CHARLESTON, W.Va. (AP) - A former health worker convicted of stealing the identities of people who received flu shots has been sentenced to two years in prison.
U.S. District Judge John T. Copenhaver Jr. also ordered 25-year-old Jameelah Jossiah of South Charleston on Thursday to pay restitution to the victims.
Jossiah, a former Charleston-Kanawha County Health Department worker, pleaded guilty in May to one count of aggravated identity theft.
http://www.wvgazette.com/ap/ApTopStories/200908270756
Friday, August 28, 2009
Thursday, August 27, 2009
Ex-hospital worker arrested in identity thefts
By the Associated Press
Posted: August 27, 2009 - 11:00 am EDT
East Baton Rouge Parish, La., sheriff's deputies have arrested a former Baton Rouge, La.-based Our Lady of the Lake Regional Medical Center employee for allegedly stealing the personal information of 46 patients.Authorities say 25-year-old Damian Raby took the information in 2006 when he worked for the hospital, and since then has opened 46 debit cards and fraudulently filed federal income tax returns. Police say Raby has received $20,000 because of the fraudulent claims.
http://www.modernhealthcare.com/article/20090827/REG/308279985/1153
Posted: August 27, 2009 - 11:00 am EDT
East Baton Rouge Parish, La., sheriff's deputies have arrested a former Baton Rouge, La.-based Our Lady of the Lake Regional Medical Center employee for allegedly stealing the personal information of 46 patients.Authorities say 25-year-old Damian Raby took the information in 2006 when he worked for the hospital, and since then has opened 46 debit cards and fraudulently filed federal income tax returns. Police say Raby has received $20,000 because of the fraudulent claims.
http://www.modernhealthcare.com/article/20090827/REG/308279985/1153
Wednesday, August 19, 2009
HITECH Breach Notification Interim Final Rule Published
The press Release can be found here (issued 8/19/2010) http://www.hhs.gov/news/press/2009pres/08/20090819f.html
For more information go to this link: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/breachnotificationifr.html HITECH Breach Notification Interim Final Rule New regulations requiring health care providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their health information is breached were issued today by the U.S. Department of Health and Human Services (HHS). These “breach notification” regulations implement provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA). The regulations, developed by the HHS Office for Civil Rights (OCR), require health care providers and other HIPAA covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals. Breaches affecting fewer than 500 individuals will be reported to the HHS Secretary on an annual basis. The regulations also require business associates of covered entities to notify the covered entity of breaches at or by the business associate. “This new federal law ensures that covered entities and business associates are accountable to the Department and to individuals for proper safeguarding of the private information entrusted to their care. These protections will be a cornerstone of maintaining consumer trust as we move forward with meaningful use of electronic health records and electronic exchange of health information,” said Robinsue Frohboese, Acting Director and Principal Deputy Director of OCR. The published rule can be found here http://edocket.access.gpo.gov/2009/pdf/E9-20169.pdf
For more information go to this link: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/breachnotificationifr.html HITECH Breach Notification Interim Final Rule New regulations requiring health care providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their health information is breached were issued today by the U.S. Department of Health and Human Services (HHS). These “breach notification” regulations implement provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA). The regulations, developed by the HHS Office for Civil Rights (OCR), require health care providers and other HIPAA covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals. Breaches affecting fewer than 500 individuals will be reported to the HHS Secretary on an annual basis. The regulations also require business associates of covered entities to notify the covered entity of breaches at or by the business associate. “This new federal law ensures that covered entities and business associates are accountable to the Department and to individuals for proper safeguarding of the private information entrusted to their care. These protections will be a cornerstone of maintaining consumer trust as we move forward with meaningful use of electronic health records and electronic exchange of health information,” said Robinsue Frohboese, Acting Director and Principal Deputy Director of OCR. The published rule can be found here http://edocket.access.gpo.gov/2009/pdf/E9-20169.pdf
FTC Issues Final Breach Notification Rule for Electronic Health Information
http://www.ftc.gov/opa/2009/08/hbn.shtm
The Federal Trade Commission has issued a final rule requiring certain Web-based businesses to notify consumers when the security of their electronic health information is breached.
Congress directed the FTC to issue the rule as part of the American Recovery and Reinvestment Act of 2009. The rule applies to both vendors of personal health records – which provide online repositories that people can use to keep track of their health information – and entities that offer third-party applications for personal health records. These applications could include, for example, devices such as blood pressure cuffs or pedometers whose readings consumers can upload into their personal health records. Consumers may benefit by using these innovations, but only if they are confident that their health information is secure and confidential.
The Rule can be found HERE http://www.ftc.gov/os/2009/08/R911002hbn.pdf There is also a breach notification form that can be found HERE http://www.ftc.gov/os/2009/08/R911002hbnform.pdf
The Federal Trade Commission has issued a final rule requiring certain Web-based businesses to notify consumers when the security of their electronic health information is breached.
Congress directed the FTC to issue the rule as part of the American Recovery and Reinvestment Act of 2009. The rule applies to both vendors of personal health records – which provide online repositories that people can use to keep track of their health information – and entities that offer third-party applications for personal health records. These applications could include, for example, devices such as blood pressure cuffs or pedometers whose readings consumers can upload into their personal health records. Consumers may benefit by using these innovations, but only if they are confident that their health information is secure and confidential.
The Rule can be found HERE http://www.ftc.gov/os/2009/08/R911002hbn.pdf There is also a breach notification form that can be found HERE http://www.ftc.gov/os/2009/08/R911002hbnform.pdf
Tuesday, August 11, 2009
Woman fired for snooping on son wins job back (Healthcare)
MADISON, Wis. (AP) - A Wisconsin hospital employee fired for accessing the medical records of her estranged son so she could find him has been reinstated after an arbitrator called the punishment excessive. The employee, a 30-year veteran of St. Francis Hospital in Milwaukee, was fired in September after an investigation found she repeatedly accessed her son’s records for personal use in violation of federal privacy law.
http://www.thenorthwestern.com/article/20090808/OSH0101/90807151/1128/OSH01/Woman-fired-for-snooping-on-son-wins-job-back
"An adult son has the right to determine what, if any, contact he wishes to have with family members; including his mother," she wrote. "There are individuals who are in the business of locating missing persons. Thus, there was at least one means of obtaining the information that she sought which did not involve accessing hospital records in violation of the employer’s rule and HIPAA requirements."
According to testimony in the case, four other hospital employees have been fired for HIPAA violations, including one who browsed records to pass time, and two others have been disciplined. Some of the employees improperly access records as many as 60 times.
http://www.thenorthwestern.com/article/20090808/OSH0101/90807151/1128/OSH01/Woman-fired-for-snooping-on-son-wins-job-back
"An adult son has the right to determine what, if any, contact he wishes to have with family members; including his mother," she wrote. "There are individuals who are in the business of locating missing persons. Thus, there was at least one means of obtaining the information that she sought which did not involve accessing hospital records in violation of the employer’s rule and HIPAA requirements."
According to testimony in the case, four other hospital employees have been fired for HIPAA violations, including one who browsed records to pass time, and two others have been disciplined. Some of the employees improperly access records as many as 60 times.
Tuesday, August 4, 2009
Suit claims Riverside County hospital breached patient's privacy
By LORA HINES
The Press-Enterprise
A patient who sought treatment last year from Riverside County Regional Medical Center has filed an estimated $1 million claim against Riverside County and the hospital that claims a facility employee revealed her medical information without her consent.
Tiffany Collins, 26, discovered the information breach earlier this year when she ran into a former classmate who asked about her medical condition, said Collins' attorney, Patricia Law. Only Collins and her closest relatives were to have known details of her condition, Law said.
"This is a girl whose family took her medical condition very, very seriously," Law said. "She was just devastated." http://www.pe.com/localnews/inland/stories/PE_News_Local_S_privacy03.39e7c65.html
The Press-Enterprise
A patient who sought treatment last year from Riverside County Regional Medical Center has filed an estimated $1 million claim against Riverside County and the hospital that claims a facility employee revealed her medical information without her consent.
Tiffany Collins, 26, discovered the information breach earlier this year when she ran into a former classmate who asked about her medical condition, said Collins' attorney, Patricia Law. Only Collins and her closest relatives were to have known details of her condition, Law said.
"This is a girl whose family took her medical condition very, very seriously," Law said. "She was just devastated." http://www.pe.com/localnews/inland/stories/PE_News_Local_S_privacy03.39e7c65.html
L.A. County coroner's staff improperly viewed Jackson death certificate
Los Angeles County coroner's officials said Wednesday that they have discovered security breaches involving the investigation into Michael Jackson's death, including hundreds of improper views of the pop star's death certificate and the discovery of weaknesses in two other computer systems in which more sensitive records are stored.At least half a dozen staff members inappropriately accessed Jackson's death certificate, officials said. Within two weeks of his death June 25, the certificate had been viewed more than 300 times. The document was not released publicly until July 7.
http://www.latimes.com/news/local/la-me-jackson-coroner23-2009jul23,0,2712439.story
http://www.latimes.com/news/local/la-me-jackson-coroner23-2009jul23,0,2712439.story
Monday, August 3, 2009
Security Enforcement to OCR
HHS Delegates Authority for the HIPAA Security Rule to Office for Civil Rights
HHS Secretary Kathleen Sebelius announced today that authority for the administration and enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule has been delegated to the Office for Civil Rights (OCR). OCR’s administration and enforcement of the Security Rule, which had previously been delegated to the Centers for Medicare & Medicaid Services (CMS), will eliminate duplication and increase efficiencies in how the department ensures that Americans’ health information privacy is protected.
HHS has the authority for administration and enforcement of the federal standards for health information privacy called for in HIPAA. The Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. OCR has been responsible for enforcement of the Privacy Rule since 2003. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (ARRA), mandated improved enforcement of the Privacy Rule and the Security Rule.
http://www.hhs.gov/news/press/2009pres/08/20090803a.html
HHS Secretary Kathleen Sebelius announced today that authority for the administration and enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule has been delegated to the Office for Civil Rights (OCR). OCR’s administration and enforcement of the Security Rule, which had previously been delegated to the Centers for Medicare & Medicaid Services (CMS), will eliminate duplication and increase efficiencies in how the department ensures that Americans’ health information privacy is protected.
HHS has the authority for administration and enforcement of the federal standards for health information privacy called for in HIPAA. The Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. OCR has been responsible for enforcement of the Privacy Rule since 2003. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (ARRA), mandated improved enforcement of the Privacy Rule and the Security Rule.
http://www.hhs.gov/news/press/2009pres/08/20090803a.html
Data of Soldiers, Hospital Patients Found on P2P
July 30, 2009By Alex Goldman: More stories by this author:
The personal information of 200,000 soldiers and 20,245 hospital patients, along with other critical data from government networks, is being made to the public through peer-to-peer (P2P) networks, according to testimony yesterday at a hearing of the House Government and Oversight Committee.
The security breach included data like names, Social Security Numbers, addresses, illnesses, next of kin, employer and insurance provider information for the soldiers and patients, according to Robert Boback, CEO of P2P research company Tiversa, who testified during yesterday's hearing.
http://www.internetnews.com/government/article.php/3832556/Data+of+Soldiers+Hospital+Patients+Found+on+P2P.htm
The personal information of 200,000 soldiers and 20,245 hospital patients, along with other critical data from government networks, is being made to the public through peer-to-peer (P2P) networks, according to testimony yesterday at a hearing of the House Government and Oversight Committee.
The security breach included data like names, Social Security Numbers, addresses, illnesses, next of kin, employer and insurance provider information for the soldiers and patients, according to Robert Boback, CEO of P2P research company Tiversa, who testified during yesterday's hearing.
http://www.internetnews.com/government/article.php/3832556/Data+of+Soldiers+Hospital+Patients+Found+on+P2P.htm
Subscribe to:
Posts (Atom)