Watch out for Wearables if you Want to Avoid a HIPAA Violation
Wearable devices are rising in popularity and now Google Glass has been made available to all in the USA and UK, Apple is launching a Smartwatch and other big influential brands are heavily investing in wearables, the next few years could see the devices become the norm and used throughout the healthcare industry. Currently more than 25% of adults in the United States own a fitness tracker or use a Smartphone fitness tracking application and a considerable amount of personal health data is being now recorded. A recent survey conducted by Juniper Research has predicted that the wearables market will grow ten-fold over the next 4-5 years and over 180 million devices will have been sold by 2018. Google Glass is stealing the headlines; however Apps and fitness bands are the most popular method of tracking health and wellness at the present time. The data recorded could revolutionize healthcare allowing preventative steps to be taken to help patients avoid illness and injury. Smart glasses such as Google Glass may not prove so popular for consumers, but the benefits to business are...
Sony Pictures Confirms Breach Potentially Exposed HIPAA Data
Sony Pictures has made an announcement confirming the protected health information of some employees could have been exposed in this month’s security breach. Employees were sent a breach notification letter earlier this week containing details of the data the company believes was exposed. While the written notification letters have only just been mailed, an E-mail was sent to all affected employees earlier this month alerting them to the security breach and stating that computer records had been compromised. In that E-mail Sony Pictures suggested that all affected persons sign up for credit monitoring services with AllClearID; the company being used by Sony Pictures to help mitigate any damage caused. The notification letter reiterated the need to sign up for credit monitoring services and provided additional details about the breach, including more information on the scale of the data exposure. Earlier this month some computers at Sony Pictures were hacked in what appears to be a targeted attempt to steal company and employee data. Some of the data has already been posted on...
Concern that Drug Company Use of Patient Data Circumvents HIPAA
Pharmaceutical companies are using patient PHI to market their products, even though they are not permitted to have access to this information under HIPAA regulations, according to a recent report on Bloomsberg News. HIPAA covered entities are not permitted to disclose patient information to third parties for the purposes of marketing, yet pharmaceutical companies are obtaining the data from a different source. Drug companies are now seeking assistance from online data agencies that can provide them with the data they require to directly market products to the persons most likely to use their drugs. Marketing data is invaluable to drug companies as it enables them to market their products more effectively. The market for a particular treatment may be very small in terms of penetration so using traditional advertising methods is unlikely to produce the required number of sales. However, if a drug company obtained a list of patients who had been diagnosed with a condition that their drug treats, the volume of sales from its direct marketing efforts would increase substantially....
Amedisys Hospice to be Investigated for Potential HIPAA Violation
The discovery of documents containing the Protected Health Information of 17 patients of Amedisys Hospice, Tennessee has triggered an investigation over the potential HIPAA violation. Earlier this week, Sandra Rambo was walking with her daughter when she came across paperwork on the side of the highway. The pair noticed that the records contained information on patients, one of whom was the deceased husband of one of her neighbors. The information contained in the paper documents included private patient details such as identification numbers, medical conditions, information about previous hospice visits as well as personal details of patients who had visited the hospice according to a report on local radio station, WHHL. Rachel Seeger, Spokesperson for the US Department of Health and Human Services explained that in cases such as this, the DHHS works with the healthcare provider to resolve HIPAA violations and enters into a resolution agreement to ensure that the entity in question implements an action plan. That action plan must correct any privacy and security issues affecting...
Laptop Theft Causes HIPAA Breach Exposing Patient Data in Oregon
A new HIPAA breach has been announced affecting patients of an Oregon healthcare facility although the number of patients to be affected is currently unknown. The incident occurred in November when an employee of the Corvallis Clinic left a laptop computer in a vehicle while attending a work conference. The laptop was subsequently stolen from the car. The laptop contained unencrypted data of patients who had visited the clinic during the past two years, although the information was in a spreadsheet and the data it contained was limited and included patient names, dates of birth, name of the healthcare provider and the reason for the visit. The spreadsheet is not believed to have contained any Social Security numbers, driver’s license numbers or credit card details. There is no indication that the thieves have been able to access the data contained in the spreadsheet. The Clinic advised patients that the laptop was protected with a “highly secure” alpha numeric pass code and that it is improbable that the thieves would have been able to access the data. A notice has been posted on...



