Health Care Archives - Page 6 of 8

Oncology Services Provider Reaches $2.3 Million Settlement with HHS for Data Breach

21st Century Oncology, Inc. (21CO), a Florida-based oncology services provider, has agreed to pay $2.3 million in a no-fault resolution to the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) to settle potential civil money penalties stemming from a 2015 cyberattack on its network SQL database. The Federal Bureau of Investigation (FBI) was first to detect that an unauthorized third party illegally obtained patient information from 21CO in October 2015. Upon further investigation by 21CO and OCR, it was determined that 21CO:

Impermissibly disclosed the protected health information (PHI), including names, social security numbers, and diagnoses, and treatments, of 2,213,597 of its patients.
Failed to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the electronic protected health information (ePHI).
Failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.
Failed to implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
Disclosed protected health information to third party vendors, acting as its business associates, without obtaining satisfactory assurances in the form of a written business associate agreement.

Continue reading “Oncology Services Provider Reaches $2.3 Million Settlement with HHS for Data Breach”

Another State-Lead Data Breach Action Results in High Fines and Strict Compliance Requirements

Massachusetts Attorney General Maura Healey and Multi-State Billing Services (MSB), a Medicaid billing company that provided processing services for 13 public schools, signed a no-fault consent judgment settling a 2014 data breach resulting from a stolen laptop that put 2,618 children at risk for identity theft and fraud. The MSB laptop contained unencrypted personal information, including names, social security numbers, Medicaid identification numbers and birth dates.

The settlement requires MSB to pay $100,000 and implement improved security practices after an investigation by the attorney general’s office determined it violated state consumer protection and data security laws. More specifically, the judgment requires MSB to continue to develop, implement and maintain a written and comprehensive information security program and review and update its existing policies and procedures for compliance with data security laws. It must also train its staff on how to protect personal information and regularly report on its compliance with such requirements to the state attorney general’s office.

Continue reading “Another State-Lead Data Breach Action Results in High Fines and Strict Compliance Requirements”

Investigation Continues After Massive Data Breach at Henry Ford Health System

An unknown hacker gained access to 18,470 patients’ personal health information via employee emails at Detroit-based Henry Ford Health System (HFHS).

According to the press release, HFHS first learned of the incident on October 3, 2017, after becoming aware that the email credentials of a group of employees were compromised. Even though the emails were name and password protected by encryption, they remained vulnerable to such illegal access. The email accounts contained patient health information, including:

Patient name
Date of birth
Medical record number
Provider’s name
Date of service
Department’s name
Location
Medical condition
Health insurer

Continue reading “Investigation Continues After Massive Data Breach at Henry Ford Health System”

FDA Approves First Digital Pill

The U.S. Food and Drug Administration has approved the country’s first drug with a digital ingestion tracking system.

Abilify MyCite is a pill that digitally tracks whether patients have taken the medication. The pill contains a sensor that, once ingested, sends a message to a patient’s wearable patch, which then transmits the information to a smartphone application. This voluntary process allows patients, caregivers, and physicians to track this information through a web-based portal if the patient has given consent. Experts believe that such digital devices could have a positive impact on public health by addressing a longstanding problem; in this case, that patients do not take their medicines as prescribed.

Continue reading “FDA Approves First Digital Pill”

A Bipartisan Effort to Focus on Healthcare Cybersecurity

House Energy and Commerce Committee members Reps. Billy Long (R-Mo.) and Doris Matsui (D-Calif.) introduced the HHS Cybersecurity Modernization Act earlier this month in a bipartisan effort to address cybersecurity threats to the Department of Health and Human Services (HHS). Representatives Long and Matsui have both described the bill, H.R. 4191, as a stepping-stone towards improving cybersecurity at HHS and the health care industry at large. However, the bill does not authorize any additional appropriations to do so.

Continue reading “A Bipartisan Effort to Focus on Healthcare Cybersecurity”

Latest OCR Reminder Regarding Mobile Device Security and PHI

With the ever-increasing use of mobile devices in the workplace that create, receive, maintain, and transmit electronic protected health information (ePHI), the Department of Health and Human Services (HHS), Office for Civil Rights (OCR)’s latest Cybersecurity Newsletter issued an important reminder of the importance of mitigating the risks surrounding the use of mobile devices.

Mobile devices pose unique security risks because of their portability, small physical size, and capacity to store vast amounts of data. Both the Federal Trade Commission (FTC) and OCR frequently remind all organizations, but especially those entities that process ePHI, of the importance of protecting data on mobile devices.

Continue reading “Latest OCR Reminder Regarding Mobile Device Security and PHI”

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

Category: Health Care