• Judith’s Blogs Archives

  • The Story Behind Your Mobile Apps and Your Security

    Recently Peter Adams, Chief Technology Officer and owner of Ping! Development * emailed me a question in regards to whether health information that would be transmitted from a mobile application with a Bluetooth device connection would need to be secured. Peter explained to me that the data being transmitted would have a user name and password transmitted to a secured server in plain text. I [...]

    Read more

    Health Insurance Drama and the Self Employed

    My husband and I are both self-employed. As all self-employed individuals know, health insurance is one of the biggest challenges to shop for and the monthly premium is the biggest budget killer. We have been lucky and blessed to have been able to obtain satisfactory health insurance along with great doctors who “work within our cash budget”. And it doesn’t hurt that we strive to[...]

    Read more

    A Silver Bullet to Prevent Breaches

    As we continue to read about the common occurrences of healthcare breaches, most recently August 3, 2016 announcement by Banner Health’s breach of 3.7 million records, I ask myself who, how or what can be done to prevent these breaches? Here are the perspectives from two industry experts discussing the same technique.   Jonathan Crowe a Senior Content Manager at Barkly, wrote about [...]

    Read more

    HIPAA - PCI DSS and Banner's 3.7 Million Breached Records

    August 3rd, 2016, Banner Health Systems announced that on “July 13, 2016, they discovered cyber attackers may have gained unauthorized access to information stored on a limited number of Banner Health computer servers. The investigation revealed that the attack was initiated on June 17, 2016” and they “began mailing letters to affected patients on August 3, 2016.” In [...]

    Read more

    How The ORC's Audit Program Crashed a Cocktail Party?

    Last month I was in The Emerald City- (Seattle, Washington) attending to business, renewing old friendships and taking in the beautiful sights-of a place I once called home. During a social gathering, I introduced myself to a Covered Entity, who then proceeded to confess to me that the nonprofit which he holds the combined role of Privacy and Security Officer, was chosen for the Phase 2 HIPAA [...]

    Read more

    Social Media and HIPAA

    Social Media can be an instrumental tool for marketing, development and gaining of market share within the area of a medical practice.  Many healthcare providers choose to avoid Social Media opportunities due to the potential of the violating HIPAA (Health Insurance Portability and Accountability Act). The reasons are many: history of healthcare providers becoming a member of the “Wall [...]

    Read more

    Are Your Employees Easy Marks for Phishing Scams?

    Recently, Saint Joseph’s Healthcare System in New Jersey announced that more than 5,000 employees at some of its facilities may be at the risk of identity theft following a phishing scam which potentially compromised their information. Saint Joseph’s Vice President of External Affairs Kenneth Morris Jr. stated “patient data and medical information were not affected, but [...]

    Read more

    Hospital Pays Ransom

    March 28, 2016
    Hospital Pays Ransom

    Each month, the headlines read; “Hospital Pays Ransom”, “Provider Group Reports Cyber-Attack”. Breaches, cyber-attacks, Ransomware effecting healthcare denominates the daily news. Twenty years ago the Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress which included five titles.  Congress mandated The Department of Health and Human [...]

    Read more

    OCR's Big 4

    March 18, 2016
    OCR's Big 4

    February was a busy month for Health and Human Services (HHS) and the Office for Civil Rights (OCR).  Here’s a recap. 2-3-2016: HHS Administrative Law Judge (ALJ) ruled that Lincare, Inc. (Lincare) violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and granted summary judgment to the Office for Civil Rights (OCR) on all issues, requiring [...]

    Read more

    Are You Ready for The OCR’s Visit?

    The audits by the Health and Human Services Department’s Office for Civil Rights (OCR) are slated to begin early this year.  Of the 350 entities selected, there will be 232 healthcare providers, 109 health plans, and nine healthcare clearinghouses. The business associates will include 25 Information Technology companies and 15 non-Information Technology companies all working within the [...]

    Read more

    Your Rights to Your Medical Records

    After four years of legal proceeding for Susan Jordan, The Court of Appeals of Virginia ruled that the University of Virginia Medical Center (Medical Center) could not fire her for obtaining her ill ex-husband’s medical records, after he was diagnosed with cancer. On April 23, 2014, Susan Jordan was fired for looking at her ex-husband Kurt’s medical records “without [...]

    Read more

    Data Breaches and Their Life Span

    The Identity Theft Resource Center (ITCR) has been tracking security breaches since 2005, looking for patterns, new trends and any information that may better help us to educate consumers and businesses on the need for understanding the value of protecting personal identifying information.  ITCR reports that within a ten-year period from 2005 to December 2015, there has been 5,810 data [...]

    Read more

    Highlights of the New Cybersecurity National Action Plan (CNAP)

    President Obama announced today that he is directing his Administration to implement a near-term and long term plan to maintain the public’s safety, economic and national security along with empowering citizens to take better control of their digital security. A few of the highlights of CNAP: Formation of the Commission on Enhancing National Cybersecurity. This Commission is made up of [...]

    Read more

    What Does the TV Show, The Good Wife Have in Common with Ransomware?

    In last season’s television series of The Good Wife, Attorney Diane Lockhart fell victim to “ransomware”. All of her client files were held for” ransom”, until she wired the hackers a ransom of $50,000.  Just another made for television story? Not so fast, the very next week, one of my clients experienced a frozen computer screen with a message that said [...]

    Read more

    To Encrypt or Not Encrypt

    Encrypt or un-encrypt, that is the question after the Health and Human Services (HHS) came out with their recent guidance on patient rights. Last week the Office for Civil Rights (OCR) announced a significant provision in the new guidance dealing with the issue of encryption. The guidance includes formalizing a requirement that both covered entities or business associates must provide [...]

    Read more

    Another Breach...

    January 7, 2016
    Another Breach...

    Another breach was announced today by Time Warner Cable. The F.B.I notified the company that email addresses, including passwords, may have been comprised of over 320,000 customers  Nathlie Burgos, Time Warner Cable Group Vice President, Public Relations said, “we haven’t yet determined how the information was obtained, but there is no indication that our systems were [...]

    Read more

    Predictions for 2016

    January 2, 2016
    Predictions for 2016

    Happy New Year! In looking back at 2015, how did your healthcare predictions fare?   It was a busy year; healthcare breaches led the way, followed by the mandated conversion on October 1st of ICD-10, followed by large monetary fines assessed from OCR (The Office for Civil Rights) for noncompliance of HIPAA (Health Insurance Portability Accountability Act). We cannot forget the changes in [...]

    Read more

    Size Doesn’t Always Matter with Social Media and PHI Breaches

    What do you get when you mix an employee engaging in social media and add a dash of PHI (Protected Health Information)?  Breach time bomb? It is well known that social media is flourishing.  It is also known that employees participate in one of many social media outlets: Facebook, Snap Chat, Instagram, Twitter, just to name a few. Rarely is an employee without their smartphone, making [...]

    Read more

    Patient Privacy Rights

    December 1, 2015
    Patient Privacy Rights

    Many articles have been written about the effects of patient privacy rights under the Health Insurance Portability and Accountability Act of 1996, (HIPAA) and the social media platforms, such as Facebook, Twitter, and Instagram. The need has never been greater for organizations to have reasonable and appropriate written policies and workforce training in place to safe guard Protected Health [...]

    Read more

    Patient Satisfaction

    November 18, 2015
    Patient Satisfaction

    Does your medical practice have a robust patient satisfaction survey or does a staff member review the many doctor review sites that now are on the worldwide web? Vitals, RateMD or ZocDoc are just a few. In 2012, the federal government incorporated a shift in how hospitals were being paid for treating people who have Medicare. This program is a part of the pay-for-performance system that was built[...]

    Read more

    What is the Price of Medical Practice Breach?

    No matter what the size of the medical practice is, growth continues in using computers with on-line systems, portable tablets, laptops and mobile devices to transmit Protected Health Information (PHI). According to Vormetric and Wakefield Research, most health care providers remain unaware of their vulnerability to a medical data theft and the fact that a breach could be far more damaging than a [...]

    Read more