Archive for January, 2010

Best practices for mobile device data encryption at HIPAA covered entitites

Patient data was copied for 2,900 patients to an employee's thumb drive at BIDMC. The employee left that organization and went to a new one (UCSF). The employee loaded that data onto a laptop at the new organization to demonstrate quality improvement reporting. That laptop was stolen. Both organizations have potential HIPAA violations to worry about based on this person's actions. Some best practices:

1. Policies should require that all mobile storage devices be secured
2. Encrypt all mobile devices including laptops
3. Educate employees on how to protect privacy
4. Sanction employees who violate policies
5. Implement technologies that find transfers of medical data (especially in an unencrypted form). This should include both transfers across the network and via physical devices such as USB thumb drives, iPods, etc.

Read more...

Dental clerk gets 5+ years: stealing identity of patients

Brownsville dental clerk gets fiver years and nine months for embezzlement and stealing identifies of patients to open credit cards.

• Plead guilty to fraudulent identification and identity theft
• She also pocketed some cash payments
• Dentist says his reputation had been destroyed by this employee
• Had to pay the credit card company back for fraudulent charges
• $110,000 dollars in restitution

Read more...

United Health Group’s takeover of HealthNet of the Northeast may be hampered by HIPAA privacy concerns

United Health Group's takeover of HealthNet of the Northeast may be hampered by HIPAA privacy concerns. Connecticut's largest physician's lobby has requested that the attorney generals office investigate to see if the deal would violate HIPAA. The AG's office is currently suing HealthNet for potential HIPAA violations. There are worries that United Health could use HealthNet records to decide who to cover and at what price.

Read more...

Secure Medical Data Transport – Standards Smorgasbord

Great blog entry on secure transport of medical data by Dr. Halamka. Different standards used include:

Read more...

External drive containing thousands of patient records stolen from a Kaiser Permanente’s employee’s vehicle

External drive containing thousands of patient records stolen from a Kaiser Permanente's employee's vehicle. Control of external media is a tricky balance of usability and security (including security budgets)

• 15,500 patients from Northern California potentially effected
• Data included patient name and medical record number
• Drive was not encrypted
• Device was personal property
• Employee was fired
• Patients effected were notified by mail

Read more...

Release of the National Health Security Strategy by HHS – no direct mention of network security?

Release of the National Health Security Strategy by Health and Human Services

• Protecting health during an emergency
• Preparation for bioterrorism and natural disasters
• Implementation guide with 10 objectives

Read more...

Goldmine of identity theft in healthcare

Great article from CNN Money.

• Healthcare identify theft dominated all other crimes in the sector last year
• Insiders selling information to organized criminal groups
• Medicare system a top target
• Selling medical information to uninsured who need care
• Fly by night shell billing companies
• Can put health at risk via tampering of medical records
• In 2008, $19,000 per incident of health care fraud, four fold larger than overall identify theft
• Prime target areas are those with large numbers of Medicare recipients (Miami, Detroit, etc)

Read more...

The HIPAA Song

Song about HIPAA privacy from some college students

Read more...