HIPAA Blog Posts: Health Information Privacy
Hackers erased the patient records and appointment records in retaliation for not receiving $6500 ransom. The doctors decided to close the practice and retire.
Over 2 million patients had their medical identity stolen in 2014 which represented a 22% increase over the previous year according to the organization Medical Identity Fraud Alliance or MIFA.
A large cyberinsurance company is claiming that it doesn't have to pay a claim based on a HIPAA breach because the covered entity failed to meet "minimum required practices". Cottage Hospital in Santa Barbara had a HIPAA breach of 32,500 patient records or PHI in in 2013 and filed a claim for $4.1 million, which CNA is contesting.
“Protecting patient data (PHI) comes down to one key factor – the human factor. As attackers continue to find new ways to exploit healthcare organizations, compromising patient data and patient trust, one common denominator remains – the human factor.”
CISO: Compliance Is the Wrong InfoSec Focus. Even if your information security program was bullet proof (an unlikely scenario), a HIPAA risk assessment based on the NIST protocol would probably show that you were not HIPAA compliant.
The recent Ponemon Institute study showed a 125% increase in criminal attacks on healthcare data. These now outrank stolen laptops as the leading cause of breach.
Anthem was hacked, with exposure to 80 million patient files, which qualifies as a HIPAA breach, but what does that mean to a small physician practice? The hack has been attributed to a program called "Deep Panda" and the Chinese Army, which is unlikely to target a small physician practice, but could trigger copycat attacks.
The new name for our services is HIPAAssure™ which reflects the fact that we not only help organizations get HIPAA compliant, we measure their compliance, display their compliance to them and their business partners so that everyone is assured that they are HIPAA compliant.
An employee of a covered entity was sentenced to 37 months in jail for violating HIPAA. regulations. In this case it was fraud since the employee was selling the patient records but in another famous case at UCLA it was caused by an employee "peeking" at famous patient's records.
OIG has stated that if a CE failed to perform even one measure of Meaningful Use they would have to return the stimulus funds and might be audited to determine if there was fraud. A Florida firm just had to pay back $31 million for falsely attesting to compliance.