|
|
 |
FIRST QUARTER 2008 |
 |
| |
HIPAA Flash Newsletter |
In this Issue
Advice
Note that California recently enacted AB 1298, which broadens the breach disclosure rules to health care providers and those who service health care providers. This bill is an extension of SB1386 and it is now in effect (since 1/1/08). Click here to view.
HIPAA Horror Stories
Horizon Laptop Theft Affects 300,000
Horizon Blue Cross Blue Shield of New Jersey has announced the theft of an employee’s laptop that held personal information on about 300,000 of the Newark-based plan’s 3.4 million members. Click here for full account.
Data Breaches Cost Real $$$
Data breaches can cost $305 per record, survey shows. (Notification, legal fees, lost productivity, and other hidden costs can amount to a hefty total). 4.12.07 A new survey indicates that the cost of data breach ranges from $90 to $305 per lost record. The calculation included legal fees, call centers, lost productivity, fines, customer churn, and lost stock value. Discovery, response, and notification by themselves amounted to about $50 per lost record. Lost employee productivity averaged about $30 per lost record. Source: IT Compliance Institute
SOUTH BEND — Missing Information At One Of The Area's Largest Employers Could Put Thousands At Risk.
Memorial Hospital has notified employees that a laptop containing personal information is missing. An employee lost the laptop while traveling in November. This week employees received a letter warning them that the missing computer contains their names, addresses, birth dates, ID numbers and social security numbers. Click here for full account.
Quick Links
|
Dear Covered Entities & Business Associates,
Welcome to the March 2008 edition of the HIPAA Flash.
First, we hope that you notice our new updated website. Taking your feedback into account, we have made the pages larger, easier to read and added yet another level of security for your browsing safety. We have also added our entire course library on our ecommerce site, so you can now peruse and purchase any of our courses (HIPAA, OSHA, Joint Commission, Revenue Cycle, State Specific). We hope you enjoy the new look.
From a news stand point, we are seeing more of the same in data security breaches, increased enforcement and identity theft. It appears there is still a large gap between the regulations and diligence in compliance. So dust off those Privacy & Security manuals and review your staff training compliance, before you get caught in a breach.
And now the news …
|
New HIPAA Security Information On The CMS Website
On February 20, 2008 The Office of E-Health Standards and Services (OESS) within CMS posted a document called Information Request for Onsite Compliance Reviews. OESS recently procured contracted services to assist with onsite compliance reviews related to potential HIPAA Security Rule violations. To ensure that the industry has an idea of the type of information OESS might request during these reviews, OESS developed a sample security checklist, which highlights several areas of vulnerability associated with the security of electronic protected health information.
Full Story » |
| |
Top 25 Data Breaches Of 2007
The following companies and government agencies suffered the worst data breaches of last year, allowing the compromise of tens of millions of records that included a combination of Social Security numbers, credit card data and personal identifying information. See the data behind the substantial rise in identity theft and data breaches from 2007—a record year.
Since the term identity theft was coined, the number of recorded data breaches and compromises has steadily risen in both volume and severity. The following is an accounting of known data breaches and record compromises for 2007, which for the time-being will go down in the annals as a record year. The original data was supplied by the Identity Theft Resource Center and has been reconfigured by Baseline's editorial staff.
Full Story »
CMS Data
Study: Breaches of Personal Data Now Prevalent in Enterprises
Data breaches involving personally identifiable information are no longer the exception among enterprises -- they're now the rule.
According to a study released yesterday by the Ponemon Institute and Deloitte & Touche, 85 percent of the security or privacy executive surveyed -- some 800 individuals -- claimed at least one reportable security incident in the past 12 months.
Sixty-three percent said they have experienced between six and 20 breaches affecting personally identifiable information (PII) in the past year.
Full Story » |
|
Hard times on the HIPAA front
It's been a week of bad news for lazy or sloppy health care organizations. An employee fired after a security breach of protected health information filed a wrongful termination suit against his former employer, and it may have merit because of poor policies.
A community health care provider hacked by a disgruntled employee may be dragged into a compliance quagmire because it's not clear that the organization took basic steps to revoke his access. And to top it off, the U.S. Department of Health and Human Services (HHS) is starting to swing the enforcement rule -- a dowdy part of the Health Insurance Portability and Accountability Act (HIPAA) that few people read -- like a scythe in a field of weedy policies and overgrown practices.
Full Story »
Doctor Loses Flash Drive With Patient Information
Parents with fertility problems know that it's a very private struggle. Couples often don't even tell close friends or relatives they're having trouble having a baby.
That's why the loss of patient information at the University of Minnesota's Reproductive Medicine Center has leaders there especially worried.
Dr. Theodore Nagel, a doctor at the fertility clinic, lost a flash drive that he used to back up his computer. The drive holds details of infertility treatments for 3,100 patients going back to 1999.
Full Story »
|
|
 |
The HIPAA Flash is an opt-in monthly newsletter. The content is for informational purposes only. Nothing herein constitutes legal advice - if you need legal advice, please consult a competent attorney. To unsubscribe from this monthly newsletter, reply to hipaaflash@hipaarx.net with the word "UNSUBSCRIBE" in the subject line.
HIPAA Solutions Rx is your best source for compliance workbooks, online training, disclosure tracking systems, network scanning tools, backup facilities, certifications, consulting ... HIPAA from A to Z. For the most complete suite of HIPAA compliance products available, visit us at: http://www.hipaarx.net or call us at 1-866-447-2211.
HIPAA Solutions is a BridgeFront Company. For training in OSHA, JCAHO, Nurse CE, Long Term Care, Revenue Cycle Management and much more, visit http://www.bridgefront.com. |
|
|
|
