HIPAA Privacy Violation Reason for Whistle-Blower Testimony Erasure
The Florida Department of Corrections has scrubbed the name of an inmate from a video testimony provided by Doug Glisson; an inspector of the Department of Corrections’ Office of Inspector General, due to a HIPAA Privacy Rule violation, according to a news report in the Miami Herald. Glisson is a DOC whistle-blower who has testified under oath of potentially negligent medical care, sabotaged investigations and criminal activity. He alleges that a number of HIPAA violation cases, which he give four specific examples in his video testimony; investigations have been sabotaged in order to protect the organization’s top officials. In his testimony at the Senate Criminal Justice Committee’s March 10 meeting, he cited the name of an inmate in one the examples he provided in his testimony. The case in question concerned an inmate who died in hospital under “suspicious” circumstances. Glisson claims that the patient was “undergoing medical care” at Jefferson Correctional Institution, but no information relating to his medical condition was provided. He “started having seizures” and “wound...
EEOC Releases New Rules for Wellness Programs
The Equal Employment Opportunity Commission (the EEOC) has proposed some long awaited rules for wellness programs, which in many cases fall outside of current regulations with regards to data privacy and security. The new regulations are intended to work alongside those already laid down in the Health Insurance Portability and Accountability Act (HIPAA) and the Americans with Disabilities Act (ADA). The Rules will help to make sure appropriate security measures are implemented to protect any medical data that is collected on employees, and also ensure that privacy safeguards are put in place to restrict access to that data. Regulations for HIPAA-Covered and Non-HIPAA-Covered Wellness Programs The new rules proposed by the EEOC apply to wellness programs that involve medical examinations being conducted, in addition to any that make inquiries about disabilities. Wellness programs that are offered to employees as part of a group health plan are already covered under HIPAA regulations, and any data collected on the employees would be classed as Protected Health Information (PHI). That...
New HIPAA Breach Report Confirms Healthcare Hacking Increase
The cybersecurity threat faced by the healthcare industry has been widely reported as being at a critical level, yet data on the actual threat level is in short supply. A survey was recently commissioned by HITRUST – to investigate the actual threat level and this week a review of reported data breaches has been published on the matter. The latest study was performed by staff at Kaiser Permanente, an integrated managed care consortium, based in Oakland, California. The study looked at the hacking incidents which occurred between 2010 and 2013, with the findings recently having been published in The Journal of the American Medical Association – JAMA . The study shows that over the course of four years, hacking incidents involving Protected Health Information had almost doubled. In 2010, close to 5% of all data breaches involving HIPAA-covered data – and involving more than 500 individuals – were attributed to the actions of hackers or malicious software called malware. By the end of 2013 that percentage had risen to 9%. Dr. Vincent Liu was the lead author on the report. He...
OCR Gives Updates at HIMSS15 but no Timescale for Compliance Audits
The Department of Health and Human Services’ Office for Civil Rights has not used the HIMSS 2015 conference as a podium to announce the start of the long awaited second round of HIPAA compliance audits; although a number of OCR officials have given an insight into what it has in store for 2015. HIMSS 2015 is a time of learning for healthcare professionals. The protection of EHRs – and best practices and technology to adopt to protect them – is a major focus at this year’s conference. Cybersecurity is top of the agenda, and the recent high profile “mega-breaches” of recent months has got healthcare IT professionals looking for answers. The words “data breach” may be enough to bring out a cold sweat at the conference, although there were plenty in attendance on Monday for Marion Jenkins’s session – Chief Strategy Officer at 3t Systems- which gave a brief history of HIPAA, which examined a decade of data breaches. Jenkins recounted the enforcement actions already made by the OCR since it took charge of policing HIPAA, and pointed out that it has increased its enforcement...
Verizon 2015 Data Breach Investigations Report Released
The 2015 Verizon Data Breach Investigations Report puts the healthcare industry under the spotlight and reveals some of the major issues faced by the industry and the large gap that exists between where HIPAA-covered entities (CEs) are now with their data security protections and where they need to be to meet the minimum standards required by HIPAA. This is the eighth year that Verizon has released its security report and this year the data sample is bigger than ever, allowing greater faith to be placed in the report’s findings than in previous years. A total of 70 organizations contributed data for the report, an increase of 50% year on year. The company’s analysts looked at some 80,000 reported security incidents – up 26% from the previous year – and 2,100 reported data breaches, which is an increase of 55 percent from the previous year. The report goes into intricate detail about the data breaches that have been reported over the course of the past 12 months and offers advice on some measures that can be employed to improve security and protect confidential data. Verizon...



