HIPAA Blog Posts: Health Information Privacy

HIPAA, Gabrielle Giffords, and Steve Jobs

The San Francisco Chronicle business writer Kathleen Pender in her column Net Worth on Thursday January 20, 2011 contrasted the information released on the condition of congresswoman Gabrielle Giffords with the non-information released about Steve Jobs, founder and CEO of Apple.  Her discussion of HIPAA rules was insightful and she pointed out that three employees and and a contracted nurse were fired  for improperly accessing the records of victims of the shooting rampage.

Continue reading…

Compliance is Not Just a HIPAA HITECH Issue: OMIG is Auditing Compliance

Knock Knock. That could be OMIG at your door for an unannounced visit -- not to audit your facility or clinic’s claims or cost reports, but to assess your compliance program. OMIG has made such visits to speak with the compliance officer, to review the compliance plans, and to see evidence of the provider’s certification. Accordingly, facilities should be prepared to respond to unannounced visits from OMIG inquiring about the organization’s compliance structure and practices.

Continue reading…

HIPAA HITECH Data Breaches up 193% over 2009

A recent analysis of the past year’s data breaches by Imperva concludes that, in 2010, there has been a nearly 200% increase over 2009. Conversely, the number of records compromised shrank nearly 100% -- from 230 million records in 2009 to 13 million records in 2010.

Continue reading…

Insurance For HIPAA HITECH Breach?

"Whether a breach results from human error (a typical cause for breach) or from organized or individual cyber crime such as hacking and stolen laptops (a less typical, but increasing risk), insurance companies such as Chartis, Beazley, and Hiscox are willing to underwrite certain computer security risks and cover specified losses that may be incurred by an insured from a PHI security breach."

Continue reading…

Medical ID (PHI) Targeted by Digital Thieves

"The going price of a medical ID, a Medicare number, is actually significantly higher than a Social Security number," Adam Greene, senior health IT and privacy specialist in HHS' Office for Civil Rights

Continue reading…

AvMed Health sued over 'one of the largest medical breaches in history'nNovember 18, 2010 | Healthcare IT News, Molly Merrill, Associate Editor

MIAMI – A class action filed against Florida insurer AvMed Health Plans seeks redress for a data breach that occurred when two laptops, containing patient information for 1.2 million members, were stolen from the company's headquarters in December 2009.

Continue reading…

A Compliance Program is More Than HIPAA HITECH

An effective compliance program addresses the healthcare provider's / supplier’s need to prevent fraud and abuse as well as the unauthorized acquisition, access, use or disclosure of Protected Health Information (PHI) which compromises the security or privacy of the PHI, and carries the added benefit of improving the provision of quality health care at lower costs. The Law Offices of David Barmak

Continue reading…

Hospital Fined $250,000 For Not Reporting Data Breach: Cheryl Clark, for HealthLeaders Media, September 9, 2010

Lucile Salter Packard Children's Hospital at Stanford University has been fined $250,000 by California health officials for failing to report within five days a breach of 532 patient medical records in connection with the apparent theft of a hospital computer by an employee.

Continue reading…

HIPAA Medical data breaches most often caused by theft

An analysis of HHS information finds the biggest security leaks come from stolen laptops and removable memory technology. The take-home message: Keep devices locked up.By Pamela Lewis Dolan, amednews staff. Posted Sept. 3, 2010.

Continue reading…

Information Security and Privacy Compliance Work Plan by Rebecca Herold, The Privacy Professor

The following is a high-level work plan to create an information security and privacy program to meet compliance with HIPAA, HITECH and other regulatory and contractual requirements. The areas listed will vary depending upon the organization’s business model, size, number of geographic locations, other applicable legal requirements, and any other unique factors. Each organization should use this as a starting point and change appropriately for its own unique business situation.

Continue reading…