Did Siobhan Dunnavant Violate HIPAA? Senate Candidate Investigated by OCR
A complaint has been sent to the Department of Health and Human Services’ Office for Civil Rights regarding a Republican State Senate Candidate who sent a mailing to her patients to notify them of her intention to stand for office, and to solicit assistance with her campaign. Questions have been raised about whether Dr. Siobhan Dunnavant violated the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Rule by doing so. Did Siobhan Dunnavant Violate HIPAA? Dr. Dunnavant used her patient database to obtain the contact information of her patients, and subsequently sent emails and a letter announcing her candidacy, in an apparent effort to secure votes, contributions and volunteers to help her with her campaign. Emails and letters are to be expected from a state senate candidate; however due to the strict rules covering the use of patient information under HIPAA, Dr. Dunnavant may have violated HIPAA Rules by doing so. Dr. Dunnavant also emailed her patients on three separate occasions in the run up to the primary elections in June. HIPAA Rules cover a number of...
Privacy and Security of Personal Wellness Data: CEA Releases New Private Sector Guidelines
Wearable technology has proved popular with consumers, yet numerous questions have been raised about the privacy and security of personal wellness data collected, stored and transmitted by the devices. The Consumer Electronics Association (CEA) is well aware of the potential benefits of the devices, and also the risks of the privacy of users of the devices being violated. Currently the metrics recorded by the devices are limited, although there is considerable potential for devices to be developed that record a huge volume of data collected from consumers: Data that is actively recorded by the devices or entered in by users. Currently there are few privacy and security controls covering data privacy and security, and consequently, considerable variation in those implemented by device manufacturers. As the volume of data recorded grows, so too will the privacy risk. Now is therefore the time to start building security and privacy controls into the devices, yet many manufacturers of wearable technology are unsure about how best to secure data and protect the privacy of users....
Answers Demanded From Dept. Veteran Affairs After Social Security Numbers Exposed
The Department of Veteran Affairs (VA) has come under the spotlight again following an investigation conducted by News 3 reporters into a privacy breach that exposed the Social Security numbers of numerous veterans. The investigation revealed that veterans’ Social Security numbers had been sent via unencrypted email on a number of occasions, violating the privacy of veterans in addition to breaching federal regulations. The news report has prompted two Wisconsin senators to demand answers over the privacy breaches. The News 3 investigation concerned a privacy incident that occurred in April of this year. An employee of the Wisconsin Department of Veteran Affairs was discovered to have emailed hundreds of Social Security numbers to an individual who was not authorized to receive the data. The email in question was sent to Mr. Terry Everson, a Wisconsin veteran, on April 1. Upon opening the attachment, Everson saw a list of unhyphenated nine digit numbers. Approximately 400 Social Security numbers were listed in the attachment. The VA was promptly notified of the apparent...
BeHealthy Mailing Error Sees PHI Printed On Outside of Envelopes
Florida-based BeHealthy Health Plan has inadvertently exposed the health insurance claim numbers of 835 subscribers after a mailing error resulted in the data being printed on the outside of envelopes. The mailing of benefit information packets took place on September 23, 2015, with the first complaints alerting the health plan to error being received 5 days later. The privacy breach affects members of the BeHealthy Medicare Advantage Plan who live in Manatee and Sarasota counties. The exposure of a single data element such as the insurance claim number would not typically be a major cause for concern; however, in this case the health insurance claim numbers included the Social Security numbers of plan members. Since the letters also contained the names and addresses of subscribers to the health plan, it is conceivable that this information could be used inappropriatel; should any of the letters have been intercepted. Any exposure of Social Security numbers is a serious matter, and BeHealthy has responded accordingly. All affected individuals have been offered a year of identity...
Over Half of IT Security Pro’s Do Not Believe They Will be Targeted by Hackers
Major cyberattacks have been suffered by a number of HIPAA-covered entities this year. The frequency of cyberattacks on healthcare providers and insurers has increased. However, over half of IT security professionals do not believe their organization will become a victim of a cyberattack, according to a new report issued by the Ponemon Institute. Should this belief turn out to be true it is great news, as 61% of IT pros do not believe their organization is well prepared to deal with a cyberattack if one does occur. If they are wrong, it is very bad news indeed. Cybersecurity Survey Produces Worrying Results The results of the Ponemon survey are worrying. Evidence suggests cyberattacks on healthcare providers have increased, and the volume of records exposed in those attacks has spiraled this year. Unfortunately, despite the increase in attack frequency and severity, HIPAA-covered entities do not appear to be doing much to counter the threat according to the report. IT security professionals were asked what measures they were planning to deploy over the coming 12 months, and...



