Dramatic Rise in HIPAA Compliance Issues in 2011
A recent HIPAA compliance survey conducted by the Ponemon Institute paints a worrying picture about the state of healthcare compliance. Data breaches have risen sharply over the past 12 months and data security issues continue to plague healthcare organizations, with the problem appearing to be getting worse rather than better. The survey showed that data breaches having increased by 32% over the course of the past 12 months, while 92% of the healthcare institutes surveyed claimed to have been affected by at least one security breach over the course of the previous two years. Many of these breaches involve just a handful of records, but some have caused major exposures of Protected Health Information and have affected millions of Americans. The Department of Health and Human Services is now cracking down on non-compliance issues and is already planning a new series of audits to ensure healthcare providers, health plans and other covered entities are following HIPAA regulations. The Joint Commission on Accreditation of Healthcare Organizations has stepped in and is helping to tackle...
Doctor to Plead Guilty to HIPAA Privacy Violation
A former physician of Fletcher Allen Health Care in Burlington, Vermont, is due to appear before a federal judge where he is expected to plead guilty to violating patient privacy by using his position and access rights to view the medical information of a patient he was not treating. The incident occurred in 2008, and the doctor, named as Joshua A. Welch, allegedly accessed the records of a female patient in September which whom he was having a “personal relationship”. That was until the woman discovered that he had accessed her medical records. A complaint was filed with the hospital and an investigation was launched into the matter, with the case being referred to the State Medical Board. It was discovered that she was not the only woman the doctor had checked out. The healthcare provider discovered that Welch had accessed the medical records of 8 separate women without authorization and for no work reason for doing so. According to a statement issued by FAHC, “The board’s investigation determined, and respondent admitted, that respondent over the course of two years accessed...
Sutter Health Sued for 4.24M HIPAA Mega Breach
Two class action lawsuits have now been filed against the Sutter Health hospital system in Northern California after a burglary at its administrative offices in Sacramento potentially exposed the Protected Health Information of 4.24 million patients. Over the weekend of Oct 15-16 thieves gained access to the offices by throwing a rock through the window. Once inside they cleared the office of electrical equipment including a PC, mouse and computer monitors. The PC contained data relating to 3.3 million former and current patients of Sutter Physician Services (SPS) with the records dating back to 1995. Social Security numbers were not included in the data although some personally identifiable information could potentially have been accessed by the thieves. The data included names, dates of births, addresses, phone numbers and some email addresses. The breach also exposed the medical records of 943,000 patients from the Placer, Sacramento, Solano, Sutter, Yolo and Yuba counties who had been treated by Sutter Medical Foundation doctors from January 2005 to the present. One of the...
Lapse in Business Associate Security Causes 20K Patient HIPAA Breach
According a New York Times report published this week, the medical records of 20,000 patients of Stanford University Hospital in Palo Alto, Calif., have been posted online and accessible to the public for close to a year after an error was made by one of the hospital’s business associates. The hospital and its contractor – Multi-Specialty Collection Services of Los Angeles (MSCS) – confirmed that a spreadsheet containing the medical data of 20,000 patients had been accidentally sent to a job prospect who in turn posted the data on a tutoring website as part of a job skills test. The data was posted on Dec. 9, 2010 and remained accessible until a patient discovered it and brought it to the attention of the hospital on Aug. 22, 2011. MSCS explained how the incident occurred in an email sent to affected patients, according to the NYT report. MSCS President, Anthony Reyna, told the patient that a marketing vendor had been sent patient health information directly from Stanford Hospital. After converting the data to a different format it was inadvertently given to a job applicant...
HIPAA Sees Meritus Medical Center Stop Media Announcements
Meritus Medical Center is one of a number of hospitals that has stopped issuing information about patient conditions to the media. The hospital announced on September 22 that this courtesy would be stopped. The Health Insurance Portability and Accountability Act places certain restrictions on the disclosure of Protected Health Information to third parties, including the media. Just a few years ago, reporters would be able to call a healthcare provider to make an enquiry about the health status of a patient. The hospital staff would provide general information about a particular patient’s condition if they were asked about a patient by name. The information disclosed would be restricted, so reporters would be advised for instance, that a patient was good, fair, stable or in critical condition. Under HIPAA Rules this information may be disclosed to the media; however it is not mandatory for a hospital or healthcare provider to give out any information, except when it is in the public health interest to do so or if required by law enforcement officers to assist with an investigation....



