YET – Fines Remain Rare
By Charles Ornstein @charlesornstein
[ProPublica]
Federal health watchdogs say they are cracking down on organizations that don’t protect the privacy and security of patient records, but data suggests otherwise.
***
Fines Remain Rare Even As Health Data Breaches Multiply
***
***
Channel Surfing the ME-P
Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.
More:
- Explore the app: Over 1,100 Health Data Breaches, but Few Fines
- Get involved: Has your medical privacy been compromised? Help ProPublica Investigate
Even More:
- How Expensive are Healthcare Data Breaches?
- Protected Health Information Data Breaches
- Don’t Hide a Security Breach if You Can’t Do the Time
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- FINANCE: Financial Planning for Physicians and Advisors
- INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
- Dictionary of Health Economics and Finance
- Dictionary of Health Information Technology and Security
- Dictionary of Health Insurance and Managed Care
Filed under: Information Technology, Risk Management | Tagged: Charles Ornstein, EHRs, Electronic Data Interchange, health data breaches, health information technology, HIE, PHI, ProPublica |
Podcast: Protecting Your Health Data
Charles Ornstein and Julia Angwin on how hackers can use your information, and what you – and health care companies – should be doing to protect it.
http://www.propublica.org/podcast/item/podcast-protecting-your-health-data/?utm_source=et&utm_medium=email&utm_campaign=dailynewsletter&utm_content=&utm_name=
Dr. Harpstone
LikeLike
Name + email address = breach
According to the Department of Justice, a data breach of names with email addresses is a reportable breach which the government intends to vigorously enforce.
“Three Defendants Charged with One of the Largest Reported Data Breaches in U.S. History – One Of The Defendants Has Already Pleaded Guilty.” By The US Department of Justice, March 6. 2015.
http://www.justice.gov/opa/pr/three-defendants-charged-one-largest-reported-data-breaches-us-history
In the announcement, Assistant Attorney General Caldwell stated: “These men — operating from Vietnam, the Netherlands, and Canada — are accused of carrying out the largest data breach of names and email addresses in the history of the Internet. The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers. This case again demonstrates the resolve of the Department of Justice to bring accused cyber hackers from overseas to face justice in the United States.”
So how about domestically? Are US corporations taking privacy seriously enough?
For example, months ago, the American Dental Association was asked about a rumor that tens of thousands of members’ names and email addresses were fumbled from the ADA’s Continuing Education Department. Nobody responded. Is there any reason why the Department of Justice shouldn’t investigate data breach breaches from non-profits? If you had paid dues to the ADA, don’t you feel you also deserve to know the truth?
D. Kellus Pruitt DDS
LikeLike
Despite Wave of Data Breaches, Official Says Patient Privacy Isn’t Dead
Yet another health insurer reported a massive data breach this week, affecting the financial and medical information of 11 million people.
http://www.propublica.org/article/despite-wave-of-data-breaches-official-says-patient-privacy-isnt-dead?utm_source=et&utm_medium=email&utm_campaign=dailynewsletter&utm_content=&utm_name=
We asked the head of the federal agency tasked with investigating these issues whether the notion of patient privacy was outmoded.
Victor
LikeLike
Centene can’t find hard drives with 950,000 medical records
Health insurer Centene Corp. is hunting for six computer hard drives containing the personally identifiable health records of about 950,000 individuals, the company said last week.
http://www.modernhealthcare.com/article/20160125/NEWS/160129911?utm_source=modernhealthcare&utm_medium=email&utm_content=externalURL&utm_campaign=mostreq
Hope Hetico RN MHA
LikeLike
Data breaches are not being reported
Increasing numbers of Americans are likely to learn the hard way that data breaches are no longer being reported. Surprise! Imagine the anger.
Below is an update to a June 24 DataBreaches.net article by Dissent titled, “Irony: When blackhats are our only source of disclosure for some healthcare hacks.”
https://www.databreaches.net/irony-when-blackhats-are-our-only-source-of-disclosure-for-some-healthcare-hacks/
Update 1 July 6:
On June 23, DataBreaches.net filed public records requests with the California Attorney General’s Office and California Department of Public Health (CDPH), requesting any records filed by the following entities under California Civil Code Sections 1798.29 or 1798.82, or California Health and Safety Code Section 1280.15:
Feinstein & Roe
La Quinta Center for Cosmetic Dentistry
Dougherty Laser Vision
OC Gastrocare
On June 30, the California DOJ declined the request, responding, “We have not located any records responsive to your request.”
So none of those four clinics reported any alleged breaches to the DOJ and as of today, only one of seven entities (Tampa Bay Surgery) has reported anything to HHS.
DataBreaches.net subsequently obtained confirmation from reliable sources with firsthand knowledge who confirmed that as OC Gastrocare had not reported any incident to HHS, to the state, or to any patients. It is this site’s understanding that they are actively investigating the claimed hack.
Other entities contacted by DataBreaches.net did not respond to inquiries.
———————————————————————————
For many patients, non-reporting of breaches will lead to preventable harm to their welfare. For dentists, the inevitable loss of trust in the community can lead to only one solution: Hello, paper dental records! – the gold standard in security.
After all, dental patients receive no tangible benefits from EHRs anyway.
D. Kellus Pruitt DDS
LikeLike
Protenus Breach Barometer
More than 1 million patient records were breached in a three-month span between January and March 2018, according to new data released in the Protenus Breach Barometer.
https://www.healthcare-informatics.com/news-item/cybersecurity/protenus-more-1m-patient-records-breached-q1-2018?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+healthcare-informatics+%28Healthcare+Informatics%29
Ann Miller RN MHA
LikeLiked by 1 person
Texas – We’re #1!
“Healthcare organizations experienced more than 1 data breach per day in January: 3 report details” By Rachel Popa, February 26, 2019.
https://www.beckersasc.com/asc-quality-infection-control/healthcare-organizations-experienced-more-than-1-data-breach-per-day-in-january-3-report-details.html
Healthcare organizations experienced more than 1 data breach per day in January: 3 report details – beckersasc.com
1. There were 490,937 healthcare records stolen, exposed or impermissibly disclosed in January. 2. Hacking was the top cause of breaches in January, followed by unauthorized access, theft and improper disposal. 3. Texas experienced the most data breaches with four reported, followed by Kentucky …
http://www.beckersasc.com
Popa:
Providers reported 33 healthcare data breaches in January, according to HIPAA Journal.
The key takeaways:
1. There were 490,937 healthcare records stolen, exposed or impermissibly disclosed in January.
2. Hacking was the top cause of breaches in January, followed by unauthorized access, theft and improper disposal.
3. Texas experienced the most data breaches with four reported, followed by Kentucky, Georgia and Indiana with three each and California, Kansas, Florida and Connecticut reporting two each.
D. Pruitt DDS
LikeLike
5 years ago:
I predict by the end of the year, ransomware attacks will turn into data breaches, and the hackers will threaten to post medical records on the internet unless ransom is paid. With the added threat of huge HIPAA fines, and possibly class-action lawsuits, we probably won’t hear much about the secret deals – which will certainly cost providers more than a few thousand dollars. – February 18, 2016.
Darrell Pruitt DDS
LikeLike