Friday, December 23, 2011

Federal agency could investigate online security breach of Lawrence Memorial Hospital



Officials at the US Lawrence Memorial Hospital said they are anticipating a federal investigation and possible fine after an online security breach potentially compromised 8,000 patients’ financial information.


Officials from the Lawrence Memorial Hospital also believe there was a way to access a database that contained information on every patient who had used the online bill pay system since it was first offered in 2005 from that portal. 


The hospital learned about the security breach on 28 October. And guess how: a patient using Google to search her husband’s name found his own financial information online. 
http://eeiplatform.com/6525/fbi-to-investigate-security-breach-in-hospital-e-billing-system/
Posted by at No comments:

Thursday, December 15, 2011

HHS Audits the 1% … and the Rest: First HIPAA Privacy and Security Audits Begin

By Adam H. Greene
12.13.11
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has begun the process of notifying covered entities that they are among the unlucky few who have been selected for the first Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security audits under the Health Information Technology for Economic and Clinical Health (HITECH) Act. The selected entities represent a cross sample of the health care industry—from billion-dollar health care systems to small physician practices. Audited entities will undergo comprehensive reviews of their privacy and security policies and procedures, documentation, and operations.

While the first twenty covered entities have been selected, approximately another 130 remain in this audit round. HHS has indicated that it hopes to continue with proactive audits in the future and expects to become more aggressive in its enforcement of complaints. http://www.dwt.com/LearningCenter/Advisories?find=450543
Posted by at No comments:

Tuesday, December 6, 2011

NIST: New FREE HIPAA Tool Helps Organizations Meet Security Requirements

From NIST Tech Beat: November 22, 2011

Contact: Evelyn Brown
301-975-5661

A new tool, developed by the National Institute of Standards and Technology (NIST) and offered for free, can help public and private organizations, large and small, to understand and implement the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

Congress enacted HIPAA to, among other things, promote efficiency in the health care industry through the use of standardized electronic transactions, while protecting the privacy and security of health information.

The Secretary of Health and Human Services (HHS) published the HIPAA Security Rule, a national set of standards for protecting electronic protected health information (EPHI) that is created, transmitted, or maintained by covered entities and their business associates. HHS recognizes the value of NIST's information security standards and guidelines, and has recommended these as valuable resources for organizations to consider as they implement the HIPAA Security Rule.

The law requires "covered entities" and business associates to follow the HIPAA Security Rule. Covered entities include government agencies involved in health records, health care providers, health plans such as health insurance issuers and Medicaid and Medicare programs, health care clearinghouses and Medicare prescription drug card sponsors. "Our HIPAA Security Rule Toolkit is designed to help organizations of all sizes and with varying levels of security expertise to better protect electronic health information," says NIST information security specialist Kevin Stine. "It leverages many existing security resources and tailors them for use within the context of HIPAA security." He emphasizes that the application is meant as a self-assessment tool, and does not indicate HIPAA Security Rule compliance.

The toolkit is intended to be a resource that organizations can use to support their risk assessment processes by identifying areas where security safeguards may be needed to protect EPHI, or where existing security safeguards may need to be improved. The self-assessment tool presents a series of questions in groups related to each of the HIPAA Security Rule standards and implementation specifications. For simplicity, the toolkit follows the established HIPAA structure of administrative, physical and technical safeguards, organizational requirements, and policies, procedures and documentation requirements.

The target audience includes HIPAA-covered entities and business associates, and organizations that provide Security Rule implementation, assessment and compliance services. Target user organizations can range in size from a large nationwide health plan with vast information technology (IT) resources to a small two-doctor health care provider with limited access to IT expertise.

The free toolkit comes with a comprehensive User Guide and a self-contained, stand-alone software application that can run on Windows, Mac and Linux operating systems. It is available at http://scap.nist.gov/hipaa . Funding for the toolkit was provided by the American Recovery and Reinvestment Act of 2009.

http://www.nist.gov/itl/csd/20111122_hipaa_tools.cfm
Posted by at No comments:
Subscribe to: Posts (Atom)