Data Issue Arises From Home Diabetes Test
On 26th September, Lori Stein visited Cotton-O’Neil Diabetes and Endocrinology Center in Topeka and met with an endocrinologist for a checkup. Lori Stein´s checkup was routine to monitor her diabetes, but during her consultation she asked if she could have a home test glucometer. A nurse brought her a sample glucometer and some test strips and handed her two boxes. When she returned home she noticed a slip of paper between the boxes and started to read it thinking it was a print out of her consultation. The page contained data on her health conditions and listed her as suffering from severe obesity, which was incorrect. She also noticed other diagnoses and treatments which she had not had and when she read the page more closely she noticed the patient details written at the top of the page were not her own and that she had been given the page by mistake. The data printed at the top of the page included the patients name, address, medical diagnoses, treatment details and general information such as age, height, weight and allergies suffered. Since Lori had previously been a...
Social Media Has Huge Potential to Cause HIPAA Violations
Since the introduction of the Health Insurance Portability and Accountability Act in 1996 the healthcare industry has suffered numerous data breaches exposing the personal and medical information of millions of patients. In the late 1990s when the internet was still in its infancy, the majority of data breaches came from employees snooping and the improper disposal of medical records. Nowadays with protected Health Information of patients now stored electronically, lost or stolen portable devices are one of the most commonly reported HIPAA violations. These losses expose thousands, and in some cases, millions of patient records. Since PHI can be used to commit medical insurance fraud, obtain medical treatment, prescription drugs and commit identity fraud, the value of medical records is high on the black market. Healthcare organizations have become targets for cybercriminals are those lacking robust security systems can easily have databases compromised and PHI stolen. However there is now a new risk to data security and it has huge potential to cause HIPAA violations: Social...
AHMC Healthcare Omnibus Rule Violation Causes 729K HIPAA Breach
The HIPAA Omnibus Rule was introduced to improve standards of data security in the healthcare industry and under the new Rule organizations are required to implement a number of additional measures to safeguard the health data of patients. While many organizations have updated procedures and policies to ensure compliance with the new Rule, AHMC Healthcare failed to take action in time to prevent a security breach. Had it have done so, the records of 729,000 patients would not have been exposed. HIPAA regulations require all covered entities to implement the appropriate safeguards to ensure the Protected Health Information of patients is not placed in jeopardy. A risk analysis must be conducted and all potential security risks addressed and eliminated or reduced to a minimal level. Laptop computers carry a particularly high risk of accidental; data exposure; they can store a considerable amount of data; they are portable and are used outside hospitals and clinics. Laptops are frequently stolen as they have a reasonably high monetary value, although thieves are now targeting doctors...
10 HIPAA Myths Busted by ONC
The Office of the National Coordinator for Health Information Technology (ONC) has many roles, although one of the most important is advising healthcare organizations on how data privacy and security legislation and the best practices that should be adopted to comply with regulations and keep patient and other sensitive data secure. At the HIMSS Privacy and Security Forum last month, Chief Privacy Officer of the ONC, Joy Pritts, spoke about the efforts the ONC have made to assist healthcare organizations achieve compliance and how they have adapted to make it easier to comply. Pritts said, “We were drafting materials that were meant for IT professionals and learned within a year that the content was too technical. We realized that we had to draft materials in plain language that could be distributed in small offices.” The feedback the ONC has gained over recent months suggests that many smaller healthcare organizations are struggling with HIPAA compliance. The problem has been compounded by the number of myths and incorrect assumptions that are circulating within the healthcare...
Bizarre HIPAA Breach Results in Doctor Having Medical License Suspended
A psychologist in Washington State has recently had his medical license suspended after his personal laptop, containing unencrypted data on his patients, was stolen. Laptop thefts often result in healthcare data being exposed, although what makes this case peculiar is the laptop was stolen by a prostitute the doctor had just visited. Having failed to take sufficient cash, the doctor had to visit an ATM and returned to find no laptop or prostitute. The incident occurred on February 4th, but the theft of the laptop was not reported to the police until February 14th. The Department of Health and Human Services was notified of the incident three days after the laptop had been stolen, according to a Statement of Charges by the Washington State Department of Health. A total of 652 patients were reported to have potentially been affected by the breach. However the psychologist did not was not truthful with the police and failed to inform them of the facts and a false report was also made to the HHS. Eventually the police were informed that a prostitute had stolen the laptop and they were...



