New HHS Tool Released to Assist with HIPAA Risk Assessments
Conducting a thorough risk assessment is a requirement under the HIPAA Security Rule; however it can be a complex process requiring all potential security risks to be identified. The process can be a daunting task for any organization, especially when the risks of non-compliance are so severe. Under the Security Rule, HIPAA-covered entities are required to conduct a risk assessment to determine any potential vulnerabilities and take the appropriate actions to reduce and, as far as is possible, eliminate data security risks. Incorporating the necessary safeguards, software systems and data encryption services is essential under HIPAA regulations in order to keep electronic health records private and confidential. The HHS understands the issues faced by healthcare organizations and has developed a tool to help organizations conduct thorough risk analyses and ensure they are fully HIPAA-compliant. Any organization about to conduct a risk analyses under HIPAA should use the new tool provided by the HHS on its website. The tool takes the user through a series of questions which need to...
Nurses Find a Replacement for Hospital Pagers
A survey has recently been conducted by Spyglass Consulting Group that indicates nurses are violating HIPAA regulations by using personal Smartphones in hospitals. The survey indicated that 67% of nurses were taking their iPhones and android phones to work and using them, even though 89% of hospitals do not permit the devices to be used at work. The Spyglass survey indicates that nurses are not being given a pager alternative, as only 4% of hospitals currently reported having a Smartphone system installed for nurses. Furthermore, out of the 53% of hospitals that did have a Bring Your Own Device (BYOD) scheme in place, only 11% included nurses in that scheme. The situation does appear to be improving as more than half of the organizations taking part in the survey claimed to be about to extend coverage to nurses. The use of mobile phones for hospital communications is forbidden, as the devices are insecure and lack the necessary controls to keep confidential data secure. The sending of any PHI via text message is an immediate HIPAA violation, unless the text is sent via a secure...
Los Angeles County Doubles Estimate of HIPAA Breach Victims
The victim count from the Sutherland Healthcare data breach has more than doubled from the initial estimate of 168,500 as announced last month. This week the Los Angeles County Department of Health Services (DHS) has announced that an additional 170,200 patients are believed to have been affected by the HIPAA breach. Thieves gained access to one of the offices of Sutherland Healthcare in Torrance on February 5th and stole 8 computers, which has now been confirmed to have included the protected health information and other personal data of 338,700 individuals. Sutherland Healthcare has used a public relations firm to release a description of the suspect they believe was responsible for the theft and a reward of $25,000 is being offered for information that leads to the apprehension of perpetrators and retrieval of the stolen equipment and data. The suspect has been described as a black male of indeterminate age and height and was heavy set. At the time of the theft he was wearing gloves and a dark hat with white insignias, a dark sweatshirt, blue jeans and bright blue athletic...
HIPAA Breach Report: January 2014
January 2014 HIPAA Breach Summary: The HIPAA Breach Notification Rule demands that Healthcare providers, health plans healthcare clearing houses and BAs report data breaches involving more than 500 individuals to the Office for Civil Rights of the HHS within sixty days of the discovery of the breach. This report contains a summary of the breaches which have been reported to the OCR during the month of .January, 2014 Major HIPAA Breaches in January 2014 After two relatively quiet months, January saw a high volume of data breaches, including two massive data breaches that exposed hundreds of thousands of patient records. The theft of a laptop computer from Horizon Healthcare Services, Inc. (As Horizon Blue Cross Blue Shield of New Jersey) resulted in 839,711 potentially being exposed, while a network server incident at Triple-C, Inc. (PR) was reported to the OCR as exposing 398,000 and 8,000 patient-records. The large breach at the North Carolina Department of Health and Human Services (NC) appears small by comparison, although the unauthorized disclosure affected 48,752 individuals....
Jamaica Hospital Medical Center Employees Charged with HIPAA Breach
Hospitals and other healthcare providers may now be concentrating on protected PHI from hackers; however often the biggest threat to patient privacy comes from within. The latest internal HIPAA breach to be reported occurred at the New York Jamaica Hospital Medical Center. Two employees stand accused of inappropriately accessing and disclosing HIPAA-covered data. They have recently been charged with illegally accessing the hospital’s patient database to obtain confidential information on patients. Queens District Attorney, Richard A. Brown, recently announced that two former registrars employed at the hospital, Maritza Amador, 44 and Dache Prawl, 45 – both Queens residents – had accessed, viewed and stolen the data of emergency room patients while employed at the hospital. Social Security numbers, financial information and personal identifiers carry a high price on the black market as they can be used by criminals to obtain medical services and prescriptions, as well as being used to commit identity fraud. However in this case the data was taken for other reasons. The...



