patient data

Seattle health system will pay $100K HIPAA fine

Anne Zieger — Fri, 18 Jul 2008 10:47:30 -0400

A Seattle-based health system has agreed to pay a $100,000 HIPAA fine--as well as improve its medical data security--after failing to properly secure data backup tapes, disks and laptops. During 2005 and 2006, medical data was stolen from Providence Health & Services several times, with backup tapes and laptops being lost or stolen repeatedly. In light of these incidents, the health system will now revise its policy on transporting patient records outside of company buildings, and it will improve employee training. It will also undergo security monitoring by the feds, and turn in report on data security measures for three years.

The fine that will be paid by Providence is actually fairly unusual, as very few HIPAA fines have actually been imposed to date. However, its security issues are also unique. While many health organizations have lost a single laptop or backup tape to theft or disorganization in recent years, I haven't encountered any that have actually had to report multiple losses. That might explain why federal monitors took a particular interest in this organization's troubles.

To learn more about the HIPAA settlement:
- read this Seattle Post-Intelligencer piece

Related Articles:
IT staffer fired after data theft, sues hospital
Tenet warns of potential data theft
VA pledges better data security
Johns Hopkins investigates data breach

Trend: Identity thieves get better at stealing medical records

Wed, 07 May 2008 06:59:57 -0400

Recently, identity thieves have become increasingly focused on stealing medical records--and have begun using better methods to get patient data, too. Medical records offer a rich trove of information for an identity thief, often including not only health insurance account numbers and billing addresses, but also dates of birth, Social Security numbers and even credit information. Given the richness of patient records, thieves may make more money stealing them than they would by going after credit card numbers or bank accounts directly. Worse, the thieves are getting more skilled at such thefts. While providers often encrypt their data, thieves often work with insiders who can help them break through these security measures. Concerned about this trend, California and Arkansas now require that consumers be notified when their medical data is accessed, and federal legislators are considering a measure instituting similar requirements.

To learn more about medical record theft:
- read this USA Today article

Related Articles:
The growing problem of medical identity theft
NY hospital worker charged with massive file theft
California expands health data breach rules

ALSO NOTED: Health IT not likely to shift much in '08; HHS recommends better health data privacy protections; and much more...

Tue, 15 Jan 2008 06:59:50 -0500

> Despite the volume of political dialog on the subject, it seems unlike that there will be big changes in the U.S. health IT infrastructure this year. FierceHealthIT

> An HHS advisory group has recommended that regulators develop stronger protections for shared patient data above and beyond what HIPAA offers. FierceHealthIT

> The death rate of patients who undergo weight-loss surgery in Massachusetts has fallen as volume increased, according to a new state report. Article

> Actor Dennis Quaid claims that staff at Cedar-Sinai told him that his newborns were fine, despite the fact that they were suffering from a serious heparin overdose. Article

> Take a look at the drugs that made it through the rigorous review process and earned FDA approval in 2007. Report

And Finally... You want to really annoy patients? Try doubling parking fees. Article

ALSO NOTED: Case draws attention to organ donation system; Questions over Lipitor; and much more...

Fri, 14 Sep 2007 06:59:50 -0400

> A case alleging that a physician hastened a patient's death to harvest his organs has thrown a spotlight on the organ donor system. Article

> When does good news feel almost bad? When a blockbuster drug is deemed the juiciest on the market--but the wolves are circling. If this sounds like Lipitor to you, you're right. FiercePharma

> Johns Hopkins is investigating a patient data breach resulting from the theft of a desktop computer. FierceHealthIT

> A new study suggests that Regional Health Information Organizations are growing slowly, and reliant on grants to stay alive. FierceHealthIT

And Finally... When this woman's son was diagnosed with autism, she went into entrepreneur mode. Article

ALSO NOTED: Thoracic group lobbies Congress over Medicare cuts; Aetna expands Tenet network; and much more...

Wed, 11 Jul 2007 20:01:30 -0400

> The Society of Thoracic Surgeons (STS) may not have the clout of the AMA, but it's doing what it can on the lobbying front nonetheless. It's meeting with legislators on Capitol Hill to ask them to stop the planned 10 percent Medicare reimbursement cut. Article

> Tenet has struck a deal with Aetna which extends the Aetna network to all of the chain's 60 subsidiary-owned or operated hospitals. Article

> Kmart has expanded its low-cost generics program to 70 additional medications. Under the program, consumers can get a 90-day supply of certain generics for $15. Article

> Boston-area Hallmark Health System has made a big turnaround after years of debt and red ink. Article

> In an effort to push medical data quickly to physicians and hospitals, the Army is giving thousands of battlefield medics handheld wireless devices which they can use to collect patient data and record treatments. FierceHealthIT

And Finally... Research proves it: There really never could have been a Ministry of Silly Walks. Article

ALSO NOTED: FL Medicaid pilot hits snags; TN med mal insurer drops premiums; and much more...

Sun, 17 Jun 2007 20:01:30 -0400

> Florida's Medicaid reform pilot isn't working out as well as supporters had hoped. Article

> Tennessee's largest malpractice insurer has cut premium costs by an overall 4.2 percent, a cut which has prompted some to suggest that tort reform isn't needed. Article

> A hospital in the Minneapolis metro is using full-scale mock-ups to help staffers size up pending construction plans. Article

> Think it's tough paying for EMRs? Just try hiring someone qualified to set them up. Editorial

> The VA may end up spending $20 million to address problems resulting from a stolen hard drive stocked with physician and patient data. Article

> A collection of consumer and business groups are pressing Congress to pass pro-EMR legislation. Article

And Finally... Greenery is nice, but a $26,000 tree is a bit much. Article

ALSO NOTED: Sutter teams with HealthSouth on surgery centers; Cutting waits for care; and much more...

Sun, 10 Jun 2007 20:01:30 -0400

> Sutter Health has agreed to a joint venture with HealthSouth under which it will run a group of California surgery centers, as well as possibly developing more. Article

> Looks like a growing number of providers are setting up systems which cut or even eliminate waits for care. Article

> It's a battle for supremacy in Houston's long term acute care market. Article

> Nurses at Portland's Legacy Health System warn that unionization is on the way. Article

> A group of suits by parents claiming that childhood vaccines caused their children's autism will soon get a hearing. Article

> A Washington state hospital has admitted that patient data was exposed to Web searchers. Article

> A new report offers tips on how to make your health information exchange viable. Article

> A new venture investment fund is targeting cost-cutting health technologies. Article

And Finally... I understand the whiskey. But lettuce? That one's got me stumped. Article

U of Pittsburgh exposes donor ID information

Tue, 22 May 2007 20:01:35 -0400

The University of Pittsburgh Medical Center is facing a public controversy after a donor pitch letter inadvertently exposed the former patients' Social Security numbers. The letter, which went out to about 6,000 former patients earlier this month, included a tracking code that integrated the SSN. The code was visible through the envelope window. Critics call the inclusion of the SSN a serious mishap, arguing that it could expose the 6,000 recipients to identity theft. UPMC denies that there's any major risk, but still sent out a letter to the 6,000 potential donors offering credit monitoring for one year to any of them that requested it.

To learn more about the mishap:
- read this Pittsburgh Post-Gazette piece

PLUS: UPMC president Jeffrey Romoff got a 17 percent raise in 2006, collecting $3.3 million for his efforts. Article

Related Articles:
UPMC patient data exposed on website. Report
Johns Hopkins loses patient, employee data. Report
Massive data loss at HCA. Report
Allina suffers patient data theft. Report

SPOTLIGHT: Solving the price transparency puzzle

Mon, 09 Apr 2007 20:01:32 -0400

Giving patients real-time information on what their treatment is costing them can be difficult, but can pay off big-time over the long-term through improved collections and higher satisfaction. In this paper, the Healthcare Financial Management Association offers some suggestions as to how hospitals can blend provider and patient data to make this happen. Report (.pdf)

Second Maryland hospital loses patient data

Wed, 14 Feb 2007 19:01:37 -0500

Just a week after high-profile Maryland hospital Johns Hopkins lost data on thousands of patients and employees, a second Maryland hospital has reported losing data on about 130,000 former and current patients. St. Mary's Hospital just notified the patients that a laptop stocked with their personal information was stolen from a hospital late last year, in December. The laptop, which was based on the hospital's emergency care center, included names, Social Security numbers and birth dates for patients going back to 1989, though no medical or financial information. However, the data was not scrambled for privacy protection, so whomever has the laptop could conceivably read it. To protect patients, the hospital has contracted with a firm that specializes in identity theft cases--National ID Recovery--which will help patients keep track of potential credit issues that might emerge at no cost.

To get more information on the data theft:
- read this article in The Baltimore Sun

Related articles:
Cancer patient data from four states is stolen. Report
Allina suffers patient data theft. Report
Intermountain employee data for sale. Report
VA pledges better data security. Report