Management Liability Update

Archive for the ‘Electronic Health Records’ Category

HITECH Public Data Breaches: Majority Caused by Theft

Icon September 3, 2010 – 7:43 am

Last month, the Health Information Trust Alliance published an analysis of the 108 breaches reported to HHS from Sept. 23, 2009 (when reporting first started under the HITECH Act) to mid-July.  This review illustrates the major impact of theft on healthcare providers.   Of 108 total reported breaches, 68 were the result of theft.  Indeed, the only [...]



AON Disclosure Impacts 22,000 Retirees

Icon August 31, 2010 – 8:26 am

According to a story published today in the News Journal, Aon Consulting is mailing letters to approximately 22,000 State of Delaware retirees after it inadvertently posted social security numbers, gender information and dates of birth in a Request for Proposal (RFP) the company prepared for the State.  The RFP information was posted by AON to the procurement [...]



Healthcare Industry Hit Hard with Data Breaches

Icon August 16, 2010 – 7:40 am

According to the ID Theft Resource Center, 97 of the 341 organizations that sustained a significant data breach in the first half of 2010 were in the healthcare industry.  By comparison, only 38 breaches were reported at banking and other financial institutions.   As shown by the breach sustained by BCBS Tennessee, the direct costs for breaches can exceed [...]



Hospital Data Continues to be at Serious Risk with Third-Party Vendors

Icon August 4, 2010 – 6:19 am

According to the 2010 HIMSS Analytics Report: Security of Patient Data, even though providers continue to update their security infrastructure, patient data remains at serious risk.  And, despite new statutory requirements for healthcare privacy and security, these critical gaps remain.  The study’s conclusion is not that surprising given new healthcare breaches are being reported on a daily basis. One improvement that can be immediately implemented with little [...]



NSAP Insurance Full Policy Limits Must Cover First Party Data Breach Costs

Icon July 29, 2010 – 8:22 am

A recently disclosed $10 million data breach expense bill raises an issue that has been percolating the network security and privacy (NSAP) insurance marketplace for several years now.  The publicly disclosed expenses involve BlueCross BlueShield of Tennesee (BCBST). According to BCBST, in October 2009, “57 hard drives containing audio and video files related to coordination of [...]



HHS Issues Proposed New HIPAA Regulations and Breach Portal

Icon July 9, 2010 – 7:31 am

Using a lavish press conference as the backdrop, HHS officials announced yesterday proposed changes to the HIPAA regulations as well as an updated web page listing those breaches impacting more than 500 individuals.  The purpose of the new Rules issued yesterday is to align the HIPAA rules with the HITECH Act passed last year.   Specifically, the press announcement states:  The [...]



CT AG Successfully Uses HITECH Act to Settle HIPAA Breach

Icon July 7, 2010 – 9:05 am

Taking advantage of a federal law passed last year, Connecticut’s Attorney General, Richard Blumenthal, announced yesterday a settlement with HMO Health Net that includes a corrective action plan, a $250,000 payment to the State of Connecticut (with an additional potential pot of $500,000), and increased credit monitoring and ID theft insurance to potential victims.  According [...]



Colorado Casualty: Stolen Health Records Not a Covered Event

Icon May 18, 2010 – 7:25 am

As detailed by the Salt Lake Tribune, Colorado Casualty Insurance Co. contends it is not obligated to cover costs incurred in 2008 by the University of Utah after tapes containing electronic medical billings records on 1.7 million patients were stolen from a car.   The insurer filed a declaratory judgment action on April 9, 2010 seeking a declaration that the commercial [...]



White House Cyber Security Plan Focuses on EHR Management

Icon May 14, 2010 – 7:14 am

According to an article in Government Health IT, the White House is looking to develop a network security strategy “that pays particular heed to the importance of building a trusted arena for electronic health care transactions.”    Howard Schmidt, the White House Cyber Security Czar, said at a May 11 HIPAA conference on privacy and security that the [...]



OCR Website Posts List of Breaches As Required Under HITECH Act

Icon February 23, 2010 – 7:03 am

On February 22, 2010, as required by section 13402(e)(4) of the HITECH Act, the Office of Civil Rights (OCR) website posted a list of the covered entities that have reported breaches of unsecured protected health information affecting more than 500 individuals.  By posting this information on the OCR website, OCR has met its HITECH Act obligation, which required [...]