Subscribe: HIPAA Blog
http://hipaablog.blogspot.com/atom.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
apparently  breach  breaches  data  health  hipaa  medical records  medical  patient  patients  ransomware attack  ransomware  records     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: HIPAA Blog

HIPAA Blog



A discussion of medical privacy issues buried in political arcana



Updated: 2018-02-22T05:51:15.867-06:00

 



0 Comments

2018-02-14T13:10:10.023-06:00

Zombie HIPAA: a bankrupt company can still be stuck with a HIPAA fine, as Filefax found out.  



0 Comments

2018-02-08T13:13:29.414-06:00

Aetna HIV mailings: When the sh*t hits the fan, it splatters everywhere.  Aetna agreed to about $20 million in fines and damages, sued its claims administrator KCC, who in turn counterclaimed against Aetna, claiming that Aetna's attorneys, Gibson Dunn & Crutcher, bear responsibility too.



0 Comments

2018-02-02T11:07:08.015-06:00

HIPAA and Law Enforcement: I recently recorded a webinar on the impact of HIPAA on police efforts to obtain medical information.  HIPAA doesn't prevent the administration of justice or prohibit the police from doing their job, but it does set out parameters and rules.  It's wise for both the law enforcement community and the medical community to be aware of those rules.  If you click on the



0 Comments

2018-02-01T13:44:46.203-06:00

Fresenius Breaches: The dialysis provider had a bad year in 2012: 5 different data breaches from lost or stolen computers and hard drives.  What links 5 separate breaches?  Bad risk analysis, naturally.  The result?  A $3.5 million fine.  And think, barely 500 individuals were affected.  Could've been a lot worse



0 Comments

2018-01-30T22:07:33.981-06:00

Ransomware: So, after a weekend of DissentDoe and me talking about how a ransomware attack should not be automatically considered a reportable breach, OCR releases a Cyber Extortion Newsletter, and doesn't repeat that ransomware is presumably a breach.  Maybe they've been listening. . . . 



0 Comments

2018-01-29T14:15:12.178-06:00

OCR Settlement Scoreboard: $20 million in 2017, down from 2016.



0 Comments

2018-01-26T12:57:38.318-06:00

Allscripts Ransomware Update: Now, a class action lawsuit has been filed.  This class action might actually hold water -- Allscripts' 1,500 customers apparently did suffer delays and business interruptions, for which actual damages might be fairly easily provable.  In most breach class action cases, most members of the "class" can't show any actual monetary damages: if nobody steals your



0 Comments

2018-01-19T12:33:10.795-06:00

More Ransomware: This time a bigger target (Allscripts), but apparently not a big impact.  Presumably that's because Allscripts was prepared for it.  Take this as a reminder: if you haven't prepared for a ransomware attack, be prepared to be asked why if it happens and you suffer a HIPAA breach.  At this point, the possibility of a ransomware attack should be part of your risk analysis.



0 Comments

2018-01-17T16:57:22.420-06:00

Your 2018 Privacy and Security "To Do" List: This is a great little checklist from Kirk Nahra at Wiley Rein.  There will be few if any businesses that will have to address each item on this list, but virtually every business will have to deal with at least one of them.  And pay particular attention to the passages in italics, which are most important and nearly universal.



0 Comments

2018-01-17T13:42:12.584-06:00

Help Wanted: Amazon is hiring a "HIPAA Compliance Lead."



0 Comments

2018-01-16T13:34:54.584-06:00

Ransomware in Indiana: Hancock Regional Hospital in Indiana was hit by encryption ransomware.  No word yet on how they are recovering, or what the ransom amount was (the didn't pay, so presumably they were able to recover from backups).  More here. UPDATE: Apparently, they did pay: $55,000.



0 Comments

2018-01-15T14:23:50.810-06:00

OSU Breach: Oklahoma State's Center for Health Sciences in Tulsa got hacked, resulting in about 280,000 names and a limited amount of other information.  Not likely a big risk to those involved.  



0 Comments

2018-01-12T13:34:02.390-06:00

Coplin Health (West Virginia): Another stolen laptop, another breach notification to 43,000 patients.  They don't even know if the laptop had any PHI on it (it might not have).  And it was password protected, reducing the likelihood of harm even further.  BUT, it was not encrypted.  Hence the report and the bad publicity.  



0 Comments

2018-01-15T14:20:15.931-06:00

Connecticut: The CT Supreme Court has established, for the first time in the state, a physician's common law obligation to protect the confidentiality of patient records.  Most states have either a common law right to confidentiality or a statutory one, but a lower court noted that neither had been established in Connecticut until now. The case involves a HIPAA violation, and a patient's



0 Comments

2018-01-10T16:19:40.483-06:00

Florida Medicaid Agency Data Breach: apparently someone at the Florida Medicaid agency, the Florida Agency for Health Care Administration, got phished, and data for 30,000 Floridians was exposed.  



0 Comments

2018-01-10T14:21:11.375-06:00

New Privacy Officer at ONC: After a week or so of news highlighting how long the job has been vacant and whether it's even relevant any more, HHS' Office of the National Coordinator for Health IT has announced Kathryn Marchesini as their new Chief Privacy Officer.



0 Comments

2018-01-10T13:04:20.399-06:00

Costs of Producing Medical Records: A medical record document production company has sued HHS to challenge its rules on the ability of a healthcare provider to charge patients for copies of their medical records.  It will be interesting to see how this plays out.  



0 Comments

2018-01-10T09:11:03.040-06:00

Charles River Medical Associates (Massachusetts): This radiology group lost a hard drive containing the bone density scan PHI of almost 10,000 people.  Where'd it go?  Who knows.  Will the data fall into the wrong hands (and if it did, would it harm anyone)?  Unlikely.  Will CRMA get fined?  Maybe (especially if, "upon further review," it becomes clear that the group didn't have good HIPAA



0 Comments

2018-01-04T14:12:20.118-06:00

EHR News: eClinicalWorks sued again: Another class action lawsuit has been filed against EMR provider eClinicalWorks.  This suit claims that eClinicalWork's EMR system fails to meet the requirements for "meaningful use."  CMS pays providers such as medical practices and hospitals financial benefits if they adopt and implement electronic medical records and other technology in such a manner that



0 Comments

2018-01-03T13:52:32.685-06:00

SSM Employee Acting Badly: A customer service employee at SSM Health accessed about 29,000 patient records, apparently looking for St. Louis-area patients who had narcotic prescriptions.  Presumably, he's use those patient's data to get drugs him/herself, either for personal use or for resale.  Clever, really.  But obviously illegal.  



0 Comments

2018-01-02T10:57:42.781-06:00

21st Century Oncology: An oncology practice with offices in 17 states and 7 Latin American countries has paid $2.3 million for HIPAA violations.  The FBI found their patient files on the dark web; apparently someone was able to access their SQL database remotely and extracted data on 2,213,597 patients, including social security numbers.  Not sure if the breach was the cause, but 21st Century



0 Comments

2017-12-22T16:58:02.586-06:00

Chilton (NJ) Medical Center: Employee steals hard drive and sells it on the internet. 4,600 people impacted.



0 Comments

2017-12-22T16:56:11.619-06:00

Banner (Arizona) Breach: You may recall a year and a half ago, Banner Health's Arizona facilities suffered a mostly-non-HIPAA data breach: specifically, hackers got into Banner's point-of-sale payment card processing system at its snack bars and cafeterias.  The hackers eventually got into some Banner servers containing PHI.  But it was really more a Home Depot type breach than an Anthem type



0 Comments

2017-12-22T15:35:37.990-06:00

Some Good Breach News: The number of data breaches in the healthcare sector continued to rise in 2017 over prior years, but the number of records impacted fell.  Thus, fewer overall individuals were impacted, and fewer of the massive breaches we've seen in prior years.



0 Comments

2017-12-13T07:22:05.029-06:00

Portland, ME: The city had some sort of program providing services to citizens with HIV, and after the program terminated, the city shared information on 200 HIV patients with the University of Southern Maine to help determine if there were gaps in the way it provided the services, or if it could have operated the program better.  The city claims the data sharing did not violate HIPAA because