In another example of hackers targeting PHI, Baltimore-based CareFirst BlueCross BlueShield disclosed on May 20 that an "unauthorized intrusion" into a database dating back to June 2014 resulted in a breach affecting 1.1 million individuals.
Posted May 21, 2015 by Jack Anderson
“Protecting patient data (PHI) comes down to one key factor – the human factor. As attackers continue to find new ways to exploit healthcare organizations, compromising patient data and patient trust, one common denominator remains – the human factor.”
Posted May 20, 2015 by Jack Anderson
CISO: Compliance Is the Wrong InfoSec Focus. Even if your information security program was bullet proof (an unlikely scenario), a HIPAA risk assessment based on the NIST protocol would probably show that you were not HIPAA compliant.
Posted May 19, 2015 by Jack Anderson
An administrator for the Indiana State Medical Association who was transporting unencrypted data on a laptop and two hard drives to an off-site location as part of their disaster recovery program had their car burglarized. The net result is 38,000 patient records stolen and a major HIPAA breach.
Posted May 18, 2015 by Jack Anderson
The recent Ponemon Institute study showed a 125% increase in criminal attacks on healthcare data. These now outrank stolen laptops as the leading cause of breach.
Posted May 11, 2015 by Jack Anderson
“Although only federal agencies are required to follow guidelines set by NIST, the guidelines represent the industry standard for good business practices with respect to standards for securing e-PHI.” Guidance on Risk Analysis Requirements under the HIPAA Security Rule http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf
Posted April 27, 2015 by Jack Anderson
The Indiana Attorney General filed a complaint for violation of the Indiana Disclosure of Security Breach Act and HIPAA against Dr. Beck. Dr. Beck had hired an outside vendor (business associate) to dispose of paper records but the records were discovered in a dumpster. In a consent decree he agreed to a $12,000 fine.
Posted April 6, 2015 by Jack Anderson
A recent Transunion Health survey showed that 65% of patients would consider changing providers if their provider had a HIPAA data breach. 73% of younger patients (18-35) would consider leaving.
Posted April 1, 2015 by Jack Anderson
Medical Identity Theft is an iatrogenic condition that could be caused by your physician's office. If the office is not HIPAA compliant your medical record could be stolen and used for medical identity theft. This could cause severe symptoms such as fiscal stress and anxiety.
Posted March 30, 2015 by Jack Anderson
“Based on the results of the study, human error continues to be the biggest source of healthcare data breaches, as 75 percent of organizations view employee negligence as the greatest breach threat.” The Ponemon Institute’s fourth annual Patient Privacy & Data Study
Posted March 17, 2015 by Jack Anderson