Survey Shows U.S Companies Are Saying Bye Bye to BYOD
Bring Your Own Device (BYOD) schemes have proved popular in the healthcare industry. Physicians, nurses and other healthcare workers have petitioned healthcare providers to allow the use of personal Smartphones, tablets and laptops at work, and many have given in and introduced BYOD schemes. The Benefits of BYOD Financial constraints often hinder the uptake of new technology, and BYOD offers a cheap and convenient solution. The benefits of Smartphones and tablets can be gained, without the cost of having to purchase, maintain – and replace every 2-3 years – mobile devices for all physicians, nurses, and care providers. Uptake was rapid in many industries, although slower in the healthcare industry due to heavy regulations covering data privacy and security. Over the past five years, more and more healthcare providers have started to embrace BYOD and are now enjoying the benefits; as are physicians, nurses and other healthcare workers opting into the scheme. BYOD Security Risks Personal devices can be used in a healthcare setting, although not...
Healthcare Big Data: Privacy and Security Workgroup Gives Preliminary Report
Big data has considerable potential to improve the quality of care provided to patients, and even improve patient outcomes; however, there are risks. Privacy advocates worry that the disclosure of health data together with personally identifiable information could result in the data being used for discriminatory purposes, or could otherwise cause patients to be harmed. Analysts predict that big data can, and will, be used to reduce the cost of healthcare delivery; however first the issue of patient privacy needs to be resolved. Big data, no matter how useful for the advancement of medical science, can only be used if patients’ right to privacy is assured. The potential benefits for the healthcare are too valuable to ignore; however deciding on the allowable uses of data, while preserving patient’s right to privacy, is a difficult task. It is a problem the Whitehouse is trying to address, and it has turned to stakeholders for help. How to Leverage Big Data While Protecting Patients’ Privacy Rights President Obama requested assistance from the Department of Health and Human Services...
PHI Retention by Employees not a HIPAA Breach Says Ark. Court
The U.S. District Court of the Western Division of the Eastern District of Arkansas has ruled that two employees who retained the Protected Health Information (PHI) of patients after their employment at Arkansas Children’s Hospital was terminated, did not violate the Health Insurance Portability and Accountability Act (HIPAA). Unfair Contract Termination after Discovery of Billing Irregularities Pam and Eben Howard brought an action against Arkansas Children’s Hospital – Dr. Ron Robertson and Jon Bates – after their employment contracts were terminated. They believed they lost their jobs because they highlighted a number of issues relating to how the healthcare provider billed the government. They have accused the healthcare provider of violating the 1st and 14th Amendments, the Arkansas Civil Rights Act, the Public Policy of the State of Arkansas and the False Claims Act. Potential HIPAA Violations for Retention of PHI and Unauthorized Disclosure While employed at ACH, the pair collected a considerable volume of PHI of patients. After what the pair considered to be unfair...
New York State Comptroller Publishes ePHI Security Compliance Audit Report
The news is full of reports of healthcare providers failing to implement safeguards to keep Protected Health Information (PHI) secure; but it is rare for a healthcare organization to make the headlines for implementing all of the appropriate physical, administrative and technical safeguards required by HIPAA. However, a recent ePHI data security audit conducted by the New York Office of the State Comptroller has seen Roswell Park Cancer Institute pass with no HIPAA violations discovered. The healthcare provider should be commended for the effort it has put into protecting the privacy of patients. The New York Office of the State Comptroller Audit The State of New York Office of the State Comptroller (NYOSC) conducts regular audits of state organizations, most of which are related to corporate finance. However, last week the NYOSC announced it had completed an ePHI compliance audit of Roswell Park Cancer Institute (RPCI). The audit was conducted specifically to test the safeguards the healthcare provider had put in place to secure patient data, pursuant to Article X, Section 5 of...
Insurance Service Office Announces Breach of Social Security Numbers
Insurance Service Office (ISO), a New Jersey provider of property and casualty insurance, has announced its insurance database was inappropriately accessed, resulting in a breach of Protected Health Information (PHI). ISO has not disclosed the number of individuals affected nor whether access was gained by a hacker or a malicious insider; however it does appear that data was accessed with the intent of using it for criminal purposes. The database contained highly sensitive information on patients, including details of their health insurance policy, Social Security numbers, and driver’s license numbers. Patient names, dates of birth and contact details were also stored in the database. The information exposed in the HIPAA breach could be used by criminals to steal identities, fraudulently obtain credit and make fake insurance claims. Breach Notification Delay Requested by Law Enforcement HIPAA regulations require covered entities to issue breach notifications to affected individuals within 60 days of the discovery of a PHI breach; however patients and federal/state agencies should...



