Potential HIPAA Violations by Minnesota Blue Cross Blue Shield Nurse and Hospital
According to a Monday WCCO-TV news report, a nurse employed by Minnesota Blue Cross Blue Shield stands accused of illegally accessing a state database containing the prescription drug records of approximately 1 million state residents. The database – administered by the Minnesota Board of Pharmacy – contains names, addresses and prescription records and was set up in an attempt to monitor the abuse of pharmaceutical products and prescription drugs. When an individual has an addiction, they usually visit multiple locations to obtain their prescriptions and by monitoring the database cases of medication abuse and addiction can be identified. Minnesota Blue Cross Blue Shield is permitted to access the database in order to monitor drug use in state-run medical programs and receives payment from the state to do so. Two employees are granted access for this purpose. In 2010, the Minnesota Department of Human Services and Blue Cross Blue Shield gave one of its registered nurses, Jim Johnson, access to the database for this purpose. In March 2012 he was reassigned and another...
Study Says Website Security Gap in HIPAA Rules is Being Exploited
A recent study into privacy violations on the web has been released indicating that the majority of searches for health information by third-party companies could potentially result in them obtaining Protected Health Information. The study – Privacy Implications of Health Information Seeking on the Web – was devised and conducted by Timothy Libert, a Pennsylvania doctoral student. He claims that the third parties using this method to obtain data included data brokerages and online advertising companies. The problem is widespread with 91% of health-related websites initiating HTTP requests to third parties and these requests, in 70% of cases, contained information that included symptoms and treatments of diseases. The data that is recorded on consumers is extensive, and the study cites Facebook, Google and ComScore which were found to have collected data on approximately a third of users, with Google topping the table having collected data on 78% of its users. The problem with this invasion of privacy is the information could potentially be used to discriminate against...
Dallas Hospital Sued by Ebola Nurse for HIPAA Privacy Violation
The Ebola epidemic raised questions about the privacy of individuals and when information about illnesses can be disclosed. There was considerable confusion about when Protected Health Information can be disclosed in emergency situations “for the public good.” In the case of an outbreak of a highly infectious – and potentially fatal – disease, disclosing information about the victims is a necessity if the disease is to be controlled. The release of information about the victims makes it easier to determine who that person may have come into contact with and is important to stop the spread of the disease. However, in some HIPAA violation cases, the disclosure of information has potential to lead to discrimination. Public knowledge of medical information about an individual can cause mental anguish as well as the victim to suffer financially. The most recent example comes from a nurse who served in a Dallas Hospital operated by the Texas Health Resources during the outbreak. Nina Pham, a 26-year old nurse, worked at the Texas Health Presbyterian Hospital Dallas and helped to treat a...
Why is the OCR Not Issuing More HIPAA Fines?
The Department of Health and Human Services’ Office for Civil Rights is tasked with policing HIPAA, and there has been no shortage of HIPAA violations of late, so why is the OCR not issuing more HIPAA fines? Huge Data Breaches – Numerous HIPAA Violations – 22 Financial Penalties Since October 2009, 1,140 data breaches affecting more than 500 individuals were reported to the OCR, while there were more than 120,000 breaches involving fewer than 500 individuals. Out of those incidents – including a large number that involved or directly resulted from HIPAA violations – only 22 have warranted OCR HIPAA penalties according to research conducted by ProPublica. The OCR has been reserving financial penalties for organizations that “have involved systemic and/or long-standing”, and is cautious about exercising its rights and fining HIPAA violators. Interestingly, the California Department of Public Health is more active when it comes to holding healthcare organizations accountable for their lack of attention to HIPAA legislation. It too has issued 22 fines to HIPAA...
Up to 18.8M Non-Customers Also Affected By Anthem Data Breach
Anthem has issued a statement confirming it is not only its own customers that have been affected by the mega data breach it suffered, but also between 8.8 million and 18.8 million individuals who are members of Blue Cross Blue Shield health plans of other insurers. According to Reuters, this is the first time that Anthem Inc. has announced that the customers of different insurance companies may also have been compromised in the cyber attack. Anthem is a member of an insurance network that runs Blue Cross Blue Shield plans, and customers signing up for these health plans are able to obtain medical services via any of the hospitals or medical centers signed up for the plan. BCBS covers 105 million Americans and is operated by 37 different healthcare providers. Anthem runs healthcare plans in 14 states under Blue Cross Blue Shield and is the country’s second-largest healthcare insurer. Because of this association, Anthem held data of patients belonging to BCBS health plans provided by other insurers, and that data, it would appear, could have been obtained by hackers. The original...



