HIPAA Breach Report: August 2014
August 2014 HIPAA Breach Summary: HIPAA Regulations require all covered entities to submit a report of any breach affecting more than 500 individuals to the Department of Health and Human Services’ Office for Civil Rights. Covered entities only have 60 days in order to make the report or they face a breach notification penalty. This report contains a summary of the breaches reported to the OCR during the month of August, 2014. Major HIPAA Breaches in August 2014 August saw a high number of HIPAA breaches reported in which over 4 million individual records were compromised – more than the total number of individuals affected by data breaches in the first six months of the year. The majority of the victims were created by a huge data breach at Community Health Systems Professional Services Corporation (TN) which exposed the records of 4,500,000 individuals. The CHS HIPAA breach was one of the largest ever recorded, and resulted in hackers obtaining personal identifiers and Social Security numbers, in what was described as “a highly sophisticated attack”. In any other month the...
How Providence Anesthesiology Leveraged Smartphones to Improve Communication with Field Staff
Healthcare providers have a challenge ahead of them if they are to improve communication with field staff and other mobile workers; how to do so without exposing patient data and violating HIPAA Rules. Providence Anesthesiology Associates opted to use a secure messaging platform to help stay in touch with critical members of the care team, and is now reaping the rewards. Communicating with mobile workers and field staff is convenient, fast and easy via Smartphones; whether they are owned by an employee under a BYOD scheme, or provided by employers. However, ensuring communications remain HIPAA-compliant is difficult. PHI cannot be transmitted via insecure channels, meaning standard communication methods available through mobile devices cannot be used. If PHI is to be transmitted via an insecure channel, HIPAA requires the data to first be encrypted. To ensure remote workers do not inadvertently violate HIPAA Rules by using insecure channels to communicate PHI, HIPAA –covered entities should consider using a HIPAA-compliant text message platform that will allow the transmission of...
Indiana Court Upholds $1.44M HIPAA Privacy Breach Award
Walgreen Co. has lost an appeal against the $1.44 million award for damages it was ordered to pay after a HIPAA Privacy Rule breach resulted in confidential patient PHI being shared with unauthorized individuals. This is the first time that the action of an employee has resulted in a healthcare provider being held liable for a violation of the Health Insurance Portability and Accountability Act. The Indiana appellate court decision could well set a legal precedent in cases where employees have violated HIPAA regulations and sensitive patient data has been shared with third parties. Walgreen Co. v. Abigail E. Hinchy In July 2013, a Marion Superior Court jury awarded $1.44M in damages to Abigail Hinchy after a Walgreen pharmacist shared PHI with a third party about a client who had dated her husband. A pharmacist at Walgreens at 6269 W. 38th St. in Indianapolis improperly accessed Hinchy’s prescription history. Hinchy had once dated her husband and had his child and the pharmacist knowingly accessed her prescription history and personal information and divulged that information. The...
Importance of Encryption for HIPAA Compliant Organizations
Recent cyberattacks on big corporations have demonstrated that no company is safe from cybercriminals. Individuals and groups of hackers will take advantage of easy targets, and even well known companies with considerable resources to allocate to cybersecurity have suffered highly damaging attacks. The security breach at Target in November 2013 cost the company the sum of $148 million. Investment in data encryption and other cybersecurity measures can therefore be considered money exceptionally well spent. Private and confidential data must be kept secure and one of the easiest methods to use is data encryption. Encrypted data is scrambled and indecipherable to unauthorized users. The theft of a device containing an encrypted database means loss of equipment not loss of data and the fines and lawsuits which that entails. Data Encryption Options It is possible to encrypt data stored on servers, hard drives, PCs and other devices but also of vital importance to secure data in transit between devices and over the internet to prevent interception. Encryption can be used for...
Congress Asked by Mobile Health App Industry to Amend HIPAA
Software companies and mobile phone application developers are concerned about HIPAA regulations and many believe the legislation is hampering innovation. The industry accepts the need for strict controls to ensure data is recorded, stored and transmitted securely, but that there is some way to go to strike a good balance between data security and product development. The App Association represents mobile phone app developers, with the organization communicating its concerns this month in a letter to congress. The letter was sent to U.S. Representative Thomas Marino (R-PA) who has already made an effort to help remove some of the barriers faced by the mHealth industry and mobile App developers. The mobile phone app industry is reportedly worth an estimated $68 billion and the App Association represents some 5000 members. It has voiced concern about key areas which require federal government intervention and has requested that regulations be updated to allow mobile health apps to be developed and for growth to be promoted in the sector. Several innovative applications have been...



