According to the 2010 HIMSS Analytics Report: Security of Patient Data, even though providers continue to update their security infrastructure, patient data remains at serious risk.  And, despite new statutory requirements for healthcare privacy and security, these critical gaps remain.  The study’s conclusion is not that surprising given new healthcare breaches are being reported on a daily basis. One improvement that can be immediately implemented with little [...]

A recently disclosed $10 million data breach expense bill raises an issue that has been percolating the network security and privacy (NSAP) insurance marketplace for several years now.  The publicly disclosed expenses involve BlueCross BlueShield of Tennesee (BCBST). According to BCBST, in October 2009, “57 hard drives containing audio and video files related to coordination of [...]

Using a lavish press conference as the backdrop, HHS officials announced yesterday proposed changes to the HIPAA regulations as well as an updated web page listing those breaches impacting more than 500 individuals.  The purpose of the new Rules issued yesterday is to align the HIPAA rules with the HITECH Act passed last year.   Specifically, the press announcement states:  The [...]

Taking advantage of a federal law passed last year, Connecticut’s Attorney General, Richard Blumenthal, announced yesterday a settlement with HMO Health Net that includes a corrective action plan, a $250,000 payment to the State of Connecticut (with an additional potential pot of $500,000), and increased credit monitoring and ID theft insurance to potential victims.  According [...]

As detailed by the Salt Lake Tribune, Colorado Casualty Insurance Co. contends it is not obligated to cover costs incurred in 2008 by the University of Utah after tapes containing electronic medical billings records on 1.7 million patients were stolen from a car.   The insurer filed a declaratory judgment action on April 9, 2010 seeking a declaration that the commercial [...]

According to an article in Government Health IT, the White House is looking to develop a network security strategy “that pays particular heed to the importance of building a trusted arena for electronic health care transactions.”    Howard Schmidt, the White House Cyber Security Czar, said at a May 11 HIPAA conference on privacy and security that the [...]

On February 22, 2010, as required by section 13402(e)(4) of the HITECH Act, the Office of Civil Rights (OCR) website posted a list of the covered entities that have reported breaches of unsecured protected health information affecting more than 500 individuals.  By posting this information on the OCR website, OCR has met its HITECH Act obligation, which required [...]

Electronic health records (EHR) should be on the risk management fast track.  First, the FTC promulgated regulations that will require most hospitals to implement a written ID theft prevention program by June 2010.  California  and a few other states have already started requiring that healthcare providers implement technical and physical safeguards to protect patient medical information.  And [...]