Skip to main content

Home/ CIPP Information Privacy & Security News/ Group items tagged medical

Rss Feed Group items tagged

Karl Wabst

Hackers Could Remotely Manipulate Medical Devices Used By Diabetics - 1 views

    Insulin pumps are vulnerable to determined hackers who could also remotely mess up the readings of blood-sugar monitors, Jerome Radcliffe, a security researcher who has diabetes revealed at the Black Hat computer security conference, Las Vegas, Nevada. In other words, a hacker could cause a diabetic patient to receive either too much or too little insulin.
Karl Wabst

Google Image Result for - 0 views

    Marcia Angell MD is a well-known, respected physician, long-time editor of NEJM. So it was a bit of a shock today when Amy Romano, blogger for Lamaze International, sent me this quote:

    "It is simply no longer possible to believe much of the clinical research that is published, or to rely on the judgment of trusted physicians or authoritative medical guidelines. I take no pleasure in this conclusion, which I reached slowly and reluctantly over my two decades as an editor of The New England Journal of Medicine".
    Interesting quote by former editor of the New England Journal of Medicine
Karl Wabst

Kaiser patient medical records compromised - 0 views

    "Medical records for about 15,500 Northern California Kaiser patients - about 9,000 of them in the Bay Area - were compromised after thieves stole an external drive from a Kaiser employee's car last month, Kaiser officials said Tuesday."

    Kaiser officials said the electronic device contained patients' names, medical record numbers and possibly ages, genders, telephone numbers, addresses and general information related to their care and treatment.

    No Social Security numbers or financial information was contained on the drive, and Kaiser officials said there's no evidence that the information has been used inappropriately. The device was not encrypted, but some of the information was password protected.

    Kaiser has sent letters to the 15,500 members and the employee, who Kaiser would not identify, has been fired.
    Another hospital employee fired for inappropraite access of medical records. More damage to a medical group reputation because someone failed to get the message.
Karl Wabst

Patients demand: 'Give us our damned data' - - 0 views

    "For five days as her husband lay in his hospital bed suffering from kidney cancer, Regina Holliday begged doctors and nurses for his medical records, and for five days she never received them.

    On the sixth day, her husband needed to be transferred to another hospital -- without his complete medical records.

    "When Fred arrived at the second hospital, they couldn't give him any pain medication because they didn't know what drugs he already had in his system, and they didn't want to overdose him," says Holliday, who lives in Washington. "For six hours he was in pain, panicking, while I ran back to the first hospital and got the rest of the records."

    Despite a federal law requiring hospitals and doctors to release medical records to patients who ask for them, patients are reporting they have a hard time accessing them leading to complications like the ones the Holliday family experienced.

    'What part of "Give us our damn data" do you not understand?'"
    Privacy law matters in ways not readily apparant until they hit home.
Karl Wabst

UCSF belatedly announces September data breach - San Francisco Business Times: - 0 views

    "UC San Francisco said late Tuesday it has alerted 600 patients and others that an external hacker may have obtained "temporary access to emails containing their personal information" as a result of a late September phishing scam.

    The breach occurred about three months ago, and was investigated in mid-October, but wasn't disclosed to the public until Dec. 15. Corinna Kaarlela, UCSF's news director, told the San Francisco Business Times late Tuesday that individuals whose data may have been compromised were notified between Oct. 21, when an in-depth investigation began, and Dec. 11, when it was completed.

    UCSF said Tuesday that an unnamed faculty physician in the School of Medicine was victimized in late September by the alleged scam. The physician provided a user name and password in response to an email message fabricated by a hacker, that appeared as if it came from those responsible for upgrading security on UCSF internal computer servers.

    UCSF's Enterprise Information Security unit subsequently identified the breach and disabled the compromised password. UCSF says it conducted an investigation and in mid-October determined that emails in the physician's account ─ including some containing demographic and clinical information and, in a few cases, Social Security numbers ─ may have been exposed."
Karl Wabst

Facebook privacy revisions 'sign post' for healthcare - Modern Healthcare - 0 views

    "Part one of a two-part series:

    Facebook, the global phenomenon in Web-based social media, rolled out a massive overhaul of its privacy protection policies and technology this week-and in so doing may have drawn up a playbook for healthcare as well, industry experts say.

    The privacy upgrade gives its 350 million worldwide users increased control over who has access to some of, but not all, the information on their personal pages. These new, so-called "granular" controls-specifically those embedded in the site's "publisher" function, which enables a user to post new material to his or her Facebook pages-reach down to the level of discrete data elements. The new controls, for example, allow a user to restrict who gets to see each newly posted photo or typed comment"
Karl Wabst

Data on 800,000 doctors stolen - FierceCIO - 0 views

    "Nearly every practicing doctor in the United States is being warned that their identities might have been stolen when the laptop of an employee of an insurance trade group was snagged from a car in Chicago.

    The laptop contained business and personal information such as Social Security numbers, addresses and certain identification numbers on the laptop of an employee from the Chicago-based Blue Cross and Blue Shield Association, a trade group for the nation's Blue Cross health insurance plans.

    The association confirmed that an employee "broke protocol and transferred to a personal laptop" information that was stolen in late August.

    No patient information was on the database, and so far, no doctor has reported a security breach.

    However, nearly 20 percent of the doctors listed in the database have their Social Security numbers as their medical-care provider identification, putting these health professionals at risk for identity theft, according to an article in the Chicago Tribune."
Karl Wabst

Five Steps to HITECH Preparedness - CSO Online - Security and Risk - 0 views

    CSOs in healthcare organizations know that the Health Information Technology for Economic and Clinical Health (HITECH) Act, signed into law in February 2009, includes new privacy requirements that experts have called "the biggest change to the health care privacy and security environment since the original HIPAA privacy rule." These include:

    New requirements that widen the definition of what Personal Health Information (PHI) information must be protected and extend accountability from healthcare providers to their business associates;
    Lower thresholds, shorter timelines, and stronger methods for data breach victim notification;
    Effective immediately, increased and sometimes mandatory penalties with fines ranging from $25,000 to as much as $1.5 million;
    More aggressive enforcement including authority to pursue criminal cases against HIPAA-covered entities or their business associates.

    No doubt, the HITECH Act raises the stakes for a data breach. But regulations aside, data breaches can hurt your organization's credibility and can carry huge medical and financial risks to the people whose data is lost. We've managed hundreds of data breaches and helped thousands of identity theft victims. Through this we've learned firsthand that compliance doesn't necessarily equal low risk for data breach. For the well being of the business and patients, healthcare organizations and their partners need to take the most comprehensive approach to securing PHI.
Karl Wabst

GAO Reports Urge FDA To Boost Privacy, Modernize IT Systems - 0 views

    This week, the Government Accountability Office issued a report related to privacy and security issues at FDA and another report about the agency's plans to modernize its IT systems, Government Health IT reports.

    Privacy and Security Report

    On Monday, GAO released a report suggesting that FDA has not included sufficient privacy and security protections in its plans for a medical product safety monitoring system called the Sentinel Initiative.

    The system would use data from insurance companies, academic institutions, government agencies and health care providers to track the performance of medications and medical devices.

    According to the FDA Amendments Act of 2007, the initiative would have access to data from 25 million people by mid-2010 and 100 million people by mid-2012 (Foxhall, Government Health IT, 6/2).

    For the report, GAO conducted an audit of FDA's planning process for Sentinel from May 2008 to May 2009.
Karl Wabst

FTC's hard-line enforcement may shock industry - Modern Healthcare - 0 views

    Last week, the government took another step toward closing a legal loophole in federal privacy and security rules for emerging Health 2.0 information technology applications by issuing proposed rules aimed at covering an estimated 900 companies and organizations offering personal health records and electronic systems connected to them.

    The Federal Trade Commission was careful to point out its new interim proposed rule on federal breach notification requirements for the developers of electronic PHR systems did not apply to covered organizations or their business associates as defined by the Health Insurance Portability and Accountability Act of 1996, heretofore the key federal privacy and security regulation. The FTC, operating under new authority given it by the American Recovery and Reinvestment Act of 2009, noted that its new rule seeks to cover previously unregulated entities that are part of a Health 2.0 product mix.

    FTC staff estimates that about 200 PHR vendors, another 500 related entities and 200 third-party service providers will be subject to the new breach notification rule. The staffers estimate that the 900 affected companies and organizations, on average, will experience 11 breaches each per year at a total cost of about $1 million per group, per year. Costs include investigating the breach, notifying consumers and establishing toll-free numbers for explaining the breaches and providing additional information to consumers.

    Pam Dixon, founder and executive director of the World Privacy Forum, said that this isn't the first involvement of the FTC in healthcare-related regulation, noting the consumer protection agency joined with the Food and Drug Administration in a joint statement on the marketing of direct-to-consumer genetic tests. The FTC also has worked in the field of healthcare competition. She noted the compliance deadline with the FTC's "red flag rules" on provider organizations that provide consumer credit to patients for installment payment
Karl Wabst

Nextgov - Privacy groups urge politicians to ensure safeguards for health IT - 0 views

    Privacy and civil liberties advocates are urging lawmakers working on the forthcoming economic stimulus package to ensure that any language to spur adoption of electronic medical records includes meaningful security safeguards.

    The American Civil Liberties Union, Consumer Action, the National Association of Social Workers, Patient Privacy Rights and others sent letters to House Speaker Nancy Pelosi, Senate Majority Leader Harry Reid and President-elect Barack Obama Wednesday asking them to ensure individuals can control the use of their medical records and protect them from what they believe is a thriving industry of firms that share and sell medical data.

    "We all want to innovate and improve health care, but without privacy our system will crash as any system with a persistent and chronic virus will," Patient Privacy Rights executive director Ashley Katz said at a Capitol Hill briefing.

    Katz said her group has been pleased with progress that the House Energy and Commerce, and Ways and Means committees made last year.
Karl Wabst

Obama: All medical records computerized by 2014 | The Industry Standard - 0 views

    President-elect Barack Obama has promised to computerize all of America's medical records within five years. He made the pledge last week in a speech at George Mason University.

    "This will cut waste, eliminate red tape and reduce the need to repeat expensive medical tests," he said. "But it just won't save billions of dollars and thousands of jobs, it will save lives by reducing the deadly but preventable medical errors that pervade our health care system."

    But the road to digitized medical records will be a tough and expensive one, CNN Money reported.

    Today, only about 8% of the country's 5,000 hospitals and 17% of its 800,000 physicians use electronic medical records.

    There is also the issue of patient privacy. Numerous hospitals have faced security issues since moving to electronic medical records. The Industry Standard reported on a security breach at a Los Angeles hospital last month.

    And then there is the cost.

    Studies done by Harvard, RAND and the Commonwealth Fund peg the cost of the digitization plan between at least $75 billion to $100 billion, according to the CNN article.

    However, the health care industry spends $2 trillion dollars a year, so the $100 billion may be well worth the long-term savings.
Karl Wabst

ONC Commissioned Medical Identity Theft Assessment - 0 views

    In May 2008, the Office of the National Coordinator for Health Information Technology (ONC) awarded an approximately $450,000 contract to Booz Allen Hamilton to assess and evaluate the scope of the medical identity theft problem in the U.S.

    Medical Identity Theft

    Medical identity theft is a specific type of identity theft which occurs when a person uses someone else's personal health identifiable information, such as insurance information, Social Security Number, health care file, or medical records, without the individual's knowledge or consent to obtain medical goods or services, or to submit false claims for medical services. There is limited information available about the scope, depth, and breadth of medical identity theft.

    Dr. Robert Kolodner, National Coordinator for Health Information Technology, has noted that medical identity theft stories are being documented at an increasing rate, bringing to light serious financial, fraud, and patient care issues. ONC recognizes that health IT is an important tool to combat the threat of medical identity theft. We are seeking input from the public and other government agencies to better understand how health IT can be utilized to prevent and detect medical identity theft as well as build consumer trust in electronic health information exchange. ONC believes it is imperative to obtain a more comprehensive understanding of this issue from a variety of perspectives, and to create an open forum for dialogue to work proactively to address medical identity theft.

    Medical Identity Theft final report.
    The report summarizing health IT and medical identity theft issues raised at the town hall was completed January 15, 2009 and sets forth potential actions the Federal government and other stakeholders can undertake in working toward prevention, detection, and remediation of medical identify theft.
Karl Wabst

Dixon: FTC expertise needed to fight medical ID theft - 0 views


    The federal government has a key role to play in researching and organizing a national response to the problem of medical identity theft, authors of a government-funded study have concluded.

    Patients, providers, payers and other members of the healthcare community also must join in the effort to combat a problem that is serious, although as yet its scope is not fully known, the report stated.

    Contractor Booz Allen Hamilton released the report last week. It represents the final phase of the $450,000 study funded last year by the Office of the National Coordinator at HHS.

    The study consisted of three parts, the first being to review existing knowledge about medical identity theft as well as policies and practices to prevent it. Those findings were included in a research paper on the subject released last October.

    The second phase involved a public meeting Oct. 15, 2008, the same day the paper was released, to "open a dialogue about medical identity theft within the healthcare industry.

    The final phase, the 26-page report, includes 31 "potential actions," which are recommendations that could form a national policy on medical identity theft.

    While medical identity theft "may be categorized as healthcare fraud," according to the report, "there are unique and important distinctions of medical identity theft that need to become more commonly understood to address this issue effectively."

    One difference, the report authors noted, is that the primary motive behind healthcare fraud "is most often monetary gain, such as when fraudulent providers bill for more expensive services than those rendered. However, medical identity theft tends to be focused on the use of someone else's information to gain goods, services and healthcare."

    IT could hurt, help
    Therefore, undetected medical identity theft poses medical risks to its victims, since their medical records may contain inaccurate and potentially harmful information that may cause them not to be con
Karl Wabst

Lobbying War Ensues Over Digital Health Data - - 0 views

    The Senate and House appear headed for a clash over competing visions of how to protect the privacy of patients' electronic medical records, with the House favoring strict protections advocated by consumer groups while the Senate is poised to endorse more limited safeguards urged by business interests.

    President Obama has called creation of a nationwide system of electronic medical records fundamental to health-care reform, and both chambers of Congress have included about $20 billion to jump-start the initiative as part of their stimulus bills. But as with much in the stimulus package, it is not just the money but the accompanying provisions that groups are trying to influence.

    The effort to speed adoption of health information technology has become the focus of an intense lobbying battle fueled by health-care and drug-industry interests that have spent hundreds of millions of dollars on lobbying and tens of millions more on campaign contributions over the past two years, much of it shifting to the Democrats since they took control of Congress.

    At the heart of the debate is how to strike a balance between protecting patient privacy and expanding the health industry's access to vast and growing databases of information on the health status and medical care of every American. Insurers and providers say the House's proposed protections would hobble efforts to improve the quality and efficiency of health care, but privacy advocates fear that the industry would use the personal data to discriminate against patients in employment and health care as well as to market the information, often through third parties, to generate profits.
Karl Wabst

Mass. General paperwork for 66 patients lost on Red Line train - The Boston Globe - 0 views

    Paperwork containing the personal medical information of at least 66 patients at Massachusetts General Hospital was lost this month when an employee apparently left it on an MBTA train.

    The hospital sent out letters last week to patients whose identities were included in the lost paperwork, telling them the information listed their names and dates of birth, and private medical information, including their diagnoses and the name of the provider with whom they met. The material constituted billing records for patients who attended the hospital's Infectious Disease Associates outpatient practice on Fruit Street on March 4.

    Deborah A. Adair, the hospital's privacy officer and director of health information services, said in a statement released yesterday that while the incident was regrettable, the hospital followed privacy laws by immediately alerting affected patients and authorities, including the state attorney general's office and the Department of Consumer Affairs and Business Regulation.

    "[Hospital] police and security are thoroughly investigating this matter not only with an eye toward recovering the missing information but also toward making sure that this will not happen again," Adair said. "Our information privacy and security policies and procedures are among the strongest in the healthcare industry, but incidents such as this remind us that we must continue to review and revise them, as well as continue to educate our staff on best practices to avoid incidents such as this."

    According to hospital security reports, a manager in the infectious disease center's billing unit told supervisors that she left the paperwork on a Red Line train the morning of March 9. The manager said she had brought the paperwork home with her to work over the weekend and left the material sometime between 7:30 and 9 a.m. The Transit Police were notified, but the paperwork was not found.
Karl Wabst - Industry Insiders Discuss HIT and HIPAA Issues - 0 views

    Industry Insiders Discuss HIT and HIPAA Issues
    March 30, 2009
    by Astrid Fiano, Writer
    A significant part of President Obama's health care reform agenda is the push for implementing more health care technology. In the health care field privacy is always a major concern, and was the impetus of the Health Insurance Portability and Accountability Act of 1996--protecting the privacy of individually identifiable health information in all formats, and the confidentiality provisions of the Patient Safety Act--protecting identifiable information being used to analyze patient safety events.

    So those in the health care industry now wonder will the Administration's focus on health IT (HIT) present more challenges to privacy concerns? As part of a continuing focus on HIT issues, DOTmed interviewed industry expert Kirk J. Nahra, a partner in the Washington D.C. legal firm of Wiley Rein LLP, specializing in privacy and information security for the health care and insurance industries, and named an expert practitioner by the Guide to the Leading U.S. Healthcare Lawyers. DOTmed also interviewed Lise Rauzi, Vice President, Training Development, for Health Care Compliance Strategies (HCCS). HCCS provides online training compliance for employees.

    Nahra notes that regardless of the rising concern over privacy and the new HIT legislation, there have already been formal HIPAA security rules on electronic information in place for several years--the health care industry compliance has just been inconsistent. The problem -- to the extent there is one -- is that HIPAA rules are process-oriented, Nahra explained. The rules don't tell an entity what to do, but rather what to evaluate--a standard set of questions, but without a standard set of answers. For example, a covered entity has to have an internal audit, but the rules do not tell the entity how best to carry out that internal audit.

    Not surprisingly, different businesses have different ideas on how to implement their HIPAA evaluations
Karl Wabst

How Kaiser Permanente Went Paperless - BusinessWeek - 0 views

    Electronic medical recordkeeping may not cut the overall cost of care, but by eliminating redundant procedures and reducing errors, quality may be improved.

    When physician Andrew Wiesenthal needs to work out a problem, he runs around Lake Merritt, across the street from his Oakland (Calif.) office at Kaiser Permanente. As one of the main drivers behind Kaiser's decades-long, multibillion-dollar effort to overhaul the way patient health records are kept, Wiesenthal has had a lot of laps to run.

    Doctors and other medical professionals across the country will be working through similar challenges in the coming years. President Barack Obama plans to spend $17.2 billion to induce care providers to maintain patient records electronically, scrapping the current paper-based system. The Obama Administration wants electronic health records for every American by 2014.

    Obama's predecessor also made a big push for electronic recordkeeping, and many doctors and hospital administrators see upgrading recordkeeping as a good way to improve care. Yet, fewer than 2% of acute care hospitals have a comprehensive electronic health record system in place, with another 8% to 12% using a basic system, according to a study published by The New England Journal of Medicine in March. Adoption isn't much better among physicians. Only 4% have a comprehensive system in place, with another 13% using basic systems, according to a study published in the journal in July.

    Kaiser Permanente is one of the few exceptions. Today, all of its medical clinics and two-thirds of its hospitals operate in a paperless environment and the rest are scheduled to be completely digitized by next year. Across the system, about 14,000 physicians access electronic medical records for 8.7 million patients in nine states and the District of Columbia.
Karl Wabst - Battle of Ideas: Whose Data Is it Anyway? - 0 views

    Traditionally, we trust doctors with confidential information about our health in the knowledge that it�s in our own interests. Similarly, few patients object to the idea that such information may be used in some form for medical research. But what happens when this process is subject to scrutiny?How explicit does our consent have to be? Since the introduction of the Data Protection Act 1998 medical researchers have raised concerns over the increasing barriers they face to accessing patient data.These concerns have heightened amongst some researchers since the passing of the Human Tissue Act 2004 introduced in the wake of the Alder Hey and Bristol Royal Infirmary scandals. When scientific advances are unraveling the secrets of DNA and the decoding of the human genome has opened up substantial new research opportunities.Clinical scientists and epidemiologists argue that the requirements being placed upon them are disproportionate to the use they are making of either datasets or tissues samples and, besides, their work is in the public interest.At the heart of the debate lie key questions over trust and consent and how these can best be resolved.To complicate things, it is no longer just medical researchers, but also public health bureaucrats who are keen to have access to our data.Quasi-official bodies have been charged with persuading individuals to change their behaviour and lifestyles in connection with all manner of issues such as diet, exercise, smoking and alcohol consumption.Social Marketing � the borrowing of commercial marketing techniques in the pursuit of 'public goods' � is in vogue amongst public health officials. Empowered by advanced data collection and computing techniques, armed with the latest epidemiological research, and emboldened by a mission to change unhealthy behaviour, public health officials are keen to target their messages to specific 'market segments' in most need of advice.Are government researchers abusing patients' trust? Can an
Karl Wabst

Insurance & Technology Blog: US Military Takes the First Step on Electronic Health ... - 1 views

    Rarely is the response to a new government initiative a unanimous round of "thumbs up," but so far that seems to be the case regarding yesterday's (April 9) announcement that The Defense Department and the Department of Veterans Affairs will collaborate on building an electronic database of administrative and medical information for U.S. servicemen and women.

    Since developing a broad electronic health records (EHRs) initiative is a prominent feature of the Obama Administration's economic stimulus plan, it makes sense to start (or at least focus) on a defined segment of the population -- current and past military personnel. But, apart from the specific technology, architecture and technical administration aspects of this program, there will be other challenges in pursuing the goal of EHRs for the military -- challenges that insurance technology executives know only too well. These include collaboration among different and sometimes competing interests (in this case, the Department of Defense (DOD) and the Department of Veterans Affairs (VA), which historically have not worked together as closely as one might imagine); and concerns about privacy and security. In fact, the ways in which the military EHRs initiative addresses the privacy issue could provide some interesting best practices (or actions to avoid) for private-sector players.

    "Currently, there is no comprehensive system in place that allows for a streamlined transition of health records between DOD and the VA," President Barack Obama said at yesterday's announcement, "and that results in extraordinary hardship for an awful lot of veterans who end up finding their records lost, unable to get their benefits processed in a timely fashion. And that's why I'm asking both departments to work together to define and build a seamless system of integration with a simple goal: When a member of the Armed Forces separates from the military, he or she will no longer have to walk paperwork from a DOD
  • Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now
1 - 20 of 20
Showing 20 items per page