Survey Indicates Law Firms are not Complying with HIPAA Rules
The Health Insurance Portability and Accountability Act (HIPAA) covers healthcare providers, health insurers, and healthcare clearinghouses, and all covered entities are required to comply with HIPAA Privacy, Security, and Breach Notification Rules. HIPAA also applies to vendors and other companies doing business with covered entities, which are classed as HIPAA Business Associates (BAs). If a BA is supplied with the Protected Health Information (PHI) of health plan members or patients, or their software or systems are capable of touching PHI/PII, those entities are also required to comply with HIPAA Rules. Are Attorneys Classed as Business Associates of HIPAA-Covered Entities? According to Legal Workspace, healthcare attorneys may fall under the classification of Business Associate, and as such, they must comply with HIPAA Rules. If a healthcare attorney is provided with healthcare data, it is necessary for that attorney – or his or her law firm – to ensure the necessary technical, administrative, and physical controls are implemented to protect PHI supplied by...
How to Retain Patients After a Data Breach
Last year, 1 in 3 Americans had their healthcare data exposed. Many Americans will have had their personal information exposed more than once. While no one wants to have their personal or healthcare information exposed in a data breach, these days it is inevitable that an individual will be affected by a data breach if they allow their data to be stored by a third party such as a healthcare provider or retailer. Sooner or later someone employed by that company will make a mistake that results in data being exposed, or a determined cybercriminal will break through security defenses and steal their sensitive information. According to a survey recently conducted by data privacy and security firm Morrison and Foerster, American consumers are becoming used to their data being exposed. While they are still very concerned about their privacy, many now understand that no company is perfect. Fewer people are now changing company after a data breach has been suffered, but a significant percentage of individuals will do just that. What is the Likelihood of Losing Patients/Customers after a...
Wayne Memorial Hospital Fires Nurse Aide for Inappropriate PHI Access
390 patients of Wayne Memorial Hospital, Honesdale, Penn., are in the process of being notified of a breach of their protected health information after it was discovered a nurse aide had accessed patient health records without authorization. The information accessed included personally identifiable information along with Social Security numbers, insurance information, and medical diagnoses. The incident was brought to the attention of hospital managers on December 8, 2015, when a member of staff came forward and reported patient health information may have been accessed by the nurse aide. An investigation was immediately launched, which involved a forensic review of file access attempts, to determine whether data had been inappropriately viewed. After determining restricted data had been inappropriately viewed, the nurse aide was fired and the incident was reported to law enforcement. The former employee had received training on the HIPAA Privacy and Security Rules, and was fully aware that data access was not permitted unless necessary as part of the provision of patient care....
Data Threat Report: PII Theft and Brand Reputation Damage Biggest Concerns
Over 1,100 senior security executives were recently polled by Vormetric for the company’s 2016 data threat report. Respondents were asked about the security incidents they had suffered over the previous 12 months, the measures they had put in place to secure data, their spending intentions for the next 12 months, and what they perceived the biggest data security threats in 2016. 2015 saw numerous major data breaches reported and an increase in the volume of breaches suffered. Unsurprisingly, given the current threat levels, the majority of respondents felt that they were vulnerable to attack. 91% said that they felt more vulnerable to attacks: a 4% increase from last year’s survey. A third of respondents said they felt very vulnerable or extremely vulnerable to attack. Even though more data breaches have been reported in the past 12 months than in previous years, only 39% of respondents said they had suffered a data breach or failed a compliance audit in the past year: a similar figure to previous surveys conducted by Vormetric. Spending Increased to Protect Brand Reputation and...
98 Percent of Compromised Healthcare Records Due to Hacking
2015 was the worst ever year for healthcare data breaches. The top three largest data healthcare data breaches were all discovered in 2015, including the massive cyberattack on Anthem Inc., that exposed a staggering 78.8 million healthcare records. The mega data breach at Anthem made the breaches at Premera Blue Cross and Excellus look small by comparison, yet they too were larger than any healthcare data breach previously reported to Office for Civil Rights. Just those three data breaches alone exposed almost 100 million healthcare records. Add in the 4.5 million-record data breach at UCLA Health, the 3.9 million-record breach at Medical Informatics Engineering and the one suffered by CareFirst BlueCross BlueShield and the total number of breached records rises to 110 million. Something all the major healthcare data breaches of 2015 had in common was they were the result of the actions of hackers. Human error may have played a part in the exposure of data, and the majority of breaches reported to OCR last year involved errors of judgement or negligence (loss of devices, theft of...



