Senior Health Partners Suffers 2.7K HIPAA Breach
The New York-based insurer, Senior Health Partners, has announced it has suffered a HIPAA breach that potentially affects up to 2,700 members. It is understood that the breach involves healthcare data and the notification warns that PHI has potentially been compromised. The breach was caused when two mobile devices were stolen from the apartment of a nurse employed by Premier Home Health; a Business Associate of Senior Health Partners. Some healthcare data was accessible via an unencrypted Smartrphone although the majority was encrypted on the laptop. Both devices were stolen from the nurse’s home on Nov 26, 2014. As a Business Associate of Senior Health Partners, Premier Home Health was required to sign a Business Associate Agreement and take steps to protect any PHI it holds on patients. Safeguards had been implemented including data encryption on mobile devices, which under normal circumstances renders the data unreadable in the event of theft. The HIPAA breach occurred because the security key needed to unencrypt the data was written in the laptop case, which was also stolen in...
2016 Budget Increases Funding for HIPAA Audit Program
The 2016 budget set by President Obama’s administration on Monday this week proposes a 4.8% increase in funding for the Department of Health and Human Services, while its Office for Civil Rights is to see a budget increase of 10% from the 2015 fiscal year; if congress approves the appropriation bills to provide the funding. The OCR had a proposed budget increase for the 2015 fiscal year, although it did not receive that additional funding; instead it received a flat budget following the signing of the Consolidated and Further Continuing Appropriations Act, 2015 on December 16th, 2014. The proposed 2016 budget raises funding for the Office for Civil Rights to $42.7 million – an increase of $3.9 million – which is intended to help it set up a permanent HIPAA audit program, and will allow the OCR to employ a further four permanent members of staff. The HIPAA Compliance Audit program commenced in 2011 with a series of pilot audits which highlighted numerous failures by the healthcare industry to bring policies and procedures up to date with the HIPAA Omnibus Rule of 2013, but also...
UMass Memorial Medical Group Announces HIPAA Data Breach
UMass Memorial Medical Group (UMMMG) has reported a HIPAA Breach that it first discovered over 9 months previously on April 9, 2014. UMMMG issued a notice on its website on January 30, 2015 explaining the incident and the delay in issuing notification letters to individuals affected by the security breach. The incident potentially affected up to 14,000 of the healthcare provider’s patients according to a report on MassLive. The letter announces the HIPAA breach and explains that a former employee of UMMMG accessed the billing records of a number of patients over a period of four months from January 7, 2014, to May 7, 2014. It is not clear at this stage whether any information has actually been used to commit identity or medical fraud, but the notice has been provided while the investigation into the incident continues. Law enforcement was alerted and later in August advised UMMMG that printed billing documents of some of its patients had been found in possession of an unauthorized individual. The data believed to have been accessed, viewed and copied include names, addresses, email...
Anthem Inc. Reeling After Behemoth 80M-Record HIPAA Breach
The Nation’s second largest health insurance provider, Anthem Inc, has been the target of a highly sophisticated cyberattack which has resulted in the theft of 78.8 million records, making this the largest ever data breach to affect the healthcare industry. The data breach is on a par with the Target data breaches of 2013 and 2014 which exposed a total of 110 Million confidential customer records and eclipses the Tricare Management Activity Data breach of 4.9 Million records in 2009 and the 1.9 million record breach of Health Net Inc. in 2011. The attack has reportedly exposed personal information including names, dates of birth, addresses and email addresses, along with Social Security numbers, Medical IDs, some income data and employment information, although no health data is believed to have been exposed and no credit card numbers were stored with the compromised data. Both employees and health plan members have been affected. The insurer discovered the data breach last week and notified the FBI of the attack. The agency is currently conducting an investigation, while Anthem is...
National Data Exchange Roadmap Released by ONC
The Meaningful Use program has helped encourage healthcare providers to make the move from paper files to electronic health records. Now the majority of organizations have moved to EHRs, the next step is for further policies and procedures to be developed to allow the healthcare industry to obtain the full benefits of digital record-keeping. Covered entities must continue to invest in technology to improve communication of data while also employing the appropriate safeguards to protect it from prying eyes. To help the industry achieve the main benefits of EHRs, while ensuring the data is properly protected, the Department of Health and Human Services’ Office of the National Coordinator for Health IT has been working on a roadmap. The ONC Interoperability Roadmap – A 10-Year Plan for EHRs The first draft of the roadmap has now been issued. The main aim of this new Interoperability Plan is to make it possible for physicians and other medical professionals to obtain quick access to EHRs and to be able to view and share patient data in a timely manner. Access to this information...



