Thursday, July 23, 2009

3 Plead Guilty to HIPAA Violations

http://www.healthdatamanagement.com/news/HIPAA-38694-1.html?ET=healthdatamanagement:e949:23464a:&st=email

A physician and two former employees at St. Vincent Infirmary Medical Center in Little Rock, Ark., pleaded guilty to misdemeanor federal charges that they inappropriately accessed the medical records of local television anchor, Anne Pressly, who was slain in October 2008.

The local U.S. Attorney’s office confirmed that all three entered guilty pleas July 20, acknowledging they violated the privacy provisions of the Health Insurance Portability and Accountability Act.

MIAOULIS Note: Just another example that organizations need to evaluate and enhance their current HIPAA Security and Privacy Programs.

Sunday, July 12, 2009

New Law Floods California With Medical Data Breach Reports

California officials have received more than 800 reports of health data breaches in the first five months after a new state law went into effect January 1.

The law requires health care organizations in California to report suspected incidents of intentional and unintentional unauthorized breaches of a patient’s personally identifiable health information to the California Department of Public Health. Of the cases reported, which also include complaints from patients, officials have conducted full investigations on 122 cases so far and confirmed 116 as actual breaches. The types of breaches run the gamut from unintentionally faxing a patient’s chart or test reports to the wrong phone number to intentional snooping by workers. Most of the breaches reported so far have been unintentional.
Officials can fine offending organizations or individuals up to $250,000 for a breach, depending on the nature of the breach and the extent of the harm it caused, the Journal reports. http://www.wired.com/threatlevel/2009/07/health-breaches/

MIAOULIS NOTE: The recently passed ARRA/HITECH legislation adds a breach notification requirement on all covered entities.

Monday, July 6, 2009

Arrested --

In June 2009, a 22-year-old Honolulu mother of three young children was sentenced to a year in prison for illegally accessing another woman's medical records and posting on a MySpace page that she had HIV.The State of Hawaii brought charges against the woman under a state statute criminalizing the unauthorized access to a computer; and which categorized the conduct of the defendant as a class B felony.

http://www.hg.org/article.asp?id=6577

"Fourth of July" hacker jailed after hospital hack

A Dallas hospital guard was ordered to jail following his arrest on charges of breaking into computers, planting malicious software and planning a massive distributed-denial-of-service (DDoS) attack on the Fourth of July.
Jesse William McGraw, who calls himself "GhostExodus," 25, was leader of the hacker group "Electronik Tribulation Army," and worked the night shift at the Carrell Clinic hospital in Dallas. He had bragged online that he “infiltrated” the facility, according to an FBI complaint.

http://www.scmagazineus.com/Fourth-of-July-hacker-jailed-after-hospital-hack/article/139482/