Questions? Call (855) 670-8780 or email security@compliancepoint.com   Visit us on LinkedIN  

Healthcare Data Breaches: When & How Often Do Data Breaches Occur?

 

February 10, 2016

 

 

 

Attention to how medical information is treated by Covered Entities and Business Associates has been heightened in the information security field over the last couple of years. With 2014 dubbed the “Year of the Mega Breach”, much of the concentration of information security, or lack thereof, has revolved around companies like Target and Home Depot.

With so much attention paid to these types of organizations, their security framework and how card holder data is protected, it was an unexpected surprise for all in the medical field when healthcare data breaches started occurring at the same rate the following year.

Ultimately, 2015 will be known as the “Year of the Healthcare Security Breach”, focusing both on Covered Entities and Business Associates.

Before the first half of 2015 was over, five of the eight largest ever security breaches in the medical sector had occurred. An astonishing 34% of compromised records, compared to 0.63% between 2011 and 2014, has led to a state of panic between both Covered Entities and Business Associates.

More and more Americans are becoming victims of health

Read More

Topics: HIPAA, Covered Entities, Business Associates, Health Information, Privacy, PHI, HITECH, Data Breach, Security, HIMSS16, card holder data, security breach, medical information, HHS, healthcare, information security

Healthcare Data Breaches: Who are the Key Players Enforcing PHI Requirements?

 

February 5, 2016

 

 

 In this blog series thus far, we’ve addressed the following questions:

  1. Who Needs PHI to Conduct Business?
  2. Who Wants PHI?
  3. What PHI IS Beyond the Scope of HIPAA?

In today’s post, I’d like to address who the key players are actively enforcing the requirements surrounding protected health information (PHI). One of these may surprise you!

First, we have The United States Department of Health and Human Services (HHS), also known as the Health Department. It is a cabinet-level department of the U.S. federal government tasked with protecting the

Read More

Topics: Protected Health Information, HIPAA, Health Information, Privacy, PHI, HITECH, Security, HIMSS16, FTC, OCR, Office for Civil Rights, HHS, Federal Trade Commission, Unfair and Deceptive Act, Health Breach Notification Rule

Healthcare Data Breaches: PHI beyond the Scope of HIPAA

 

January 20, 2016

 

 

In quick summary of the discussions through the blog series so far, PHI is individually identifiable health information that is held or transmitted by a Covered Entity or Business Associate. PHI can be any form or medium: electronic, paper, or oral and can include demographic information and relate to an individual’s past, present, or future physical or mental health or condition, the individual’s health care services received, or the payment status for those health care services.

Now, let’s discuss what PHI falls outside the scope of the HIPAA/HITECH requirements.

Although the HIPAA/HITECH requirements only apply to Covered Entities and Business Associates, it’s important to note that PHI may be redefined as personally identifiable information (PII) that applies to MANY different types of entities and different scenarios in which this information is used or disclosed for business purposes.

Exclusions to the definition of PHI as stated above, are education records (covered by the Family Educational Rights and Privacy Act), records as described at 20 U.S.C. 1232g(a)(4)(B)(iv), and employment records held by a Covered Entity in its role as an employer.

PHI also ceases to be considered PHI, and thus not protected under HIPAA, when certain elements are removed from this sensitive information. This is called de-identification of protected health information. There are two scenarios in which this occurs:

Read More

Topics: Protected Health Information, HIPAA, Covered Entities, Business Associates, Health Information, Privacy, PHI, HITECH, Data Breach, Security, HIMSS16, Personally Identifiable Information, De-identification, Health care, PII

Healthcare Data Breaches: Who Wants PHI?

 

January 12, 2016

 

 

In the previous blog post, we discussed the types of entities who need protected health information (PHI) to conduct their business or provide their services. Now, let’s discuss what entities or individuals are typically interested in obtaining this PHI.

Who is Interested in Obtaining PHI?

There is no single group of people or type of organization stealing PHI for unlawful purposes. However, by looking at the 18 PHI identifiers listed below, we can see that the type of information collected and protected under HIPAA can be used for many purposes that negatively affect those whose PHI is compromised.

Read More

Topics: Protected Health Information, HIPAA, Covered Entities, Business Associates, Health Information, Privacy, Privacy Rule, PHI, Data Breach, Security, HIMSS16, Information, healthcare, Illegal Use, Unlawful Use

Healthcare Data Breaches: Who Needs PHI to Conduct Business?

 

January 6, 2016

 

 

As promised in my introductory blog post, I will be writing a blog series exploring several issues regarding healthcare data breaches. Specifically, I will address the importance of proactively preventing them rather than reacting to them after the damage is done.

Who Needs PHI to Conduct Business?

Individually identifiable health information held or transmitted by a Covered Entity or Business Associate is protected under the HIPAA Privacy Rule and is formally called Protected Health Information (PHI).

PHI can be any record form or medium: electronic, paper, or oral. PHI can also include demographic information and relate to an individual’s past, present, or future physical or mental health or condition, the provision of healthcare to the individual, or the payment status for the provision of healthcare to the individual.

Individuals, organizations, and agencies that fall under the HIPAA definitions of a Covered Entity or a Business Associate must comply with the HIPAA/HITECH Rules in order to adequately protect the privacy and security of PHI while also providing individuals specific access to their PHI.

Read More

Topics: Protected Health Information, HIPAA, Covered Entities, Business Associates, Health Information, Business Associate Agreement, Privacy, PHI, HITECH, HIMSS, Data Breach, Security, healthcare

Subscribe to Our Blog Via Email

Recent Posts