10 HIPAA Breach Costs You May not Be Aware of
A data breach is less of a possibility and more of inevitability in 2015. Cyber crime is on the increase and the healthcare industry is under threat, with major attacks already having exposed millions of records – with last year’s tally having already been surpassed by some distance. Determining the data breach financial impact can be difficult as there are variables that cannot be accurately predicted immediately after a breach has occurred. Civil claims for damages will almost certainly be filed, although the number of victims of fraud will not be known for many years, neither the damages which will need to be covered. The Department of Health and Human Services’ Office for Civil Rights investigates data breaches; however it can take time for an assessment to take place. A full compliance audit may be required, the findings assessed and financial penalties considered. Settlements can take a number of years to be reached and there is no telling how many violations will be discovered by its auditors. Each violation category carries a maximum fine of $1.5 million in cases where the...
Employees Steal 9,000 Patient Records From Florida Hospital
The massive data breaches of Anthem and Premera highlight the real and present danger of HIPAA breaches from hackers, but there is also a major threat from within. Hospital employees may not be responsible for the largest breaches, yet staff snooping on hospital records is a serious problem. Each year employees view and copy the data of tens of thousands of patients, with 9,000 records potentially compromised in the latest case of employee snooping, according to a report in the Daytona Beach News Journal. Two medical professionals working at an unnamed Florida Hospital in Orlando have recently had their employment contracts terminated after the hospital discovered that patient records had been inappropriately accessed. The employees were based in Orlando, and reportedly had access to the patient records at eight Florida hospitals: Florida Hospital Orlando; Florida Hospital Altamonte; Florida Hospital Apopka; Florida Hospital East Orlando; Florida Hospital Kissimmee; Celebration Health; Winter Park Memorial Hospital and Walt Disney Pavilion at Florida Hospital for Children, although...
Premera HIPAA Breach: Insurer Certified as HIPAA Compliant
In the aftermath of a major HIPAA breach, the spotlight is shined on healthcare providers and insurers’ and they investigated to determine whether the breach was preventable, and if it was caused by violations of HIPAA regulations. In the case of Premera, hackers were able to infiltrate the insurer’s computer network and gain free access to patient healthcare records for a period of 10 months. The insurer has been criticized for the breach, in particular for failing to audit its internal computer systems regularly; a measure which could have identified the breach much more quickly and thus would have limited the damage caused. While attention is focused on the insurer and potential HIPAA violations, according to the U.S Office of Personnel Management, the insurer was deemed to be HIPAA-compliant after an audit of its systems last year. The U.S Office of Personnel Management conducted general testing of Premera’s information systems in January 2014, in addition to a full application control audit. While the Office for Civil Rights is tasked with auditing healthcare providers on...
65% of Patients Would Avoid Companies that Suffered a HIPAA Breach
Healthcare organizations and insurers face major financial penalties for HIPAA data breaches that they inadvertently – or willfully – cause; however the results of a recent survey indicate that the fines issued by Attorney Generals and the Office for Civil Rights pale into insignificance compared to the loss of income that results from patients changing healthcare provider after a data breach. The survey, conducted by TransUnion, found that 7 out of 10 patients (65%) were willing to change healthcare providers if the company was affected by a data breach. While not all of those individuals would actually change providers, the figures are worrying and send a message to HIPAA-covered entities that data security and patient privacy must be made a priority. The survey showed that older patients were less willing to make the change. Almost two-thirds of respondents over the age of 55 said they would be unlikely to switch providers, while 73% of individuals in the 18-34 age category said they would make the switch following a data breach. The discrepancy has been attributed to the...
No Fees for Health Exchange Say Patients
The Society of Participatory Medicine – in conjunction with ORC International – has released survey data that indicates that three-quarters of patients believe that Protected Health Information (PHI) should be easily and freely shared between hospital workers, physicians, and other healthcare providers. The lack of sharing and poor interoperability is believed to have a serious impact on the medical care that patients receive. According to the poll, a fifth of patients had previously experienced difficulty receiving medical care because their healthcare data was not shared between providers. A PWC survey indicated that it is not only the sharing of data that is a problem. When data is shared, in 60% of cases providers face significant delays in accessing the required information. In addition to the full sharing of information between authorized individuals, 87% of patients said that they believed that access to their PHI should be free of charge. One of the issues that doctors have to face is that providing access to PHI incurs a significant cost: Healthcare providers are...



