All Posts Tagged: online safety

911 dispatcher fired

911 Dispatcher Fired For Sharing Caller’s PHI on Facebook

A Catoosa County 911 dispatcher was fired Friday morning for sharing on Facebook the private information of at least one person who called 911.

Holly Dowis was terminated Friday following an internal investigation into her conduct while on the job.

A Channel 3 investigation found Dowis sent a screenshot to Facebook friends in a private chat of one man’s call to 911 requesting emergency assistance.

Sixty-year-old Ringgold resident Ron Darnell called Catoosa County dispatch on December 23rd when he had a blood clot which resulted in an “embarrassing” medical problem.

“I had a blood clot break loose and come out of my body,” he said. “I called to get emergency help and I almost died that day.”

911 Dispatcher FiredThe 911 dispatch screen detailing his call included his name, phone number, address and exact medical complaint. Dowis then took a photo of all that personal information and posted it to a Facebook group chat with some friends.

“A call I just took,” Dowis wrote.

Darnell fears he’s not the only victim. “If they put out mine, how many others have they put out of other people that don’t know it and just making fun of people?”

Dowis has worked with the county since 2007 and was named communications officer of the year in 2013.

“911 is an organization that we must rely on to keep information confidential and to communicate that information to law enforcement officials only and she has violated the public trust,” said Chattanooga Attorney Stuart James.

County Manager Jim Walker said Dowis was fired for misconduct and violating federal and county rules. The county learned of the allegations Tuesday, placed Dowis on administrative leave Wednesday, concluded its investigation Thursday and officially terminated her Friday morning at 11 a.m.

Walker said Dowis had committed similar offenses in the past, though not to this severity, and had been issued warnings.

Darnell told Channel 3 that her losing her job is not enough. He wants to see criminal charges filed against Dowis, which Chattanooga attorney Stuart James said is not far-fetched.

“There’s this thing called HIPAA that guarantees our medical records remain private and that they are private from other people seeing those records,” Stuart James said. “What I see here is not only did she discuss the medical condition the man was suffering from but also named his name, put his address of the Internet and it was a huge privacy concern for him, a huge HIPAA violation, and a huge problem for the 911 center down in Georgia.”

James said criminal charges would be up to a district attorney. But he said in terms of a civil lawsuit, there are issues of a man’s right to privacy, HIPAA violations, and possible libel and slander.

Channel 3 reached out to Dowis and left her a voicemail asking for her side of the story. She has not returned that call as of early Friday afternoon.

Original content by WRCBtv

Read More
Triple-S HIPAA Settlement - CAM HIPAA Solutions

Triple-S HIPAA Settlement: $3.5 Million HIPAA Settlement

Triple-S Management Corporation (“TRIPLE-S”), on behalf of its wholly owned subsidiaries, Triple-S Salud Inc., Triple-C Inc. and Triple-S Advantage Inc. , formerly known as American Health Medicare Inc.,  has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR).  TRIPLE-S will pay $3.5 million and will adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program, an effort it has already begun.

“OCR remains committed to strong enforcement of the HIPAA Rules,” said OCR Director Jocelyn Samuels. “This case sends an important message for HIPAA Covered Entities not only about compliance with the requirements of the Security Rule, including risk analysis, but compliance with the requirements of the Privacy Rule, including those addressing business associate agreements and the minimum necessary use of protected health information.”

TRIPLE-S is an insurance holding company based in San Juan, Puerto Rico, which offers a wide range of insurance products and services to residents of Puerto Rico through its subsidiaries.  TRIPLE-S has fully cooperated with HHS in investigating this case and has agreed to put in place a comprehensive HIPAA compliance program as a condition for settlement.

After receiving multiple breach notifications from TRIPLE-S involving unsecured protected health information (PHI), OCR initiated investigations to ascertain the entities’ compliance with HIPAA Rules. OCR’s investigations indicated widespread non-compliance throughout the various subsidiaries of Triple-S, including:

  • Failure to implement appropriate administrative, physical, and technical safeguards to protect the privacy of its beneficiaries’ PHI;
  • Impermissible disclosure of its beneficiaries’ PHI to an outside vendor with which it did not have an appropriate business associate agreement;
  • Use or Disclosure of more PHI than was necessary to carry out mailings;
  • Failure to conduct an accurate and thorough risk analysis that incorporates all IT equipment, applications, and data systems utilizing ePHI; and
  • Failure to implement security measures sufficient to reduce the risks and vulnerabilities to its ePHI to a reasonable and appropriate level.

The settlement requires TRIPLE-S to establish a comprehensive compliance program designed to protect the security, confidentiality, and integrity of the personal information it collects from its beneficiaries, that includes:

  • A risk analysis and a risk management plan;
  • A process to evaluate and address any environmental or operational changes that affect the security of the ePHI it holds;
  • Policies and procedures to facilitate compliance with requirements of the HIPAA Rules; and
  • A training program covering the requirements of the Privacy, Security, and Breach Notification Rules, intended to be used for all members of the workforce and business associates providing services on TRIPLE-S premises.

Triple-S, with the help of OCR through its technical assistance, had already begun to take extensive corrective action, as required by the Corrective Action Plan, and will continue to work with OCR to come into compliance with HIPAA.

“Triple-S is committed to protecting the privacy and security of its beneficiaries’ health information and implementing the Corrective Action Plan entered into with OCR,” said President and CEO of Triple-S Management Corporation, Ramon M. Ruiz.  “We are pleased with the agreement and regard it as an opportunity to strengthen our privacy policies. We have appreciated OCR’s technical assistance to date, and look forward to our collaboration in the future.”

The Resolution Agreement and Corrective Action Plan can be found on the OCR website.

HHS offers guidance on how your organization can conduct a HIPAA Risk Analysis.

To learn more about non-discrimination and health information privacy laws, your civil rights, and privacy rights in health care and human service settings, and to find information on filing a complaint, visit H.H.S. at http://www.hhs.gov/ocr/office

Read More

5 Best Practices for Mobile Device Security in Healthcare

The specter of HIPAA is at the back of every health care provider’s mind, every day, in every interaction. Providers must constantly question if the information they are sharing, and how they are sharing it, falls within the law’s privacy guidelines. If they aren’t following the rules, they know, they could face significant fines and other consequences.

Yet for many providers, the same care and consideration that they give to conversations, emails, and other interactions doesn’t always extend to their mobile device use. Often, it’s assumptions about the security of their devices, as in, they believe that they are more secure than they really are, that leads to potential HIPAA violations, not to mention, creating the risk of a data breach. For that reason, it’s important that health care providers, and facilities, make mobile device security a bigger priority, in order to protect patient information and confidentiality.

Read More
HIPAA Friendly BYOD

Writing a HIPAA Friendly BYOD Policy

Tablets, smartphones and laptops employees bring in can be secured through a thoughtful combination of BYOD policy and technology controls.

The bring-your-own-device movement can’t be stopped, but for HIPAA-minded health care CIOs who must secure their networks against data breaches, personal devices must be contained via a HIPAA friendly BYOD policy.

Read More

HHS Releases HITECH Act Final Rules

The Department of Health and Human Services has released the HITECH Act final rules for the electronic health record incentive program. Those rules, which address privacy and security, among other issues, include a rule spelling out how providers can demonstrate meaningful use of EHRs to earn additional incentive payments in Stage 3 and a rule setting 2015 health IT software certification criteria. Providers participating in the incentive program must use certified software.

The two final rules simplify requirements and add new flexibilities for providers to make electronic health information available when and where it matters most, HHS said in a statement.

Read More
Protecting Patient Privacy- Brought to you By CAM HIPAA Solutions 888-959-0220

10 Strategies for Protecting Patient Data

With cyber criminals actively targeting healthcare, Rick Kam, president and co-founder of security firm ID Experts, argues that the threats to protected health information have never been greater. As chair of the PHI Protection Network, a collaboration of vendors working to expedite adoption of PHI best practices, Kam also believes there are some critical strategies healthcare organizations can employ for protecting patient information.

The best place to start, he says, is with a risk assessment that serves as an inventory of where an organization’s patient information lies within and outside of the organization. But the other 10 strategies for protecting patient data are just as necessary.

Read More
Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website