FCC Confirms Rules Regarding HIPAA and Patient Telephone Calls
The Federal Communication Commission has issued a Declaratory Ruling and Order to clarify the position on making telephone calls to patients in compliance with HIPAA and TCPA In the past, there has been some misunderstanding about making telephone calls to patients in compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Telephone Consumer Protection Act of 1991 (TCPA). To resolve any remaining misunderstandings, the American Association of Healthcare Administration Management petitioned the Federal Communications Commission (FCC) to clarify areas of the TCPA rules. The recently published TCPA Omnibus Declaratory Ruling and Order clarifies the federal government´s position on making telephone calls to patients by HIPAA Covered Entities and also exempts Covered Entities from complying with a ban on automated calls to patients´ landline telephones. However, questions still remain about automated calls to patients´ mobile telephones when not made by a third party service provider with whom a BAA has been signed. The Federal Position on Making...
Lawsuit Filed Against Children’s National Medical Center for 2014 Data Breach
Children’s National Medical Center has been named in a new class-action lawsuit filed by a victim of a data breach that occurred in 2014. The plaintiff, Fardoes Khan, has not suffered any harm or loss as a result of the exposure of her PHI, but she is seeking damages for the increased risk of suffering identity theft and fraud. The lawsuit was originally filed in Montgomery County, although last week it was moved to the Maryland federal court. The lawsuit concerns a data breach that occurred during the second half of 2014, when hackers gained access to a number of hospital email accounts after a number of employees responded to phishing emails sent by hackers. As a result of the responses, hackers potentially gained access to email accounts on July 26, 2014. The data breach was discovered by Children’s National Medical Center on December 26, 2014. As soon as the breach was discovered and the affected email accounts identified, they were closed and secured. The hospital recruited the help of an external computer forensics company and a thorough investigation was conducted to...
McLean Hospital Brain Donators Have PHI Exposed
Another Partners HealthCare hospital has suffered a data breach; this time potentially exposing the Protected Health Information (PHI) of 12,600 individuals who donated their brains to medical research. The latest data breach involved the loss of backup tapes containing patient names, dates of birth, Social Security numbers and medical diagnoses. The incident is not believed to have involved malicious insiders, and the probability of the data being accessed or used inappropriately is understood to be low. The backup tapes were not encrypted, but according to a statement released by McClean Hospital, the psychiatric facility in Belmont, Mass., “It would take specialized software, equipment, and technical expertise in order to access the information on the tapes.” The tapes were stored in Partners Healthcare’s Harvard Brain Tissue Resource Center and were declared missing on May 29, 2015. The data related to individuals who had agreed to donate their brains – or some brain tissue – to the hospital after their death. Many of the victims are now deceased, although some...
OhioHealth Reports Loss of Flash Drive Containing 1,006 Protected Health Records
A flash drive containing the Protected Health Information of 1,006 patients has been declared missing by OhioHealth Riverside Methodist Hospital. The data stored on the portable storage device related to valve-replacement candidates and research subjects who had taken part in value replacement projects between July, 2010 and December, 2014. The data stored on the portable storage device included patient names, addresses, dates of birth, physician names, medical record numbers, insurance information, types of medical procedures performed and treatment dates. 30 Social Security numbers have also potentially been exposed. It is not clear exactly when the flash drive went missing, although the hospital system was able to determine the device was last used on April 14, 2015 in the heart and vascular department; an area inaccessible to the general public. On May, 29 the drive was declared missing. On Friday last week, OhioHealth issued a press release announcing the possible breach. Notification letters were also sent to the affected individuals to alert them to the possibility that...
HIPAA Survey Shows Compliance Assessments Can Increase Business
A recent series of customer polls conducted by RapidFire Tools Inc., a leading provider of HIPAA-compliance assessment tools, showed that Managed Service Providers (MSPs) are using compliance assessments to engage prospects and increase business. Furthermore, those assessments are now proving more effective at increasing business and winning new contracts than in previous years. The polls were conducted on MSP customers using RapidFire’s Network Detective HIPAA Compliance Module. The results clearly show that compliance assessments are allowing MSPs to capture new clients and create new projects, as well as being instrumental in obtaining extended service agreements. MSPs were asked about instances where they have been able to use the compliance assessment tools to justify the services being provided to clients. Respondents explained that the compliance assessments enabled them to show that the protections currently in place to safeguard Protected Health Information were far inferior to those being offered. The recent spate of successful hacks on healthcare providers’ servers and...



