How Private Are Medical Records?
How Private are Medical Records? The introduction of the Health Insurance Portability and Accountability Act’s Privacy and Security Rules has helped to ensure that patient data is properly protected. The introduction of the Enforcement Rule has made a difference. Prior to the introduction of this rule, few covered entities made sufficient efforts to be compliant with HIPAA. With the threat of financial penalties and sanctions, covered entities have improved policies, procedures, and data security measures to keep data private. However, a look at the Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal shows that healthcare providers, health plans, and BAs of covered entities are still struggling to prevent patient records from falling into the hands of criminals. Over 113 Million Medical Records Exposed in 2015 Alone A recent study suggests that the risk of data exposure has not changed much in the past decade; although the breach reports issued to the OCR show that data breaches are exposing more patient health records. In 2014, 12.5 million patient...
Nevada Lab Technician Indicted on Healthcare Data Theft Charges
A Las Vegas Lab technician has been indicted on charges of unlawfully obtaining patient healthcare data and using the information to apply for credit cards. Sherice Joan Williams, 41, of North Las Vegas has plead not guilty to the charges. The charges were recently announced by U.S Attorney, Daniel G. Bogden. Williams was charged with one count of unlawfully obtaining the Personally Identifiable Information (PII) of a patient and one count of aggravated identity theft. If Williams is found guilty, she will potentially have to spend up to 12 years in jail. The unlawful accessing and theft of protected health data carries a maximum prison sentence of 10 years. Aggravated identity theft carries a mandatory prison term of 2 years, which must be served consecutively to any other sentence issued. Williams could also potentially be fined up to $250,000 in addition to serving a jail sentence. The offences were alleged to have been committed between December 1, 2014 and January 27, 2015 while Williams was employed as a laboratory technician. She is alleged to have abused her access rights...
Woodhull Medical and Mental Health Center Data Breach Report
Woodhull Medical and Mental Health Center Data Breach Announced The New York City Health and Hospitals Corporation (HHC) has sent breach notification letters to 1,581 patients of its Brooklyn Woodhull Medical and Mental Health Center after a laptop computer was discovered to have been stolen. The laptop computer was password protected, but data stored on its hard drive had not been encrypted. As a result, the Protected Health Information of some of its patients could potentially have been compromised. Data potentially exposed in the incident include patient names, medical record numbers, narrative physicians’ summaries and medical test results. No insurance information, Social Security numbers, or other data typically used to commit identity theft were stored on the laptop. The theft of healthcare laptop computers is a regular occurrence. The Department of Health and Human Services’ Office for Civil Rights breach portal contains many examples of HIPAA-covered entities that have failed to secure the portable devices. Over the past three months, over 20 cases of portable device theft...
St. Francis Health Employee Fired for 20 Month Privacy Violation
An employee of the Bon Secours St. Francis Health System has had her employment contract terminated after the healthcare provider became aware of privacy violations and numerous cases of medical fraud. The employee in question is alleged to have accessed the private and confidential records of fellow employees, and potentially patients, over a period of 20 months. The data accessed appears to have been used to file claims against co-workers’ insurance policies for expensive prescription creams. The privacy violations came to light in July, 2015, when employees of St. Francis Health started noticing their insurance company had billed them for “high dollar value” prescription creams, and the matter was brought to the attention of managers at St. Francis Health. When fraudulent claims are made to insurance companies, it can be difficult to determine the person responsible. With the volume of data breaches now occurring, it is possible that insurance data and other information could have potentially be obtained from any number of sources. In this case, since a number of employees from...
Hack Discovered by Emergence Health Network: 11K Records Exposed
Emergence Health Network has discovered one of its network servers has been accessed by a third party without authorization. 11,000 patient records have potentially been compromised. The incident came to light when suspicious activity was noticed on one of the healthcare provider’s servers. The activity was investigated and it was determined that an external party had gained access via the internet. The breach investigation revealed that highly sensitive data may have been accessed by the third party, which included patient names, dates of birth, addresses, case numbers and Social Security numbers, in addition to the name of the center where medical services were provided to patients. No medical data were compromised at any point as this information was not stored on the server. Access to the EHR system or other parts of the network was not gained. After hiring a third party security expert to investigate the extent of the data breach, it was discovered that the first time data on the server were accessed by an unauthorized individual was in 2012. Because Social Security numbers...



