All Posts Tagged: hipaa violations

doctor's mobile devices

1 in 5 Doctor’s Mobile Devices May Be At High Risk

As important a role as mobile plays in healthcare, it may also pose an equally serious threat, according to a report by Skycure, a mobile threat defense company based in Palo Alto, Calif. In fact, the report found that the doctors who use mobile devices—approximately 80% of doctors use mobile devices and 28% store patient data on their mobile device, according to the report– in their day-to-day practice are exposed to network threats that increase over time.

Read More
ransomware hackers steal hospital

Ransomware Hackers Steal A Hospital. Again.

A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate.

The hacker who stole Hollywood Presbyterian asked for $3.6 million, but settled for a piddling $17,000 (40 bitcoin), presumably after they realized that their random infectious agent had kidnapped a giant, high-profile institution that would be able to motivate serious law-enforcement investigations that would move ever-closer to their true identity the longer the ransom negotiations continued.

Ransomware Hackers Steal Hospital Information, Again

Henderson, Kentucky’s Methodist Hospital has declared an “Internal State of Emergency,” having been shut down by a piece of ransomware called “Locky.” The hospital’s spokeslawyer, David Park, said that they’re addressing the ransomware attack using plans designed to help the hospital weather a tornado or other natural disaster.

The attackers are only asking for $1,600 (4 bitcoin) to unlock the hospital’s files.

Brian Krebs speculates that the attackers didn’t set out to hold a hospital to ransom, and have no real appreciation of how much they could be asking for (though the Kentucky hospital seems to have been less compromised than the one in Hollywood). He warns that in future, ransomware creeps will start targeting their attacks, aiming for victims who have more to lose, and more to spend, when their data is taken from them.

“We haven’t yet made decision on that, we’re working through the process,” with the FBI, he said. “I think it’s our position that we’re not going to pay it unless we absolutely have to.”

The attackers are demanding a mere four bitcoins in exchange for a key to unlock the encrypted files; that’s a little more than USD $1,600 at today’s exchange rate.

Park said the administration hasn’t ruled out paying the ransom.

Read More
northwell health hipaa settlement

Northwell Health HIPAA Settlement-Agrees To Pay $3.9M

The Feinstein Institute for Medical Research has agreed to settle potential HIPAA violations with a $3.9 million payment and a substantial corrective action plan.

Feinstein is a biomedical research institute based in Manhasset, N.Y., that falls under the Great Neck, N.Y.-based Northwell Health enterprise. In 2012, Feinstein reported a data breach after a computer containing the electronic protected health information of nearly 13,000 patients and research participants was stolen from an employee’s car. Information stored on the laptop included names, birth dates, addresses, Social Security numbers, diagnoses, laboratory results, medications and other medical information.

Northwell Health HIPAA Settlement

HHS’ Office of Civil Rights launched an investigation into the breach and determined Feinstein’s security management processes to be incomplete and insufficient to address potential risks and vulnerabilities of electronic PHI, including failure to restrict access to unauthorized users and a lack of policies and procedures to govern the removal of laptops out of its facilities.

“Research institutions subject to HIPAA must be held to the same compliance standards as all other HIPAA-covered entities,” said OCR Director Jocelyn Samuels. “For individuals to trust in the research process and for patients to trust in those institutions, they must have some assurance that their information is kept private and secure.”

Read More
alj upholds hipaa violations

ALJ Upholds HIPAA Violations: $239,800 In Civil Monetary Penalties

Home health care provider Lincare, Inc. must pay $239,800 in civil monetary penalties for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule, according to a February 3, 2016 press release from the U.S. Department of Health and Human Services (“HHS”). The announcement follows a January 13, 2016 administrative ruling granting summary judgment in favor of the HHS’s Office for Civil Rights (“OCR”). This is only the second time that OCR has sought civil monetary penalties for a HIPAA violation; OCR typically resolves violations through undertakings for voluntary compliance.

Lincare, a nationwide provider of respiratory care, infusion therapy, and medical equipment to in-home patients, came under investigation in 2008 after OCR received a complaint from the estranged husband of an Arkansas-based Lincare employee. Based on a subsequent investigation by OCR, OCR alleged that the employee routinely left documents containing 278 patients’ protected health information (“PHI”) in unsecure locations, such as the couple’s shared car and home. It was undisputed that the employee’s husband was not authorized to view the PHI. Moreover, according to OCR, the employee abandoned the documents altogether after moving residences.

In January 2014, after concluding the lengthy investigation, OCR cited Lincare for three violations of HIPAA’s Privacy Rule, which sets standards for the use and disclosure of protected health information. OCR issued corresponding civil monetary penalties for each alleged violation: (1) $25,000 for impermissible disclosure of PHI; (2) $25,000 for failure to safeguard PHI; and (3) $189,800 for insufficient policies and procedures related to the removal of PHI from business premises. In calculating penalties, OCR took into account that Lincare neglected to review and revise its HIPAA policies after learning about the complaint.

On appeal, Administrative Law Judge (“ALJ”) Carolyn Cozad Hughes granted summary judgment in favor of OCR after concluding that, based on the “undisputed evidence,” Lincare violated HIPAA’s Privacy Rule. Specifically, the ALJ found that Lincare failed to safeguard the PHI of patients; a Lincare employee disclosed patient PHI to an unauthorized individual; and Lincare lacked policies and procedures designed to ensure compliance with the Privacy Rule. Lincare waived any challenge to the penalty amount, and the ALJ sustained OCR’s proposed civil monetary penalties of $239,800. Lincare has 30 days to file a notice of appeal with the Appellate Division of the HHS Departmental Appeals Board.

Original content by JDSupra Business Advisor

Read More
Feds Wont Punish URMC

Feds Wont Punish URMC for Last Year’s HIPAA Violation

The University of Rochester Medical Center will not face any action by the federal government after a breach of patient privacy last year involving a nurse practitioner who was leaving for a new job.

URMC was fined $15,000 by the office of New York state Attorney General Eric Schneiderman and required to take other action to ensure compliance with the Health Insurance Portability and Accountability Act after the practitioner shared protected patient information with her new employer, Greater Rochester Neurology.

URMC had to report the breach to the federal Department of Health and Human Services, whose Office for Civil Rights investigates HIPAA breaches. Violations fall into four categories with corresponding penalties. The maximum fine is $1.5 million.

HHS neither confirms nor denies investigations, but URMC officials acknowledged in December that the agency was looking into the violation.

Feds Wont Punish URMC

Asked to provide an update, associate vice president for communications Christopher DiFrancesco wrote in an email, “HHS is aware of the resolution reached with the New York State Attorney General, and they informed us last month that they do not plan to take any further action regarding this matter.”

The attorney general’s office declined comment on whether it was investigating Greater Rochester Neurology. A call to the practice about any action taken against it was not immediately returned.

Last May, URMC officials announced a breach involving a nurse practitioner in the department of neurology.

An investigation by the attorney general found that on March 27, the nurse practitioner asked URMC for list of patients she had treated and received a spreadsheet of patient names, addresses and diagnoses.

The nurse practitioner, whom URMC eventually confirmed as Martha Smith-Lightfoot, shared the information with her new employer, Greater Rochester Neurology.

URMC said it learned of the breach on April 24 by patients who said they received letters from Greater Rochester Neurology.

URMC said Smith-Lightfoot requested the list to help ensure the continuity of care for patients she was leaving. URMC received assurance from Greater Rochester Neurology that the information had been returned or deleted.

In addition to paying the fine, URMC had to train staff on HIPAA policies, including how patient information is handled when employees leave or join the system, and for three years has to report breaches to the attorney general.

Original content by Democrat & Chronicle

Read More
montana va privacy violations

Missing Box of Records Among Montana VA Privacy Violations

FORT HARRISON – A recent report shows a pattern of patient privacy violations at the Veterans Affairs medical system. And the VA Montana at Fort Harrison has not been immune — with dozens of violations since 2011, including the apparent disappearance of a box containing the records of 171 patients.

Online news organization ProPublica obtained the data from the U.S. Department of Veterans Affairs and the U.S. Department of Health and Human Services Office of Civil Rights, which track violations of the the nation’s main privacy law — the Health Insurance Portability and Accountability Act, or HIPAA.

The report shows 59 HIPAA violations in Montana reported in 2011 or thereafter — 44 of them involving VA Montana (including two violations at the VA’s Denver office that involved Montana patients).

Nearly all of the HIPAA violations involved mistakenly sending information, bills or lab results to the wrong veteran.

But one violation stands out: Back in 2010, the VA in Sheridan, Wyoming sent a box with the records of 171 veterans to the wrong location — a VA warehouse at Fort Harrison, where a VA worker signed for it, according to a letter uncovered by ProPublica.

“Following receipt at the VA’s warehouse, the box was lost and never found,” the regional director of the USHHS Office of Civil Rights recounted in a letter to the VA in November 2011. The letter says it’s possible warehouse personnel forwarded the papers to the correct recipient, the Network Authorization Office. But the NAO was unable to confirm it ever got them. The VA revised its mail procedures as a result of the breach, the letter says, and instituted a new software system to the allow the NAO access to scanned records to perform its audits.

In another case, an unauthorized VA staffer found a patient’s cell phone number in medical records. In all cases, the VA provided credit monitoring services for those affected.

In an email a VA Montana spokesman noted that the most common violation — information mailed to the wrong veteran — occurred in just 18 of the more than 500,000 mailing VA Montana sent in Fiscal Year 2015. “Despite the incredibly low incidence of missed mailings, VA Montana has worked diligently to reduce them entirely by implementing strict staff procedures that emphasize quality and accountability,” the spokesman, Mike Garcia, wrote.

The VA requires annual privacy and information security training for all its employees and contractors, he said, and they are required to report all violations. In addition to the 44 violations connected to the VA, the ProPublica data shows 15 violations at health care providers and others in Montana.

Available details on most of those violations are sparse, but the incidents include the 2014 hack of data at the Montana Department of Public Health and Human Services, in which hundreds of thousands of pieces of sensitive information may have been vulnerable.

Original Content by KBZK

Read More
Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website