September 7, 2016

How the HIPAA Security Rule Can Guide a Proactive Security Posture

Being HIPAA-compliant has been a hot topic among healthcare organizations ever since HHS published the HIPAA Security Rule on February 20, 2003. The Security Rule established the standards a healthcare organization had to meet in order to comply with rules set in place to better protect patient privacy. The sad truth is, however, that many organizations do not meet these standards, and now, with healthcare data breaches on the rise, it is more important than ever for organizations to take proactive measures to protect the privacy of their patients.

Download the Protenus Privacy Primer to view the full spectrum of privacy postures in healthcare today and see how your organization is stacking up.

Continue Reading
September 1, 2016

VIPs and Presidential Candidates' Medical Records Face Heightened Privacy Vulnerabilities

Earlier this year, Jackson Memorial Hospital fired two employees for inappropriately accessing Giants defensive end Jason Pierre-Paul’s medical records. The two employees sold the information in the VIP’s record to ESPN’s Adam Schefter. Schefter, who has 5.19 million Twitter followers, tweeted the records while Pierre-Paul had surgery on his right index finger. Pierre-Paul sued ESPN and the NFL for violating his privacy under HIPAA, and in August, a judge ruled that Pierre-Paul could move forward with his lawsuit. This summer, the major-party U.S. Presidential candidates are facing scrutiny over their health records and history. They are under pressure to refute false claims and respond to amateur diagnoses circulating via various media outlets.

Continue Reading
August 24, 2016

Cost of a Healthcare Data Breach: Lawsuits

Imagine the following scenario: a celebrity is visiting your hospital after suffering a minor injury. One of your employees lets curiosity get the better of him and accesses the celebrity’s electronic health records (EHRs) without authorization. A protracted lawsuit follows, this cost of a healthcare data breach can cost months of time and hundreds of thousands of dollars. The media covers the scandal extensively, costing your organization even more by giving it bad publicity and driving customers away.

Continue Reading
August 17, 2016

Cost of a Breach: Forensics and Notification

Continuing our Cost of a Breach series that examines and breaks down the cost of a hospital data breach, this week’s post will take a closer look at the first two steps a hospital or healthcare institution must take after a data breach has occurred: forensics and notification. In the aftermath of a data breach, the first thing a healthcare organization must do is determine what electronic health records (EHRs) were illegitimately accessed and who accessed them; this process is known as data forensics. Once the scope of the breach is known, an institution must then notify any affected patients and provide them with specific support services.

Continue Reading
August 9, 2016

July Healthcare Data Breaches Spike to 39, Some Going Undetected for Years

After a staggering 11 million patient records were breached in June, July's number of total records breached is back down to April’s levels, at 126,930 records (though nearly half of U.S. states had at least one healthcare data breach incident this month). New this month, we present an analysis of the amount of time a breach goes unreported, finding an average time lapse of two years, with as many as six years elapsing in one case.  

Continue Reading

Receive the latest article to your inbox