Results of 2013 Medical Identity Theft Survey Released
The Ponemon Institute has published the results of its 2013 Survey on Medical Identity Theft. The survey, sponsored by the Medical Identity Fraud Alliance (MIFA), aims to discover the extent of medical identity theft in the U.S and its impact on the healthcare industry and consumers. The annual survey can be used as an indicator of the prevalence of medical identity theft in the United States and also to identify trends and gauge how effective HIPAA regulations have been. Medical Identity theft is a growing problem which has grave implications for both healthcare organizations and consumers. Data breaches carry heavy penalties for healthcare organizations if appropriate measures to protect electronic health records of both employees and patients have not been employed. Data analysis of the survey data suggests up to 1.84 million U.S. citizens have now become victims of medical identity theft and have had to cover $12 billion in costs and expenses as a result of the theft or inappropriate use of their medical data. The problem is not limited to finances as medical identity theft can...
Business Associates Responsible for 22 Percent of HIPAA Violations
The introduction of the Omnibus Rule extended HIPAA’s reach to include business associates of HIPAA-covered entities and requires them to adhere to the same set of standards as the healthcare organizations with which they do business. Business Associates are classed as any organization or individual that is required to handle, view or come into contact with Protected Health Information. This means the providers of hosting or data storage services will now be covered under HIPAA and will be required to sign a business agreement that stipulates they will abide by HIPAA regulations. They will also be subject to financial penalties if the Department of Health and Human Services discovers any non-compliance issues. The new rule was introduced to ensure patient health data is protected, and in the case of business associates the change in legislation is long overdue. BAs are responsible for the exposure of a considerable amount of patient data and since HIPAA was passed, BAs have been implicated in 22% of all security breaches according to an analysis of HHS breach reports conducted by...
How the HIPAA Omnibus Final Rule Applies to E-mail Communication with Patients
The Omnibus Final Rule was introduced at the start of the year and covered organizations – which now include business associates and their subcontractors – now need to update procedures and policies to comply with the new regulations if they have not already done so. The deadline for compliance with the new rule is September 23, 2013 and any covered entity found not to have implemented the required changes after this date could incur a financial penalty up to $1.5 million. The new changes have been criticized by some members of the healthcare community; however the changes are necessary in order to improve the rights of patients to access their medical data. The Omnibus Rule now allows them to have much greater autonomy and make decisions about how their medical information is communicated to them. If a patient is comfortable receiving information via E-mail this has previously presented a problem for healthcare companies. E-mails can be intercepted, the emails are often stored unsecured servers – where they can remain indefinitely – and there is no guarantee that the...
Mammoth HIPAA Data Breach Exposes 4M Patient Records
Advocate Health Care, one of the nation’s largest healthcare providers, has announced that it has suffered a major HIPAA security breach after four unencrypted laptops were stolen from the Advocate Medical Group administrative buildings in Park Ridge, Illinois on July 15. The laptops contained the records of over 4 million individuals, making this the second largest data security breach ever recorded. This HIPAA breach has affected almost as many patients as the TRICARE Management Activity breach which exposed the data of 4.9 million individuals in 2011. The database on the laptops included personal identifiable information together with clinical data on patient illnesses, Social Security numbers, dates of birth, medical record numbers, treating doctors, health insurance details and patient names and addresses. The theft has been reported to law enforcement; however the laptops and data have not yet been recovered. The Office for Civil Rights of the Department of Health and Human Services has been notified of the security breach and officials have confirmed that an investigation...
BYOD Schemes Prove Popular With Nurses
According to a recent report from Spyglass Consulting, it is not just doctors who are embracing medical BYOD schemes; nurses too are now participating and 69% of those polled said they bring their own mobile device to work with them. Mobile devices cannot be used for all work activities, as the vast majority of healthcare providers operate strict controls over what the devices can be used for. One of their main uses is for organizing staff schedules and maintaining calendars, with more than half of healthcare staff using their devices for this purpose in addition to checking email according to healthcare mobile phone usage research conducted by Absolute Software. 36% said they were using the devices to access PHI. For PHI to be accessed without causing a HIPAA violation, additional security controls must be employed to secure the data being sent. Mobile phones are not secure, can easily be lost or stolen and the messages they send can be intercepted. Secure texting solutions exist, and these must be used for communicating any PHI via SMS message. E-mail encryption is also required...



