employee routinely left documents containing 278 patients’ protected health information (“PHI”) in unsecure locations, such as the couple’s shared car and home. It was undisputed that the employee’s husband was not authorized to view the PHI. Moreover, according to OCR, the employee abandoned the documents altogether after moving residences.

In January 2014, after concluding the lengthy investigation, OCR cited Lincare for three violations of HIPAA’s Privacy Rule, which sets standards for the use and disclosure of protected health information. OCR issued corresponding civil monetary penalties for each alleged violation: (1) $25,000 for impermissible disclosure of PHI; (2) $25,000 for failure to safeguard PHI; and (3) $189,800 for insufficient policies and procedures related to the removal of PHI from business premises. In calculating penalties, OCR took into account that Lincare neglected to review and revise its HIPAA policies after learning about the complaint.

On appeal, Administrative Law Judge (“ALJ”) Carolyn Cozad Hughes granted summary judgment in favor of OCR after concluding that, based on the “undisputed evidence,” Lincare violated HIPAA’s Privacy Rule. Specifically, the ALJ found that Lincare failed to safeguard the PHI of patients; a Lincare employee disclosed patient PHI to an unauthorized individual; and Lincare lacked policies and procedures designed to ensure compliance with the Privacy Rule. Lincare waived any challenge to the penalty amount, and the ALJ sustained OCR’s proposed civil monetary penalties of $239,800. Lincare has 30 days to file a notice of appeal with the Appellate Division of the HHS Departmental Appeals Board.

Original content by JDSupra Business Advisor

Read More
911 dispatcher fired

911 Dispatcher Fired For Sharing Caller’s PHI on Facebook

A Catoosa County 911 dispatcher was fired Friday morning for sharing on Facebook the private information of at least one person who called 911.

Holly Dowis was terminated Friday following an internal investigation into her conduct while on the job.

A Channel 3 investigation found Dowis sent a screenshot to Facebook friends in a private chat of one man’s call to 911 requesting emergency assistance.

Sixty-year-old Ringgold resident Ron Darnell called Catoosa County dispatch on December 23rd when he had a blood clot which resulted in an “embarrassing” medical problem.

“I had a blood clot break loose and come out of my body,” he said. “I called to get emergency help and I almost died that day.”

911 Dispatcher FiredThe 911 dispatch screen detailing his call included his name, phone number, address and exact medical complaint. Dowis then took a photo of all that personal information and posted it to a Facebook group chat with some friends.

“A call I just took,” Dowis wrote.

Darnell fears he’s not the only victim. “If they put out mine, how many others have they put out of other people that don’t know it and just making fun of people?”

Dowis has worked with the county since 2007 and was named communications officer of the year in 2013.

“911 is an organization that we must rely on to keep information confidential and to communicate that information to law enforcement officials only and she has violated the public trust,” said Chattanooga Attorney Stuart James.

County Manager Jim Walker said Dowis was fired for misconduct and violating federal and county rules. The county learned of the allegations Tuesday, placed Dowis on administrative leave Wednesday, concluded its investigation Thursday and officially terminated her Friday morning at 11 a.m.

Walker said Dowis had committed similar offenses in the past, though not to this severity, and had been issued warnings.

Darnell told Channel 3 that her losing her job is not enough. He wants to see criminal charges filed against Dowis, which Chattanooga attorney Stuart James said is not far-fetched.

“There’s this thing called HIPAA that guarantees our medical records remain private and that they are private from other people seeing those records,” Stuart James said. “What I see here is not only did she discuss the medical condition the man was suffering from but also named his name, put his address of the Internet and it was a huge privacy concern for him, a huge HIPAA violation, and a huge problem for the 911 center down in Georgia.”

James said criminal charges would be up to a district attorney. But he said in terms of a civil lawsuit, there are issues of a man’s right to privacy, HIPAA violations, and possible libel and slander.

Channel 3 reached out to Dowis and left her a voicemail asking for her side of the story. She has not returned that call as of early Friday afternoon.

Original content by WRCBtv

Read More
Feds Wont Punish URMC

Feds Wont Punish URMC for Last Year’s HIPAA Violation

The University of Rochester Medical Center will not face any action by the federal government after a breach of patient privacy last year involving a nurse practitioner who was leaving for a new job.

URMC was fined $15,000 by the office of New York state Attorney General Eric Schneiderman and required to take other action to ensure compliance with the Health Insurance Portability and Accountability Act after the practitioner shared protected patient information with her new employer, Greater Rochester Neurology.

URMC had to report the breach to the federal Department of Health and Human Services, whose Office for Civil Rights investigates HIPAA breaches. Violations fall into four categories with corresponding penalties. The maximum fine is $1.5 million.

HHS neither confirms nor denies investigations, but URMC officials acknowledged in December that the agency was looking into the violation.

Feds Wont Punish URMC

Asked to provide an update, associate vice president for communications Christopher DiFrancesco wrote in an email, “HHS is aware of the resolution reached with the New York State Attorney General, and they informed us last month that they do not plan to take any further action regarding this matter.”

The attorney general’s office declined comment on whether it was investigating Greater Rochester Neurology. A call to the practice about any action taken against it was not immediately returned.

Last May, URMC officials announced a breach involving a nurse practitioner in the department of neurology.

An investigation by the attorney general found that on March 27, the nurse practitioner asked URMC for list of patients she had treated and received a spreadsheet of patient names, addresses and diagnoses.

The nurse practitioner, whom URMC eventually confirmed as Martha Smith-Lightfoot, shared the information with her new employer, Greater Rochester Neurology.

URMC said it learned of the breach on April 24 by patients who said they received letters from Greater Rochester Neurology.

URMC said Smith-Lightfoot requested the list to help ensure the continuity of care for patients she was leaving. URMC received assurance from Greater Rochester Neurology that the information had been returned or deleted.

In addition to paying the fine, URMC had to train staff on HIPAA policies, including how patient information is handled when employees leave or join the system, and for three years has to report breaches to the attorney general.

Original content by Democrat & Chronicle

Read More
Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website