Subscribe: HIPAA Blog
http://hipaablog.blogspot.com/atom.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
apparently  breach  breaches  data breach  data  health  hipaa  medical records  medical  patient  patients  privacy  ransomware  records     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: HIPAA Blog

HIPAA Blog



A discussion of medical privacy issues buried in political arcana



Updated: 2018-01-19T12:33:10.723-06:00

 



0 Comments

2018-01-19T12:33:10.795-06:00

More Ransomware: This time a bigger target (Allscripts), but apparently not a big impact.  Presumably that's because Allscripts was prepared for it.  Take this as a reminder: if you haven't prepared for a ransomware attack, be prepared to be asked why if it happens and you suffer a HIPAA breach.  At this point, the possibility of a ransomware attack should be part of your risk analysis.



0 Comments

2018-01-17T16:57:22.420-06:00

Your 2018 Privacy and Security "To Do" List: This is a great little checklist from Kirk Nahra at Wiley Rein.  There will be few if any businesses that will have to address each item on this list, but virtually every business will have to deal with at least one of them.  And pay particular attention to the passages in italics, which are most important and nearly universal.



0 Comments

2018-01-17T13:42:12.584-06:00

Help Wanted: Amazon is hiring a "HIPAA Compliance Lead."



0 Comments

2018-01-16T13:34:54.584-06:00

Ransomware in Indiana: Hancock Regional Hospital in Indiana was hit by encryption ransomware.  No word yet on how they are recovering, or what the ransom amount was (the didn't pay, so presumably they were able to recover from backups).  More here. UPDATE: Apparently, they did pay: $55,000.



0 Comments

2018-01-15T14:23:50.810-06:00

OSU Breach: Oklahoma State's Center for Health Sciences in Tulsa got hacked, resulting in about 280,000 names and a limited amount of other information.  Not likely a big risk to those involved.  



0 Comments

2018-01-12T13:34:02.390-06:00

Coplin Health (West Virginia): Another stolen laptop, another breach notification to 43,000 patients.  They don't even know if the laptop had any PHI on it (it might not have).  And it was password protected, reducing the likelihood of harm even further.  BUT, it was not encrypted.  Hence the report and the bad publicity.  



0 Comments

2018-01-15T14:20:15.931-06:00

Connecticut: The CT Supreme Court has established, for the first time in the state, a physician's common law obligation to protect the confidentiality of patient records.  Most states have either a common law right to confidentiality or a statutory one, but a lower court noted that neither had been established in Connecticut until now. The case involves a HIPAA violation, and a patient's



0 Comments

2018-01-10T16:19:40.483-06:00

Florida Medicaid Agency Data Breach: apparently someone at the Florida Medicaid agency, the Florida Agency for Health Care Administration, got phished, and data for 30,000 Floridians was exposed.  



0 Comments

2018-01-10T14:21:11.375-06:00

New Privacy Officer at ONC: After a week or so of news highlighting how long the job has been vacant and whether it's even relevant any more, HHS' Office of the National Coordinator for Health IT has announced Kathryn Marchesini as their new Chief Privacy Officer.



0 Comments

2018-01-10T13:04:20.399-06:00

Costs of Producing Medical Records: A medical record document production company has sued HHS to challenge its rules on the ability of a healthcare provider to charge patients for copies of their medical records.  It will be interesting to see how this plays out.  



0 Comments

2018-01-10T09:11:03.040-06:00

Charles River Medical Associates (Massachusetts): This radiology group lost a hard drive containing the bone density scan PHI of almost 10,000 people.  Where'd it go?  Who knows.  Will the data fall into the wrong hands (and if it did, would it harm anyone)?  Unlikely.  Will CRMA get fined?  Maybe (especially if, "upon further review," it becomes clear that the group didn't have good HIPAA



0 Comments

2018-01-04T14:12:20.118-06:00

EHR News: eClinicalWorks sued again: Another class action lawsuit has been filed against EMR provider eClinicalWorks.  This suit claims that eClinicalWork's EMR system fails to meet the requirements for "meaningful use."  CMS pays providers such as medical practices and hospitals financial benefits if they adopt and implement electronic medical records and other technology in such a manner that



0 Comments

2018-01-03T13:52:32.685-06:00

SSM Employee Acting Badly: A customer service employee at SSM Health accessed about 29,000 patient records, apparently looking for St. Louis-area patients who had narcotic prescriptions.  Presumably, he's use those patient's data to get drugs him/herself, either for personal use or for resale.  Clever, really.  But obviously illegal.  



0 Comments

2018-01-02T10:57:42.781-06:00

21st Century Oncology: An oncology practice with offices in 17 states and 7 Latin American countries has paid $2.3 million for HIPAA violations.  The FBI found their patient files on the dark web; apparently someone was able to access their SQL database remotely and extracted data on 2,213,597 patients, including social security numbers.  Not sure if the breach was the cause, but 21st Century



0 Comments

2017-12-22T16:58:02.586-06:00

Chilton (NJ) Medical Center: Employee steals hard drive and sells it on the internet. 4,600 people impacted.



0 Comments

2017-12-22T16:56:11.619-06:00

Banner (Arizona) Breach: You may recall a year and a half ago, Banner Health's Arizona facilities suffered a mostly-non-HIPAA data breach: specifically, hackers got into Banner's point-of-sale payment card processing system at its snack bars and cafeterias.  The hackers eventually got into some Banner servers containing PHI.  But it was really more a Home Depot type breach than an Anthem type



0 Comments

2017-12-22T15:35:37.990-06:00

Some Good Breach News: The number of data breaches in the healthcare sector continued to rise in 2017 over prior years, but the number of records impacted fell.  Thus, fewer overall individuals were impacted, and fewer of the massive breaches we've seen in prior years.



0 Comments

2017-12-13T07:22:05.029-06:00

Portland, ME: The city had some sort of program providing services to citizens with HIV, and after the program terminated, the city shared information on 200 HIV patients with the University of Southern Maine to help determine if there were gaps in the way it provided the services, or if it could have operated the program better.  The city claims the data sharing did not violate HIPAA because



0 Comments

2017-12-11T17:43:24.246-06:00

NC, KY Breaches: Two breaches, two states, 56,000 patient's records exposed.  A stolen (unencrypted, of course) laptop at a North Carolina dermatology clinic exposed 24,000, while a pulmonology group in Kentucky suffered improper access to EMR, exposing 32,000.



0 Comments

2017-12-07T12:58:42.485-06:00

Henry Ford Hospital Breach: Someone apparently phished the email credentials of multiple employees.  No word yet on what was accessed or if any of it was used inappropriately.



0 Comments

2017-12-07T10:37:41.206-06:00

An Unintended Consequence of Data Breach Reporting?  Patients are more and more reluctant to share PHI with their own providers. I've said many times that privacy exists on a continuum, particularly in regards to health information.  On one end, you have perfect privacy, but that means no one (not your doctor, not your spouse, not your friends) has access to your health information.  Obviously



0 Comments

2017-12-05T15:33:01.926-06:00

New from OCR: Five steps to prevent insider data breaches.



0 Comments

2017-11-28T11:16:06.296-06:00

OpenEMR Vulnerability: I'm not technologically knowledgeable to know if this is a big deal or not, but if you use OpenEMR, you should definitely have your IT staff take a look at whether this alleged vulnerability might affect you.



The Wall of Shame

2017-11-26T11:24:25.654-06:00

Are Changes Coming to the Wall of Shame?  HHS is considering shortening the listing period, and might make other changes.  The website is a required element of the HITECH Act, so they can't delete it entirely.  But they could (and probably will) make some changes.  In addition to shorter listings, perhaps only including listings where the reporting entity was at fault, or at least allow the



0 Comments

2017-11-22T11:15:29.612-06:00

Off Topic: Thanksgiving is a good time to think about cybersecurity.  Some great tips here.