Health IT, HIPAA, and the CMS Incentive Programs Blog
For physicians, hospitals, government agencies, and business associatesTampa General Hospital breach highlights need for robust access controls
During a traffic stop and arrest August, the Tampa Police found patient documents regarding patients of Tampa General Hospital in the car. According to the hospital’s statement regarding the incident, a subsequent internal investigation by the hospital revealed that...
The Cost of Not Being a Meaningful User
Medicare Payment Adjustments will produce significant, long-term financial loss for physicians who do not participate in Meaningful Use As part of the American Recovery and Reinvestment Act of 2009 (ARRA), Congress mandated payment adjustments be applied to Medicare...
Unencrypted CD containing Jersey City Medical Center patient info lost in mail
Identifying routine disclosures is key to safeguarding patient PHI During what Jersey City Medical Center called “a part of routine hospital operations,” an employee sent a UPS package containing to a company engaged by the New Jersey State Medicaid program. The...
Gmail password leak sheds light on importance of cybersecurity awareness training
A list of nearly 5 million Gmail email addresses linked with passwords were leaked on a Russian Bitcoin security forum this week, but Google says not to worry. According to this article from Forbes.com, “There’s speculation that the addresses may hay been stolen from...
Hospital Employee takes ER Logs to State Department of Health – A case of whistleblowing?
Recently, 6,500 patients of Tri-City Medical Center in Oceanside, California were notified of a breach of their protected health information. A former employee (on his last day of employment in August) removed the medical records of the patients and brought them to...
HIPAA Audits for Healthcare Entities Delayed Again
The HHS Office for Civil Rights (OCR) announced yet another delay in the start of the long-awaited HIPAA Audit Program. This time, a technology upgrade is to blame. In June, we blogged about the OCR’s plan for Phase 2 of its audit program, which was projected to...
Security Lessons from the Nude Photos of Jennifer Lawrence, Kate Upton and Rihanna
Several celebrities had their privacy compromised this week when nude photos they had uploaded to Apple’s iCloud were stolen by hackers and shared on the Internet. On Tuesday, Apple said that the theft of the photos was due to “very targeted attacks” on the...
OCR Provides Guidelines for Encryption of Data in Motion
HIPAA Security’s 42 requirements, many of which are merely one sentence in length, understandably result in many questions for organizations seeking to comply. To resolve some of this ambiguity, the HHS Office of Civil Rights, in April 2009, issued guidance to...
