Re: Celebrity Credit Reports and more, hacked

Multiple celebrities have had their personal information hacked and posted online recently, and this is nothing new. We’ve seen breaches of health information of celebrities in the past, and this will continue to happen, even when privacy and security is a top priority as it is in financial institutions and credit bureaus.

It is critical that privacy be the foundation in Health IT, or Americans’ health information will be the most valuable and available information on the market.

From the Fast Company Article: Michelle Obama’s Credit Report Hacked

“Three of the major credit agencies were hacked and information about Michelle Obama, Beyonce and numerous other celebrities has been leaked on an unnamed website, gossip site TMZ first reported on Tuesday.

Experian, TransUnion, and Equifax confirmed to Bloomberg News that they had found cases where information had been accessed unlawfully by hackers.”

OCR Could Include Cloud Provision in Forthcoming Omnibus HIPAA Rule

The below excerpt is from the Bloomberg BNA article OCR Could Include Provision in Forthcoming Omnibus HIPAA Rule written by Alex Ruoff. The article is available by subscription only.

“The final omnibus rule to update Health Insurance Portability and Accountability Act regulations, expected to come out sometime early this year, could provide guidance for health care providers utilizing cloud computing technology to manage their electronic health record systems, the chief privacy officer for the Office of the National Coordinator for Health Information Technology said Jan. 7 during a panel discussion on cloud computing.

The omnibus rule is expected to address the health information security and privacy requirements for business associates of covered entities, provisions that could affect how the HIPAA Privacy Rule affects service providers that contract with health care entities, Joy Pritts, chief privacy officer for ONC, said during the panel, hosted by the consumer advocacy group, Patient Privacy Rights (PPR).

PPR Dec. 19 sent a letter to Health and Human Services’ Office for Civil Rights Director Leon Rodriguez, asking the agency to issue guidance on cloud computing security. PPR leaders say they have not received a response…

…Deborah Peel, founder of Patient Privacy Rights, said few providers understand how HIPAA rules apply to cloud computing. This is a growing concern among consumer groups, she said, as small health practices are turning to cloud computing to manage their electronic health information.”

Re: Utah’s Medical Privacy Breach – Nearing 1 Million!

The Utah Dept of Health didn’t protect close to one million patients’ sensitive health data. Utah handles health information the way 80% of the US healthcare sector does: very poorly. Weak passwords and unencrypted health information are typical. Just last November, an SAIC/Tricare data breach of 4.9 million unencrypted records was reported.

The US healthcare industry has ignored federal law requiring encryption since 2005. Encryption is well-known to be the standard for protecting health data. But why do it if there is no enforcement and the cost of a fine or settlement is so low?

Instead of expanding electronic health records systems and exchanging millions more sensitive health records, the federal government should enforce the law and require the massive security flaws in existing health data systems be fixed. And whenever there are breaches, victims should have the technology tools to verify whether future claims are genuine to prevent medical ID theft and someone else’s record from receive credit monitoring for at least 3 years.

Learn more about the lack of health data privacy and security. Register to attend or watch the 2nd International Summit on the Future of Health Privacy, “Is there an American Health Privacy Crisis” on live streaming video at: http://www.healthprivacysummit.org

Electronic Health Record Security Concerns Are Global

As I mentioned in a recent post, nearly half of Australians may end up boycotting the new voluntary electronic health record (EHR) system when it launches next year because they believe the government can’t provide guarantees that their private medical details will remain private. A new Harris survey sponsored by the identity management company Sailpoint highlights EHR privacy concerns not only in Australia, but also in the United Kingdom and the United States.

According to the survey findings, some 83 percent of Australians, 81 percent of Britons, and 80 percent of Americans express some level of concern about moving their personal medical information to an electronic form…

…For example, since September 2009, at least 9.8 million instances of improper disclosure of medical information have been recorded in the United States. Earlier this month, the renowned Stanford Hospital & Clinics in California added to the total when it announced that the electronic health records of 20 000 of its emergency room patients seen between March 1st and August 31st of 2009, including their names, diagnostic codes, medical record numbers, hospital account numbers, billing charges, and emergency room admission and discharge dates, had been posted for nearly a year (Sept. 9, 2010, to Aug. 23, 2011) on a commercial Web site called Student of Fortune.

EMR Data Theft Booming

Acceleration in the use of electronic medical records may lead to an increase in personal health information theft, according to a new study that shows there were more than 275,000 cases of medical information theft in the U.S. last year.

Unlike stealing a driver’s license or a credit card, data gleaned from personal health records provides a wealth of information that helps criminals commit multiple crimes, according to Javelin Strategy & Research, a Pleasanton, California-based market research firm.