Skip to main content

Home/ WPPS C-Suite News/ Group items tagged medical

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Ponemon #BREACH SURVEY: 56% suffer from financial identity theft and cost Hospitals $6 ... - 0 views

www.prnewswire.com/...acy-in-jeopardy-106945528.html

Privacy security compliance HITECH survey ponemon

shared by sandy ingram on 02 Dec 10 - No Cached
  • "Our research shows that the healthcare industry is struggling to protect sensitive medical information, putting patients at risk of medical identity fraud and costing hospitals and other healthcare services companies millions in annual breach-related costs," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.  "At this point one would hope to see that healthcare organizations have improved information security practices and come into compliance with HITECH, now that it's been more than one year since it was enacted.  Instead we found enormous vulnerabilities.  The protection of patient data should be at the forefront of their efforts."
  • ey findings of the research: Data breaches are costing the healthcare system billions.  The total economic burden created by data breaches on the healthcare industry is nearly $6 billion annually.  The impact of a data breach over a two-year period is approximately $2 million per organization and the lifetime value of a lost patient is $107,580.  The average organization had 2.4 data breach incidents over the past two years.  Major factors causing data breaches are unintentional employee action, lost or stolen computing devices and third-party error.Healthcare organizations are not protecting patient data.  Organizations have little or no confidence in their ability to appropriately secure patient records (58 percent).  Healthcare organizations have inadequate resources (71 percent) and insufficient policies and procedures in place (69 percent) to prevent and quickly detect patient data loss.Protecting patient data is not a priority.  Seventy percent of hospitals stated that protecting patient data is not a top priority.  Patient billing (35 percent) and medical records (26 percent) are the most susceptible to data loss or theft.  A majority of organizations have less than two staff dedicated to data protection management (67 percent).HITECH has exposed the healthcare industry's lax data protection practices rather than improved the safety of patient records.  The majority (71 percent) of respondents do not believe the HITECH Act regulations have significantly changed the management practices of patient records.  The findings indicate that there is a significant number of data breaches that go undetected, and therefore unreported.
  • "We talk with healthcare compliance people dealing with data breach risks every day and they just can't get their arms around the problem of data exposure," said Rick Kam, president and co-founder of ID Experts.  "Unfortunately, in healthcare organizations, patient revenue trumps risk management."
  • sandy ingram on 02 Dec 10
     
    Hospitals Are Not Protecting Patient Data; Healthcare Industry Lagging Behind HITECH Standards TRAVERSE CITY, Mich. and PORTLAND, Ore., Nov. 9, 2010 /PRNewswire/ -- The latest benchmark study by Ponemon Institute, sponsored by ID Experts®, finds that data breaches of patient information cost healthcare organizations nearly $6 billion annually, and that many breaches go undetected.  The research indicates that protecting patient data is a low priority for hospitals and that organizations have little confidence in their ability to secure patient records, putting individuals at great risk for medical identity theft, financial theft and embarrassment of exposure of private information.
sandy ingram

California Department of Public Health Breach Fines and Legally Defensible Security : I... - 0 views

www.infolawgroup.com/...nd-legally-defensible-security

california health breach

shared by sandy ingram on 28 Jun 10 - Cached
  • sandy ingram on 28 Jun 10
     
    The California Department of Public Health ("CDPH") recently announced its imposition of $675,000 in fines to six hospitals that had reported security breaches involving medical records (since January 1, 2009, the CDPH has issued fines totaling $1.1 million). The story has been extensively reported on in the media . You can listen to the CDPH's press conference here. The total number of records exposed was only 244, for an average fine of around $2,766 per record. To put that in perspective, if a California hospital suffered a breach involving 100,000 medical records, using the average stated here, their potential fines could be $276 million (assuming no cap for fines and penalties -- the relevant laws do have a cap of $250,000 per incident).
sandy ingram

IT worker gets prison after stealing data for online surveys - 0 views

www.computerworld.com/...ealing_data_for_online_surveys

Privacy Security Fraud employees identity theft medical

shared by sandy ingram on 02 Nov 10 - No Cached
  • Between January and April of this year, Giang filled out 382 surveys before the company that was paying for them, StayWell, figured out what was going on. StayWell had been offering UC employees the gift vouchers as incentives to fill out health surveys, but it grew wise to the scam.
  • Giang only used part of the Social Security numbers of his co-workers while filling out the survey, his lawyer states in a sentencing memorandum. "Mr Giang never intended to steal their identity, and other than losing the opportunity to participate in StayWell's marketing surveys, the victims did not lose anything," says the Oct. 20 memorandum asking the judge for probation instead of jail time.
  • sandy ingram on 02 Nov 10
     
    A former IT staffer has been sentenced to a year and a day in prison for stealing sensitive information belonging to his co-workers and using the data to make money filling out online health surveys. Cam Giang, 31, was fired from the University of California San Francisco Medical Center earlier this year after investigators discovered that he'd been using the names, birthdays and Social Security numbers of other UCSF employees to fill out hundreds of online surveys. The point was to collect online vouchers, worth US$100 each.
sandy ingram

Amended SB1386 - Health care data security breach explained - 0 views

www.scmagazineus.com/...120069

hipppa SB1386 health training breaches

shared by sandy ingram on 01 Nov 08 - Cached
  • Health care data security breaches in the U.S.
  • New laws and regulations regarding data security breaches and disclosure laws affect the way in which health care organizations do business
  • Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • ...11 more annotations...
  • he disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
  • Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
  • They need to implement proper security measures, like encryption,” Booz says. In addition, the law will require a new level of investment in training for customer service, sales, and other externally facing operations.
  • Individuals affected by data breaches that meet the personal information definition and notification requirements must be notified by using one of three methods: written notice, electronic notice with customer's consent, or substitute notice
  • A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
  • The new law requires all state agencies and companies that conduct business in California to notify residents when a breach of their medical information occurs.
  • The purpose of this rule is to secure personally identifiable information (PII) as it travels through the healthcare system. Healthcare organizations, including providers, payers, and clearinghouses, must comply with the Privacy Rule.
  • Between 2000 and 2007, nearly half of all health care security incidents that occurred in the U.S. were associated with hospitals.
  • Between 2000 and 2007, 40 percent of publicly known security incidents at health care organizations are classified as data breaches
  • Although data breaches (hackers, malicious employees, social engineering, etc.) only constitute 40 percent of incidents, they account for 57 percent of all records compromised, nearly two and a half times the next closest category.
  • This again speaks to the need for strong policies and procedures. If organizations did not allow sensitive data to leave their facility without being encrypted (for electronic data) or disposed of properly (for physical data), it could eliminate nearly a quarter of the incidents they would face.
  • sandy ingram on 01 Nov 08
     
    Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • sandy ingram on 01 Nov 08
     
    A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
sandy ingram

HITECH now specifically requires the business associate to notify their partner so that... - 0 views

www.technewsworld.com/...alth-IT-Post-HITECH-70443.html

Breach Law healthcare compliance HHS notification hitech hipaa

shared by sandy ingram on 02 Aug 10 - Cached
  • The total impact to the institution is difficult to quantify. Obviously no organization wants the negative press. It's the kind of thing that loses patients and makes the institution less appealing when trying to attract physicians.
  • Under the breach notification requirements of the HITECH Act (Title XIII of the American Recovery and Reinvestment Act), lost or stolen unencrypted records such as these requires notification to Health and Human Services for the public posting of the institution to HHS' "wall of shame," or public list of breaches involving more than 500 individuals. If you go to the HHS website right now, you'll see this incident listed there -- along with an ever-increasing laundry list of other institutions in the same boat.
  • This very public example of HITECH in action underscores just one of the many ways that the law has altered the way that healthcare does business. While the full impact of the law won't be seen for quite some time to come, we're starting to see some radical changes in the way that hospitals approach security and compliance.
  • ...7 more annotations...
  • Security Breaches From a provider point of view, probably the biggest impact from a security and compliance standpoint stems from the relatively strict breach disclosure requirements within the law. Covered entities not only need to notify in writing the individuals whose data was lost, but they also are required to notify HHS of the data loss.
  • Vendor Impact In addition to expanded disclosure provisions for business associates, HITECH also changes the landscape for them in that they now have a higher bar to meet in terms of their own security requirements
  • Under the law, business associates now have to meet the same bar as covered entities when it comes to the security rule.
  • However, covered entities are not alone in shouldering the burden of these more stringent rules. Business associates also have a role to play under the new provisions. Business associates now need to make sure that they report possible breaches to partners/customers and that they provide enough data for the covered entities to tell who was impacted and what type of data it was -- in other words, enough data for covered entities to fulfill their disclosure obligations. Whereas in the past a breach might occur at a business associate with nobody at the covered entity the wiser
  • HITECH now specifically requires the business associate to notify their partner so that the individuals impacted can be apprised.
  • Clearly, as applications move outside of the provider (for example, due to cloud computing) and more and more vendors move in to participate, rising numbers of vendors, hosting providers, and other service providers find themselves becoming "business associates" and inheriting security requirements that they're unfamiliar with. Even vendors not specifically targeting the healthcare market may find themselves in the direct path of the regs and obligated to change how they do business in response.
  • Vendors seeking to court healthcare clients will now need to pitch not only functionality but a compliance message as well.
  • sandy ingram on 02 Aug 10
     
    Just a few weeks ago, Lincoln Medical and Mental Health Center learned a hard lesson. If you didn't see the news reports, the N.Y.-based healthcare provider notified over 130,000 individuals that their records -- including diagnostic information, Social Security numbers, dates of birth, and other information of use to identity thieves -- was potentially lost."
sandy ingram

Medical-data breach said to be major; involves nearly two-thirds of the insurers' subsc... - 0 views

www.philly.com/...a_breach_said_to_be_major.html

Security Privacy compliance cybersecurity breach

shared by sandy ingram on 21 Oct 10 - No Cached
  • The security failure, one of the several largest in nearly two years, involves nearly two-thirds of the insurers' subscribers. It became known only after The Inquirer requested information Tuesday evening. The insurers said the drive was missing from the corporate offices on Stevens Drive in Southwest Philadelphia. It noted that the same flash drive was used at community health fairs. "That seems grossly irresponsible," said Dr. Deborah Peel, a Texas psychiatrist who heads Patient Privacy Rights, an advocacy group.
  • The news of the breach comes at a time when there is more emphasis - and billions of dollars in federal funding - to develop protocols for electronic medical records, with information being shared among providers, insurers, and consumers.
  • Paul Stephens, director of policy for the Privacy Rights Clearinghouse, said that data breaches in the finance and retail sectors tended to involve more people, but that health data are very sensitive and may also contain payment information.
  • ...3 more annotations...
  • Until The Inquirer asked for information, the company had not disclosed the data breach to affected members, most of whom live in Philadelphia and nearby counties
  • The federal website explaining the law says that breaches must be reported "without unreasonable delay and in no case later than 60 days."
  • They would not say how they know the computer drive was lost, not stolen. They would not comment on the riskiness of taking the drive to health fairs, nor would they say whether the data on the drive was encrypted.
  • sandy ingram on 21 Oct 10
     
    A computer flash drive containing the names, addresses, and personal health information of 280,000 people is missing - one of the largest recent security breaches of personal health data in the nation. "We deeply regret this unfortunate incident," said Jay Feldstein, the president of the two affiliated Philadelphia companies, Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan. The breach, which involves the records of Medicaid recipients, is the first such Medicaid data breach in Pennsylvania since at least 1997, according to the state's Department of Welfare, which has oversight. "We take compliance [with federal privacy laws] very seriously," department spokeswoman Elisabeth Myers said Wednesday.
sandy ingram

forbes: The Hidden Cost of Privacy - 0 views

www.forbes.com/...ch-hidden-cost-of-privacy.html

Privacy Security Cost Forbes

shared by sandy ingram on 30 May 09 - No Cached
  • Special interest groups and lawyers claim they are defenders of individual privacy. But all that red tape is causing more harm to consumers than good.
  • In a world of tight budgets and sacrificed programs, one sector has continued to grow with the speed and choking effectiveness of kudzu: regulations around privacy.More than 300 privacy-related laws are on the books, in both Washington, D.C. and state capitals. Privacy-related consulting services provided by law and accounting firms are a $500-million-a-year business and have been growing at double digits.
  • In other instances, the American approach to privacy occasionally produces too much of it, notably when it comes to medical research. Federal privacy laws involving health records are often so stringently interpreted by bureaucrats that studies involving life-threatening diseases have had to be scaled back or canceled. A pioneering, decades-long study of strokes and heart attacks shut down this year when researchers weren't able to get the necessary patient-consent forms signed.
  • ...2 more annotations...
  • A recent report from the Institute of Medicine says privacy laws have created a crisis for U.S. researchers. Lawrence O. Gostin, the Georgetown University law professor who presided over the study, complains that the consent forms that are a centerpiece of many laws don't even do a good job in protecting medical privacy. "Patients don't understand what they are signing," he says.
  • Lawyers who spend their workdays preparing privacy-related notices freely admit that scarcely anyone reads them. The yearly privacy updates from banks required by the 1999 Gramm-Leach-Bliley Act are commonly cited as especially useless; no less an authority than Ralph Nader says the mailings are among the biggest wastes of paper in human history."Whenever I am speaking, I ask the audience if anyone has ever made use of one of those forms," says Kirk J. Nahra, an attorney with Wiley Rein in Washington, D.C. "If even one person raises their hand, I am amazed."
  • sandy ingram on 30 May 09
     
    Special interest groups and lawyers claim they are defenders of individual privacy. But all that red tape is causing more harm to consumers than good.
sandy ingram

Special agent to National Insurance Crime Bureau: "anecdotally the economic recession i... - 0 views

www.claimsjournal.com/...99413.htm

Fraud Insurance Recession FBI Economics

shared by sandy ingram on 09 Apr 09 - Cached
  • the FBI is aligning a lot more investigators to look into actual economic fraud investigations versus insurance fraud investigations.
  • "Fraud bureaus are telling us this, we're hearing it from the state fire marshals, and we're hearing about it anecdotally through news stories. It's clear that as the economy has gone down, the opportunity to commit fraud, to recover monies they think they need, has increased."
  • And with anywhere from $80 billion to $200 billion lost to fraud each year, affecting all lines of the insurance business — health, property, casualty, life and disability — it's no wonder that states are concerned with combating it.
  • ...1 more annotation...
  • NICB has seen a "pretty significant' trend in medical identity theft and provider fraud, according to McKee. This is when someone steals a person's identity, and medical and insurance information, then submits fraudulent bills to the insurance company for treatment the person did not receive. The check goes back to the fraudulent company, and the person is unaware that his or her identity was stolen or is being used for fraud, he explained.
  • sandy ingram on 09 Apr 09
     
    Does a bad economy increase crime? Analysts have debated that question for years, according to Mike McKee, senior special agent for the National Insurance Crime Bureau. While it's too soon for statistics to confirm whether recent events like the mortgage meltdown and an increase in unemployment truly lead consumers to commit more crimes, McKee said at least anecdotally the economic recession is affecting insurance fraud.
sandy ingram

Facebook Timeline Violates FTC Settlement, Says One Privacy Group | WebProNews - 0 views

www.webpronews.com/says-one-privacy-group-2012-01

facebook timeline settlement ftc privacy group

shared by sandy ingram on 06 Jan 12 - No Cached
  • Having just reached a settlement with the Commission in which the company is required “to take several steps to make sure it lives up to its promise in the future, including giving consumers clear and prominent notice and obtaining consumers’ express consent before their information is shared beyond the privacy settings they have established,” Facebook is changing the privacy setting of its users in a way that gives the company far greater ability to disclose their personal information than in the past. With Timeline, Facebook has once again taken control over the user’s data from the user and has now made information that was essentially archived and inaccessible widely available without the consent of the user.
  • The impetus is on the user to edit their privacy settings in order to tweak their Timeline to only show stuff that they want it to show.
  • EPIC goes on to argue that since Timeline contains new categories like “Health and Wellness,” it is ripe to be used by companies mining for medical data
  • ...1 more annotation...
  • They argue that the Timeline makes it “a heck of a lot easier for computer criminals to unearth personal details that can be used to craft attacks.”
  • sandy ingram on 06 Jan 12
     
    The settlement said that Facebook must be more forthright with its members and make sure that any changes that they make concerning privacy must be clearly and prominently spelled out.
sandy ingram

Health care providers anticipate new audit program - 0 views

www.finance-commerce.com/...allenges-as-scrutiny-increases

Health Care Audit

shared by sandy ingram on 05 Jan 09 - Cached
  • New audit program
  • Another development affecting hospitals will be the nationwide implementation of the Medicare Recovery Audit Contractor (RAC) Audit program, Jesson noted. After testing the program in three states over the past three years, RAC auditors will begin auditing hospitals in Minnesota and other states for Medicare or Medicare fraud.
  • The federal government recently offered additional incentives to states that adopt laws that parallel the False Claims Act.
  • ...8 more annotations...
  • Data privacy is another hot-button issue for health care consumers, providers and regulators
  • a Minneapolis attorney, expects to see stepped up reinforcement of so-called “red flag rules” under the Health Insurance Portability and Accountability Act to prevent identity theft from health care providers and their patients.
  • health care organizations need to address three primary areas
  • making sure they have ID-theft prevention programs in place;
  • requirements relating to credit reports;
  • requirements related to the use of debit cards, credit cards and “smart” cards.
  • expects to see greater enforcement and “stiffening” of Medicare and Medicaid reimbursement:
  • As the current economic downturn continues, DeLoss also foresees another trend which should keep health law attorneys occupied in the coming year: more consolidation among medical practices.
  • sandy ingram on 05 Jan 09
     
    Another development affecting hospitals will be the nationwide implementation of the Medicare Recovery Audit Contractor (RAC) Audit program, Jesson noted. After testing the program in three states over the past three years, RAC auditors will begin auditing hospitals in Minnesota and other states for Medicare or Medicare fraud.
sandy ingram

HONcode: Principles - Quality and trustworthy health information - 0 views

www.hon.ch/Conduct.html

shared by sandy ingram on 29 Oct 08 - Cached
  • HON Code of Conduct (HONcode) for medical and health Web sites
  • sandy ingram on 29 Oct 08
     
    null
1 - 11 of 11
Showing 20 items per page