Online Portal Glitch Causes California HIPAA Breach
A California Not-for-Profit organization has issued a breach notification after it discovered that an online application it used to process applications was found to be insecure, which may have resulted in the Protected Health Information (PHI) of a number of individuals being disclosed. The Painted Turtle is a camp for children suffering from life-threatening illnesses and places in the program are provided free of charge. When parents or legal guardians apply for a place at the camp, they are required to enter information into an online portal as part of the application process. While the system was believed to be secure and HIPAA-compliant, a software glitch potentially resulted in application information being made available to the person who was listed as a reference in the application. The data recorded by the portal includes personal information about the applicant and potentially also Social Security numbers, Driver’s license numbers, personal medical information, employment details and names and addresses. Painted Turtle confirmed that no financial information – bank...
Florida Nurse Accused of Stealing HIPAA-Covered Data and Exploiting the Elderly
Access to Protected Health Information (PHI) is alleged to have been abused by a home health nurse from Lee County, Florida, who stands accused of accessing and using HIPAA-covered data and using that information to open credit card accounts and defraud at least 8 of her patients, according to a Lexicology report. The woman opened fraudulent credit card accounts by using patient names and PHI and used the cards to go on a spending spree. According to police investigators, the woman purchased gift cards, electronic devices and made expensive repairs to her vehicle. While the woman could have been charged under HIPAA regulations, the charges filed against her are for the criminal use of personal information and exploitation of the elderly. Improper use of Protected Health Information (PHI) and abuse of patients can be difficult to identify, especially when care is provided at home. Patients may not feel safe enough to report abuse, and in the case of financial, medical and identity fraud, the patients may not even be aware that they are victims. In-home care is necessary and it can...
HIPAA Breach Triggers IT Security Audit: Anthem Refuses
The Office of Personnel Management’s (OPM) Office of the Inspector General (OIG) conducts security audits on healthcare organizations participating in the Federal Employees Health Benefits Program (FEHBP). Following the massive HIPAA breach at Anthem., Inc last month, the OIG decided to conduct a new information technology security audit on the insurer. The OIG Information Technology security audits set out to determine if security vulnerabilities exist that could potentially be used by hackers to gain access to servers and internal computer systems. The audits are not comprehensive, instead that samples a small proportion of the organizations servers to help build an overall picture of data security and whether sufficient steps have been taken to prevent hackers from conducting malicious cyber attacks. The audits consist of automated vulnerability scans and accompanying configuration compliance audits; however according to reports, Anthem refused to cooperate fully with OIG auditors and restricted access to its servers, claiming that the provision of access would violate corporate...
Indiana State Medical Association Suffers Major HIPAA Breach
The Indiana State Medical Association has reported a HIPAA breach as a result of the theft of two backup hard drives containing healthcare and insurance information of almost 39,000 individuals. The hard drives contained group health and life insurance databases, with the data including Social Security numbers, medical histories, health plan numbers, email addresses, dates of birth and names and addresses that were supplied on health insurance applications. The backup drives were being transported to an off-site storage facility as part of the group’s disaster recovery plan when they were stolen in what the ISMA called a “random criminal act.” According to the breach notice placed on the ISMA website, 39,090 individuals were potentially affected although the exact data compromised varies from individual to individual. Social Security numbers were present in the databases, but not for all individuals. As a result the decision was made to send individual breach notification letters explaining the exact information that was compromised. Affected individuals are being offered credit...
Delegates Prepare for the 23rd National HIPAA Summit
Next week, government department heads and industry leaders will meet at the 23rd National HIPAA Summit to give updates on the progress that has been made over the past 12 months and to provide information on new laws and regulations. The summit also offers an opportunity for compliance officers and other healthcare professionals to receive training on a wide range of healthcare IT and HIPAA-compliance issues. The threat of cyberattacks on healthcare providers has risen to an all time high and healthcare costs are spiraling out of control. The industry may be in critical condition, yet healthcare providers, health plans and other covered entities must find the funding to improve data security and protect the privacy of patients and health plan members. Since the introduction of HIPAA this has been a major challenge, but with the introduction of HITECH, the Affordable Care Act (Obamacare), the move to IC10 coding and the passing of the HIPAA Omnibus Rule the challenge has grown. HIPAA-covered entities now face a huge financial and administrative burden to comply with these...



