Group items tagged

A third (34 per cent) of discarded hard disk drives still contain confidential data, according to a new study which unearthed copies of hospital records and sensitive military information on eBayed kit. The study, sponsored by BT and Sims Lifecycle Services and run by the computer science labs at University of Glamorgan in Wales, Edith Cowan University in Australia and Longwood University in the US, also found network data and security logs from the German Embassy in Paris on one purchased drive. Researchers bought 300 drives from eBay, other auction sites, second-hand stalls and car boot sales. A disk bought on eBay contained details of test launch routines for the THAAD (Terminal High Altitude Area Defence) ground to air missile defence system. The same disk also held information belonging to the system's manufacturer, Lockheed Martin, including blueprints of facilities and personal data on workers, including social security numbers. Lockheed Martin denies that the disk came from it. The arm manufacturer has launched an investigation that aims to uncover just how the sensitive data might have been wound up on the disk. Two discs bought in the UK apparently came from Lanarkshire NHS Trust, including patient medical records, images of X-rays and staff letters. Lanarkshire NHS Trust runs the Monklands and Hairmyres hospitals. In Australia, the exercise turned up a disk from a nursing home that contained pictures of actual patients and their wound photos, along with patient details. A hard disk from a US bank contained account numbers and details of plans for a $50bn currency exchange through Spain. Details of business transactions between the bank and organisations in Venezuela, Tunisia and Nigeria were also included. Correspondence between a member of the Federal Reserve Board and the unnamed banks revealed that one of the deals was already under scrutiny by the European Central Bank, and that federal investigators were also taking an interest. Yet anothe

The recent U.S. stimulus bill includes $18 billion to catapult the health industry toward the world of electronic health records. This is sure to light a fire under every hungry security vendor to position itself as the essential product or service necessary to achieve HIPAA compliance. It should also motivate healthcare IT professionals to learn where their sensitive data is located and how it flows. To be sure, with federal money allocated through 2014 for the task of modernizing the healthcare industry there will be many consultant and vendor businesses that will thrive on stimulus money. Healthcare is unique in that storage of electronic health records is highly distributed between primary care physicians, specialist doctors, hospitals, and insurance/HMO organizations. Information has to be efficiently shared among these entities with great sensitivity towards patient privacy and legitimate claims processing. Patients want to prevent over zealous employers from performing unauthorized background checks on medical history; claim processors want to prevent paying fraudulent claims arising from targeted patient identity theft. The bill has two provisions which turn this into a tremendously challenging plan, and a daunting task for securing patient data: * Citizens will have the right to monitor and control use of their own health data. This implies a large centralized identity and access control service, or perhaps a federated network of patient registration directories. Authenticated users will be able to reach into the network of health databases audit use of their data and payment history. * Health organizations suffering loss of more than 500 patient records must publicly disclose the breach, starting with postings on the government's Health and Human Services website. This allows related organizations to trace the impact of the breach throughout the healthcare network, but care must be taken not to disclose vulnerabilities in the system to intruders

A consumer group accused Google of seeking provisions in the economic stimulus package that would allow it to sell patient medical data to Google Health advertisers. Perhaps patients' biggest worry about electronic medical records is that their private health data will get into the wrong hands. To get a feel for some folks' anxiety, just take a look at this from a group called Patient Privacy Rights: "CHILLING NEWS ABOUT HEALTH PRIVACY: You Have None." (Or look at one of our many posts about health data breaches.) So it's probably not a surprise that Google, which last year launched Google Health, a personal online repository, was quick to refute a charge by a different consumer group, called Consumer Watchdog, of "a rumored [Google] lobbying effort aimed at allowing the sale of electronic medical records." The group further claimed that Google is "reportedly" pushing for items in the economic stimulus bill that would allow the company to "sell patient medical information" to advertisers. Google shot back, posting an item in its public policy blog calling the claims "100 percent false and unfounded." The company added: Google does not sell health data. In fact, one of our most steadfast privacy principles is that we don't sell our users' personal data, whether it's stored in Google Health, Gmail, or in any of our products. And from a policy perspective, we oppose the sale of medical information in the health care industry. Google's ear is likely fine tuned to this issue, considering some folks in the medical community have already pointed out the company is not a type required to follow a federal patient-privacy law called HIPAA.

Just days after President Obama signed a law giving billions of dollars to develop electronic health records, a university technology professor submitted a paper showing that he was able to uncover tens of thousands of medical files containing names, addresses and Social Security numbers for patients seeking treatment for conditions ranging from AIDS to mental health problems. Using peer-to-peer applications, which computer users download to share files, most commonly music and movies, M. Eric Johnson, director of the Center for Digital Strategies at Dartmouth College in Hanover, N.H., was able to access electronic medical records on computers that had the peer-to-peer programs stored on their hard drives. The medical files contained detailed personal data on physical and mental diagnoses, which a hacker could use to not only embarrass a patient but also to commit medical fraud. One of the largest stashes of medical data Johnson discovered during two weeks of research he conducted in January was a database containing two spreadsheets from a hospital he declined to identify. The files contained records on 20,000 patients, which included names, Social Security numbers, insurance carriers and codes for diagnoses. The codes identified by name four patients infected with AIDS, the mental illnesses that 201 others were diagnosed as having and cancer findings for 326 patients. Data also included links to four major hospitals and 355 insurance carriers that provided health coverage to 4,029 employers and 266 doctors.

"Kathy Silver, CEO of University Medical Center, learned three weeks ago that names, birth dates and Social Security numbers for at least 21 patients were leaked from the hospital - a crime being investigated by the FBI. But the hospital still has not disclosed the breach to the patients, Silver told a committee of legislators Wednesday. She spoke as if this was not a problem. The law allows 60 days from the time UMC learns of a security breach to inform patients, she said. One victim says that is too long to wait to tell patients they may be at risk of identity theft. The hospital should have disclosed the breach immediately, said a 40-year-old UMC patient whose personal information - the kind that can be used for identity theft - was leaked. The man, who went to the public hospital Nov. 1 after a motorcycle accident, learned his privacy had been breached only when a Las Vegas Sun reporter told him Wednesday afternoon. The man was stunned and angry to learn from someone other than hospital officials that his data had been leaked. Hospital officials should have notified him "way sooner," he said. "I would've given them two or three days after they initially found out. But this is a major thing - a priority thing!""

Traditionally, we trust doctors with confidential information about our health in the knowledge that it�s in our own interests. Similarly, few patients object to the idea that such information may be used in some form for medical research. But what happens when this process is subject to scrutiny?How explicit does our consent have to be? Since the introduction of the Data Protection Act 1998 medical researchers have raised concerns over the increasing barriers they face to accessing patient data.These concerns have heightened amongst some researchers since the passing of the Human Tissue Act 2004 introduced in the wake of the Alder Hey and Bristol Royal Infirmary scandals. When scientific advances are unraveling the secrets of DNA and the decoding of the human genome has opened up substantial new research opportunities.Clinical scientists and epidemiologists argue that the requirements being placed upon them are disproportionate to the use they are making of either datasets or tissues samples and, besides, their work is in the public interest.At the heart of the debate lie key questions over trust and consent and how these can best be resolved.To complicate things, it is no longer just medical researchers, but also public health bureaucrats who are keen to have access to our data.Quasi-official bodies have been charged with persuading individuals to change their behaviour and lifestyles in connection with all manner of issues such as diet, exercise, smoking and alcohol consumption.Social Marketing � the borrowing of commercial marketing techniques in the pursuit of 'public goods' � is in vogue amongst public health officials. Empowered by advanced data collection and computing techniques, armed with the latest epidemiological research, and emboldened by a mission to change unhealthy behaviour, public health officials are keen to target their messages to specific 'market segments' in most need of advice.Are government researchers abusing patients' trust? Can an

With identity theft on the upswing, Aram Langhans thought he was simply being prudent when he asked the Yakima Heart Center to remove his Social Security number from its files. "They had my insurance card and my driver's license. What else did they need?" said Langhans, a retired public school teacher insured by Group Health. Langhans said he was initially hooked up to a portable heart monitor that he was to wear for 24 hours, but the disagreement over his Social Security number prompted upper-level personnel to change their minds. He said moments after the device was attached, he was sent to a restroom to remove it and turned away. Shawnie Haas, administrator of the Heart Center, an independent outpatient group practice, declined to discuss the incident. But she said in an e-mail statement that the practice protects patients' privacy. "The Yakima Heart Center is careful to collect data pertinent to ensuring accuracy of our patient's medical record. Routine information collected for all patients includes name, address, date of birth, Social Security number, gender, and other specific information that helps us verify that individual's identity and insurance enrollment or coverage data. We are careful to maintain confidentiality of all patient information in our system." According to state and federal regulators, private insurance companies have moved away from using Social Security numbers for patient identification. But health-care providers in the Yakima Valley say they routinely collect them as "backup" in the event that patients' insurance doesn't pay the claim.

Johns Hopkins is alerting more than 10,000 of its hospital patients that they may have been victims of identity theft. An investigation suggests a former employee who worked in patient registration may have been linked to a scheme to create fake drivers' licenses in Virginia, according to this letter from Baltimore-based Hopkins to the Maryland attorney general's office. Most of the patients are at very low risk, the letter says - they're included because the former employee accessed their records in the course of her work. But a few dozen have already been identified as likely victims, and a few hundred who have Virginia mailing addresses and whose records were accessed by the former employee may also be at risk. Hopkins is offering those patients credit monitoring, fraud resolution and identity-theft reimbursement for certain expenses.

A health care industry coalition on Monday released a prescriptive security framework that organizations can use to safeguard patient records as they increasingly move online. The framework, released by the Health Information Trust Alliance (HITRUST) -- which represents health care providers, pharmacies, insurers, biotech firms and medical device manufacturers -- is based on well-known standards such as COBIT, NIST and ISO 270001. But this is the first benchmark developed specifically for protecting health data. "It's tailored to protecting health information right out of the gate," Michael Wilson, vice president and chief information security officer of McKesson, the largest U.S. pharmaceutical distributor, told SCMagazineUS.com on Monday. "It's just a different sort of data. It's still structured [like other verticals], but there's a lot more of it in health care." The framework was created to improve adoption rates with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and increase patient confidence in the security of their information. It also arrives on the heels of the new $787 billion economic stimulus bill, about $20 billion of which is earmarked to encourage health care organizations to adopt electronic health records as a way to reduce the number of medical errors and save money. The stimulus bill, in itself, contains srict privacy and security regulations for patient information. The standards took about 18 months to devise and can be implemented by organizations of any size, according to HITRUST. "2009 will be a turning point for information security in the health care industry, when organizations will begin implementing the framework...and create a cascading effect that will impact and benefit the entire health care ecosystem," Daniel Nutkis, CEO of HITRUST, said in news release. Wilson said the framework also will enable companies such as McKesson to show their customers and business partners that they are taki

"Can personal medical data that has been stripped of its identifiers to protect privacy later be used to identify a specific person? That is the question that the Health and Human Services Department is hoping a research contractor can answer. HHS intends to hire a contractor to demonstrate either the "ability or inability" to re-identify data from a data set that has been de-identified under the Health Information Portability and Accountability Act (HIPAA) Privacy Rule, according to a Jan. 4 notice on the Federal Business Opportunities Web site. De-identification and re-identification of patient data have become hot issues in the discussion about how to protect patient privacy while advancing adoption of electronic health records. The Obama administration is distributing at least $17 billion in incentive payments to doctors and hospitals who buy and use digital systems for medical data."

"If you live in Texas, your medical records are definitely up for sale by the state. If you live anywhere else in the United States, they probably are for sale there, too. Medical health records provide key information to researchers, who have lobbied hard to keep them accessible, despite government concerns about the privacy of patient data. The controversy dates back to 1996, when Congress passed the Health Insurance Portability and Accountability Act (HIPAA) to protect patients. "Researchers have very broad access rights to health care records under HIPAA," says Pam Dixon, director of a non-profit called the World Privacy Forum "The rules are pretty loose, and there are a lot of ways to get around them." That's especially true since the act wasn't designed to cover common scenarios today: records stored online in a vast, hackable cloud. In the rush to digitize all electronic health records, Dixon says not everyone is taking the proper steps to de-personalize the data and protect patients."

CSOs in healthcare organizations know that the Health Information Technology for Economic and Clinical Health (HITECH) Act, signed into law in February 2009, includes new privacy requirements that experts have called "the biggest change to the health care privacy and security environment since the original HIPAA privacy rule." These include: New requirements that widen the definition of what Personal Health Information (PHI) information must be protected and extend accountability from healthcare providers to their business associates; Lower thresholds, shorter timelines, and stronger methods for data breach victim notification; Effective immediately, increased and sometimes mandatory penalties with fines ranging from $25,000 to as much as $1.5 million; More aggressive enforcement including authority to pursue criminal cases against HIPAA-covered entities or their business associates. No doubt, the HITECH Act raises the stakes for a data breach. But regulations aside, data breaches can hurt your organization's credibility and can carry huge medical and financial risks to the people whose data is lost. We've managed hundreds of data breaches and helped thousands of identity theft victims. Through this we've learned firsthand that compliance doesn't necessarily equal low risk for data breach. For the well being of the business and patients, healthcare organizations and their partners need to take the most comprehensive approach to securing PHI.

Bring up the subject of digitizing medical records and you're likely to get a paradox of a discussion. Everyone thinks it will help save money and improve health care, and everyone has grave reservations. Get ready to hear more as a massive economic stimulus bill works its way through Congress, which includes IT health care spending measures. Although lawmakers are close to pulling the trigger. ensuring the privacy of patients' electronic health records (EHR) remains a top concern. "I very firmly believe that the Achilles heel of health IT is privacy," said Sen. Jim Whitehouse, a Rhode Island Democrat who chaired a hearing this morning examining the appropriate safeguards government should insist on before it doles out billions of dollars to help providers computerize patients' records. Champions of health IT argue that EHRs and interoperable systems to integrate data among providers would drive down healthcare costs while greatly reducing medical errors. Just 17 percent of physicians currently have even basic EHRs. The Center for Disease Control has estimated that as many as 98,000 preventable deaths occur in U.S. hospitals each year, many of which could presumably been avoided with more accessible patient data. "If 100,000 Americans were being killed by anything else, we'd be at war," Whitehouse said.

Patients' advocates claimed victory in a battle over the privacy of health records as the U.S. Congress approved the economic stimulus bill, which contains $19 billion for health-care information. U.S. House and Senate negotiators' compromise reflects stricter standards that privacy advocates wanted for marketing, selling and disclosing health data. Both houses approved the $787 billion stimulus plan today and sent it to President Barack Obama for his signature. The legislation contains $2 billion in grants to create a national system of computerized health records and $17 billion in higher Medicare and Medicaid reimbursements for doctors and hospitals to adopt the technology. Electronic records will improve care and reduce costs, Obama said. The legislation also will boost the health-records industry, led by Allscripts-Misys Healthcare Solutions Inc., Quality Systems Inc. and Athenahealth Inc. "We've dramatically improved on the status-quo, wholly unregulated system where private patient data was bought and sold like any commodity," Caroline Fredrickson, director of the American Civil Liberties Union's Washington legislative office, said in an interview today.

The Senate and House appear headed for a clash over competing visions of how to protect the privacy of patients' electronic medical records, with the House favoring strict protections advocated by consumer groups while the Senate is poised to endorse more limited safeguards urged by business interests. President Obama has called creation of a nationwide system of electronic medical records fundamental to health-care reform, and both chambers of Congress have included about $20 billion to jump-start the initiative as part of their stimulus bills. But as with much in the stimulus package, it is not just the money but the accompanying provisions that groups are trying to influence. The effort to speed adoption of health information technology has become the focus of an intense lobbying battle fueled by health-care and drug-industry interests that have spent hundreds of millions of dollars on lobbying and tens of millions more on campaign contributions over the past two years, much of it shifting to the Democrats since they took control of Congress. At the heart of the debate is how to strike a balance between protecting patient privacy and expanding the health industry's access to vast and growing databases of information on the health status and medical care of every American. Insurers and providers say the House's proposed protections would hobble efforts to improve the quality and efficiency of health care, but privacy advocates fear that the industry would use the personal data to discriminate against patients in employment and health care as well as to market the information, often through third parties, to generate profits.

"For five days as her husband lay in his hospital bed suffering from kidney cancer, Regina Holliday begged doctors and nurses for his medical records, and for five days she never received them. On the sixth day, her husband needed to be transferred to another hospital -- without his complete medical records. "When Fred arrived at the second hospital, they couldn't give him any pain medication because they didn't know what drugs he already had in his system, and they didn't want to overdose him," says Holliday, who lives in Washington. "For six hours he was in pain, panicking, while I ran back to the first hospital and got the rest of the records." Despite a federal law requiring hospitals and doctors to release medical records to patients who ask for them, patients are reporting they have a hard time accessing them leading to complications like the ones the Holliday family experienced. 'What part of "Give us our damn data" do you not understand?'"

Privacy law matters in ways not readily apparant until they hit home.

The US government has now adopted a policy of fostering the adoption of electronic medical records (EMR). The policy is intended to increase the efficiency of the US healthcare system, thereby lowering costs and reducing the incidence of preventable errors. At the same time, through its The Health Insurance Portability and Accountability Act (HIPAA) privacy rules, the government has set minimum standards for the security of those records. These two goals-privacy and security of these records, along with their free interchange among medical providers-can easily wind up at odds with each other. A recent study that looked at the role of state privacy laws in EMR adoption suggests that the problem is very real, as state privacy laws seem to inhibit the use of EMR by hospitals located there. The authors, based at MIT and the University of Virginia, line up a variety of data that validate their suggestion that privacy and the use of EMR may require a careful balance. So, for example, they cite some highly publicized lapses when it comes to the maintenance of patient privacy: someone once offered the records of 200,000 patients for sale on Craigslist, while hospitals have seen their own employees attempt to get at the electronic files of famous patients. Perhaps more significantly, the authors suggest that the public, as represented by their legislators, has concerns about the privacy of EMR. They found that states that have passed their own privacy laws to supplement the HIPAA rules tend to have a higher percentage of their populace signed up for the Do Not Call Registry, indicating a corresponding individual-level interest in maintaining privacy. So, they looked at whether these laws had any impact on the adoption of EMR by hospitals located in each state.

making best indexing in goggle and bing. RADJASEOTEA is a master of backlinks. You want indexing in goggle and bing. LOOK THIS www.fiverr.com/radjaseotea/making-best-super-backlink-143445

The FBI and Virginia State Police are searching for hackers who demanded that the state pay them a $10 million ransom by Thursday for the return of millions of personal pharmaceutical records they say they stole from the state's prescription drug database. The hackers claim to have accessed 8 million patient records and 35 million prescriptions collected by the Prescription Monitoring Program. "This was an intentional criminal act against the commonwealth by somebody who was trying to harm others," Gov. Timothy M. Kaine (D) said. "There are breaches that happen by accident or glitches that you try to work out. It's difficult to foil every criminal that may want to do something against you." Although the hackers had threatened to sell the data if they did not receive payment by Thursday, the deadline passed with no immediate sign that they followed through. ad_icon State officials say it is unclear whether the hackers were able to view the patient records, as they have claimed. If the theft is real, it would be the most serious cybercrime the state has faced in recent history.

Privacy and civil liberties advocates are urging lawmakers working on the forthcoming economic stimulus package to ensure that any language to spur adoption of electronic medical records includes meaningful security safeguards. The American Civil Liberties Union, Consumer Action, the National Association of Social Workers, Patient Privacy Rights and others sent letters to House Speaker Nancy Pelosi, Senate Majority Leader Harry Reid and President-elect Barack Obama Wednesday asking them to ensure individuals can control the use of their medical records and protect them from what they believe is a thriving industry of firms that share and sell medical data. "We all want to innovate and improve health care, but without privacy our system will crash as any system with a persistent and chronic virus will," Patient Privacy Rights executive director Ashley Katz said at a Capitol Hill briefing. Katz said her group has been pleased with progress that the House Energy and Commerce, and Ways and Means committees made last year.

"Medical records for about 15,500 Northern California Kaiser patients - about 9,000 of them in the Bay Area - were compromised after thieves stole an external drive from a Kaiser employee's car last month, Kaiser officials said Tuesday." Kaiser officials said the electronic device contained patients' names, medical record numbers and possibly ages, genders, telephone numbers, addresses and general information related to their care and treatment. No Social Security numbers or financial information was contained on the drive, and Kaiser officials said there's no evidence that the information has been used inappropriately. The device was not encrypted, but some of the information was password protected. Kaiser has sent letters to the 15,500 members and the employee, who Kaiser would not identify, has been fired.

Another hospital employee fired for inappropraite access of medical records. More damage to a medical group reputation because someone failed to get the message.