Colorado Behavioral Health Patients Advised of HIPAA Breach
A recent postcard mailing by the Colorado Department of Health Care Policy and Financing has, albeit accidentally, disclosed protected health information on patients and is in breach of HIPAA regulations. The breach has now been made public and the patients concerned have been notified by mail. The HIPAA breach was due to a survey being mailed to approximately 15,000 patients, each of whom had received treatment through Medicaid or the Office of Behavioral Health belonging to the Department of Human Services. The HIPAA violation was not due to social security numbers and addresses being listed in the communication or any other information which could potentially be used by thieves or fraudsters. The HIPAA violation was for using a postcard rather than a sealed envelope for the survey. By using a postcard the name and the address of the recipient was clearly visible, while the survey identified them as being behavioral services patients. The survey contained questions about the behavioral health care services they had received and someone other than the intended recipient could...
HIPAA and Healthcare Data Compliance
Access to healthcare can be considered a basic human right, although many counties have different views on the services that are provided by the state, and to whom. Privacy is also important and can also be considered a basic human right, with the rights of individuals showing just as much variation. In the UK, British citizens have access to the National Health Service. Formed in 1948, the NHS provides universal healthcare to all but there is no common law right to privacy, although privacy issues can usually be resolved in court. Across the Atlantic in the United States, privacy laws affect how doctors can operate. If they want to assess how effective treatments are across the country for the treatment of a particular disease, privacy laws prevent them from having automatic access to data from any patient who is not their own. This is a problem, as sharing of patient data enables doctors to gain a better understanding of the treatments that are working the best. A way around this is for doctors to share some of their patient data using a service such as Sharepoint. Data can be...
Data Breaches Prompt Change in Florida Law
A new state law has been passed to give Florida residents greater protection by ensuring both private companies and government agencies store electronic data securely. The recent spate of cyber attacks and HIPAA breaches have highlighted the fact that consumers now face a very real threat and that their personal and confidential data could fall into the hands of criminals. The elevated risk has prompted Florida to draft new legislation to better protect its residents and in July of this year the Florida Information Protection Act of 2014 (FIPA) came into force. The new FIPA act is similar to the Health Insurance Portability and Accountability Act of 1996. The legislation has been introduced to protect the privacy of consumers and to hold offenders accountable for data breaches. The Attorney General’s Office also wants rapid action following a data breach to limit the harm, damage and loss caused. By sending notifications to victims promptly they are able to take action to protect their identities and prevent further loss or damage. Under FIPA, organizations must take...
HIPAA Breach Report: July 2014
July 2014 HIPAA Breach Summary: The HIPAA Breach Notification Rule demands that Healthcare providers, health plans healthcare clearinghouses and BAs report data breaches involving more than 500 individuals to the Office for Civil Rights of the HHS within sixty days of discovery of the breach. This report contains a summary of the breaches reported to the OCR during the month of July, 2014. Major HIPAA Breaches in July 2014 A number of large scale HIPAA breaches were reported to the Office for Civil Rights in July, exposing more patient records than in any other month since January this year. The data breach at the Montana Department of Public Health and Human Services (MT) is the largest reported HIPAA breach of the year, exposing 1,062,509 records. This is almost as many records as were exposed in the HIPAA breaches at Horizon Healthcare Services, Inc., (January) and Sutherland Healthcare Solutions (May) combined. Human error was cited as the reason for a data breach at St. Vincent Hospital and Health Care Center, Inc. (IN) after 63,325 individuals received a mailing in which...
Community Health Systems HIPAA Breach Lawsuits Mount
The data breach at Community Health Systems which was reported in August was the second largest in history, with 4.5 million records potentially accessed by a suspected group of Chinese hackers. The successful attack and data theft has left millions of patients potentially exposed and at risk of identity theft and financial loss. The data accessed included personal information such as names, addresses, social security numbers and date of births; information the thieves can use to create fake documents and run up huge debts. The HIPAA breach has understandably resulted in legal action being taken against CHS by some of the victims, with at least two class action lawsuits now filed against the healthcare provider and operator of 206 nationwide hospitals. A class action lawsuit has been filed by firms Slack & Davis and Branch Law Firm with Briana Brito named as the class representative. A second class action suit has been filed on behalf of 5 Alabama residents (and all others affected). Specific dollar amounts have not been stipulated and are being left to the courts to decide....



