Potential HIPAA Violations Settled by Washington County Government
HIPAA compliance is critical in healthcare; however it is not just hospitals and clinics that need to take note of HIPAA regulations. Local and county governments must also comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security and Breach Notification Rules or they face the consequences. Skagit County, Washington is paying the price for failing to implement the appropriate controls and safeguards to protect the data it held. Skagit County agreed to pay the OCR $215,000 following the exposure of data of seven individuals. Data was accessed by unknown third parties after ePHI data was unwittingly transferred to a server accessible to the public. The data breach was small but involved receipts and ePHI being made public. The investigation following the data exposure revealed numerous other HIPAA violations which potentially exposed the data of 1,581 individuals; data which included ePHI and other highly sensitive information covering the treatment, testing and management of infectious diseases. Other issues were uncovered in the...
Organizations Urged to Take Notice of HIPAA Omnibus Rule
The addition of the HIPAA Omnibus rule means organizations need to reassess their privacy and security practices to avoid a wider range of penalties for data security violations. The HHS Office for Civil Rights will start conducting random compliance audits next year and any organization found to be in breach of any HIPAA regulations will face stiff penalties. Recent audits have revealed numerous HIPAA violations which is a cause of serious concern. Many organizations have failed to implement strategies to protect data and become HIPAA compliant. If subjected to an audit, organizations must be able to produce documentation to demonstrate that appropriate efforts have been made to with regard to cybersecurity and that a compliance program has been put in place. Ignorance of current data security regulations is no defense and stiff penalties are being issued for HIPAA failures, including many the new additional penalties under the new Omnibus Rule. Fines for violations have also been increased. Under the new rule there are four areas under which a company can be fined for neglect...
ONC Submits Data Security Report to Congress
The adoption of health information technology has potential to expose patient data and can easily result in breaches of HIPAA regulations. On 2nd October, The Office of the National Coordinator for Health Information Technology (ONC) published a report to congress providing advice and recommendations on how new technology can be utilized in healthcare and how the secure exchange of health information can provide considerable patient benefits. The report, entitled Update on the Adoption of Health Information Technology and Related Efforts to Facilitate the Electronic Use and Exchange of Health Information, provided information on the barriers that are hindering the exchange of health information together with suggestions on how the federal government can take action to remove some of those barriers. ONC listed ‘Privacy and Security Protections for Health Information’ as one of its key building blocks to ensure smooth integration of IT in healthcare to ensure patient data privacy rights is protected. Congress was provided with a reminder of the Health and Human Services department’s...
40,000-Record Healthcare Database Stolen from Storage Shed in New Jersey
A bizarre report has been released this week on the theft of confidential patient records from a physician in New Jersey. The theft has potentially exposed the medical records of approximately 40,000 patients to unknown individuals. The patient records belonged to Dr. Nisar A. Quraishi, an internal medicine specialist and assistant professor of medicine at the NYU Langone Trinity Center in New York, who was storing the PHI in a shed at his office storage facility. The theft was noticed on Tuesday October 21, although the actual date of the theft remains unknown. Dr. Quraishi last visited his storage facility in August this year, and after leaving ensured that the shed was secured with two padlocks. This week, on his return to the shed, he discovered that both latches had been cut and on entering the shed he noticed that all of his patient records had been stolen. Dr. Quraishi was unable to provide the authorities with any details of the persons affected, only that the documents related to patients treated between 1982 and 2009, some of whom were possibly still being treated by the...
Data Privacy Breach to Cost Tenet Healthcare up to $32.5 Million
Tenet Healthcare is one of the leading providers of healthcare in the United States with the Texas based company operating healthcare facilities all over the country. For the past 17 years the company has been embroiled in a class action lawsuit stemming from a major data privacy breach at one of its psychiatric healthcare centers. The lawsuit was originally filed in 1997 following the potential exposure of confidential patient mental health information contained in boxes that were dumped outside Tenet’s facility in Algiers. The data related to patients of the JoEllen Smith Psychiatric Center and a class action lawsuit was filed to recover damages. The incident occurred when the center was ordered to be closed and the contents of the office were being cleared. While authorization was provided to empty the center of its contents, a number of boxes of medical records were included in the material to be disposed of and they were left in plain view in front of the shuttered healthcare center. The boxes contained thousands of detailed medical records including admission logs, diagnoses,...



