Touchstone Medical Imaging Suffers 307K Patient Data Breach
A Tennessee-based provider diagnostic radiology services has announced that it has suffered a data breach that has potentially exposed the billing information and personal identifiers of 307,000 individuals from all over the United States. Touchstone Medical Imaging, LLC discovered an infrequently used folder containing patient data was accessible via the internet. The issue was discovered on May 9, 2014 and access to the folder and the files it contained was immediately blocked. According to a statement released by Touchstone Medical Imaging, “We immediately secured the folder and removed it from public view. We also began an internal investigation, which initially led us to believe that the patient information in the folder was not readable.” The statement went on to say “On Sept. 5, 2014, we obtained new information that suggested that the patient information may have been readable and included patients’ names, dates of birth, addresses, telephone numbers, health insurer names, radiology procedures, diagnoses and in some instances, Social Security numbers. Medical...
November 5th Deadline to Obtain Health Plan Identifier for Group Health Plans
The Department of Health and Human Services (HHS) has now issued the final version of its regulations following the passing of the Affordable Care Act (ACA), which will require all group health plans to use a health plan identification number (HPID) to conduct standard transactions. Do you need to take immediate action? If you are responsible for a large group health plan – with over $5M in receipts per annum – you must obtain a HPID before November, 5 2014. Small group health plans will also require a HPID, although not for another 12 months. The deadline for small health plans to obtain a HPID is Nov, 5 2015. The HPID will be required on standard transactions involving the electronic transfer of health data under Health Insurance Portability & Accountability Act of 1996 (HIPAA) regulations. Claims, authorizations, payments and enrolments will all require a HPID, and while group health care plans will not be required to use the identity number until November 7, 2016, a deadline has been imposed on obtaining a HPID number. CHPs and SHPs Controlling Health Plans (CHPs) and Sub...
Breakthrough in HIPAA-Compliant Remote Diabetes Care
The FDA-cleared Remote Patient Monitoring system from ALR Technologies’ (ALRT) has been hailed as a potential breakthrough in remote diabetes care. The system providing doctors and health care professionals with a method of being reimbursed for time spent providing remote treatment to long term diabetes sufferers and to receive recompense for the chronic care management services provided. The system – termed Health e-Connect – is an off-the-shelf software system that helps to connect diabetes patients with care providers, no matter where the team members are based in the country. Members of the care team are able to log on through a secure web portal and enter data and communicate with the entire team. Based on the payment system and schedule due to be decided on Nov 1, 2014, the Centers for Medicare and Medicaid Services (CMS) would issue doctors a monthly payment of $41.92 for the provision of up to 20 minutes remote care per patient. Once the system is implemented and ALRT begins invoicing for its services, the system could generate up to $2.3 million in monthly revenue...
Cybercriminals Target Health Care Organizations for Patient Medical Data
The value of patient’s confidential medical data has risen to ten times that of credit card numbers on the black market according to recent Reuters reports. Medical data can be used by cyber criminals to fraudulently obtain products and services – as with credit cards – although medical data theft has the advantage of being harder to detect than other cyber crime activities such as credit card phishing. Hackers are now targeting health organizations in an attempt to obtain confidential patient data and other personally identifiable information from their websites, databases and internal computer systems. The threat of attack has prompted the FBI to issue warnings to a wide range of organizations in the health care sector alerting them to the risk of cyber theft of data. The warning was issued following the theft of 4.5 million patients’ data by a group of hackers in an attack on Community Health Systems. The theft ranks as the biggest HIPAA data breach by hackers and the second largest data breach in history. In this case the data obtained was non-medical in nature,...
Pennsylvania Hospital Advises of Data Breach
Penn Highlands Brookville has issued a public notice confirming a recent “data security incident”, which the Pennsylvania Hospital says involved the data of 4,500 patients under the care of Barry J. Snyder, M.D. The statement was issued as a PHIprivacy press release. Penn Highlands Brookville is part of a quartet of Dubois, PA hospitals comprising Penn Highlands Healthcare, although this incident only affected one doctor’s patient database. On August 14, 2014 a server containing Barry J. Snyder’s patient database was found to have been compromised. A third party had gained access to the server on which the data was stored and potentially had access to protected health data of all of the doctor’s patients. It could not be determined whether the intruder had actually accessed any of the patient data. The data was held on a server belonging to an Ohio third party vendor under contract to maintain Dr. Snyder’s records. The data stored on the server included names, addresses, social security numbers, medical and insurance information, driver’s license numbers, telephone numbers and the...



