iHealthBeat: Privacy and Security

Health Care Orgs To Collaborate on Data Exchange, Security Issues

Thu, 28 Jan 2016 17:34:00 Z

The Electronic Healthcare Network Accreditation Commission and the National Health Information Sharing and Analysis Center have signed a memorandum of understanding to address issues surrounding health data breaches. Among other things, the groups aim to increase the adoption of secure data exchange and improve education and awareness of health data security. Healthcare IT News et al.

Insurer Loses Hard Drives; Mich. Hospital Reports Cyberattack

Tue, 26 Jan 2016 19:14:00 Z

Health insurer Centene is notifying nearly 950,000 individuals that their data could have been breached after the company lost six hard drives containing customers' personal and health information. Meanwhile, a hospital in Flint, Mich., experienced a cyberattack the day after a hacktivist group threatened action over a water crisis in the area. Reuters et al.

Pharma Companies Leverage Cloud Storage To Improve Data Analysis

Tue, 26 Jan 2016 18:32:00 Z

Pharmaceutical companies increasingly are working with technology firms on projects designed to improve data collection and analysis by leveraging the cloud. For example, Swiss drugmaker Novartis is working with U.S.-based Qualcomm to create an Internet-connected inhaler that would transmit data about how often it is used to the cloud. Reuters.

Health Care Sector Most Targeted, Least Prepared for Cyberattacks

Thu, 21 Jan 2016 16:12:00 Z

A new report released by the Institute for Critical Infrastructure Technology finds that the health care sector is the both most targeted and least prepared for cyberattacks of any industry in the country. The authors recommend requiring penetration testing when medical devices are released to identify and fix vulnerabilities. FierceHealthIT, ICIT report.

CHIME Launches $1M National Patient Identifier Challenge

Wed, 20 Jan 2016 17:48:00 Z

The College of Healthcare Information Management Executives has launched a $1 million challenge to create a national patient identifier. CHIME has partnered with crowdsourcing innovation platform HeroX for the National Patient ID Challenge, a year-long competition that aims to incentivize the private sector to develop a fail-safe patient identifying solution. FierceHealthIT et al.

Health Care Organizations Report Data Breaches Affecting Thousands

Wed, 20 Jan 2016 17:43:00 Z

Health care entities in California, Indiana, Montana, New Mexico and New York recently reported health data breaches potentially affecting thousands of individuals. Meanwhile, the Department of Veterans Affairs in its monthly report to Congress reported that health data breaches declined by 61% in December 2015. Becker's Health IT & CIO Review et al.

FDA Issues Draft Guidance for Medical Device Cybersecurity

Wed, 20 Jan 2016 17:22:00 Z

FDA has issued new draft guidance detailing the steps medical device manufacturers should take to reduce cybersecurity risks. The draft guidance comes after FDA in November 2015 issued a warning about cybersecurity threats to networked medical devices. Health Data Management.

Stakeholders Question Efficacy of New Cybersecurity Law, HHS Task Force

Thu, 14 Jan 2016 11:00:00 Z

Under a cybersecurity measure included in the recently signed spending agreement, HHS is required to convene a task force and report to Congress on the state of cybersecurity in health care. But some experts say the industry should skip that step and instead start implementing best practices.

App Association Notes Benefits, Shortcomings of HIPAA Guidance

Wed, 13 Jan 2016 14:37:00 Z

App Association Executive Director Morgan Reed says new guidance from HHS' Office for Civil Rights that aims to help patients access their health information will help to improve application makers' understanding of how certain product functions are acceptable under HIPAA. However, he says more guidance is needed. Health Data Management.

Several Health IT Tools, Issues Make ECRI's 2016 Hospital C-Suite List

Fri, 08 Jan 2016 16:58:00 Z

ECRI Institute has released its 2016 Hospital C-Suite Watch List featuring several technologies and critical technology use issues that could affect health care delivery over the next 12 months. Among other things, the list includes telemedicine-enabled mobile stroke units, medical device cybersecurity and wireless wearable sensors. Clinical Innovation & Technology et al.

Dental Software Vendor Reaches Settlement With FTC Over Encryption

Thu, 07 Jan 2016 17:35:00 Z

A dental practice management software vendor has agreed to pay $250,000 to settle charges by the Federal Trade Commission that the company misled consumers about the level of encryption for protecting patient data in one of its products. Meanwhile, a maker of cognitive skill-boosting applications has reached a separate $2 million settlement with FTC. Health Data Management et al.

New Gun Control Rule Eases Sharing of Mental Health Data

Tue, 05 Jan 2016 17:51:00 Z

HHS has finalized a rule that modifies HIPAA to allow certain covered entities to disclose to the FBI's firearms background check database the names of individuals who are barred from owning a firearm for mental health reasons. The rule, which is set to take effect next month, was issued in conjunction with several new gun control executive actions. Politico et al.

New Database Lets Consumers Search for Provider HIPAA Violations

Tue, 29 Dec 2015 17:55:00 Z

ProPublica has launched a new database, called HIPAA Helper, which allows users to search for privacy violations by health care providers. An analysis of information in the database finds that hundreds of providers, including the Department of Veterans Affairs, repeatedly violated HIPAA between 2011 and 2014. ProPublica.

NSF Awards $10M To Research Project Targeting mHealth Security

Wed, 23 Dec 2015 14:52:00 Z

The National Science Foundation has awarded a five-year, $10 million grant to a diverse team of researchers to improve the security and user confidentiality of mobile health tools. Researchers have raised concerns about the security of mobile health applications that are not subject to HIPAA privacy and security standards. Clinical Innovation & Technology et al.

Obama Signs Spending Package With Cybersecurity, Health Provisions

Mon, 21 Dec 2015 18:15:00 Z

President Obama has signed into law a spending package that will bolster cybersecurity efforts at HHS. Meanwhile, the package allocates $334 million for the Agency for Healthcare Research and Quality, which conducts research on various health IT initiatives. The agency previously had been threatened with heavy budget cuts and even termination. Health Data Management et al.

Reports Shine Light on Prevalence of Health Data Breaches

Fri, 18 Dec 2015 18:10:00 Z

An Experian report predicts that data breaches will remain a top concern for the health care industry next year. Meanwhile, health care is not the only sector affected by health data breaches, according to a Verizon report that finds 18 out of 20 industries are affected by health data breaches. Health IT Security et al.

Omnibus Bill Includes Language To Bolster HHS Cybersecurity Efforts

Thu, 17 Dec 2015 18:10:00 Z

Congressional leaders have reached a budget agreement that includes language for HHS to appoint a cybersecurity task force and issue a report to Congress on the department's efforts to prevent cyberattacks. Congress is set to vote on the package this week, and President Obama is expected to sign it. FierceHealthIT et al.

Feds Request Information To Update Nation's Cybersecurity Plan

Mon, 14 Dec 2015 18:12:00 Z

The National Institute of Standards and Technology is seeking feedback on ways to update the national cybersecurity strategy. NIST established a framework for improving cybersecurity in February 2014, but a rise in cyberattacks -- particularly in the health care industry -- has prompted the agency to review the strategy. Health Data Management, Clinical Innovation & Technology.

PwC Report Identifies Key Health IT Trends To Watch for in 2016

Mon, 14 Dec 2015 17:35:00 Z

A new report from PricewaterhouseCoopers' Health Research Institute identifies 10 health care issues that will stand out in 2016. Among other things, the report says cybersecurity will be a concern for connected medical devices, new databases will bolster hospitals' use of big data and use of mobile health applications will grow. MobiHealthNews et al.

Health Care Organizations Report Data Breaches, Settlements

Tue, 08 Dec 2015 18:27:00 Z

A California-based health system and an Alabama-based counseling center have reported data breaches. Separately, HHS' Office for Civil Rights announced that a Massachusetts-based hospital and a Puerto Rico-based insurer have agreed to settlements -- totaling $850,000 and $3.5 million, respectively -- over alleged HIPAA violations. Health IT Security et al.

Workplace Wellness Programs Promising, but Health Data Privacy Concerns Remain

Mon, 07 Dec 2015 11:00:00 Z

Employers are widely adopting wellness programs to encourage healthier behaviors among employees and to lower medical costs. But questions about how sensitive health data are stored and who ultimately gains access to such information continue to surface.

OPM Finishing Up Data Breach Notification Process, Launches Website

Fri, 04 Dec 2015 16:30:00 Z

Individuals who think they were affected by an Office of Personnel Management data breach reported in July can use a new website to help determine their status. OPM is slated to finish the notification process within two weeks, according to acting OPM Director Beth Cobert. Washington Post's "The Switch," FCW.

Report: Global Health Care Cybersecurity Market To Grow Significantly

Thu, 03 Dec 2015 18:46:00 Z

A new report by Grand View Research says the global health care cybersecurity market will grow significantly by 2022 because of an increase in cyberattacks in the industry. North America held the largest share of the $5.5 billion health care cybersecurity market in 2014, at 40%. Healthcare IT News, Health IT Security.

ONC Finds Two-Factor Authentication Adoption Up Among Hospitals

Thu, 03 Dec 2015 18:03:00 Z

An Office of the National Coordinator for Health IT data brief based on an annual American Hospital Association survey finds that the percentage of hospitals and health systems with two-factor authentication capabilities increased by 53% between 2010 and 2014. However, adoption rates varied significantly by hospital type and state. FierceHealthIT et al.

Report: Cyberattacks Could Hurt Credit Ratings in Health Sector

Mon, 30 Nov 2015 17:47:00 Z

A new report from Moody's Investors Service finds that cyberattacks could have a negative effect on credit ratings for institutions in the health care sector and other industries. The report also notes that cybersecurity events may not be covered by a hospital's medical malpractice insurance. Modern Healthcare, Healthcare IT News.

Audit Finds OPM Security Weaknesses Remain After Data Breach

Tue, 24 Nov 2015 18:46:00 Z

A recent audit by the Office of Personnel Management's Office of Inspector General finds that while OPM made some cybersecurity improvements after a data breach that affected 21.5 million individuals, some vulnerabilities remain. The affected database contained health information, among other data. FCW, OPM OIG audit.

Retail Pharmacies Use Discount Programs To Collect Customer Data

Tue, 24 Nov 2015 17:45:00 Z

Several U.S. pharmacies have launched discount programs designed to encourage customers to share personal data such as their weight, tobacco use or real-time location. However, privacy advocates have raised concerns that such programs often sell consumers' de-identified data to third-party companies. STAT News.

The Time Has Come for Two-Factor Authentication in Health Care

Mon, 23 Nov 2015 11:00:00 Z

Banking and other industries have turned to two-factor authentication to secure sensitive information, but health care organizations' adoption of such tools has lagged behind. Experts predict that could change as security breaches continue to plague the health care sector.

Health Care Organizations Report Data Breaches, Settlements

Thu, 19 Nov 2015 18:28:00 Z

Several health care organizations recently have reported incidents of health data breaches, including the Cincinnati-based UC Health hospital network and North Carolina's Department of Health and Human Services. Meanwhile, a Connecticut-based hospital and its contractor have agreed to pay the state $90,000 to settle a 2012 data breach. Health IT Security et al.

Judge Dismisses FTC Enforcement Action Against LabMD

Wed, 18 Nov 2015 17:15:00 Z

Judge Michael Chappell has dismissed the Federal Trade Commission's enforcement action against LabMD for an alleged health data breach, noting that FTC failed to demonstrate actual or likely consumer harm. A lawyer representing LabMD says an appeal by FTC is unlikely. FierceHealthIT, Chappel's decision.

HITRUST Cyber Threat Detection System Shows Mixed Results

Tue, 17 Nov 2015 18:13:00 Z

A review of HITRUST's Cyber Threat Xchange, a program designed to help health care organizations collect and share cyber threat data, finds that participants detected more "indicators of compromise" compared with their previous methods, but few groups shared the information. Health Data Management, FierceHealthIT.

Report: Online Health Applications a Main Target for Cyberattacks

Mon, 16 Nov 2015 15:08:00 Z

An annual report from security firm Imperva finds that health care applications are among the top two industry apps being targeted by cybercriminals. The report notes that health care could be an attractive industry for attackers because of the potential to steal personal identifiable information. FierceITSecurity et al.

White House Details Privacy Rules for Precision Medicine Initiative

Fri, 13 Nov 2015 19:06:00 Z

The Obama administration has released a series of privacy principles that aim to protect the data of individuals participating in President Obama's precision medicine initiative. The initiative centers on the creation of a massive database containing the genetic data of at least one million volunteer participants. FierceHealthIT et al.

Sens. Seek Information on HHS' Health Data Breach Prevention Efforts

Thu, 12 Nov 2015 19:06:00 Z

In a letter to acting CMS Administrator Andy Slavitt and HHS Office for Civil Rights Director Jocelyn Samuels, four senators seek information on HHS' efforts to prevent and respond to health data breaches. The letter cited recent cyberattacks at Anthem, Premera, CareFirst, Excellus and UCLA Health that affected a combined 105 million people. FierceHealthIT, Senators' letter.

Report: 90% of Industries Affected by Protected Health Data Breaches

Wed, 11 Nov 2015 18:17:00 Z

Preliminary findings from an upcoming Verizon report show that 90% of industries have experienced breaches of protected health information. The researchers note, "The ramifications of stolen medical information can have significant consequences for the safety and well-being of the patient." MedCity News, Verizon release.

Industry Uses De-Identification To Protect Health Data, but Privacy Risks Remain

Wed, 11 Nov 2015 15:59:00 Z

Health care organizations increasingly are de-identifying patient data to protect the privacy of sensitive information. However, a recent National Institute of Standards and Technology report warns that de-identification isn't yet a foolproof method for protecting data privacy.

Standards Groups Release Guide on Workplace Mobile Device Security

Mon, 09 Nov 2015 18:22:00 Z

The National Institute of Standards and Technology and the National Cybersecurity Center of Excellence have released a guide with strategies for keeping personal information secure on workers' mobile devices. Among other things, the guide includes steps for implementing a "standards-based" approach to mobile security. FierceMobileHealthcare

HHS' OIG Steps Up Scrutiny of Health IT in Latest Work Plan

Thu, 05 Nov 2015 13:00:00 Z

HHS' Office of Inspector General's new 2016 work plan indicates that it is increasing its focus on health IT-related issues. For example, OIG says it will examine FDA's oversight of hospitals' networked medical devices and the Office for Civil Rights' oversight of the security of electronic protected health information. FierceHealthIT.

Patients Prefer Password-Protected Portals for Sensitive Test Results

Tue, 03 Nov 2015 17:38:00 Z

A new study finds that patients prefer receiving sensitive test results -- such as information about sexually transmitted infections and genetic testing -- via password-protected portals or websites. Patients are least comfortable receiving test results via fax, according to the study. FierceHealthIT, Georgetown University Medical Center release.

Sources Say China Hacked Anthem To Learn About U.S. Health System

Mon, 02 Nov 2015 17:46:00 Z

Individuals familiar with the investigation into a cyberattack against Anthem say FBI and other investigators have concluded that Chinese hackers conducted the attack to learn about the U.S. health care industry and how it deals with medical care to help improve its own system. Financial Times, MedCity News.

Digital Copyright Exemptions Have Implications for Medical Devices

Fri, 30 Oct 2015 18:16:00 Z

A final rule issued by the Library of Congress includes new exemptions to the Digital Millennium Copyright Act that allow "good-faith security research" on computer programs that operate on certain medical devices to detect flaws or vulnerabilities. The exemptions will not take effect until next year. IDG News Service/Computerworld et al.

Feds Seek To Expand Data Employer Wellness Programs Collect

Fri, 30 Oct 2015 17:53:00 Z

The Equal Employment Opportunity Commission is seeking feedback on how employers can safeguard personal data that are collected through employer wellness programs and stored electronically. The request for public comment is part of a newly proposed rule that would expand the type of data collected through employer wellness programs. Kaiser Health News.

Health Care Organizations Report Data Breaches Affecting Thousands

Thu, 29 Oct 2015 17:50:00 Z

Health care entities in North Carolina, New York, Texas, Oklahoma and Virginia have reported recently health data breaches potentially affecting thousands of individuals. For example, Texas-based Emergence Health Network notified about 11,000 patients that an unauthorized user accessed one of its computer servers. Health IT Security et al.

Health Care Organizations Applaud Senate Cybersecurity Bill Approval

Wed, 28 Oct 2015 18:19:00 Z

Yesterday, the Senate voted 74-21 to approve the Cybersecurity Information Sharing Act of 2015. Several health IT groups, including the College of Healthcare Information Management Executives and the Health Information Trust Alliance, praised the bill, but some privacy advocates are concerned about the bill's ability to protect patient data. Health Data Management et al.

Group Issues Privacy Guidelines on Health Data Collection

Wed, 28 Oct 2015 18:01:00 Z

The Consumer Electronics Association has issued new voluntary privacy guidelines for organizations that collect users' wellness data through health and fitness devices. The guidelines are designed to help such organizations maintain consumer trust as they develop their products and services. FierceHealthIT et al.

Cybersecurity Data Sharing Bill Moves Forward in Senate

Mon, 26 Oct 2015 17:28:00 Z

Last week, the Senate voted 83-14 to end debate on a package of amendments to a bill that aims to improve cybersecurity data sharing between private companies and the government. Among other things, the amendment package includes provisions to limit the data that companies can share with the government. Several health care groups support the changes. The Hill et al.

Group Urges ONC To Clarify Definition of Information Blocking

Mon, 19 Oct 2015 17:17:00 Z

The HIMSS Electronic Health Record Association in a letter to the Office of the National Coordinator for Health IT says the agency needs to clarify the definition of information blocking included in a report released earlier this year. With an ambiguous definition, EHRA says ONC could "run the risk of overreaction to what appear to be isolated incidents." Health Data Management et al.

Providers Stand To Lose $305B From Cyberattacks in Next Five Years

Fri, 16 Oct 2015 16:52:00 Z

A new report from Accenture finds that the health care industry is poised to lose $305 billion in cumulative lifetime revenue because of cyberattacks over the next five years. The report estimates that by 2020, one in 13 patients will have their data stolen from technology systems, of which about six million will become victims of medical identity theft. FierceHealthIT et al.

Audits Raise Quality, Security Concerns With Ky., Md. Exchanges

Fri, 16 Oct 2015 16:17:00 Z

A new HHS Office of Inspector General report finds Kentucky's health insurance exchange did not always ensure enrollees were eligible for coverage. Meanwhile, a state audit of Maryland's health insurance exchange raised several security concerns. Wall Street Journal et al.

California Gov. Signs Into Law Data Breach Notification Requirements

Thu, 15 Oct 2015 17:15:00 Z

Just months after a UCLA Health data breach that affected the personal health records of up to 4.5 million people, California Gov. Jerry Brown signed into law a legislative package to adopt statewide breach notification requirements. The three-bill package addresses data encryption standards, the definition of personal information and the language for data breach notifications. FierceHealthIT, Health IT Security.

Study: Some Mobile Health Apps May Lack Adequate Security Features

Tue, 13 Oct 2015 16:38:00 Z

A study published in the journal BMC Medicine finds that some clinically accredited mobile health applications in the United Kingdom lack sufficient security features. In a separate commentary, Paul Wicks of the health information sharing website PatientsLikeMe called for a "proper balance" between innovation and caution. mHealth Intelligence et al.

HealthCare.gov Website Bolsters Consumer Privacy Protections

Tue, 13 Oct 2015 16:11:00 Z

The Obama administration has announced that the federal health insurance exchange website has been updated to better protect consumer privacy. Among other things, the HealthCare.gov website will honor users' requests to opt out of embedded connections to third parties. AP/Modern Healthcare, The Hill.

OCR Launches HIPAA Privacy, Security Portal for App Developers

Wed, 07 Oct 2015 17:38:00 Z

HHS' Office for Civil Rights has launched an online portal for mobile health technology developers to better understand issues related to HIPAA privacy and security rules. The platform allows registered users to submit questions, offer comments on other submissions and vote on the relevancy of topics. FierceHealthIT et al.

SCOTUS' Docket Includes Vermont Health Data Collection Law Case

Mon, 05 Oct 2015 14:25:00 Z

The U.S. Supreme Court's new term begins today. One of the cases justices will hear centers on the legality of a requirement under Vermont law for self-funded insurers to submit certain information upon request to the state's database. Oral arguments are expected to begin in December or January 2016. Modern Healthcare.

Audits Fault OCR for Lax HIPAA Oversight, Data Breach Follow-Up

Thu, 01 Oct 2015 18:11:00 Z

An HHS Office of Inspector General report says the agency's Office for Civil Rights must improve its oversight of HIPAA-covered entities, noting that its approach so far has been "primarily reactive." Meanwhile, a separate OIG report says OCR must strengthen its follow-up action on reported data breaches. FierceHealthIT, Politico's "Morning eHealth."

Employer Wellness Programs Raise Privacy Issues, Advocates Say

Thu, 01 Oct 2015 18:04:00 Z

As more employers adopt wellness programs, privacy advocates are raising concerns about a lack of regulations and standards to protect consumer data. Advocates note that few wellness contractors are subject to HIPAA requirements, and they are able to share identifiable data with unidentified third parties and agents. Kaiser Health News.

Report: Global Health Care Industry Prime Target for Cyberattacks

Wed, 30 Sep 2015 17:44:00 Z

A report by Raytheon|Websense Security Labs finds that global health care organizations experience 340% more cyberattacks than other industries. Specifically, the report notes that the health care industry is 400% more likely to be affected by malware attacks and 74% more likely to be affected by phishing schemes. FierceHealthIT, Clinical Innovation & Technology.

VA Sees Drop in Health Data Breaches; Other Orgs Report Breaches

Tue, 29 Sep 2015 18:10:00 Z

The Department of Veterans Affairs in August reported a 72.8% decline in veterans whose protected health information was affected by a health data breach. Meanwhile, several other health care organizations disclosed data breaches affecting the personal information of thousands of individuals. Health IT Security et al.

Health Care Is Increasingly Moving to the Cloud, but How Does Security Stack Up?

Mon, 28 Sep 2015 10:00:00 Z

The health care industry increasingly is turning to cloud hosting platforms to store sensitive patient data. Proponents say cloud service providers have stepped up security protections, but critics say there are still risks.

Experts Say Digitization of Health Info Raises Safety, Privacy Risks

Fri, 25 Sep 2015 18:03:00 Z

Some experts say the push toward a digitized health care industry has increased the risk for potential errors that compromise patient safety and privacy. Health data experts note that while companies must comply with federal regulations to ensure the secure storage and transfer of electronic data, coding and other technology errors can affect patients. Bloomberg Business.

HHS' OIG: ACA Database Contains Numerous Security Vulnerabilities

Fri, 25 Sep 2015 17:27:00 Z

HHS' Office of Inspector General has uncovered numerous security policy and technical vulnerabilities in the Multidimensional Insurance Data Analytics System, a $110 million repository for information collected under the Affordable Care Act. CMS says it began fixing the vulnerabilities earlier this year. The Hill et al.

Health Care Organizations Report Data Breaches Affecting Millions

Tue, 22 Sep 2015 18:37:00 Z

Health care organizations in Michigan, Louisiana, California and Vermont have disclosed data breaches affecting the personal health information of thousands of individuals. Meanwhile, a Web-based claims administration company is investigating a breach that left an estimated 1.5 million patient records exposed on a cloud-based backup system. Modern Healthcare et al.

Health Care Sector Accounts for 21% of Global Data Breaches

Wed, 16 Sep 2015 18:05:00 Z

A report released by digital security vendor Gemalto finds that 21.1% of the 888 data breaches recorded worldwide in the first half of 2015 occurred in the health care sector. The health care industry had 34% -- or 84.4 million -- of its total records breached, the highest rate of any sector. FierceHealthIT et al.

FBI Warns About Potential Cybersecurity Risks for Medical Devices

Tue, 15 Sep 2015 16:49:00 Z

In a recent alert, the FBI outlines risks posed by devices that automatically connect to the Web, such as insulin dispensers and wireless heart monitors. The FBI notes that potential vulnerabilities can lead to tampering that could cause harm and theft of personal data. Health Data Management, FBI alert.

Senator Calls for Vote on Cybersecurity Bill Following Excellus Hack

Mon, 14 Sep 2015 17:24:00 Z

In the wake of an Excellus BlueCross BlueShield data breach affecting about 10 million individuals, Sen. Charles Schumer is calling on Congress to vote on stalled cybersecurity legislation. However, Sen. Richard Burr, sponsor of the Cybersecurity Information Sharing Act, says it is unlikely Congress will vote on the legislation before October. The Hill.

Latest Cyberattack Affects at Least 10M; UCLA Wins Data Breach Case

Thu, 10 Sep 2015 18:12:00 Z

New York-based insurer Excellus BlueCross BlueShield has disclosed a cyberattack that could have compromised the personal records of more than 10 million individuals. Meanwhile, a California judge ruled that UCLA Health is not responsible for the unapproved release of a woman's medical records. Health Data Management et al.

Study: Many EHR Databases Vulnerable to Leaking Information

Tue, 08 Sep 2015 17:38:00 Z

A new study by Microsoft finds that many databases used to house electronic health records are vulnerable to exposing protected information, despite the use of encryption. According to researchers, cyberattacks on such databases are able to access sensitive information, including sex, age, race, admission information and other data. IDG News Service/Computerworld et al.

Sony Reaches Proposed Settlement in Suit Over Exposed Health Data

Thu, 03 Sep 2015 18:12:00 Z

Sony Pictures has reached a proposed settlement with former employees whose personal information, including identifiable health data, was made public in a cyberattack against the company in 2014. The lawsuit -- which was seeking class-action status -- alleged that Sony failed to protect thousands of workers' personal information. AP/San Diego Union-Tribune, Reuters.

Health Care Organizations Report Data Breaches, HIPAA Settlements

Wed, 02 Sep 2015 18:10:00 Z

Health care organizations in California, Maryland and Ohio recently have disclosed data breaches affecting the personal health information of thousands of individuals. Meanwhile, the HHS Office of Civil Rights has levied a $750,000 fine against an Indiana-based oncology radiation practice over alleged HIPAA violations from a breach that occurred three years ago. Health IT Security et al.

New Calif. Cybersecurity Center To Protect Health Records, Other Data

Tue, 01 Sep 2015 17:17:00 Z

California Gov. Jerry Brown has signed an executive order to establish a new security center tasked with strengthening state agencies' cybersecurity protections. The executive action follows a state audit that found the state's databases -- which house medical records and other personal information -- are vulnerable to data breaches. AP/Sacramento Bee et al.

81% of Health IT Execs Report Cyberattacks in Past Two Years

Thu, 27 Aug 2015 18:05:00 Z

A new survey released by KPMG finds that 81% of health IT executives at provider organizations and health plans said their organizations had been compromised by at least one cyberattack in the past two years. The survey attributes the increase in security threats to the use of outdated electronic health record systems and clinical applications, among other reasons. Computerworld et al.

Report: Unapproved Social Media App Puts VA at Risk of Data Breach

Fri, 21 Aug 2015 18:14:00 Z

A Department of Veterans Affairs Office of Inspector General report finds that employees' use of an unapproved social media tool put VA at risk of improperly uploading personally identifiable information, protected health information or other sensitive data. Among other things, the report recommends VA formally approve or disapprove the use of the tool. Military Times et al.

Health Care Organizations Grapple With Data Breaches, Lawsuits

Wed, 19 Aug 2015 18:10:00 Z

Health care organizations in Colorado, Georgia and New York recently have disclosed data breaches affecting the personal health information of thousands of individuals. Meanwhile, UCLA Health System is facing a lawsuit for allegedly failing to adequately secure its records and promptly alert the public about the data breach. Clinical Innovation & Technology et al.

Appeals Court Affirms Dismissal of Class-Action Data Breach Lawsuit

Tue, 18 Aug 2015 15:20:00 Z

An Illinois appeals court has upheld the rulings of two lower courts dismissing a class action lawsuit against Advocate Medical Group following a data breach in 2013. Plaintiffs had alleged that Advocate violated privacy regulations by failing to adequately protect their data. Healthcare IT News.

21st Century Cures Act Prompts Debate Over Patient Consent Rules

Thu, 13 Aug 2015 17:28:00 Z

Patient privacy advocates say the House-approved 21st Century Cures Act lacks safeguards for personal health data being used for medical research and hope the Senate version of the bill will do more to strengthen patient consent rules.

White House Seeks To Increase Cybersecurity Funding for HHS, VA

Wed, 12 Aug 2015 18:03:00 Z

The White House has issued an update to President Obama's fiscal year 2016 budget request that seeks $14 billion in cybersecurity funding for federal agencies, including the Department of Veterans Affairs and HHS. The update would boost HHS and VA funding by 23% and 15.5%, respectively, over FY 2015 levels. The Hill, White House release.

Report: Data Breaches Found at Five HHS Divisions Over Three Years

Tue, 11 Aug 2015 18:24:00 Z

A report by Republican lawmakers on the House Energy and Commerce Committee shows that data breaches have occurred at five divisions within HHS over the last three years. Committee members launched an investigation into security practices at HHS following a data breach at FDA in 2013. The Hill, Federal News Radio.

Federal Exchange Must Address Internal Control Flaws, OIG Says

Mon, 10 Aug 2015 17:14:00 Z

A new HHS Office of Inspector General report finds HealthCare.gov cannot ensure the eligibility of applicants or validity of subsidies because of flaws in the system's internal controls. CMS says it agrees with OIG's recommendations and has either enforced or is in the process of implementing improvements for vetting applicants. Wall Street Journal.

HHS, Federal Agencies To Push More Medical ID Theft Investigations

Mon, 10 Aug 2015 17:09:00 Z

Patients have been denied claims, lost benefits and been left unable to access their own medical records after their identities were stolen and used to fraudulently acquire health services. Insurers, health systems and the federal government are redoubling efforts to tamp down such abuses. Wall Street Journal.

Class-Action Lawsuit Filed Against EHR Vendor Over Data Breach

Fri, 07 Aug 2015 17:47:00 Z

A lawsuit filed in federal court alleges that Indiana-based electronic health record vendor Medical Informatics Engineering, which recently experienced a data breach, failed to adequately secure its systems. The suit is joined by more than 100 plaintiffs. Health IT Security.

23% of Broadband Households Worry About Health Data Security

Wed, 05 Aug 2015 18:19:00 Z

A new report by Parks Associates finds that nearly one-fourth of U.S. broadband-connected households are concerned about the privacy and security of data that are stored on mobile activity trackers and connected health devices. In addition, 35% of consumers have concerns about the confidentiality of health data stored online or in mobile health applications. MobiHealthNews, Parks Associates release.

FDA Urges Hospitals To Stop Using Hackable Medication Pump

Mon, 03 Aug 2015 17:36:00 Z

FDA says health care providers should stop using Hospira's Symbiq medication infusion pump because of concerns that it is vulnerable to hacking. The safety alert marks the first time FDA has recommended facilities stop using a device because of cybersecurity concerns. AP/New York Times et al.

Burwell: HHS Not Aware of Any Fraud in Federal Insurance Exchange

Wed, 29 Jul 2015 17:26:00 Z

Yesterday, HHS Secretary Sylvia Mathews Burwell told lawmakers her department has found no evidence of U.S. residents fraudulently obtaining coverage through HealthCare.gov. She said a Government Accountability Office report that found the federal insurance exchange re-enrolled 11 fake individuals is "the only exampl[e] (of fraud) that we know of." Modern Healthcare.

Recently Reported Data Breaches Could Affect Thousands of Patients

Mon, 27 Jul 2015 18:07:00 Z

Data breaches reported by health care organizations in Maryland, Florida, Ohio and Pennsylvania could affect thousands of patients. For example, Orlando Health has notified about 3,200 individuals of a data breach after a nursing assistant accessed patient records outside of normal job responsibilities. Health IT Security et al.

NIST Releases Draft Guidance To Bolster Security of Mobile Devices

Mon, 27 Jul 2015 16:49:00 Z

A draft guide released by the National Institute of Standards and Technology details how IT professionals in health care settings can implement security procedures. The guide also discusses which security risks pose the greatest threats to protecting patient data. IDG News Service/Computer World, Nextgov.

Congress Fails To Make Progress on Data Breach Notification Bill

Thu, 23 Jul 2015 17:18:00 Z

Despite a recent uptick in major cyberattacks, House lawmakers have not been able to advance a data breach notification bill in part because of its failure to include language for health records and its potential to pre-empt existing state laws that are stronger and more comprehensive. Roll Call.

Private Sector Takes on Patient IDs

Wed, 22 Jul 2015 17:45:00 Z

More than 15 years after Congress enacted a funding ban for a national patient identifier system, the private sector appears ready to take the lead on creating a viable solution. Stakeholders say such a system is key to addressing the nation's interoperability issues and improving patient safety.

UCLA Health: Hackers May Have Accessed Personal Info on up to 4.5M

Mon, 20 Jul 2015 16:49:00 Z

Information on up to 4.5 million individuals could have been accessed by hackers in an incident recently reported by UCLA Health. Hackers could have gained access to the health system's server as early as September 2014, and some of the affected information dates back as far as 1990. Los Angeles Times et al.

GAO: HealthCare.Gov Re-Enrolled 11 Fake Consumers in Health Plans

Fri, 17 Jul 2015 15:51:00 Z

A new Government Accountability Office report finds HealthCare.gov automatically re-enrolled 11 fake U.S. residents in health plans for 2015, including five who received subsidy increases for 2015. During a Senate committee hearing, lawmakers called for action to address the website's potential security issues. AP/San Diego Union-Tribune et al.

OPM Officials: Database Breach Exposed Information of 21.5M

Fri, 10 Jul 2015 18:08:00 Z

The Office of Personnel Management yesterday announced that hackers were able to access information on 21.5 million individuals in a database breach that was disclosed in June. Some files in the compromised database included health history. Meanwhile, a White House official says OPM Director Katherine Archuleta will resign, effective today. FCW et al.

State Attorneys General Caution Against Federal Data Breach Laws

Thu, 09 Jul 2015 17:49:00 Z

State attorneys general are asking that Congress not pass any data breach notification laws that would pre-empt existing state laws. Several data breach notification bills are pending in Congress, and the attorneys general warn such measures could hinder state-level laws that already have bolstered security rules, including those for the health care industry. Health Data Management.

NFL Player's Medical Record on Twitter Raises HIPAA Concerns

Thu, 09 Jul 2015 17:19:00 Z

Observers have raised concerns about a potential HIPAA violation after an ESPN reporter yesterday shared on Twitter an image of a National Football League player's private medical record. News organizations are not subject to HIPAA regulations, but the law could have been violated if a hospital worker leaked the information. CNN Money et al.

Survey: Email Systems, EHRs Among Top Cybersecurity Concerns

Tue, 07 Jul 2015 17:36:00 Z

A new survey finds that messaging systems and electronic health records are among the top health data security concerns for health IT professionals, hospital administrators and physicians. All three groups of respondents say the need to comply with regulations is a key driver for securing health data. Health IT Security, FierceHealthIT.

Survey: IT Professionals Cite Importance of Cybersecurity

Wed, 01 Jul 2015 17:35:00 Z

A survey by the Healthcare Information and Management Systems Society finds that 87% of health IT professionals say cybersecurity has become a higher business priority for their organization recently. More than 80% of respondents say security-related technologies must evolve. MedCity News, Health IT Security.

Supreme Court To Consider Case on Vt. Health Data Collection Law

Tue, 30 Jun 2015 17:25:00 Z

The Supreme Court says it will hear in its next term a case -- Gobeille v. Liberty Mutual Insurance -- that questions the legality of a requirement under Vermont law for self-funded insurers to submit certain information upon request to a state database. The U.S. Solicitor General's office has said the case could have national implications. Modern Healthcare et al.

University of Oregon Sexual Assault Case Sheds Light on Medical Privacy Limitations

Thu, 25 Jun 2015 11:00:00 Z

The medical records of students seeking care at university and college health clinics are protected under the Family Educational Rights and Privacy Act, rather than HIPAA. A recent University of Oregon sexual assault case highlights how FERPA offers weaker privacy protections, which some experts say could deter students from seeking needed health care.

Data Breaches at N.Y., Calif. Hospitals Affect Thousands of Patients

Tue, 23 Jun 2015 18:03:00 Z

An employee at Montefiore Medical Center in New York allegedly accessed patients' electronic health records and sold the data to individuals, who used the information to make luxury goods purchases worth about $50,000. Meanwhile, University of California-Irvine Medical Center last week started notifying 4,859 patients of a data breach compromising some of their health information. New York Business Journal et al.

WEDI Primer Lists Steps Groups Can Take To Stave Off Cyberattacks

Mon, 22 Jun 2015 17:46:00 Z

In a cybersecurity primer, the Workgroup for Electronic Data Interchange highlights steps health care organizations can take to protect themselves against cyberattacks. The report notes that during the first four months of 2015, more than 99 million health records were compromised in 93 separate data breaches. FierceHealthIT.

Newly Reported Health Data Breaches Could Affect Tens of Thousands

Wed, 17 Jun 2015 17:54:00 Z

Data breaches reported by an Indiana-based electronic health record vendor, a Texas health care agency and health care organizations in California and New York could affect tens of thousands of U.S. residents. For example, devices stolen from North Shore Long Island Health System include data on about 18,000 patients. Health IT Security et al.

HealthCare.gov Database Draws Concerns About Consumer Privacy

Tue, 16 Jun 2015 17:46:00 Z

Stakeholders are raising concerns after the Obama administration recently said it has not determined how long information in the Multidimensional Insurance Data Analytics System, a repository for data collected through HealthCare.gov, will be kept. AP/ABC News, Black release.