Health Insurance Firms Focused on Big Data and Wearables
There has a lot of hype surrounding wearable technology in recent months and over the past two years the industry has seen an incredible amount of investment in new technology as big brands and startups develop new ways to monitor, track and record body metrics and health information. Many new Smartwatches have been released this year with 2015 expected to see the market flooded with new wearable devices. Smartwatches may not yet have become mainstream products, but surveys show the public is ready to embrace new fitness and health tracking devices. There has also been considerable interest in the devices from insurance companies, with some experts believing wearables could cause a massive shake up in the industry and change how insurance premiums are calculated and sold to customers. If insurance companies want to sell more policies, reducing premiums can certainly win more business. If customers are unlikely to ever make a claim there is no reason why they should not be rewarded with lower premiums. High risk clients naturally should pay more to cover their higher risk level. The...
Children’s Hospital Settles HIPAA Violations with Mass. Attorney General
Only a month has passed since Boston’s Beth Israel Deaconess Medical Center reached a settlement with the Massachusetts Attorney General for HIPAA violations after a laptop was stolen containing unencrypted PHI. Now Boston Children’s Hospital joins the list of Boston healthcare organizations to be fined for failing to safeguard electronic patient health records. Under the Security Rule, all entities covered by HIPAA must ensure appropriate controls are put in place to protect ePHI. Attorney Generals are permitted to take action against HIPAA covered entities within their jurisdictions following changes to HIPAA regulations, and the Mass. Attorney General’s office is vigorously pursuing healthcare providers that violate data privacy and security laws. In contrast to the Beth Israel data breach, the information exposed in the BCH breach was contained in an email attachment. Because the data was not stored on the hard drive the hospital was unable to determine whether it was actually accessible through the laptop. The physician in question believed he had taken the appropriate steps...
Countdown to the HIPAA Compliance Audits
The countdown to the HIPAA compliance audits has begun. The HHS’ Office for Civil Rights has now implemented its new breach reporting portal which means the planning of the second round of the audits can begin in earnest. The long-awaited compliance audits look set to take place in 2015 and all covered entities need to be prepared. Background to the HIPAA Compliance Audits The Department of Health and Human Services gave its Office for Civil Rights the role of enforcing the Health Insurance Portability and Accountability Act, with the Enforcement Rule giving the legislation teeth in 2006. Organizations failing to comply with HIPAA Rules have since faced financial consequences if privacy and data security policies are not introduced to the standards demanded by the legislation. Part of the OCR’s role in enforcing HIPAA regulations is to conduct compliance audits. These were conducted between 2011 and 2012 and 115 organizations were audited. The Omnibus Rule and Business Associates The introduction of the HIPAA Omnibus Rule extended the coverage of HIPAA to include Business...
Malware Responsible for Reeve-Woods Eye Center HIPAA Breach
The Reeve-Woods Eye Center – an eye treatment clinic consisting of two centers in Chico, CA, and Paradise, CA – discovered on Wednesday, September 17, 2014, that malware had been installed on two of its computers. The malware was discovered by an IT consultant used by the clinic who established that the malware was taking screenshots of the computers; essentially making a digital photocopy of the data being viewed on the screen. As patient files were accessed, a snapshot was taken. This means that a wide range of data could potentially have been obtained by criminals responsible for the malicious software. The persons affected are those who have visited the center for treatment or otherwise have had their files accessed on either of the two computers on which the malware had been installed. The data potentially exposed includes names, addresses, contact telephone numbers, Social Security numbers, dates of birth, dates of service, medical insurance details, diagnosis and treatment codes, medical histories, Medi-Cal IDs and Medicare ID numbers, as well as any other data stored...
HIPAA Breach Report: September 2014
September 2014 HIPAA Breach Summary: The HIPAA Breach Notification Rule requires covered entities to report all data breaches involving HIPAA-covered data to the Department of Health and Human Services’ Office for Civil Rights. Breach reports must be submitted via its website portal, and CEs have 60 days from the discovery of the breach in order to do this. This report contains a summary of the breaches reported to the OCR during the month of September, 2014. Major HIPAA Breaches in September 2014 Large scale data breaches continue to plague the healthcare industry. Last month saw well over 4 million records exposed in hacking incidents, laptop thefts, improper access, disclosure and disposal or records. This month, while there were fewer incidents reported, most of which involved a few thousand records, Xerox State Healthcare, LLC (TX) reported a massive data breach in which approximately 2 million records were exposed. The incident was atypical for a HIPAA breach. Rather than records being exposed by hackers or the theft of computer equipment, this breach was caused following the...



