New California Health Data Privacy Law Plugs Holes in HIPAA
The Confidential Health Information Act came into force in California on January 1st, 2015 and provides greater privacy protection for individuals who are covered by a health plan but are not the actual policy holder. Many individuals are covered by health insurance on a policy belonging to a parent or spouse; however when communications are sent out by the health plan operator, correspondence is usually addressed to the policy holder rather than the individual concerned. This could potentially result in the disclosure of Protected Health Information to the holder of the health plan policy. The new legislation amends the State’s Confidentiality of Medical Information Act and has been introduced to give individuals the right to determine to whom information is disclosed and to ensure that even non policy holders are given the right to keep their medical information private. The Health Insurance Portability and Accountability Act does cover these individuals and allows them to make a confidential information request to the provider of their health plan, although insurance companies...
Major HIPAA Data Breaches Make 2014 a Landmark Year
2014 has been a landmark year, although unfortunately for the healthcare industry, for the wrong reasons. This year has seen some of the largest recorded HIPAA data breaches ever to affect the healthcare industry, exposing the protected health data of millions of patients and costing the healthcare industry as a whole many tens of millions in fines and levies. The healthcare industry accounted for 42.3% of all data breaches recorded this year according to the Identity Theft Resource Center Report for 2014, and healthcare providers have been responsible for exposing the Protected Health Information of over 8 million Americans in 322 recorded breaches. Healthcare Industry Warned of Major Breach Risk The year had only just begun when the FBI released a stern warning to the healthcare industry that cybercriminals were likely to target the healthcare sector in the coming months, and that medical devices and hospital networks were under an elevated risk of a targeted attack. The FBI attributed the increased threat to the “mandatory transition from paper to electronic health records, lax...
Certificates of Creditable Coverage No Longer Required Under HIPAA
Certificates of Creditable Coverage were required by health plan providers and insurers under the Health Insurance Portability and Accountability Act (HIPAA); however the issuing of a final rule of the Affordable Care Act (ACA) has changed that requirement. As a result, Certificates of Creditable Coverage are no longer required for new health plans or any issued since January 1st, 2014. Continuous coverage is guaranteed by HIPAA legislation for retirees taking advantage of the Consolidated Omnibus Budget Reconciliation Act (COBRA) as well as individuals who change employment or health plan policy. To help offset a preexisting condition exclusion under a new health plan, administrators were required to issue a Certificate of Continuous Coverage 30 days prior to the end of coverage or 30 days before employment was left. From 1st January, 2014 until 31st December, 2014, health plan providers have not been able to impose pre-existing conditions exclusions on enrollees in health plans and as of 1st January 2015, Certificates of Creditable Coverage will no longer be required to be...
Denver Medical Center Reports HIPAA Privacy Violation
The Medical Center of Aurora, Colo, has suffered a potential HIPAA violation that exposed the data of 20 of its patients, according to a recent Fox31 Denver news report. The incident involved paper records which were provided to a patient by mistake. Karen Billings was leaving the hospital after having received treatment, and in her discharge file was the paperwork of 20 other patients. She told reporters “I was shocked. I was mad. I was hurt that I had somebody else’s information,” The accidental disclosure of Protected Health Information (PHI) occurred on Nov 22, 2015; and since Billings was in the hospital at the time, the matter was swiftly dealt with. Or so it would seem. A nurse took the file from Billings and removed the sheets corresponding to other patients and handed back the file to Billings, who returned home. When she got back and checked her paperwork she found that she still had seven pages of medical information relating to 20 other patients. The data included in the paperwork included the name of the patient, their data of birth, the name of the procedure that was...
Patch and Update Computer Software or Face a HIPAA Sanction
In order to comply with Health Insurance Portability and Accountability Act regulations it is essential that all healthcare and health plan providers use appropriate safeguards to keep the personal and medical information of employees and patients private. There are many potential security risks when maintaining a database of patient medical records, whether the data is stored on in-house servers, managed by external contractors or hosted in the cloud. The only way it is possible to be certain that all vulnerabilities are identified is to conduct a comprehensive risk assessment of all IT systems, including any hardware and software that touches the PHI. Software quickly becomes outdated and needs to be regularly updated to maintain its functionality. As software engineers discover vulnerabilities, patches are developed and made available for download. It is essential that these patches and software updates are run on all terminals and mobiles running on the software to ensure the systems and data are unwittingly exposed to attack. Applying software patches is as important as...



