Subscribe: HIPAA Blog
http://hipaablog.blogspot.com/atom.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
access  breach  breaches  cybersecurity  data breach  data breaches  data  envelope  hipaa  information  medical  ransomware  wall shame 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: HIPAA Blog

HIPAA Blog



A discussion of medical privacy issues buried in political arcana



Updated: 2017-12-13T07:22:05.016-06:00

 



0 Comments

2017-12-13T07:22:05.029-06:00

Portland, ME: The city had some sort of program providing services to citizens with HIV, and after the program terminated, the city shared information on 200 HIV patients with the University of Southern Maine to help determine if there were gaps in the way it provided the services, or if it could have operated the program better.  The city claims the data sharing did not violate HIPAA because



0 Comments

2017-12-11T17:43:24.246-06:00

NC, KY Breaches: Two breaches, two states, 56,000 patient's records exposed.  A stolen (unencrypted, of course) laptop at a North Carolina dermatology clinic exposed 24,000, while a pulmonology group in Kentucky suffered improper access to EMR, exposing 32,000.



0 Comments

2017-12-07T12:58:42.485-06:00

Henry Ford Hospital Breach: Someone apparently phished the email credentials of multiple employees.  No word yet on what was accessed or if any of it was used inappropriately.



0 Comments

2017-12-07T10:37:41.206-06:00

An Unintended Consequence of Data Breach Reporting?  Patients are more and more reluctant to share PHI with their own providers. I've said many times that privacy exists on a continuum, particularly in regards to health information.  On one end, you have perfect privacy, but that means no one (not your doctor, not your spouse, not your friends) has access to your health information.  Obviously



0 Comments

2017-12-05T15:33:01.926-06:00

New from OCR: Five steps to prevent insider data breaches.



0 Comments

2017-11-28T11:16:06.296-06:00

OpenEMR Vulnerability: I'm not technologically knowledgeable to know if this is a big deal or not, but if you use OpenEMR, you should definitely have your IT staff take a look at whether this alleged vulnerability might affect you.



The Wall of Shame

2017-11-26T11:24:25.654-06:00

Are Changes Coming to the Wall of Shame?  HHS is considering shortening the listing period, and might make other changes.  The website is a required element of the HITECH Act, so they can't delete it entirely.  But they could (and probably will) make some changes.  In addition to shorter listings, perhaps only including listings where the reporting entity was at fault, or at least allow the



0 Comments

2017-11-22T11:15:29.612-06:00

Off Topic: Thanksgiving is a good time to think about cybersecurity.  Some great tips here.



0 Comments

2017-11-02T14:32:20.438-05:00

CyberThreat Information Sharing: HHS is publicly urging healthcare industry participants to actively share cybersecurity threat information.  Basically, they're urging healthcare players to utilize the benefits provided by CISA (the Cybersecurity Information Sharing Act of 2015) to allow threat information to be publicized across the industry, so players can respond and protect themselves and



0 Comments

2017-10-26T13:30:43.378-05:00

Medical Device Cybersecurity: I tend to prefer an industry-driven approach, like the House bill, over a top-down approach like the Senate bill.



0 Comments

2017-10-12T12:04:29.123-05:00

Cloud-Based Blood Testing Information Breached: An Amazon cloud data repository for blood testing data managed by Patient Home Monitoring was not configured correctly, and a tech security company came across it.  300,000 PDFs accounting for about 150,000 people.  Oops. Using the cloud is OK, but only if you do it right.  Be careful . . . .



0 Comments

2017-09-27T12:45:43.322-05:00

Don't forget to vote for me for best "niche" legal blog.  You can go vote here. 



0 Comments

2017-09-27T12:36:40.522-05:00

I'm not surprised, actually: This is a frightening headline: 73 Percent of Medical Professionals Share Passwords for EHR Access.  If you're a medical resident, you used the attending's login information with the attending's consent.   So, it happens.  A lot.  But not a lot of bad comes out of it, since most (maybe virtually all) medical professionals do the right thing: access only what you



0 Comments

2017-09-26T14:26:12.168-05:00

Nichey? Or Special? Some of my blog readers nominated me for the Best Legal Blog Contest in the "Niche and Specialty" Category.  If you feel so inclined, you can go vote here. 



0 Comments

2017-09-18T11:47:06.858-05:00

PeaceHealth Data Breach: another "employees behaving badly" breach.  Over about 5-6 years, the employee accessed about 2000 records he/she had no need to access.  No apparent social security skimming, so not likely to be ID theft.  Reading between the lines, that probably means your garden variety snooping.  Bad but not horrible.  However, the big question is how it took almost 6 years to notice



0 Comments

2017-09-06T11:38:18.481-05:00

Nurses behaving badly.  I guess "Mr. Big" died.  This is mildly humorous, but somehow I think the reaction would be outrage if the victim were female instead of male. H/T Ron Holtsford.



0 Comments

2017-08-31T12:19:34.520-05:00

More Window Envelope issues: now it's CVS with a problem letting PHI leak out envelope windows.



0 Comments

2017-08-29T14:57:06.942-05:00

Aetna HIV data breach: Well, that was fast.  Those class action lawyers can outrun an ambulance.



0 Comments

2017-08-25T14:05:04.704-05:00

The Trouble with Window Envelopes: It's nice to use envelopes where the address of the recipient is only printed on the page inserted into the envelope, but is visible through a window in the outer envelope.  It saves costs, as well as reduces the possibility of a mismatch between the information in the insert and the information on the envelope (i.e., the wrong letter gets inserted into the



0 Comments

2017-08-23T18:17:52.990-05:00

Cybersecurity Class Action Update: One interesting aspect of data breaches (whether HIPAA-related or not) is the potential for lawsuits from affected parties.  Most times, injured individuals can't show monetary damages from a HIPAA breach, and that particularly true in non-HIPAA breaches such as the Target or Home Depot data breaches, where any credit card fraud was covered by the credit card



0 Comments

2017-08-21T08:35:30.690-05:00

Hospitals are the Number One Target for Hackers: at least for ransomware.



0 Comments

2017-08-14T10:24:44.520-05:00

Women's Health Care (PA): A large Philadelphia-area ob/gyn practice has notified 300,000 patients of a potential data breach.  Not much news on what happened, but it was apparently a hack that penetrated the group's computer system; they don't know for sure if information was actually viewed or extracted, but the information subject to potential breach did include social security numbers (bur



0 Comments

2017-07-26T14:07:11.338-05:00

Wall of Shame: OCR is updating its large data breach reporting website.



0 Comments

2017-07-20T10:36:13.648-05:00

Peachtree Neurological (Atlanta): Peachtree Neurological was hit with ransomware recently.  Fortunately, (i) they were able to restore their systems without paying the ransom, and (ii) there was no evidence that the ransomware exfiltrated any data, thus likely giving them a good reason to determine that the ransomware incident did not constitute a reportable breach (yes, OCR, I'm talking to you)



0 Comments

2017-07-20T10:25:07.995-05:00

Petya: More on the ransomware virus that disproportionately hit healthcare entities.