Blog Archives

Advocate Health Care already facing first lawsuit for July 15 breach involving 4 million EHR patient records

Chicago area Advocate Health Care suffered the country’s biggest health care record breach to date on July 15 – when four unencrypted laptops containing over four million patient records were stolen.  Seven weeks later the legal repercussions to July’s event

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Breaking: HHS releases final rule on HITECH Act provisions

HHS has announced a long-awaited omnibus final rule that implements a number of provisions of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, commonly known as the “Stimulus Bill,” to strengthen the privacy

Posted in HIPAA Tagged with: , , , , , , , , , , , , , , ,

Settlement of first small scale HIPAA breach announced by HHS

In a sign that HHS is serious about small data breaches, the Office of Civil Rights (OCR) and The Hospice of North Idaho reached a settlement agreement to resolve allegations of a 2010 breach involving 441 patient records. OCR Director Leon Rodriguez

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

3.8 million record breach in South Carolina: lessons learned

Hackers recently infiltrated South Carolina’s state tax records, absconding with the largest haul to date of Social Security numbers, credit and debit card numbers from a state agency. State officials describe how the theft was worked, and list enhanced security

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

Laptop theft costs Massachusetts provider $1.5 million in HHS settlement

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates (MEEI) will be paying HHS $1.5 million in installments over three years for a 2010 incident.  It is worth noting that OCR also reached a $1.5 million settlement with

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Tagging technique keeps more sensitive portions of an EHR more private

State and federal privacy laws rigorously restrict sharing of mental health and other highly sensitive patient records.  A technique called “data tagging” may be key in facilitating health care providers’ compliance with these requirements. Via Modern Healthcare: Using off-the-shelf content

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Cybersecurity risk management by boards and senior executives: 12 recommendations

According to Forbes, a recent Carnegie Mellon study has found that corporate boards “are not actively addressing cyber risk management.”  The researchers collected data from corporations worldwide and across all industrial sectors, and found that while boards actively attend to risk

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

EHR hackers turn to extortion

Hackers recently struck a small medical practice in suburban Chicago, encrypted the facility’s digital medical records, and then demanded a ransom payment in exchange for allowing the facility to regain access to its records. Medical industry observers note that this

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , ,

Audit criticizes OCR and ONC over data privacy efforts

HHS’s own Office of Inspector General (OIG) issued a scathing report regarding pervasive breaches in privacy and security of patient data. OIG specifically called out the Office of Civil Rights (OCR), charged with enforcement of HIPAA Privacy and Security Rules,

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , ,

Study: Data Breaches Cost U.S. Hospitals Billions

A new study by the Ponemon Institute concluded that data breaches cause enormous losses for U.S. hospitals:  on average, over a two-year period, each hospital will incur about $2 million in losses due to data breaches, which results in $12

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , ,

Rite Aid settles FTC and OCR privacy charges

The Rite Aid Corporation, the third largest pharmacy chain in the United States, reached a major settlement with both the Federal Trade Commission (FTC) and HHS’s Office of Civil Rights (OCR) regarding charges that Rite Aid violated federal privacy and security

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , ,

HHS issues NPRM on HIPAA Privacy, Security and Enforcement Rules

On July 7, 2010, HHS issued a notice of proposed rule making (NPRM) regarding the changes to the HIPAA Privacy, Security and Enforcement Rules, as provided in the HITECH Act, in order “to strengthen the privacy and security protections for health information and to

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

Updated: breaches and fines on the rise

The number of reported health information breaches is growing rapidly: 32 breaches were reported on the OCR web site from September 2009 to February 2010, but the number almost tripled, to 93 breaches, by June 11, 2010.  Such significant increases in reported

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , ,

Prison sentence for hospital employee who breached patient privacy

Back in January, wewrote about Huping Zhou, a former employee at the UCLA Healthcare System, who pleaded guilty to federal charges of breaches of patient privacy.  Zhou, 48, accessed the UCLA patient records system 323 times during the three-week period,

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , ,

ONC publishes white paper on consent options

The Office of National Coordinator for Health IT (ONC) published on its web site a white paper analyzing the policies behind obtaining consent for the purposes of electronic health information exchange.  The paper examined the concept of patient control of their health

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , ,

In the news: medical ID theft on the rise; CHIME comments on meaningful; and more

Javelin Strategy & Research survey found over 275,000 cases of medical identity theft in 2009, with an average price tag greater than $12,000 per incident.  This is twice as many cases as in 2008.  Keeping health information safe is going to

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , ,

Rising numbers and costs of data breaches

There is little doubt that the healthcare industry must prepare for a growing number of – and expanding costs associated with – data breaches, particularly for breaches of protected health information.  Here are just a few notable reports on this

Posted in ARRA Tagged with: , , , , , , , , , , , , , , , , ,

New York Times interviews David Blumenthal

David Pogue, a reporter for the New York Times, posted the transcript of his interview with Dr. David Blumenthal, National Coordinator for Health IT. Mr. Pogue interviewed Dr. Blumenthal for a CBS news report on digitization of healthcare in America

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

CBS News reports on EHR efforts

By popular demand, here is the video of David Pogue’s report on the Obama Administration’s efforts to digitize patient records in the U.S. Watch Video

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , ,

HIT Standards Committee endorses privacy and security standards

On September 15, 2009, the HIT Standards Committee endorsed a set of privacy and security standards for electronic health record systems. These standards will be recommended to Dr. David Blumenthal, the National Coordinator for Health Information Technology, as a basis for

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , ,

FTC Issues Final Breach Notification Rule for Electronic Health Information

Pursuant to the American Recovery and Reinvestment Act of 2009 (ARRA), the Federal Trade Commission (FTC) issued the final rule regarding notification requirements for breaches of electronic health information by vendors of personal health records and certain affiliated entities: The rule

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

Steve Fox on the ARRA privacy requirements

In an interview with Thompson’s Compliance Information Center, Steve Fox urged healthcare providers to begin the compliance process to meet the new data privacy and security requirements imposed under the American Recovery and Reinvestment Act of 2009: “The main message for providers

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Risk Prevention/Management Advice to Hospitals Regarding Document-Sharing Technology

Hospitals, multi-hospital systems, and integrated healthcare delivery systems are increasingly utilizing data-sharing technology to communicate with, and share documents among, their officers and directors. For example, some healthcare business enterprises use online services to upload documents to a “secure” Internet

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , ,