Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
Breaches Affecting 500 or More Individuals
By Staff Reporters
As required by section 13402(e)(4) of the HITECH Act, the DHHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. The following breaches have been reported to the Secretary.
www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
Share this:
Filed under: Health Law & Policy, Information Technology, Risk Management | Tagged: ARRA, EMRs, Health Information Privacy Breaches, HHS, HIPAA, HITECH, medical privacy |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
Digital or Paper?
On Aug 22, Bob at Dental Law Attorney Facebook posted: “Over HALF of departing employees compromise your proprietary information, according to a 2009 study questioning the employees themselves. Protect your patient contact information with limited access, passwords, and explicit prohibition of unauthorized access, copying or disclosure.”
Yesterday he added: “I have some suggestions on my Notes page about avoiding security breaches. The link is: http://www.facebook.com/note.php?note_id=280434983947
Today, I dropped the following comment on Bob:
Bob, I looked over your recommendations you listed in “Stop Embezzlement and Security Breaches” on your Notes page. I have to ask, why bother?
Did you know that since January 2005, the privacy of more than 50 million electronic health records has been reported breached or compromised? Yet the actual number is likely to be twice that since there was no national breach notice law until September of last year when section 13402 of the HITECH law became effective. That means that up to 1/3 of the nation have suffered data breaches.
“Health IT makes it possible for the first time in the history of medicine to (a) breach the privacy of millions of individual’s medical records simultaneously with the punch of a button (this is HHS’s finding), (b) steal health information without having physical access to it and without even being in the same country, and (c) destroy someone’s health privacy in a way that it can never be restored (electronic information about someone, once leaked, is available forever).” – James C. Pyles, attorney.
I say if one is concerned about protecting patient protected health information, one should stick with paper. Nevertheless, if a practice has long ago been computerized, your recommendations are better than nothing, but just barely. There are simply too many holes, and it costs too much to plug them all.
I’ve listed the 8 items in your article meant to protect patients’ welfare: I cannot find fault with a single one because they each look good on paper. But carrying out these duties year after year in a busy dental practice is a test of dedication few will pass. That’s honesty, Bob.
1. Supervise access
2. Unique password
3. New password after idle period
4. Turn the computer off on weekends
5. Install BIOS password
6. Block USB ports
7. Install keystroke recorder
8. Change ALL passwords when an employee is terminated
Later you suggest “Prevent anyone other than the doctor from accessing the entire patient list.”
This is clearly a lot of cumbersome, non-productive work and expense – and for what? A BIOS password won’t prevent a burglar from taking the computer, and it’s impossible to protect one’s computer from hackers. As for dishonest employees, if they want to steal identities they’ll find a way around all 8 of your tedious suggestions. Paper dental records are just as vulnerable as digital records, but digital is overwhelmingly efficient. That’s been proven.
I think the best suggestion is: If you haven’t gone paperless, don’t.
Darrell K. Pruitt DDS
LikeLike
Medicaid Privacy Breach
The names, addresses and some health information of 280,000 Medicaid enrollees in Pennsylvania could be at risk after two affiliated managed care organizations reported the loss of a hard drive from a portable computer.
http://www.philly.com/inquirer/business/20101020_Health_insurers_say_data_on_280_000_Pennsylvania_clients_may_be_compromised.html
You decide?
Jeffrey
LikeLike
That’s not all, Jeffrey.
PR Newswire posted the following press release from ID Experts today: “New Ponemon Institute Study Finds Data Breaches Cost Hospitals $6 Billion; Patient Privacy in Jeopardy.”
Dr. Ponemon claims “Hospitals Are Not Protecting Patient Data; Healthcare Industry Lagging Behind HITECH Standards.”
http://www.prnewswire.com/news-releases/new-ponemon-institute-study-finds-data-breaches-cost-hospitals-6-billion-patient-privacy-in-jeopardy-106945528.html
“TRAVERSE CITY, Mich. and PORTLAND, Ore., Nov. 9, 2010 /PRNewswire/ — The latest benchmark study by Ponemon Institute, sponsored by ID Experts®, finds that data breaches of patient information cost healthcare organizations nearly $6 billion annually, and that many breaches go undetected. The research indicates that protecting patient data is a low priority for hospitals and that organizations have little confidence in their ability to secure patient records, putting individuals at great risk for medical identity theft, financial theft and embarrassment of exposure of private information.”
Darrell K. Pruitt DDS
LikeLike
Dr. Deborah Peel, founder of Patientprivacyrights, just weighed in on the new Ponemon study.
http://patientprivacyrights.org/2010/11/re-release-of-ponemon-%e2%80%9cbenchmark-study-on-patient-privacy-and-data-security%e2%80%9d-on-nov-9th/
She writes:
“The study details the lack of comprehensive technical protections, the lack of adequate staff, the lack of adequate funding , and the lack of encryption. It even found that 53% of health care organizations are “not confident” they know where patient data is actually located.
It’s painful to read such graphic detail about the breathtaking, systemic disregard for patient data protections. Page after page of awful statistics should make the public and government pause before spending $39 billion dollars of stimulus funds on such fatally flawed systems.
Relentless industry promotion of health IT seems to override the lack of adequate data protection and common sense.”
Darrell K. Pruitt DDS
LikeLike
HIT Breaches
Here are a few analysis results from HITRUST’s “U.S. Healthcare Breach Data Trends.”
http://www.hitrustalliance.net/breachreport/
495 – Number of breaches reported to the Dept. of Health and Human Services from September 2009 to December 2012, involving 500 or more individuals.
21 million – Number of reported records breached.
42,659 – Average breach size.
$8,275,865 – Average cost per breach.
85 days – Average time to identify a breach.
68 days – Average time to report a breach.
5 months – Average elapsed time between the occurrence of a breach and patient notification.
58% – Percentage of records breached by HIPAA Business Associates (not healthcare providers).
96% versus 4% – Electronic data records breached versus paper records breached.
Darrell Pruitt DDS
LikeLike
Deadline to Report 2013 Breaches Quickly Approaches!
Remember to electronically file reports of all HIPAA breaches (i.e., unauthorized use, access, acquisition, or disclosure of patient protected health information) which occurred in 2013.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html
The reports must be submitted to the U.S. Department of Health and Human Services, Office for Civil Rights by February 28, 2014. The link above will take you to the report form.
Garfunkel Wild PC
http://www.garfunkelwild.com
LikeLike