HHS officials last week confirmed what many people have long suspected: Laptop theft is the most common source of health data breaches affecting at least 500 people. Of the 189 breaches reported to HHS since notification became mandatory last year, 52 percent were due to theft
via HHS: Laptop theft is No. 1 source of health data breaches – FierceHealthIT.
Indiana Attorney General Gregory Zoeller has filed a lawsuit against health insurer WellPoint Inc., alleging the company did not notify 32,051 affected consumers in the state of a breach of their protected health information in a timely manner.
via Indiana AG Sues WellPoint for Breach.
The names, addresses and some health information of 280,000 Medicaid enrollees in Pennsylvania could be at risk after two affiliated managed care organizations reported the loss of a hard drive from a portable computer.The hard drive went missing in the corporate offices of either Philadelphia-based Keystone Mercy Health Plan or Harrisburg-based AmeriHealth Mercy Health Plan, the Philadelphia Inquirer reports. The two companies cover a total of 400,000 Medicaid patients in the state.
via Lost hard drive puts data on 280,000 Medicaid enrollees at risk – FierceHealthIT.
Ready for another threat to individual privacy? Less insidious, perhaps, than phishing, but potentially as damaging is a relatively new technique called “scraping.”
Scraping is the practice of trolling social networking sites, message boards and chat rooms looking for personal information that can help firms target the right people with their marketing efforts. And instead of being cloaked in the guise of a Nigerian prince or other shady character, scraping is being sponsored by some big-name, legitimate companies, and it’s starting to find its way into healthcare.
via PatientsLikeMe incident may just be ‘scraping’ the surface – FierceHealthIT.
Three Michigan abortion clinics have been cited by the Office for Civil Rights for violating the federal Health Insurance Portability and Accountability Act HIPAA, but a pro-lifer is disappointed that no further action has been taken.
via Clinics caught, cited for violating the law OneNewsNow.com.
A federal grand jury in Pittsburgh has indicted a former employee at the University of Pittsburgh Medical Center for allegedly stealing patient data in the first HIPAA-related prosecution in the Western District of Pennsylvania, federal prosecutors say.
Paul C. Pepala, 34, of Monroeville, PA, faces 14 counts related to the alleged disclosure of patients’ data for personal gain in February 2008, when he was an employee at UPMC Shadyside Hospital. The indictment lists Pepala as the sole defendant.
via HIPAA Violations: UPMC Employee Criminally Indicted.
The Department of Health and Human Services’ Office for Civil Rights received thousands of pages of comments from hundreds of organizations by the Sept. 13 deadline. Now, the office will spend the coming weeks fine-tuning the proposal issued in July.
via Plenty of Feedback on HIPAA Changes.
Network security audits are getting a lot of coverage these days thanks to standards like SOX, PCI-DSS, and HIPAA. Even if you don’t need to comply with any of those standards, business relationships with partners or customers may require you to show that your network is secure.
via Preparing For A Firewall Audit | Katonda.
While everyone is worried about stolen laptops or unauthorized access to computer files, who ever thought the hard drive in copying and fax machines could be a potential HIPAA violation?
Copy machines, fax machines and scanners now contain hard drives — like computer hard drives — that store images of all the pages of information that ever ran through the machines, according to the Baudino Law Group.
The Des Moines, Iowa, law firm said after a copy machine was disposed by a New York-based managed care plan, the plan had to notify three state agencies, federal authorities and more than 400,000 members of a breach of protected health information under HIPAA.
via Hard Drives in Copy or Fax Machines are a HIPAA Risk | Supply Chain.
According to the survey, 80 percent of respondents say securing patient information from unauthorized access and data breaches is a top priority, and 76 percent claim breach of confidential information or unauthorized access to clinical applications as their greatest security concerns – so much so that 97 percent say that HIPAA and HITECH Act regulations are driving their organization’s purchasing decisions. Seventy-four percent, meanwhile, say their organization will spend more on security in 2010 than it did in 2009.
via Data breach prevention top of mind for healthcare IT decision makers (WTN News).
