Lucas Mearian reports: About 32% of hospitals and 52% of non-acute providers — such as outpatient clinics, rehabilitation facilities and physicians’ offices — are not encrypting data in transit, according to a new survey. Additionally, only 61% of acute providers and 48% of non-acute providers are encrypting data at rest. Read more about the results…
Category: Of Note
‘Significant’ security holes in Medicare/Medicaid data
Norman Leahy reports: Medicare and Medicaid have “significant” vulnerabilities in their wireless networks that jeopardize the personal information of millions of citizens, according to a report issued Wednesday. If exploited, the security holes at certain Centers for Medicare and Medicaid Services data operations could result in “unauthorized access” to personally identifiable information and a possible “disruption…
Companies Fare Worse When the Press Exposes Their Problems Before They Do
An-Sofie Claeys, Verolien Cauberghe, and Mario Pandelaere have been conducting some interesting research on crisis management. Not surprisingly, they found that when entities disclosed first, even subsequent critical reports on their incidents had less impact than if critical reports appeared before the entity disclosed. Their studies were not addressing data breach disclosures per se, but the…
Pasadena Doctor Sentenced to 4 Years in Prison for Falsely Certifying Patients Were Terminally Ill as Part of Healthcare Fraud Scheme
One of the fears with medical identity theft is that a patient’s records could be corrupted in ways that could affect their care. In the case described below, the patients’ identity and insurance info wasn’t stolen, but it was misused to support a fraud scheme, and as part of the scheme, patients records were altered…
Amen, HIStalk, amen!
One of the more teeth-gnashing aspects of investigating and reporting on breaches is that I later see “mainstream” news outlets reporting on those breaches as though they had no information about them other than what the entity put out in their press release. So-called “news” outlets do not serve their readership well when they become complicit…
OCR Announces Initiative to More Widely Investigate Breaches Affecting Fewer than 500 Individuals
Glad to see this announcement from HHS/OCR: Since the passage of the Health Information Technology for Economic and Clinical Health Act of 2009 and the subsequent implementation of the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule, OCR has prioritized investigation of reported breaches of protected health information (PHI). The root causes of…