GovHIT - Rick Kam - December 3rd, 2013
There is no question that health insurance exchanges are a new privacy and security frontier for the federal government, states, and the private sector.
With data that has been residing in a multitude of different places now being brought together, overall security will depend on the security practices of an unprecedented number of participating organizations, some of whom have only minimal training.
Under the new healthcare system, the Department of Health and Human Services (HHS) operates a central data hub that connects participating state health insurance exchanges with federal government agencies — such as the Treasury Department, Internal Revenue Service and other state agencies — to verify enrollees’ eligibility. While the government hub doesn’t store health data on individuals, personal data is stored and there is the risk that identity thieves could steal the ID of one participating organization to gain access through the hub to data held by another.
Search HealthIT - Don Fluckinger - November 12th, 2013
Meaningful use stage 2 rules foster patient engagement in a simple way: Physicians and hospitals receiving federal EHR incentive payments must motivate at least 5% of patients to view, download or transmit their digitized health data.
Let's call that patient engagement 1.0, a cute little hybrid subcompact driving down the highway. Hurtling right behind it is the 18-wheeler, semitrailer version 2.0, as powerful economic factors motivate patients to police their own records.
Healthcare IT leaders and their health information management (HIM) partners need to find ways to embrace this coming interactivity in order to harness its power for the benefit of their organizations' HIPAA compliance; patient safety and community outreach; and to compare favorably to their competitors. Right now. Later in the game, a reactionary approach could just get in the way of better health data security and good old-fashioned customer relationship management.
The Monthly Wrap Up - October 2013
Business First- Kevin Eigelbach - October 30th, 2013
You might think that once you die, you don’t have to worry about someone stealing your identity. Well, you might not have to worry about it, but your surviving relatives might.
Apprisen, a national nonprofit credit counseling agency, recently compiled a list of things you can do to prevent “ghosting,” the practice of stealing the identities of dead people to commit crimes. The IRS estimates the problem costs American taxpayers more than $5 billion dollars annually.
Dark Reading - October 16th, 2013
PORTLAND, Ore. -- October 9, 2013 -- Lost laptops and internal snafus happen. If they involve personal information of customers, employees or others--as they often do--organizations must act in accordance with Federal regulations and state data breach laws. Now that the HIPAA Omnibus Final Rule is in effect, healthcare organizations and their third parties are required to perform a risk assessment for every privacy and security incident that involves sensitive personal information.
The rise of data breaches in healthcare, combined with the highly scrutinized, regulatory environment, has forced the emergence of a new category: data incident management software. Organizations are turning to ID Experts' software, RADAR, to document and simplify the entire data incident management process. RADAR is a leader in this space, with customer adoption up 242% in one year. RADAR 3.0 takes the "guess work" out of compliance, by performing incident-specific risk assessments and offering incident response guidance.
GovHIT - Rick Kam - October 11th, 2013
Medical identity theft is up nearly 20 percent in the past year, according to a new study, making it the fastest-growing form of fraud in the United States.
The 2013 Survey on Medical Identity Theft, in fact, found that that an estimated 1.84 million people are victims of medical identity theft in the U.S. — costing victims an estimated $12.3 billion. While the extent of medical identity theft is surprising, even more alarming is its major cause: medical identity theft tends to run in families.
According to Larry Ponemon, chairman and founder of the Ponemon Institute, the research shows that a large percentage of the supposed identity thefts were actually caused by consumers sharing their personal or medical credentials with friends or family, who then use them to obtain medical services or treatments. Another major cause is family members taking and using the victims’ credentials without consent; in many of these cases, the victims are loathe to report theft by a family member. Almost 60 percent of the medical identity theft reported in the Ponemon study was due to misuse of medical credentials among family members.
PORTLAND, Ore. — October 9, 2013 — Lost laptops and internal snafus happen. If they involve personal information of customers, employees or others—as they often do—organizations must act in accordance with Federal regulations and state data breach laws. Now that the HIPAA Omnibus Final Rule is in effect, healthcare organizations and their third parties are required to perform a risk assessment for every privacy and security incident that involves sensitive personal information.
The rise of data breaches in healthcare, combined with the highly scrutinized, regulatory environment, has forced the emergence of a new category: data incident management software. Organizations are turning to ID Experts’ software, RADAR, to document and simplify the entire data incident management process. RADAR is a leader in this space, with customer adoption up 242 percent in one year. RADAR 3.0 takes the “guess work” out of compliance, by performing incident-specific risk assessments and offering incident response guidance.
The Monthly Wrap Up - September 2013
Wall Street Journal - Ben DiPietro - September 23rd, 2013
The grace period ends Monday for rules governing protection of a patient’s private health information, and rules governing what must be done if such information is breached or made public.
SC Magazine - Danielle Walker - September 23rd, 2013
Updated rules to the Health Insurance Portability and Accountability Act (HIPAA) expand the legal responsibilities of third-party organizations handling protected health information.
On Monday, the compliance grace period ended for the HIPAA Omnibus Rule (PDF), which formalized many of the statutory changes already made in the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH Act). The changes took effect in March, but organizations have had the past six months to update their business practices to remain in compliance.
Amendments include measures that legally require “business associates” of covered entities to comply with security and privacy measures enforced by HIPAA, like breach notifications.
GovHIT - Mahmood Sher-Jan - September 20th, 2013
When the HIPAA Final Rule on Privacy and Security kicks in on September 23, the privacy game changes for HIPAA covered entities (CEs). But for their business associates (BAs), the stakes rise by a quantum leap.
For CEs, the effects of the Final Rule are mostly incremental because the compliance structure remains unchanged; the biggest change is a revised threshold (aka the compromise standard) for breach risk assessment and notification decision, but basic privacy and security requirements are the same.
For business associates, however, the Final Rule deadline raises the risks of non-compliance to a new level because, for the first time, they face many of the same compliance requirements as their covered entities, making them subject to HHS regulatory fines and corrective action plans, as well as civil monetary penalties.
GovHIT - Tom Sullivan- September 17th, 2013
If the healthcare providers that have been operating under HIPAA for nearly two decades were the only ones required to comply with the new rule on privacy and security, that would be challenging enough. But they’re not.
Instead, the business associates deemed covered entities beginning September 23 are entirely new to the law and that could open up a whole slew of problems.
“A lot of folks are real nervous about that,” said Brian Ahier, founder of Advanced Health Information Exchange Resources (AHIER). “Some are taking a wait-and-see approach.”
Ahier explained that among the healthcare organizations he has encountered most are at least prepared for the low-hanging fruit within the law, activities including updating notice of privacy practices, getting policy and legal experts involved, generally making sure they are set to meet new requirements.
Yet, those are the existing covered entities and, as such, they are more or less used to HIPAA — and even for them it will require major adjustments. But it’s the Business Associates (BAs), essentially partners, vendors, contractors and subcontractors or anyone who maintains protected health information (PHI) that have Rick Kam, president and co-founder of security vendor ID Experts, most concerned.
Dark Reading - Ericka Chickowski - September 16th, 2013
For five years now, a Ponemon Institute annual report has tried to put a number on the cost of data breaches. It creates benchmarks for direct costs such as regulatory fines and the cost of notifying customers, alongside estimates of indirect costs such as customer churn and lost business. In 2013, Ponemon pegged the cost of a data breach at $136 per lost record on average across the globe. Ponemon estimated the cost in the U.S. at $188 per record, and $277 per record when the breach came at the hands of malicious and criminal attacks such as outside hacking or insider theft.
TRAVERSE CITY, Mich. and WASHINGTON, D.C. — September 12, 2013 — Medical identity theft is a national healthcare issue with life-threatening and hefty financial consequences. According to the 2013 Survey on Medical Identity Theft conducted by Ponemon Institute, medical identity theft and “family fraud” are on the rise; with the number of victims affected by medical identity theft up nearly 20 percent within the last year. The survey, sponsored by the Medical Identity Fraud Alliance (MIFA) with support from ID Experts®, finds that medical identity theft affects an estimated 1.84 million people in the U.S.; with victims forking out more than $12 billion in out-of-pocket costs incurred by medical identity theft. For a free copy of the 2013 Survey on Medical Identity Theft, visit http://medidfraud.org/2013-survey-on-medical-identity-theft.
Becker's Hospital Review - Helen Gregg - September 6th, 2013
Recently, a man went to the emergency department at his local hospital, complaining of back pain. The on-call physician noticed an infection in his lymph node, and, after consulting the patient's chart, told the patient he was ordering a course of penicillin.
The patient became upset, demanding to know why the physician would order a drug to which the patient is severely allergic. The physician referenced the patient's chart, noting penicillin was administered during the patient's previous visit to the ED with no complications.
This was the patient's first trip to the small-town ED.
An investigation revealed the patient to be the victim of medical identity fraud — a growing issue in the United States. In 2012, 1.85 million Americans were affected by medical identity fraud and theft, up from 1.49 million in 2011, according to a survey conducted by the Ponemon Institute.
ID Experts Monthly Wrap Up of privacy and data breach stories from around the web.
Dark Reading - Kelly Higgins- August 21st, 2013
A U.S. public-private alliance co-founded by Blue Cross/Blue Shield Association, AARP, the Identity Theft Resource Center and others, will officially launch next month to fight medical identity theft amid a sickening spike in this form of fraud.
The new Medical Identity Fraud Alliance (MIFA), whose other founders include the Consumer Federation of America, the National Healthcare Anti-Fraud Association, and ID Experts, is aimed at combating medical ID theft by getting key players together and establishing solutions and best practices, technologies, research, as well as educating and helping empower consumers to better protect their increasingly targeted health information. MIFA will also provide a venue for information- and attack intelligence-sharing.
Healthcare Informatics - David Raths - August 21st, 2013
Imagine going to the doctor's office for a checkup and finding procedures or prescriptions in your medical record that were a surprise to you. Just as with financial identity theft, an increasing number of Americans are finding themselves the victims of medical identity fraud, as thieves steal their health-insurance number, Social Security number and other personal information and resell them on the black market for use by other people.
Studies conducted by the Ponemon Institute (www.ponemon.org) indicate that the number of medical identity theft victims in the United States has grown from an estimated 1.4 million in 2010 to more than 1.8 million in 2012. Now a nonprofit public-private sector organization is being formed to unite stakeholders to develop best practices, solutions, and technologies for the prevention, detection and remediation of medical identity theft and fraud. Founding members of the Medical Identity Fraud Alliance (MIFA) (www.medifraud.org) include ID Experts, the Identity Theft Resource Center, the National Health Care Anti-Fraud Association, the BlueCross BlueShield Association, the Consumer Federation of America and AARP.
GovHIT - Rick Kam - August 14th, 2013
Scarcely a day passes when we don't hear about some new electronic gadget designed to make our lives more productive, convenient, healthy, or entertaining.
Take Google Glass, for example. Google's new wearable computer is among the current crop of technologies that may sound like science fiction, but they present real privacy risks. Here are a few developments that healthcare privacy professionals and organizations should be thinking about now.
ID Experts Monthly Wrap Up of privacy and data breach stories from around the web.
American Medical News - Pamela Lewis Dolan - July 29th, 2013
During the past decade, the health care industry has adopted new practices and technology to protect against patient data breaches. But as protection of data becomes more sophisticated, so have the ways in which the data are exposed.
Data security firm ID Experts examined some of the biggest breach cases from the past decade and talked with data security experts to understand how the trends have changed during the past 10 years. The report identifies future threats to data security and gives advice on how organizations can respond to those threats.
PC Mag - Abigail Wang - July 13th, 2013
The more our personal information is digitized the more that information is at risk. A lot of people don't worry about protecting their sensitive data because they're under the impression that hackers wouldn't be interested in their accounts. If you think this, you're sadly mistaken. Even your personal email can be worth a lot depending on what information you have on it, like access to your online banking statement and details of your Amazon account. It's important to be aware of the danger your personal information is in if you don't properly protect it.
GovHIT - Rick Kam - July 22nd, 2013
Over the last decade, the scope of identity theft has widened from credit card and financial fraud to include widespread medical identity theft with potentially life-threatening consequences.
In that time, organizations have grown in awareness and readiness to combat identity theft. According to Larry Ponemon, chairman and founder of the Ponemon Institute, recent research shows that companies are doing a better job of detecting, containing, and responding to breach incidents than they were ten years ago.
HITECH Answers - July 11th, 2013
First identified as an industry issue a decade ago, data breaches are now part of the consumer vocabulary. Check out this infographic from ID Experts, A Decade of Data Breach…An Evolution. Data breaches have evolved from credit card fraud with financial consequences to medical identity theft with life-threatening implications. According to leading experts, the frequency, severity, and impact of data breaches are expected to escalate. Industry experts forecast top trends in data breach, privacy, and security:
ID Experts Monthly Wrap Up of privacy and data breach stories from around the web.
PORTLAND, Ore. — July 10, 2013 — The security of personal information is at greater risk now than a decade ago. Financial identity theft and medical identity theft—with life-threatening implications—are impacting millions of people. In fact, experts estimate that an identity is stolen every three seconds. The infographic, Is Your Information Safe?, provides a snapshot of identity theft and data breach over the last decade; available for download at http://www2.idexpertscorp.com/is-your-information-safe/. According to leading experts, global networks and use of advanced sinister technologies are expected to escalate, threatening consumers’ information:
PORTLAND, Ore. — July 10, 2013 — First identified as an industry issue a decade ago, data breaches are now part of the consumer vocabulary. An infographic illustrating A Decade of Data Breach...An Evolution is available: http://www2.idexpertscorp.com/a-decade-of-data-breach/. Click to Tweet. Data breaches have evolved from credit card fraud with financial consequences to medical identity theft with life-threatening implications. According to leading experts, the frequency, severity, and impact of data breaches are expected to escalate. Industry experts forecast top trends in data breach, privacy, and security:
Ed Burns - TechTarget - June 25th, 2013
Identifying data breaches may seem like a relatively simple task. However, a number of factors can make breach assessment tricky, and with federal regulators stepping up enforcement of privacy laws, these pitfalls could land providers in hot water.
Rick Kam - GovHIT - June 17th, 2013
Medical identity theft can be fatal, especially to society's most vulnerable population, the elderly. Targeted by criminal groups and unscrupulous relatives alike, seniors tend to be more trusting of others and are less likely to report the crime because they don't want family members to think they can't maintain their independence, says the National Crime Prevention Council. Fighting this crime is a high priority for me, and it was a privilege to participate in an FTC panel on the subject in Washington, D.C. last month.
HIT Consultant - June 11th, 2013
Clinicians use 6.4 different mobile devices in a day on average according to IDC Healthcare Insights Study. Mobile health devices and BYOD policies provide healthcare professionals with the ability to facilitate smoother workflows, promote team collaboration and help boost productivity. However, with these benefits bring risks of security breaches. PwC Health Research Institute clearly identified that the need for mobile security one of the top ten issues hospitals will face in 2013. The report also found that 69% of the consumers surveyed said they were concerned about the privacy of their medical information if providers accessed it through their mobile devices.
ID Experts Monthly Wrap Up of privacy and data breach stories from around the web.
John Moore - iHealthBeat - May 23rd 2013
Hospitals and other health care providers are beginning to purchase data breach insurance as the number of security incidents reported in the health care sector continues to grow.
Data breach insurance, sometimes called cyber liability insurance, provides some peace of mind for health care executives faced with the near inevitability of an intrusion. Insurance products in this field date back to the late 1990s and early 2000s, but demand has picked up over the last couple of years. Insurance brokers and security consultants report an uptick in interest in such policies among health care providers and their business associates.
Net-Security - May 22nd 2013
Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
Every transaction and health record is now collected, categorized, sorted, and analyzed—and can be hacked. Microcomputers that control aspects of everyday life—from heart rhythms and insulin levels, to the operation of manufacturing plants and data centers, to the use of electricity in homes and gasoline usage in cars—are increasingly at risk for data breach and can threaten public safety.
PORTLAND, Ore. — May 22, 2013 — It’s not a plot on a TV show. Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker. Every transaction and health record is now collected, categorized, sorted, and analyzed—and can be hacked. Microcomputers that control aspects of everyday life—from heart rhythms and insulin levels (see Hidden Hazards: The Computers Inside), to the operation of manufacturing plants and data centers, to the use of electricity in homes and gasoline usage in cars—are increasingly at risk for data breach and can threaten public safety. Industry experts offer insights on top hidden vulnerabilities that can cause data breach:
Rick Kam - GovHIT - May 13th 2013
We can learn a lot about risk from academia. University environments embody the whole data privacy world in microcosm. Colleges and universities handle a broad range of personal information — from students, staff, alumni, donors, and other community members — with their functions in financial services, food services and housing, student stores, and medical services.
On average, educational institutions report 1.3 million records compromised per year, based on statistics from Privacy Rights Clearinghouse. (Check out this infographic from Open Site, for an overview of data breaches in higher education.)
Nobody understands the privacy and security risks in the academic world better than Grace Crickette, chief risk officer for the University of California, a sprawling system that includes ten campuses and five medical centers. She shared her insights, which can be translated into 3 lessons on risk:
Report on Patient Privacy - May 2013
Although covered entities (CEs) have been required since 2009 to notify affected individuals and the government, when appropriate, of breaches of unsecured protected health information (PHI), the so called “harm” standard that triggers notice no longer exists under the new final regulations. Or does it?
Are CEs really starting over when it comes to assessing whether an incident is a reportable breach under the final regulations issued on Jan. 25, which have a compliance deadline of Sept. 23?
ID Experts Monthly Wrap Up of privacy and data breach stories from around the web.
PORTLAND, Ore. — May 1, 2013 —Identity theft is the nation’s fastest-growing crime, claiming almost ten million victims per year, according to FBI statistics. Medical identity theft is the latest threat to affect patients—especially senior citizens. To address this growing epidemic, the Federal Trade Commission will host the educational forum
Don Fluckinger - SearchHealthIT - April 11th 2013
Speakers at the PHI Protection Network's recent forum in Cambridge, Mass. offered HIPAA data breach prevention strategies for health care IT leaders and privacy officers in attendance. They stressed that while technology is vital for preventing breaches, enforcing employee policies to use that technology is equally important.
First, understand that while you're building a culture of health data privacy and security, expect data breaches will happen. The goal of IT leaders, in concert with compliance staff, is to reduce the number of breaches, as well as act quickly to minimize consequences after the fact.
Don Fluckinger - SearchHealthIT - April 9th 2013
CAMBRIDGE, Mass. -- When a data breach happens and the healthcare organization hasn't thought through its internal response plan, many bad things can happen. First, the people involved write internal emails throwing each other under the bus and assigning blame -- and the emails then become a revealing part of the record for attorneys and federal investigators to sift through later.
Then, in a vacuum, managing the media response falls to whom? Marketing? Media relations? IT staff? What will come out of their mouths to the local television, newspaper, radio and Internet reporters? The worst-case scenario is when CEOs take matters into their own hands and call a press conference -- unprepared, perhaps unintentionally making factual errors or public promises the hospital can't keep regarding future data breaches -- or revealing evidence that later turns into pronouncements of willful neglect.
Rick Kam - GovHIT - April 9th 2013
HIPAA and HITECH. PHI in the cloud. BYOD policies. Meaningful use.
The industry is rife with buzzwords and acronyms surrounding patient privacy and data security. The most important word, however, is one that we often overlook: patients.
Yet, they’re the reason we do what we do.
Attorney Jim Pyles, who helped draft the HITECH Act, said, “I’ve been to literally hundreds of meetings in Washington when the patient was not mentioned once. Not one time … When [healthcare leaders say] that the patient ought to be at the center of the system, boy do I applaud that.”
ID Experts Monthly Wrap Up of privacy and data breach stories from around the web.
Wired - Daniela Hernandaz - March 25th 2013
Eugene Vasserman is uneasy about his digital pedometer. The company that makes the thing doesn’t know his name, age, or gender, but it does track his every step and his location. “They know where I sleep. They know my address,” says the Kansas State University cybersecurity and privacy researcher.
Some might think he’s paranoid. But he hasn’t stopped using the device. It’s just that he sees the worst-case scenario — and he’s adamant that the rest of us should see it too. Once health data leaves your immediate possession, he explains, it’s out of your control.
“I’m aware of the tradeoff I’m making … [but] I don’t think people understand what they’re giving up by putting this data out there,” he says. “The direct repercussions are not quite clear because the definition of cloud — excuse the pun — is very nebulous.”
What we do know is that security breaches surrounding healthcare information have been on the rise, according to the Ponemon Institute. And according to the The Washington Post, there are “gaping security holes” in many of the systems that hold our healthcare data.
Health IT Exchange - Don Fluckinger - March 13th 2013
CAMBRIDGE, MA — Here at the Protected Health Information (PHI) Protection Network's first conference — attended by senior health system IT leadership, HIPAA legal authorities and vendor privacy executives — a theme is emerging in healthcare leaders' message: It's all about the patients.
Discussions at patient data security conferences usually revolve around hot new technologies, emerging threats, and common-sense technical safeguards and policies to protect healthcare businesses. Up until this security confab, we've heard health care leaders list their top reasons for HIPAA compliance as protecting a hospital's revenue stream, its reputation, and its hard-earned place as a trusted entity in a city or community in the face of these regulations that seemingly set them up for failure.
Patient advocacy — actively protecting patient interests by protecting their data — usually gets mentioned in passing, fourth or fifth on the list of reasons to shore up HIPAA compliance programs.
Privacy Journal - Doug Pollack & Mahmood Sher-Jan - March 2013
The HIPAA Final Omnibus Rule issued in January is landmark legislation for the healthcare industry. One of the key changes is the removal of the "harm threshold" as a standard for determining whether notification is required after a breach.
Issued on Sept. 23, 2009, the Interim Final Rule for Breach Notification noted that a breach crossed the harm threshold if it "posed a significant risk of financial, reputational, or other harm to the individual." Placing the burden of proof for determining this risk of harm on health-care providers ("covered entities") caused huge (subjective) variances in the definition of a breach that required notification to the public and government agencies and left affected individuals at risk for harm. Patient-privacy advocates perceived the harm threshold as subjective, and health-care organizations lacked clear guidance on how to conduct such an assessment.
GovHIT - Doug Pollack - March 12th, 2013
Cloud computing. It’s like having a butler for your data — managing them, securing them, and making them available when and where they’re needed. No wonder the cloud is attractive to organizations burdened with time and budget constraints.
But the cloud is not without its risks. The Cloud Security Alliance (CSA) recently released its “Notorious nine,” a list of the top threats associated with cloud computing. At the top of the charts for 2013: data breaches. With this threat at the forefront, healthcare organizations should determine when, if ever, is an optimal time for placing protected health information (PHI) and personally identifiable information (PII) in the cloud.
Business Insurance - Matt Dunning - March 6th, 2013
As if managing the risk of data breaches and losses isn't complicated enough, incorporating cloud-based data storage services can greatly exacerbate an organization's cyber security...
ID Experts Monthly Wrap Up of privacy and data breach stories from around the web.
PORTLAND, Ore. — February 28, 2013 — Data breaches are a growing and alarming trend. Half of healthcare organizations experienced more than five data breaches of patient data during the past two years, according to the recent Ponemon Institute report. The must-attend industry forum, Turning PHI Security Into a Competitive Advantage—to be held March 12-13, 2013 in Boston—is tailored to healthcare organizations looking at ways to better protect the big data they manage and learn how to customize security initiatives to protect protected health information (PHI). Register now by visiting Turning PHI Security Into a Competitive Advantage or www.phiprotection.org. Friday, March 1 is the last day to register.
SC Magazine - Dan Raywood - February 27th, 2013
Breaches at third parties can be mitigated with due diligence and preparation, but often that is not a consideration at the first point.
In a debate on 'The killer next door – the devastating impact of third party breaches' at the RSA Conference in San Francisco, Michael Bruemmer, vice president of Experian, said that while you can plan up front and train employees, the threat grows dependant on how many people are involved with the chain of command and the number of outsourcers.
GovHIT - Rick Kam - February 21st, 2013
A difficult question, to be sure, but it's a critical one. Healthcare organizations' privacy programs are still understaffed and underfunded, even while millions of patients' (PHI) are compromised. Securing PHI is an obstacle, with 94 percent of healthcare organizations suffering data breaches in the past two years, according to the recent Third Annual Benchmark Study on Patient Privacy and Data Security.
Jim Pyles, principal at Powers, Pyles, Sutter and Verville, PC, points out that the changing healthcare industry means that liability risks around PHI privacy are continuing to escalate. He says that electronic data breaches are reaching what he calls "epidemic proportions," particularly with the growing use of electronic records and hard-to-secure mobile devices, as well as the growth of electronic health information systems.
Help Net Security - February 20th, 2013
Healthcare organizations’ privacy programs are still understaffed and underfunded, even while millions of patients’ protected health information (PHI) are compromised.
Securing PHI in healthcare is an obstacle, with 94 percent of healthcare organizations suffering data breaches in the past two years, according to the Third Annual Benchmark Study on Patient Privacy & Data Security. Organizations face new challenges with the recent release of the HIPAA Final Omnibus Rule
PORTLAND, Ore. — February 19, 2013 — Healthcare organizations’ privacy programs are still understaffed and underfunded, even while millions of patients’ protected health information (PHI) are compromised. Securing PHI in healthcare is an obstacle, with 94 percent of healthcare organizations suffering data breaches in the past two years, according to the Third Annual Benchmark Study on Patient Privacy & Data Security. Organizations face new challenges with the recent release of the HIPAA Final Omnibus Rule. At the upcoming forum, Turning PHI Security Into a Competitive Advantage, to be held March 12-13 in Boston, organizations will learn how to build, present, and defend a business case for PHI security. More than 20 industry experts will outline steps to protect against the organizational and financial repercussions of data breaches.
PORTLAND, Ore. — February 5th, 2013 — A lost laptop or lost paper files can put a healthcare organization in a tailspin, especially if they contain the protected health information (PHI) of thousands of patients. Is this an incident or a breach? Is there a probability of PHI being compromised? Will this require notification? RADAR 2.5™, the latest software tool from ID Experts, answers these questions for covered entities and business associates, by managing and tracking privacy and security incidents involving personally identifiable information (PII) and PHI. RADAR helps meet all compliance requirements with HIPAA federal and state data breach laws, including the Final Omnibus Rule published by the U.S. Department of Health and Human Services (HHS) on January 25, 2013.
GovHIT - Doug Pollack & Mahmood Sher-Jan - February 6, 2013
Few will mourn the loss of the ambiguous “harm threshold” requirement. Patient privacy advocates perceived the harm threshold to be subjective, which led “to inconsistent interpretations and results,” according to the HIPAA Final Omnibus Rule published by the U.S. Department of Health and Human Services (HHS).
Under the Breach Notification Interim Final Rule, a breach crossed the harm threshold if it “posed a significant risk of financial, reputational, or other harm to the individual.” The rule required healthcare organizations to perform an incident risk assessment to determine if a breach crossed the harm threshold standard and thus required notification.
SearchHealthIT - Ed Burns - January 23nd, 2013
Another major development out of the HIPAA omnibus is the premium that Office for Civil Rights (OCR) officials place on documenting privacy and security policies, as well as responses to breaches. In particular, the changes to the breach notification rule set the bar high for documentation, and covered entities that fail to keep adequate records could face enforcement actions, even when their general response to a breach is appropriate.
eWeek - Brian Horowitz - January 22nd, 2013
An update to the Health Insurance Portability and Accountability Act (HIPAA) could make IT companies more liable for leaked health information, said industry experts. Business associates now must meet the privacy and security rules of HIPAA just like doctors, hospitals and health insurance providers, according to the final "omnibus" rule the U.S. Department of Health and Human Services (HHS) announced on Jan. 17. Companies that produce electronic health record (EHR) software, offer billing and transcription applications, host data in the cloud or provide backup services will be responsible for health information leaks, according to Doug Pollack, chief marketing officer for ID Experts, which offers data breach prevention tools.
Turning PHI Security Into a Competitive Advantage
20+ Industry Experts to Provide Hands-On Information About How Organizations Can Make a Business Case for Protecting Protected Health Information (PHI)
PORTLAND, Ore. — January 16, 2013 — Securing protected health information (PHI) in healthcare is a growing problem, with 94 percent of healthcare organizations suffering data breaches, according to the recent Third Annual Benchmark Study on Patient Privacy & Data Security by Ponemon Institute. Healthcare organizations need to protect against the organizational and financial repercussions of data breaches, but may not know how. At the workshop Turning PHI Security Into a Competitive Advantage, to be held March 12-13, 2013, participants will learn how to build, present and defend a business case for PHI security initiatives tailored exclusively for their organization.
Becker's Hospital Review - Kathleen Roney - January 8th, 2013
What should a hospital or health system include in its New Year's resolution? Completing preparations to protect patient records and reduce data breach stress.
The "Third Annual Benchmark Study on Patient Privacy & Data Security" by Ponemon Institute reports that data breaches in healthcare are growing; insider negligence is the root cause; and mobile devices pose threats to patients' protected health information. Despite the fact that 94 percent of healthcare organizations surveyed suffered data breaches in the report, data breaches don't have to be disastrous if organizations take steps to operationalize pre-breach and post-breach processes to better protect patient data and minimize breach impact. So, how can hospitals and health systems do this?
Naked Security - Lis Vaas - Jan 3, 2013
Competent healthcare providers are great at medical things, be it measuring fasting blood sugar to diagnose diabetes, swabbing the backs of our throats, or clearing plaque off our grubby molars.
Securing electronic devices or health records? Not so much.
That's the takeaway from a study from the Ponemon Institute, which surveyed 80 healthcare organisations in the US and found that 75% don't secure medical devices containing sensitive patient data, while 94% have leaked data in the last two years (mostly due to staff negligence).
Gigaom - Ki Mae Heussner - December 26th, 2012
As hackers look for an easy target, healthcare could be at the top of their list. According to a recent investigation by the The Washington Post, the rise of electronic health records, other digital health platforms and connected devices has made healthcare more vulnerable to security breaches than almost any other industry. Relative to other industries, including finance and the military, hospitals and medical facilities have been targeted by fewer hacks, the report said, but government officials have recently indicated growing concern. In May, the Department of Homeland Security released a notice warning that while wireless technology can bring efficiency and flexibility to healthcare, it also introduces security risks that the industry may not be ready to address.
Forbes - Eric Savitz - December 7th, 2012
Healthcare data breaches have become an everyday disaster. Ninety-four percent of healthcare organizations surveyed in the newly released Ponemon Institute study, Third Annual Benchmark Study on Patient Privacy & Data Security, suffered at least one data breach during the past two years. What’s more, 45 percent of organizations experienced more than five data breaches each during this same period.
The challenges to maintaining the privacy of confidential patient data continue to grow as more and more of this information is being entered into new electronic systems, as mandated by government regulations.
No cure exists for data breaches. Data breaches have entrenched themselves into the fabric of everyday business – like a bacteria – and these risks must be addressed at the highest levels. We believe healthcare organizations should restructure the information security function to report directly to the board. This would symbolize a commitment to data privacy and security, opening executives’ eyes to the real, constant, and costly threats
Becker's Hospital Review - Kathleen Roney - December 6th, 2012
Innovation and emerging technologies in information technology are both exciting and challenging for the healthcare field. These advances create efficiencies, eliminate waste and improve much-needed access to information. However, new concerns about security and privacy arise as these advances are implemented and utilized.
The uphill battle healthcare organizations face in stopping data breaches is evidenced in the "Third Annual Benchmark Study on Patient Privacy & Data Security," conducted independently by Ponemon Institute and sponsored by ID Experts.
According to Larry Ponemon, chairman and founder of Ponemon Institute, the study takes a deeper dive into healthcare organizations' struggle to deal with privacy and security data risks. "[Ponemon Institute] not only completes a survey, but observes what the organizations do. The research also includes conversations with members of the organization," says Mr. Ponemon. "This is the third time we are doing the study, and unfortunately, things seem to be getting worse."
InformationWeek - Michelle McNickle - December 6th, 2012
A majority of organizations polled for Ponemon and ID Expert's third annual benchmark study on privacy and security don't have the technologies, resources and trained personnel in place to take on modern-day privacy and data security risks.
Since beginning the benchmarking in 2010, Ponemon and ID Experts have found that threats to healthcare organizations have increased. The organizational costs for dealing with breaches are climbing as well, with the average price tag increasing from $2.1 million in 2010 to $2.4 million in 2012. The report projects that eventually the annual cost of continuous breaches for the industry "could potentially be as high as $7 billion."
Of the organizations participating in the study, 46% are part of a healthcare network, 36% part of an integrated delivery system, and 18% are standalone hospitals or clinics. This year, the study engaged 80 organizations and conducted 324 interviews. Respondents participating in the study were from all areas of an organization, including security, administration, privacy, compliance, finance and clinical.
GovHIT - Tom Sullivan - December 6th, 2012
Three out of five healthcare organizations are not allocating enough resources to protect patient data – and among the reasons is a simple fact that the industry has no way to place a value on that information.
That's according to Rick Kam, president and co-founder of ID Experts, which sponsored the Ponemon Institute's third annual benchmark "Study on Patient Privacy and Data Security," published on Dec.6.
Prior to the report's release, Government Health IT Editor Tom Sullivan spoke with Kam and Ponemon Institute Chairman Larry Ponemon about the survey's alarming statistics, the potential dangers of criminal social-engineering and why healthcare as an industry is so far behind in terms of safeguarding data.
Bloomberg - Jordan Robertson - December 6th, 2012
Your doctor’s office likely doesn’t have any digital security for its mammography machines, heart pumps and other devices that are vulnerable to hacking, according to a new study.
In a survey of 80 health care organizations in the U.S., the Ponemon Institute found that nearly three-quarters said they don’t secure their medical devices, even though they contain sensitive patient data. The organizations were not named.
“This finding may reflect the possibility that they believe it is the responsibility of the vendor — not the health care provider — to protect these devices,” said the report by Ponemon, an independent research organization.
There's good news and worrying news on the healthcare privacy front. The Ponemon Institute has just released the results of its third annual study on patient privacy and data security, and the report shows that while healthcare organizations have made progress towards protecting patient information, the frequency, costs, and impacts of data breaches and medical identity theft continue to rise. As in previous studies, respondents express concern that privacy and data security efforts in their organizations are understaffed and underfunded, even as the health and welfare of millions of patients are compromised by medical identity theft. The evidence is clear: organizations need to recognize that patient privacy is a fundamental component of caring for the health of the patient and the organization.
FierceHealthIT - Julie Bird - November 28th, 2012
Risk assessment to determine the safety of health IT systems has three components: privacy, security and incident response testing.
Rick Kam and Mahmood Sher-Jan, executives at Portland, Ore.-based ID Experts, note that risk assessment involves identifying threats, internal and external vulnerabilities, the harm that could come from exploiting vulnerabilities, and the probability that harm will occur.
Errors and Cyber Attacks Are Culprits; Mobile and Cloud Threats Loom; Patients at Risk for Medical Identity Theft
TRAVERSE CITY, Mich. and PORTLAND, Ore. — December 6, 2012 — The Third Annual Benchmark Study on Patient Privacy & Data Security by Ponemon Institute, sponsored by ID Experts®, reports that healthcare organizations face an uphill battle in their efforts to stop data breaches. Ninety-four percent of healthcare organizations surveyed suffered at least one data breach during the past two years; and 45 percent of organizations experienced more than five data breaches each during this same period. Data breach is an ongoing operational risk. Based on the experience of the 80 healthcare organizations participating in this research, data breaches could be costing the U.S. healthcare industry an average of $7 billion annually. Leading causes were lost devices, employee mistakes, third-party snafus, and criminal attacks. A new finding indicates that 69 percent of organizations surveyed do not secure medical devices—such as mammogram imaging and insulin pumps—which hold patients’ protected health information (PHI). Overall, the research indicates that patients and their PHI are at increased risk for medical identity theft. Risks to patient privacy are expected to increase, especially as mobile and cloud technology become pervasive in healthcare.
For a free copy of the Third Annual Benchmark Study on Patient Privacy & Data Security, visit http://www2.idexpertscorp.com/ponemon2012/.
For the data breach infographic visit http://www2.idexpertscorp.com/ponemon2012/Infographic/.
Becker's Hospital Review - Kathleen Roney - November 14, 2012
According to a USA Healthcare Privacy Claim Trends report by ACE Group — a global insurance organization — in 2012, the healthcare industry sees 58 percent of all reported data breaches. Hospitals and health systems are high risk because of the type of data they work with: patient personal information, financial information, Social Security numbers, names, addresses, birth dates, etc.
For these reasons, it is important for hospital executives to understand emerging trends in data breaches, the costs associated and proactive steps for minimizing risks. Part of being proactive involves knowing what options are available, such as privacy and security insurance coverage.
Bloomberg - Jordan Robertson - November 8th, 2012
Arnold Salinas knows a lot about the person who stole his identity.
He’s 5-foot-9, 190 pounds. He pays for pizzas with forged checks, defaulted on a $17,000 car loan and has traveled the country, racking up speeding tickets and thousands of dollars in unpaid taxes, according to Salinas and a firm he’s hired to clean up the mess.
But the worst part is: The imposter is sick.
Salinas, a 53-year-old maintenance worker, is fighting the nastiest form of identity theft — someone has taken out medical care in his name. Among the strange bills that have arrived at his Fresno, California, home over the past decade are debt-collection notices for extensive radiology and other treatments at four hospitals in Kansas and Texas.
KETCHConsulting, November 7th, 2012
In times of crisis, it's crucial for hospitals to be prepared. If patient injuries mount, nurses and other emergency personnel need to know the precise plan for keeping operations controlled.
This blog recently reported on how well a comprehensive risk management assessment could benefit medical organizations in dire situations. After Hurricane Sandy, East Coast facilities were able to keep track of patient data and ensure that proper care was given, even as certain locations had to be evacuated.
HealthIT Security - Patrick Ouellette - October 29th, 2012
Beazley cyber insurance certainly has the potential to boost a provider's data management plan, but there are some stipulations that these providers should be aware of.
In a recent blog post on IDexpertscorp.com, Doug Pollack of IDExperts said that he had a chance to weigh the benefits of the Beazley system during a Cyber Liability Panel at American Society for Healthcare Risk Management (ASHRM) in Washington, D.C. While Pollack's company specializes in privacy and data breach solutions and could be called a Beazley competitor, he raises some good points about cyber insurance.
Becker's Hospital Review - Kathleen Roney - October 23nd, 2012
The risk of a data breach to hospitals and health systems is on the rise. According to data from ID Experts, there have been 498 breaches of 500 or more records and 55,000 breaches of less than 500 records since September 2009. That means more than 21 million healthcare records have been breached in the last three years. Ninety-six percent of hospitals had a data breach in 2011, and 60 percent of hospitals experienced multiple data breaches, said Mahmood Sher-Jan, vice president of product management for ID Experts. The potential organizational impact of a data breach incident for a hospital can be enormous. For this reason, the need for strong, effective data breach response plans is on the rise as well.
In a webinar hosted by ID Experts, Cris Ewell, PhD, chief information security officer for Seattle Children's Hospital, Research & Foundation, shared his organization's experience and model for managing information security incidents.
InformationWeek - Michelle McNickle - October 19th, 2012
Someone has to be accountable for every part of managing a data breach incident, according to Cris Ewell, chief information security officer at Seattle Children's Hospital.
"It's bigger than privacy and security … it's about involving everyone in the organization at the highest level down to the help desk level [people] who are inputting calls into the system," he said. In a recent webinar hosted by ID Experts, Ewell said that in addition to accountability, there needs to be a shift in organizational culture to combat breaches.
GovHIT - Chris Apgar & Mahmood Sher-Jan - October 2nd, 2012
An MIT professor once said there is zero correlation between intelligence and wisdom. Intelligence abounds throughout any healthcare organization. When faced with a potential data breach or other incident that can potentially harm organizations and their customers, an incident response plan, or IRP, converts that knowledge into usable wisdom that protects an organization’s patients, customers, and reputation.
Required for covered entities and now because of the HITEHC Act, business associates under the HIPAA Security Rule, an IRP provides organizations with a step-by-step guide for responding to security incidents.
Information Week- Michelle McNickle - September, 20th 2012
The recent data breach at Massachusetts Eye and Ear Infirmary (MEEI) and Massachusetts Eye and Ear Associates once again screams the message: Encryption, encryption, encryption!
The provider has agreed to pay a $1.5 million fine to the Department of Health and Human Services (HHS), after allegations were made that Mass. Eye and Ear failed to comply with certain requirements of the Health Insurance Portability and Accountability Act (HIPAA) standards that govern the security of individually identifiable health information.
Portland, Ore. - September 12, 2012
Data breaches are growing in frequency and magnitude, and have a tremendous financial, legal, operational and reputational impact to the breached organization, whether it’s a financial institution, a hospital, a retailer, a university, a company, a government entity, or a social network. With 174 million compromised records in 2011, according to Verizon, assessing, managing, and publicly responding to a data breach involving medical records, financial information and Social Security Numbers, can be overwhelming and often beyond the scope of an organization’s expertise. In order to provide organizations with an end-to-end blueprint for addressing a privacy incident, ID Experts developed YourResponse™ —a patented, trusted breach resolution method, seven years in the making — to help companies achieve the most positive outcomes for everyone affected in a data breach.
Advisen Cyber Liability Journal - Doug Pollack & Jeremy Henley - August, 2012
Sony, Nasdaq, Epsilon, RSA, Some big names suffered big data breaches in 2011. And they're not alone. Each year, hundreds of data breaches compromise sensitive information on tens of millions of individuals. At an average cost of $5.5 million per breach, according to the Ponemon Institute's seventh annual U.S. Cost of a Data Breach, organizations can't afford to be lax in their breach protection measures.
But how do you manage such diverse risks?
Every organization and each data breach has unique risk factors based on industry, regulatory, customer, and technical circumstances. To reduce the likelihood of a data breach, you must understand your specific risks and address them before a breach occurs. You must also plan ahead to ensure an appropriate, rapid breach response to reduce your chances for regulatory actions and litigation.
Healthcare Informatics- David Raths - August 21, 2012
Working with ID Experts, HFHS crafted a new approach to breach response. Under the name “Code B Alert,” they created a rapid response team that would be activated whenever HFHS has a breach.
The team, led by the chief privacy officer and chief information security officer, includes representation from legal, public relations, human resources, risk management, and business unit leaders. The Code B Alert program includes internal communication to the work force and external communication to the media, patients and the HHS Office for Civil Rights.
In 2011, HFHS got a chance to test the new system when an employee lost a Flash drive in a McDonald’s parking lot. Data on 3,000 patients was involved. Using the Code B Alert system, HFHS was able to take the 56-day response time down to 18 days. “We thought that was remarkable,” Phillips said. “But even though the response time was decreased and the communication plan was effective, we found another concern: portable storage devices.”
Bloomberg- Jordan Robertson- August 10, 2012
As more patient records go digital, a recent hacker attack on a small medical practice shows the big risks involved with electronic files.
The Surgeons of Lake County, a medical facility in the northern Illinois suburb of Libertyville, revealed last month that hackers had burrowed deeply into its computer network, infiltrating a server where e-mails and electronic medical records were stored, Bloomberg.com reported on its Tech Blog.
Forbes - Doug Pollack - August 01, 2012
Can you limit access to the psychiatric notes in your chart once they have been entered into your provider’s new Electronic Health Record system?
Does your podiatrist need access to your reproductive health history?
It sounds absurd, but the adoption of electronic health records and Health Information Exchanges, could enable this level of access in the future. The goal with these initiatives is to provide access to each American’s medical records in order for physicians to better provide treatment.
Government HealthIT - Rick Kam - July 30, 2012
You have greater privacy rights regarding the size of a shirt you purchased online than you do about information in your mental health records under the Consumer Privacy Bill of Rights, issued by the White House in February 2012. At least that’s the position of James C. Pyles, an attorney specializing in patient privacy rights. He authored the forthcoming Health Information Privacy Bill of Rights, an initiative to provide at least the same level of rights to patients as are offered to consumers under the Consumer Privacy Bill of Rights
Forbes - Bob Gregg - July 02, 2012
The Supreme Court’s decision to uphold the Affordable Care Act could guarantee health insurance coverage for the majority of the 50 million Americans who are now uninsured. While laudable in theory, this legislation doesn’t account for the strain these millions of new patients will have on an already overburdened healthcare ecosystem, especially when it comes to patient privacy and data security.
Smart Money - Tania Karas - June 19th, 2012
Few health care trends have gotten as much press of late as the mad rush into electronic health records. Physicians, driven by the promise of better care, cost savings and nearly $23 billion in new federal incentive payments, are racing to turn their scribbled medical records into digital files. Thirty-five percent of hospitals now use such systems, more than double the share two years ago, according to U.S. government figures. But for all the hype about electronic records, little attention has been paid to what some say is a serious weak spot: When those sensitive bits and bytes fall into the wrong hands, it's often patients who feel the pain.
Government Health IT - Rick Kam - June 18th, 2012
Mobile devices have become notorious for unintended exposure of protected health information (PHI).
Between September 22, 2009, and May 8, 2011, for instance, mobile devices were the cause of exposing the PHI of more than 1.9 million patients, a statistic cited in The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, a seminal report by the American National Standards Institute (ANSI), The Santa Fe Group/Shared Assessments Program Healthcare Working Group, and the Internet Security Alliance (ISA).
by Kyle Muprhy, PhD - June 12, 2012 - EHR Intelligence
Ensuring that a patient's protected health information (PHI) or personally identifiable information (PII) is secure requires both large and small healthcare organizations to navigate an ever changing and oftentimes conflicting landscape of state and federal laws regarding patient privacy. The proliferation of these laws creates a significant challenge for providers, who must remain compliant with the Health Information Portability and Accountability Act (HIPAA) as well as any state laws protecting patient information.
Portland, Ore. - June 13th, 2012
Mobile devices—thumb drives, smartphones, external hard drives, tablets and laptops—are increasingly exposing protected health information (PHI) in the healthcare space, with threat risks growing, according to the Department of Homeland Security. Mobile devices pose significant risks for privacy incidents for healthcare organizations, providers and entities responsible for safeguarding protected health information (PHI) under Federal HITECH and HIPAA regulations. Since patient data can be moved, processed and shared via personal cell phones and tiny USB flash drives, the Bring-Your-Own-Device phenomenon can wreak havoc on a hospital. To assist healthcare entities reduce privacy incidents resulting from mobile risks, 13 experts—representing legal, data breach prevention, technology, healthcare IT, and security—offer these top tips for healthcare organizations:
Portland, Ore. - June 7th, 2012
ID Experts RADAR™ was named one of "The Best Privacy Technologies of 2012" at the 2nd annual International Summit on the Future of Health Privacy, in Washington, D.C., where more than 40 leading health-privacy experts gathered to discuss urgent privacy issues facing the industry and affecting patients. More than 20,000,000 individuals have been impacted by the epidemic of health information breaches in healthcare systems. Sensitive patient health data is a prime target for thieves, with medical identity theft affecting 1.5 million people in the U.S. annually. The sheer scale of data breaches undermines patient trust in the health system, placing patients' lives and reputations at risk. RADAR was selected as an effective tool to help organizations meet their regulatory and ethical responsibilities to promptly notify individuals when a privacy or security incident occurs.
by Jeremy Simon - May 31, 2012 - Texas Enterprise
It's the nightmare scenario: A hacker who is able to remotely access your pacemaker — and shut it off.
Pacemakers are programmed via wireless connections with a computer. That reliance on wireless signals, however, leaves pacemakers vulnerable to attack by hackers, who could drain the device battery and turn off therapies.
by Michelle McNicle - May 30th, 2012 - Healthcare IT News
A recent Healthcare IT News survey found 48 percent of respondents planning to incorporate cloud computing into their health IT endeavors; 33 percent had already taken the plunge. But 19 percent answered with a "no," and according to Rick Kam, president and co-founder of ID Experts, one of their biggest fears could very well be security issues surrounding the cloud.
by Kathleen Roney - May 22, 2012 - Becker Hospital Review
As society becomes increasingly electronic, data breaches are a major problem for many organizations. Concern for data breaches in the healthcare industry is especially prevalent because of the variety of protected information hospitals and health systems handle. In addition, healthcare data breaches are on the rise. From 2010 to 2011, the number of data breaches affecting healthcare organizations rose 32 percent, according to research by Ponemon Institute. Along with the loss of patient personal and protected health information, data breaches can diminish productivity and cause severe financial consequences for a hospital or health system.
by Joseph Goedert - May 09, 2012 - Health Data Management
Digital forensics-the use of scientific methodology to introduce computer data into actual or potential litigation-relies on "using the best computer techniques in a way that you could go to court and clearly and irrefutably explain what you did," says Winston Krone, managing director at Kivu Consulting, which specializes in investigative, discovery and analysis services. "It's also preserving evidence and making sure that the procedures you do don't change the evidence."
by Michelle McNickle - May 8, 2012 - Healthcare IT News
Data breaches have increased dramatically within the past few years, giving way to new trends within the healthcare space. Given their unpredictable nature, data breaches are hard to budget for, but according to a recent report by ID Experts, one aspect of an overall risk management strategy is becoming increasingly important worth exploring: cyber insurance.
May 2, 2012 - Becker's Hospital Review
In 2011, 419 data breaches were publicly disclosed exposing a total of 22.9 million records, according to a study from the Identity Theft Resource Center. One of the reasons data breaches are so prevalent is because healthcare data increasingly exists in a less stable environment. The push to digitize, the outsourcing of data processing to cloud providers and the increase in mobile devices to conduct business has all contributed. The result has been a substantial increase in the visibility of the breaches and the costs associated with these incidents.
by Rick Kam - May 02, 2012 - Government Health IT
For all of its benefits, cloud computing poses very real dangers to covered entities responsible for safeguarding protected health information (PHI).
The cloud model, which the IT industry has been embracing for its up-front cost savings and efficiencies for years now, is more recently being recognized by the healthcare realm for its potential to serve as an ideal infrastructure for Health Information Exchange (HIE) — a main component of the Electronic Health Records (EHR) meaningful use initiatives. What's more, the cloud can provide easy, affordable access to the latest medical applications, such as e-prescribing or leading-edge diagnostic tools.
by Michelle McNicle - April 30th, 2012 - Healthcare IT News
With the prevalence of data breaches rising, the industry is slowly yet surely realizing they're no laughing matter. And with price tags circulating around the billions, more organizations are starting to take the steps necessary to protect themselves against a costly breach of sensitive information.
Yet, breaches remain common, and as best practices continue to develop around how to handle them, one tool is proving to be invaluable: forensics.
by Michelle McNicle - April 27th, 2012 - Healthcare IT News
It's one thing to know which hot buttons can trigger a visit from OCR. But according to Mahmood Sher-Jan, vice president of product management at ID Experts, and Chris Apgar, president and CEO at Apgar & Associates, organizations should also know what to expect if they're chosen to undergo an audit -- and know how to prepare for one.
Apgar and Sher-Jan outline six things to know about an OCR/HIPAA audit.
April 26, 2012 - Health Data Management
Information security firms FairWarning and ID Experts have integrated their products to offer services to prepare for data breaches, detect them, and manage the investigation and resolution of a breach.
Portland, Ore. - April 26, 2012 -
With healthcare now the top-breached industry, healthcare organizations and providers are challenged by the complexities of auditing, assessing, documenting, and reporting these privacy incidents. To help simplify healthcare privacy incident detection, incident assessment and reporting in order to comply with Federal and state data breach laws, ID Experts has successfully completed FairWarning® Ready for Compliance and Reporting Certification for RADAR 2.0. With ID Experts as a FairWarning® Ready certified partner, the integrated products offer healthcare organizations a simplified solution for the detection of healthcare data breaches and compliance with HITECH Act and states obligations.