Tag Archives: HIPAA

[ISN] What are Top HIPAA Compliance Concerns, Obstacles?

healthitsecurity.com/news/what-are-top-hipaa-compliance-concerns-obstacles By Elizabeth Snell Health IT Security January 25, 2016 Maintaining HIPAA compliance should always be a key area for leaders in the healthcare industry, but as technology continues to evolve, there are numerous factors coming into play that could affect how organizations keep patient data secure. But what type of obstacles are standing in provider’s’ way? Are there certain difficulties when it comes to HIPAA compliance? We’ve previously discussed the legal perspective on HIPAA regulations, and various experts in the field have claimed that “it’s not a matter of if, but a matter of when” a data breach will take place. Recent OCR HIPAA settlements not only show that size is not a factor when it comes to enforcement, but that organizations need to be mindful of everything from physical safeguards to conducting regular risk assessments. Technical advancements have also proven to be potentially beneficial to covered entities. Whether an organization is looking to implement secure messaging options or potentially invest in cloud storage, privacy and security issues cannot be overlooked. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] 8 out of 10 mobile health apps open to HIPAA violations, hacking, data theft

www.healthcareitnews.com/news/8-out-10-mobile-health-apps-open-hipaa-violations-hacking-data-theft By Bill Siwicki Healthcare IT News January 13, 2016 A new report shows 84 percent of U.S. FDA-approved health apps tested by IT security vendor Arxan Technologies did not adequately address at least two of the Open Web Application Security Project top 10 risks. Most health apps are susceptible to code tampering and reverse-engineering, two of the most common hacking techniques, the report found. Ninety-five percent of the FDA-approved apps lack binary protection and have insufficient transport layer protection, leaving them open to hacks that could result in privacy violations, theft of personal health information, as well as device tampering and patient safety issues. The new research from Arxan, which this year placed special emphasis on mobile health apps, was based on analysis of 126 popular health and finance apps from the United States. United Kingdom, Germany and Japan. There is a disparity between consumer confidence and the attention given to security by app developers, the study found. While the majority of app users and app executives said they believe their apps are secure, nearly all apps Arxan assessed proved to be vulnerable […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Oncology group slapped with $750K HIPAA fine

http://www.healthcareitnews.com/news/oncology-group-slapped-750k-hipaa-fine By Erin McCann Managing Editor Healthcare IT News September 2, 2015 Healthcare security folks, listen up: Failing to encrypt portable devices and laptops containing patient data could result in a serious HIPAA fine, as one Indiana-based health group can now attest to. Cancer Care Group, a large radiation oncology practice in Indianapolis, is reevaluating its privacy and security practices after it was slapped with a $750,000 HIPAA settlement from the Department of Health and Human Services. It agreed to pay the sum to settle alleged HIPAA violations involving a breach that occurred three years ago. Back in August 2012, Cancer Care reported a HIPAA security breach to the the Office for Civil Rights, after an unencrypted server backup media and laptop was stolen from an employee’s car. Officials discovered the device contained the protected health information, Social Security numbers and insurance data for some 55,000 patients. Following an investigation launched by the Office for Civil Rights, the HHS division responsible for investigating HIPAA compliance, it was discovered that even before the breach Cancer Care was in “widespread non-compliance with the HIPAA Security Rule,” HHS said in a Sept. 2 statement. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] High-Profile Patients Prompt Internal Health Data Breaches

http://healthitsecurity.com/news/high-profile-patients-prompt-internal-health-data-breaches By Sara Heath HealthITSecurity.com August 21, 2015 No matter the many safeguards against hacking and cyberattacks are put into place in hospital records, sometimes hospitals need to protect against their own employees’ nosiness as well. Such was the case for the Carilion Clinic, a not-for-profit clinic located in Roanoke, VA. According to a Roanoke Times report, Carilion has disciplined or fired 14 employees for looking at a high-profile patient file that they had not been given access to. Although Chris Turnbull, a clinic spokesperson, did not identify the employees or the patient whose information was breached, he did explain that patient files tend to be handled by many people in the clinic and that the clinic has compliance officers who monitor the file activity. Whenever an employee accesses the file, the filing system documents the activity and tracks whether the employee had viable cause to access the file. Compliance officers are in charge of tracking privacy concerns by accepting complaints or monitoring high-profile patients. Carilion Clinic is a HIPAA-covered entity and adhered to appropriate disciplinary standards in properly punishing employees or terminating their employment. The Roanoke Times report did not disclose which, or how many, employees were fired. Under HIPAA, these employees may also face criminal prosecution, a $50,000 fine, or a one-year prison sentence. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] A Review of Common HIPAA Technical Safeguards

http://healthitsecurity.com/news/a-review-of-common-hipaa-technical-safeguards By Elizabeth Snell Health IT Security June 26, 2015 HIPAA technical safeguards are just one piece of the larger health data security plan that covered entities and their business associates must put together. However, it is a very important aspect. Over the next few weeks, HealthITSecurity.com will discuss some common examples of all three HIPAA safeguards, and how they could potentially benefit healthcare organizations. Not all types of safeguards are appropriate or necessary for every covered entity. But by having a comprehensive understanding of what is required by HIPAA and the HITECH Act, and how various safeguards can be used, organizations will be able to identify which ones are most applicable. From there, they can create and implement the right data security protections for their daily workflow and ensure they maintain HIPAA compliance. As previously mentioned, HIPAA technical safeguards are an important part to keeping sensitive health data secure. Whether a small primary care clinic is debating health data encryption options or a large HIE is considering BYOD for employees, understanding the basics of HIPAA technical safeguards is essential. What are HIPAA technical safeguards? The HIPAA Security Rule describes technical safeguards as ““the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” However, an important note is that the Security Rule does not require specific technology solutions. Rather, healthcare organizations need to determine reasonable and appropriate security measures for their own needs and characteristics. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Coast Guard Needs Better PHI Security, Says OIG Report

http://healthitsecurity.com/news/coast-guard-needs-better-phi-security-says-oig-report By Elizabeth Snell Health IT Secutity May 21, 2015 The US Coast Guard (USCG) must do a better job in its PHI security measures, according to a recent report from the Office of the Inspector General (OIG). Specifically, USCG lacks a strong organizational approach to resolving privacy issues, the report stated, which leads to the agency having challenges when it comes to effectively protecting PHI. “We evaluated the safeguards for sensitive personally identifiable information and protected health information (privacy data) maintained by USCG,” OIG explained in its report. “Our objectives were to determine whether the USCG’s plans and activities instill a culture of privacy and whether the USCG ensures compliance with the Privacy Act of 1974, as amended, [HIPAA], and other privacy and security laws and regulations.” OIG outlined five areas that USCG needs to resolve in order to improve its PHI security: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] EHR audit catches snooping employee

http://www.healthcareitnews.com/news/ehr-audit-catches-snooping-employee By Erin McCann Managing Editor Healthcare IT News January 26, 2015 Electronic health records not only enable faster access to real-time patient data; they also make it a heck of a lot easier to catch snooping employees who inappropriately view patients’ confidential information, as one California hospital has observed this past week. Officials at the 785-bed California Pacific Medical Center in San Francisco – part of Sutter Health system – notified a total of 844 patients Jan. 23 after discovering a pharmacist employee had been inappropriately snooping on patients’ medical data for an entire year. The incident was discovered after the hospital conducted an EHR audit back in October 2014, when it was first discovered only 14 individuals had had their PHI compromised. Following an “expanded investigation,” hospital officials discovered the HIPAA breach was significantly larger than they had originally found, with 844 additional patients being identified as having there information inappropriately accessed. The staff member, whose employment has since been terminated, snooped on patient records from October 2013 to October 2014, including patient demographics, clinical diagnoses, prescription data and clinical notes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Why Healthcare Security Will Benefit From Collaboration

http://healthitsecurity.com/2014/12/08/healthcare-security-will-benefit-collaboration/ By Elizabeth Snell Health IT Security December 8, 2014 With cyber threats on the rise, healthcare security systems must keep pace in order to best protect patient data, as well as their own clinical information. One of the best ways to do that is with organizations working together and communicating strategies to one another, according to Lynne Dunbrack, research president of IDC Health Insights. Dunbrack authored the recent IDC “Business Strategy: Thwarting Cyber Threats and Attacks Against Healthcare Organizations” report, and discussed the findings with HealthITSecurity.com. “You’re as strong as your weakest link,” Dunbrack said. “It means you’re sharing data more and there are more opportunities for data breaches if it’s not well-secured. There is a balance that healthcare organizations need to seek.” With more medical records being implemented into EHRs and more facilities using health information exchanges (HIEs) and other innovations, it’s crucial for organizations to balance healthcare security with new technology. As facilities make investments they also need to ensure they have the appropriate business associate agreements (BAAs) in place, Dunbrack said. Moreover, it’s important to monitor risk assessments and that all covered entities and their connected business associates (BAs) are complying with HIPAA privacy and security requirements. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail