[ Wednesday, August 26, 2015 ]
Texting in the Healthcare Environment: Here's a
pretty good article highlighting the benefits and risks in texting in healthcare, with some pretty good tips as well on how to text safely and correctly if you're going to do it. Key point: "
while text messaging has significant benefits, many healthcare providers do not recognize the privacy, security, and malpractice risks posed by text messaging. These risks can be mitigated through the application of technology and proper policies and procedures."
Jeff [9:48 AM]
[ Monday, August 24, 2015 ]
UCLA and Medical ID Theft: An
interesting article from the LA Times. If the intro paragraphs are indicative of how UCLA has handled this breach, I'd be awfully concerned if I ever got care at a UCLA facility. Hate to say that, but one victim gets letters intended for 9 different people? That's an additional breach. When your breach response causes more breaches, you're not doing something right (actually, you might not be doing anything right). What's the phrase, "First, do no harm"?
Jeff [10:44 AM]
[ Thursday, August 20, 2015 ]
Highlights of
4 recent breaches shows how the data breach scene is a big worry in the healthcare space these days.
Jeff [2:48 PM]
[ Tuesday, August 18, 2015 ]
Advocate (Chicago) Data Breach Lawsuit Dismissal Upheld: The court's basic ruling is that hypothetical future increased
risk of identity theft is not "harm" for which one may sue for damages. Data on 4 million individuals was potentially disclosed, but only 2 people suffered actual identity theft (which could have been caused by some other information loss).
This will be the big issue that will impact the potential cost of data breaches (due to the ability of plaintiff's lawyers to bring class-action lawsuits): whether the mere likelihood that you are at a greater risk of something bad happening is actual damage/harm for which a lawsuit may be brought and monetary compensation awarded.
Jeff [10:05 AM]
Colorado DHS Breach: The Colorado Benefit Management System, which coordinates Medicaid, food and welfare assistance for the state,
suffered a second data breach when letters were sent to the wrong addresses. It's not entirely clear if this is a HIPAA breach, but probably is. of the 3,000 or so affected individuals, some PHI was involved in about half of the disclosures. And since CBMS apparently provides services to Colorado's Medicaid program, it probably is an improper disclosure by a business associate of a covered entity. Ultimately, minimal information was disclosed, and to a limited loop of recipients, so it's probably a no harm, no foul situation. But it's another example of the need to be careful out there.
Jeff [9:47 AM]
[ Thursday, August 13, 2015 ]
Breaches Without Damages: With hackers going after medical information, and with the availability and flow of PHI necessary for proper provision of healthcare, data breaches may be inevitable. But damages from breaches might be avoidable, or at least might be minimized.
This seems like it's obvious advice, but good planning, solid policies, sufficient employee and staff training, and cyber-liability insurance can all reduce the likelihood of a breach, and prevent the potential for lose-the-company types of damages.
Jeff [11:04 AM]
[ Wednesday, August 12, 2015 ]
Should the DEA be able to get medical records via subpoena, or is a warrant necessary? That's the question the
5th Circuit is going to have to answer. And while the issue is definitely of interest to the telemedicine crowd, it certainly raises privacy concerns, especially if those medical records are yours or mine.
Do you trust the federal government not to abuse this sort of power? Once upon a time I did, but not so much anymore.
Jeff [2:29 PM]
Jeff [11:06 AM]
I'm sorry, but I can't help but think of Orwell: Or maybe Jacques Derrida. We are now living in a
truly Post-Modern world.
A patient with an XY chromosome pair was admitted to a Brooklyn hospital and placed in a semi-private room with another patient with an XY chromosome. Of course, OCR investigated. While no fine was levied, the hospital had to adopt a slew of new policies and train its staff.
Consider the possibilities. . . .
Jeff [11:03 AM]
[ Wednesday, August 05, 2015 ]
MIE (Indiana) Breach: While I was
away on vacation, Indiana EHR vendor Medical Information Exchange apparently was hacked. Now,
the breadth of the hack is becoming known, and it looks pretty bad. As many as 3.9 million people are potentially affected. Fortunately, financial data wasn't included, but SSNs were, as well as lots of medical information. Whoever is putting together this big data project on the Dark Web is going to have a lot of info to work from.
The Indiana AG is investigating, which means big fines are likely.
Jeff [3:39 PM]
[ Tuesday, August 04, 2015 ]
Jeff [2:18 PM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template
