November 1, 2016

More Than Credit Card Fraud: Why Criminal Insiders Commit Health Data Breaches

In our last “Patients at Risk" post, we discussed how insiders can pose a threat to electronic protected health information (ePHI) through health data breaches and explored why hospital leaders identify this group as the top threat to patient privacy. Within this category of insider threats, motivations for snooping can be divided into two main categories: malicious motivation involving criminal activity and innocent motivation involving curious employees with insufficient training on what inappropriate access to the EHR is.  

Continue Reading
October 18, 2016

Illuminating a Black Box in Healthcare: Translating HIPAA Auditing Requirements, Access Logs, and System Logs

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, went into effect on February 20, 2003. The Rule, as we all know, is about protecting patient privacy and preventing medical data breaches. It lays out the minimum standards a healthcare organization must meet in order to guard the electronic protected health information (ePHI) of their patients.

Continue Reading
October 13, 2016

Olympians Fall Victim as 2016 Continues Breakneck Health Data Breach Pace

September’s largest single incident involved a ransomware that affected 58,000 records. While the overall number of breached records is down, the second half of 2016 is shaping up to be significantly worse than the first half when it comes to patient data security. September’s breach totals include several olympic athletes after the World Anti-Doping Agency (WADA) suffered from a hacking incident apparently at the hands of Russian cyber-espionage group, Tsar Team (APT28), also known as Fancy Bear. While this month’s patient records breached total (246,876) pales in comparison to this past summer’s total (20 million), it’s important to re-emphasize the ever-evolving threats to patient data and the misfortune that can occur when this information lands in the wrong hands.

Continue Reading
October 4, 2016

Celebrate National Cyber Security Awareness Month

National Cyber Security Awareness Month is here! Started by the US Department of Homeland Security and the National Cyber Security Alliance 13 years ago, it's a collaborative effort between government and the companies protecting patient privacy to ensure that all Americans have the necessary resources and knowledge to stay secure online. See the full calendar of events here.

Continue Reading
September 21, 2016

Help Patients Better Understand How You Protect ePHI

Patients most frequently interact with doctors, nurses, and allied health professionals, making it easy for them to forget about all of the other people that go into running a hospital. Among the many unseen activities that go on in healthcare, hospitals need teams managing patient data, submitting insurance billing, maintaining legal compliance in clinical trials, and ordering medical supplies, in order to properly operate. Compliance teams can work with patients to help them better understand how the healthcare organizations they visit monitor and protect their electronic protected health information (ePHI).

Continue Reading