Archive for HIPAA News
The number of patients affected by a February break-in at Sutherland Healthcare Solutions in Torrance, Calif., has nearly doubled as the investigation progresses, the Los Angeles Times reported. Sutherland handles billing and collections for the county’s Department of Health Services and Department of Public Health.
On March 19, HIPAA Update reported that the PHI of 168,500 Los Angeles County medical facility patients was compromised when a thief stole eight computers from Sutherland. The total number of affected patients was upped to 338,700.
Three class action lawsuits have been filed against Los Angeles County as a result of the breach. The county is reviewing Sutherland’s security practices, the Los Angeles Times reported.
Stanford Hospital & Clinics in California and two of its vendors could pay more than $4.1 million to settle a class action lawsuit that stems from HIPAA violations, San Jose Mercury News reported.
A Los Angeles County Superior Court judge tentatively approved the settlement March 19, 2014. Shana Springer filed suit against the hospital and its vendors, Multi-Specialty Collection Services LLC and Corcino & Associates LLC in September 2011.
In an October 2011 post, HIPAA Update reported that the hospital released a notice stating that its vendor posted an electronic file that included certain patient information on a student homework website. The file included PHI of more than 20,000 patients treated at the hospital’s emergency room from March 1, 2009, through August 31, 2009.
Since 2010, there has been a 100% increase in breaches caused by criminal attacks, according to the Ponemon Intitute’s “Fourth Annual Benchmark Study on Patient Privacy and Data Security,” sponsored by ID Experts®.
The study also revealed new security and privacy threats to hospitals and the patient records they manage, such as what researchers describe as “unproven security” in the health insurance marketplace created as a result of the Affordable Care Act.
Top threats include:
- Criminal attacks
- Employee negligence
- Unsecured mobile devices (e.g., smartphones, laptop computers, tablets), and third parties
A majority of organizations surveyed said employee negligence is their biggest worry (75%), followed by use of public cloud services (41%), mobile device insecurity (40%), and cyber attackers (39%). However, 55% of organizations think their policies and procedures will prevent or quickly detect unauthorized patient data access, loss, or theft, up from 41% four years ago.
On January 10, the U.S. House of Representatives passed H.R. 3811, the Health Exchange Security and Transparency Act of 2014. This bill would require the secretary of Health and Human Services to notify individuals of a health insurance exchange (HIE) security breach that results in the unlawful access of personally identifiable information (PII) within two business days.
In a January 9 statement, the Obama Administration opposed the bill because it would impose unrealistic and costly reporting requirements that would not improve the security of PII on HIEs. The bill was referred to the Senate.
Organizations responding to eFax’s Healthcare IT Pulse Survey ranked financial liability over HIPAA noncompliance (37%) as the biggest security concern related to sensitive data. Surprisingly, respondents were less concerned about exposing sensitive medical data (18%), according to the survey.
The majority of survey respondents (54%) say HIPAA compliance is the top concern related to the influx of paperwork attributable to the Affordable Care Act (ACA). The survey identified document management, organization, and record keeping (48%) as a secondary concern related to the ACA.
Online fax was identified by 42% of respondents as the most effective technology solution for HIPAA-compliant security for transmission of sensitive documents. Respondents also ranked the following technologies as the most valuable for ensuring HIPAA compliance:
- IT disaster recovery and offsite backup (48.5%)
- Private cloud (46.5%)
- Audit reports and tracking logs (44.4%)
- Online fax service (36.4%)