Highlands-Cashiers Hospital Reassures 25K Patients After Possible HIPAA Breach
Highlands-Cashiers Hospital of Macon County, North Carolina, has informed 25,000 patients of a security vulnerability that left the PHI of some of its patients unprotected for a period of four months, between May and September, 2014. The healthcare provider employed a business associate, TruBridge, to handle some of its healthcare information however the company made a configuration error which potentially exposed the health records of approximately 25,000 individuals. The vulnerability was discovered during routine security screening procedures on Sept 29. HCH identified information such as patient names, addresses, dates of birth, Social Security numbers, health insurance details, diagnoses and treatments were all potentially accessible and were not protected by the company’s firewall. Immediate action was taken and new firewalls were installed to correct the issue and the data has now been made secure and there is believed to be no further risk of exposure. The hospital hired a forensic investigation company to assess the extent of the data breach and the investigation found no...
5 Actions to Take to Secure Healthcare IT Systems and Prevent HIPAA Breaches
The publishing of data from the 2013 Survey on Medical Identity Theft by the Ponemon Institute has highlighted the prevalence of medical identity fraud and has shown the crime is becoming much more commonplace. Over the course of past 12 months the number of reported cases of medical identity fraud has risen by 20%. There are now believed to be over 1.84 million Americans now affected by medical identity fraud. The cost is colossal and is a huge drain on the economy, while the victims have had to cover over $12.3 billion in out of pocket expenses. Many of the victims have had their medical records exposed in data breaches at healthcare organizations. If data breaches result from violations of HIPAA regulations, healthcare organizations can be held accountable. The HHS Office for Civil Rights is issuing substantial fines for non-compliance and class action lawyers are keen to sign up victims of data breaches to claim damages. Even in cases where PHI has been accidentally exposed or been deliberately hacked, healthcare organizations can still face hefty fines. In extreme cases it is...
Long Island Radiologist Arrested over HIPAA Violation
The arrest of a Long Island radiologist on Dec 3, 2014 has prompted Nassau County District Attorney, Kathleen Rice, to call for changes to the state legislation to bring in stiffer penalties for doctors and healthcare professionals who abuse their positions and steal confidential data from their employers. Currently state laws do not permit criminal charges to be brought against individuals who are found to have obtained personal identification information relating to patients, in fact the current NY statutes do not even make it a crime to steal or maliciously disclose patient health information. Due to this loophole, Richard Kessler, M.D., will only be facing three misdemeanor charges for stealing the records of 97,000 patients from the Long Island medical practice where he worked. Current legislation allows him to be charged for petty larceny, unauthorized use of a computer and unlawful duplication of computer related material; charges which carry a maximum penalty of 1 year in prison if he is convicted. The theft of Protected Health Information (PHI) is covered under federal...
Outsourcing IT to HIPAA Compliant Data Centers is a Viable Solution
Healthcare organizations are facing an increasing financial and logistical burden as a result of stricter HIPAA privacy and security rules. Additionally, as the volume of electronic data increases, healthcare organizations must allocate extra resources to their IT departments to ensure that the data is protected and IT systems are made more robust. Most healthcare centers operate with strict budgets and often there are insufficient funds to develop the necessary IT infrastructure to ensure HIPAA compliance; however with audits being conducted by the Office for Civil Rights, doing nothing is not an option. Heavy fines are being issued for each instance of non-compliance found by the OCR which are far in excess of the cost of upgrading current systems. In order to comply with current regulations, healthcare organizations must either invest in their IT departments and upgrade their existing data centers, or if this is not viable, construct new data centers and incorporate the latest technology, hardware and software to ensure the ePHI of patients is properly protected. There is also a...
Employee Snooping Results in Exposure of 200K HIPAA Covered Records
The Early Learning Coalition of Palm Beach County has announced that a former employee has inappropriately accessed a database containing the medical records of up to 230,000 patients. The database contained personal information of parents and children who have attended centers or received services from the coalition. The affected individuals are believed to be those having received school readiness services or participated in the Voluntary Prekindergarten Education Program according to a statement made by the ELC. The unauthorized access occurred at the Belle Glade office of Family Central Inc. and has been confirmed as having affected 37 patients, although the matter is still under investigation and the final number of victims is not yet known. Data potentially accessed included personal information such as names and contact details, and almost half of the records in the database contained Social Security numbers. The former employee, who was not named in the statement, “accessed the database in an unauthorized manner in order to obtain the personal information, including social...



