ONC Turns Attention to Big Data Security
Big data has huge potential for improving patient care and treatment outcomes, but the use of patient information raises some serious questions about privacy and security. The ONC Health Information Technology (HIT) Privacy & Security Workgroup (PSWG) has been discussing the issues faced by the healthcare industry. At a meeting of the group on Monday a number of healthcare big data issues were raised. The group aims “To address distrust in big data algorithms: Improve trust through algorithmic transparency and to consider applying Fair Credit Reporting Act (FCRA) approaches to promote algorithmic transparency,” in addition to taking action to improve data privacy and security standards. Issues with HIPAA and Healthcare Big Data One of the main concerns raised by the group is the fact that HIPAA only covers certain areas of health big data. There are notable gaps which could cause problems down the line according to the group. “Failing to pay attention to these issues undermines trust in health big data, which could create obstacles to leveraging health big data to achieve gains...
Arkansas Medical Assistant Pleads Guilty to Defrauding Patients
A medical assistant from Little Rock, AR. has plead guilty to one count of Aggravated Identity Theft after she illegally accessed the medical records of 13 patients, stole their Social Security numbers, and used their Protected Health Information (PHI) to secure credit. United States District Court Judge, Susan Webber Wright, heard Mesha White, 34, plead guilty to Aggravated Identity Theft on June 3, 2015. The case has will now be scheduled for official sentencing, although the guilty plea means White will serve a mandatory two years in prison, with three years of supervised release. She must also pay back the thousands of dollars she has illegally obtained and spent in the names of 13 different patients. White potentially faced a very lengthy jail term. She accessed and stole HIPAA-covered data without authorization; that data was taken for personal gain and White then proceeded to defraud thirteen different individuals. In April, a federal grand jury indicted White on seven counts of aggravated identity theft and seven counts of misusing a Social Security number. The guilty plea...
Employee Causes 4K Data Breach at Metropolitan Hospital Center
The Metropolitan Hospital Center in New York has issued breach notices announcing the potential exposure of patients’ Protected Health Information (PHI) after an employee was found to have emailed data to a personal account. The breach notice – issued to the Department of Health and Human Services’ Office for Civil Rights (OCR) on June 1, 2015 – indicates that 3,957 individuals have been affected. Three Email HIPAA Data Breaches Suffered in Quick Succession This is the third major breach to affect a New York City Health and Hospitals Corporation (HHC) hospital this year. All three have been caused by employees emailing PHI to personal or external mail accounts without authorization. The Jacobi Medical Center issued breach notices to 90,060 individuals in April after an employee emailed PHI to a personal email account. HHC’s Belleview Hospital Center sent breach notices to 3,334 individuals on April 28th advising them of a data breach caused by an employee emailing a spreadsheet to the email account of a relative on January 15, 2015. The same day, the Metropolitan...
PHI Potentially Exposed in Fred Finch Youth Center Break-In
Fred Finch Youth Center has issued data breach notices announcing one of its facilities has suffered a burglary that has potentially exposed the Protected Health Information (PHI) of 6,871 individuals. Fred Finch operates youth centers in Alameda, Contra Costa, San Mateo, and San Diego Counties. The San Diego County facility was targeted by thieves, who gained access to the property by forcing open a locked window on April 4 or 5, 2015. The staff discovered the burglary on April 6 and realized that “several pieces of computer equipment” had been stolen. Some of that equipment contained information protected under the Health Insurance Portability and Accountability Act. The information stored on the computer equipment included full names, dates of birth, Social Security numbers and treatment information. An undisclosed number of Medi-Cal numbers were also stored in the records. The breach notice confirms that protections are in place which should keep the information secure; however the data stored on the devices was not encrypted. The equipment had “technical protections (including...
Crown Point Medical Tests Discovers HIPAA Violation
A former business belonging to Crown Point Medical Tests has violated the Health Insurance Portability and Accountability Act (HIPAA) after it failed to securely dispose of files containing the Protected Health Information (PHI) of at least 167 individuals. The victims had previously had medical tests processed through My Fast Lab. My Fast Lab was founded by Barry Walker of Cedar Lake in 2013, although the business is no longer in operation. The company was known for its highly discounted medical testing services, which were advertised as being up to 70% less than competitor rates. However the business did not survive, and the former office of the company has since been listed. Some of the contents of the facility, including patient files, have been dumped along with regular commercial waste in a public area, in violation of HIPAA Rules. HIPAA demands that PHI is securely and permanently destroyed when it is no longer required. Highly Sensitive Data Dumped in Public The files were found by a local resident at the back of a Crown Point strip mall. While taking out the trash from the...



