Global Economic Intersection
Advertisement
  • Home
  • Economics
  • Finance
  • Politics
  • Investments
    • Invest in Amazon $250
  • Cryptocurrency
    • Best Bitcoin Accounts
    • Bitcoin Robot
      • Quantum AI
      • Bitcoin Era
      • Bitcoin Aussie System
      • Bitcoin Profit
      • Bitcoin Code
      • eKrona Cryptocurrency
      • Bitcoin Up
      • Bitcoin Prime
      • Yuan Pay Group
      • Immediate Profit
      • BitQH
      • Bitcoin Loophole
      • Crypto Boom
      • Bitcoin Treasure
      • Bitcoin Lucro
      • Bitcoin System
      • Oil Profit
      • The News Spy
      • Bitcoin Buyer
      • Bitcoin Inform
      • Immediate Edge
      • Bitcoin Evolution
      • Cryptohopper
      • Ethereum Trader
      • BitQL
      • Quantum Code
      • Bitcoin Revolution
      • British Trade Platform
      • British Bitcoin Profit
    • Bitcoin Reddit
    • Celebrities
      • Dr. Chris Brown Bitcoin
      • Teeka Tiwari Bitcoin
      • Russell Brand Bitcoin
      • Holly Willoughby Bitcoin
No Result
View All Result
  • Home
  • Economics
  • Finance
  • Politics
  • Investments
    • Invest in Amazon $250
  • Cryptocurrency
    • Best Bitcoin Accounts
    • Bitcoin Robot
      • Quantum AI
      • Bitcoin Era
      • Bitcoin Aussie System
      • Bitcoin Profit
      • Bitcoin Code
      • eKrona Cryptocurrency
      • Bitcoin Up
      • Bitcoin Prime
      • Yuan Pay Group
      • Immediate Profit
      • BitQH
      • Bitcoin Loophole
      • Crypto Boom
      • Bitcoin Treasure
      • Bitcoin Lucro
      • Bitcoin System
      • Oil Profit
      • The News Spy
      • Bitcoin Buyer
      • Bitcoin Inform
      • Immediate Edge
      • Bitcoin Evolution
      • Cryptohopper
      • Ethereum Trader
      • BitQL
      • Quantum Code
      • Bitcoin Revolution
      • British Trade Platform
      • British Bitcoin Profit
    • Bitcoin Reddit
    • Celebrities
      • Dr. Chris Brown Bitcoin
      • Teeka Tiwari Bitcoin
      • Russell Brand Bitcoin
      • Holly Willoughby Bitcoin
No Result
View All Result
Global Economic Intersection
No Result
View All Result

Fines Remain Rare Even As Health Data Breaches Multiply

admin by admin
March 3, 2015
in Uncategorized
0
0
SHARES
2
VIEWS
Share on FacebookShare on Twitter

Special Report from ProPublica

by Charles Ornstein, ProPublica

This story was co-published with NPR’s Shots blog.

In a string of meetings and press releases, the federal government’s health watchdogs have delivered a stern message: They are cracking down on insurers, hospitals and doctors offices that don’t adequately protect the security and privacy of medical records.

Leon Rodriguez, then-director of the U.S. Department of Health and Human Services’ Office for Civil Rights, warned at a privacy and security forum in December 2012:

“We’ve now moved into an area of more assertive enforcement”

But as breaches of patient records proliferate – just this month, insurer Anthem revealed a hack that exposed information for nearly 80 million people – federal overseers have seldom penalized the health care organizations responsible for safeguarding this data, a ProPublica review shows.

Since October 2009, health care providers and organizations (including third parties that do business with them) have reported more than 1,140 large breaches to the Office for Civil Rights, affecting upward of 41 million people. They’ve also reported more than 120,000 smaller lapses, each affecting fewer than 500 people.

In some cases, records were on laptops stolen from homes or cars. In others, records were targeted by hackers. Sometimes, paper records were forgotten on trains or otherwise left unattended.

Yet, over that time span, the Office for Civil Rights has fined health care organizations just 22 times.

By comparison, the California Department of Public Health, which also levies fines against hospitals for breaches of patient privacy, imposed 22 penalties last year alone — and another eight in the first two months of this year.

Over 1,100 Health Data Breaches, but Few Fines

Since October 2009, health care organizations and their business partners reported 1,142 large-scale data breaches, each affecting at least 500 people, to the U.S. Department of Health and Human Services. Of those, seven breaches have resulted in fines. Explore the app


(Sisi Wei and Charles Ornstein, ProPublica)

The federal Office for Civil Rights has clear authority to audit health care organizations to ensure they are protecting patient records, as well as to impose huge fines — up to $1.5 million per violation. Yet experts on protecting health data have noted with chagrin how rarely the agency uses its power.

“It’s disappointing and underwhelming,” said Bob Chaput, founder and chief executive of Clearwater Compliance, which helps health care organizations create programs to protect sensitive information.

“They’re not doing as much as they could or should.”

The Office for Civil Rights declined an interview request from ProPublica, but said in a statement that it “aggressively” identifies and investigates “high-impact cases that send strong enforcement messages about important compliance issues.” The agency looks into all large data breaches, a spokeswoman wrote in an email, and the cases resulting in financial penalties “have involved systemic and/or long-standing” concerns.

The agency’s stiffest sanction to date came last May, when it hit New York-Presbyterian Hospital and Columbia University with fines totaling $4.8 million for failing to secure the electronic health records of 6,800 people. A physician had tried to remove his personal computer server from a shared network, causing patient records, including patient status, vital signs, medications and lab results, to be found on Web search engines. The problem surfaced when a person found a deceased partner’s personal health information online.

The federal government has played a growing role in health privacy and security since the passage of the Health Insurance Portability and Accountability Act, or HIPAA, in 1996. The law mandated standards for the use and dissemination of health care information and for how organizations protect electronic medical records.

In 2009, the Health Information Technology for Economic and Clinical Health Act, known as the HITECH Act, went a step further. It required that organizations publicly report breaches involving at least 500 patients, increased how much HHS could fine organizations that violate patient privacy and record security, mandated that HHS conduct audits, and extended the rules to third parties that work with health care organizations.

But since then, even HHS’ inspector general has been critical of the way in which the Office for Civil Rights has used its authority. In November 2013, the inspector general faulted the agency for not performing audits mandated by the HITECH Act.

A first, pilot set of audits, conducted in 2011 and 2012, showed that 102 of the 115 organizations reviewed had at least some problems with security or weren’t following rules to safeguard patient privacy. A larger follow-up round of audits is only now getting underway, experts say.

Consultants and experts in the field say the civil rights office has not fully explained the delays. Rodriguez, its former director, left last summer to head the U.S. Citizenship and Immigration Services. A new director has since taken the reins.

Some industry veterans say the Office for Civil Rights is trying to strike a balance between working with organizations to improve their security and punishing truly egregious lapses. Health providers often agree to make voluntary changes even if they’re not fined, the agency has said.

Angela Rose, director of health information management practice excellence at the American Health Information Management Association, an industry trade group, said:

“We’ve come a long way since HIPAA first came out. In the coming years, it will get better. It will get more strict.”

Joy Pritts, who until last year served as chief privacy officer for the federal Office of the National Coordinator for Health Information Technology, said:

“What you don’t want [the Office for Civil Rights] to become is somebody like your parking enforcement where they’re funding themselves by issuing tickets or fines to everybody who has the smallest infractions.”

Large Health-Care Data Breaches On The Rise

The number of large breaches (affecting at least 500 people) reported by health-care organizations to the U.S. Department of Health and Human Services.


Source: U.S. Department of Health and Human Services Office for Civil Rights, Data Accessed on Feb. 25, 2015. Credit: Sisi Wei and Charles Ornstein/ProPublica

Data security experts also say the Office for Civil Rights simply does not have the resources to handle its oversight responsibilities. While it can keep whatever fines it imposes to use for enforcement, it has fewer than 200 employees and a budget of just $39 million. Its duties, by comparison, are vast: Each year, it handles over 4,000 discrimination complaints, reviews 2,500 Medicare provider applicants to see if they are complying with federal civil rights requirements, and resolves more than 15,000 complaints of alleged HIPAA violations. The president is seeking a budget increase for the agency next year.

“They’re swamped,” said Dan Berger, chief executive of Redspin, an IT security company that issues an annual report on trends in large data breaches.

The number of large data breaches continues to increase. Last year, 278 were reported, according to federal data, up from under 200 per year from 2010 to 2012. Since the Office for Civil Rights reviews all of them, as well as some smaller ones and other complaints, years can pass before cases are closed.

It took five years, for instance, for the office to impose an $800,000 fine against Parkview Health System for an incident in which 71 cardboard boxes of medical records for 5,000 to 8,000 patients were left unattended in the driveway of a physician’s home. That incident was not reported as a large data breach but instead came in as a complaint from the physician.

Adam Greene, a partner at Davis Wright Tremaine, a law firm in Washington D.C., and a former OCR official, said:

“I think the office is overwhelmed with the volume that’s coming in and that’s in part leading to long delays in resolving some of these cases.”

Some organizations currently under review by HHS say they don’t know the status of their cases. In 2012, the state of Utah disclosed that hackers gained access to a server that stores data on Medicaid and children’s health insurance claims. Social Security numbers of 280,000 people and less-sensitive information on 500,000 others were accessed.

Since then, the state health department has had three official interactions with the Office for Civil Rights, the last coming in May 2014. Tom Hudachko, an agency spokesman, said:

“It’s hard to tell where we are in the process. We thought there would have been resolution by this point.”

Utah’s Department of Technology Services, which handles all tech needs for the state, has increased security since the breach, hiring a new chief information security officer, received additional funding from the legislature, increased network monitoring to 24 hours a day, and arranged for an outside security assessment every two years.

The Montana Department of Public Health and Human Services, which reported a hacking incident last year that affected more than 1 million people, also said HHS’ investigation is ongoing.

Some security experts say that the government needs to use its authority to impose fines to send a message. Bruce Schneier, a computer security expert and blogger, compared the situation to environmental pollution.

He said:

“If the cost of polluting is zero, companies will pollute. How would a rational company not do that? If your CEO said we’re going to spend four times as much money not to pollute, he would be fired. What you need is to make security rational.”

Help us investigate patient privacy by sharing your story. Also read our story about how a real-life medical show filmed a man’s death without his permission.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

Previous Post

Here We Go Again! On March 16, 2015 The USA At The Debt Ceiling

Next Post

Investing.com Technical Summary 03 March 2015

Related Posts

Philippines To Offer Value-Added Tax Refund To Foreign Visitors By 2024
Economics

Philippines To Offer Value-Added Tax Refund To Foreign Visitors By 2024

by John Wanguba
January 31, 2023
Bitcoin Mining Revenue Rises 50% To $23M In A Month
Business

Bitcoin Mining Revenue Rises 50% To $23M In A Month

by John Wanguba
January 30, 2023
U.S. Inflation Roller Coaster Sparks New Outlook On Long-Ignored Money Supply
Econ Intersect News

U.S. Inflation Roller Coaster Sparks New Outlook On Long-Ignored Money Supply

by John Wanguba
January 30, 2023
Bitcoin Adoption Of Guatemalan Merchants Increases A BTC Tattoo At A Time
Business

Bitcoin Adoption Of Guatemalan Merchants Increases A BTC Tattoo At A Time

by John Wanguba
January 30, 2023
US Economy Recorded Robust Growth In Q4, But With Underlying Weakness
Economics

US Economy Recorded Robust Growth In Q4, But With Underlying Weakness

by John Wanguba
January 30, 2023
Next Post

Investing.com Technical Summary 03 March 2015

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Browse by Category

  • Business
  • Econ Intersect News
  • Economics
  • Finance
  • Politics
  • Uncategorized

Browse by Tags

adoption altcoins banking banks Binance Bitcoin Bitcoin adoption Bitcoin market Bitcoin mining blockchain BTC business China crypto crypto adoption cryptocurrency crypto exchange crypto market crypto regulation decentralized finance DeFi Elon Musk ETH Ethereum Europe finance FTX inflation investment market analysis markets Metaverse mining NFT nonfungible tokens oil market price analysis recession regulation Russia technology Tesla the UK the US Twitter

Archives

  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • August 2010
  • August 2009

Categories

  • Business
  • Econ Intersect News
  • Economics
  • Finance
  • Politics
  • Uncategorized
Global Economic Intersection

After nearly 11 years of 24/7/365 operation, Global Economic Intersection co-founders Steven Hansen and John Lounsbury are retiring. The new owner, a global media company in London, is in the process of completing the set-up of Global Economic Intersection files in their system and publishing platform. The official website ownership transfer took place on 24 August.

Categories

  • Business
  • Econ Intersect News
  • Economics
  • Finance
  • Politics
  • Uncategorized

Recent Posts

  • Philippines To Offer Value-Added Tax Refund To Foreign Visitors By 2024
  • Bitcoin Mining Revenue Rises 50% To $23M In A Month
  • U.S. Inflation Roller Coaster Sparks New Outlook On Long-Ignored Money Supply

© Copyright 2021 EconIntersect - Economic news, analysis and opinion.

No Result
View All Result
  • Home
  • Contact Us
  • Bitcoin Robot
    • Bitcoin Profit
    • Bitcoin Code
    • Quantum AI
    • eKrona Cryptocurrency
    • Bitcoin Up
    • Bitcoin Prime
    • Yuan Pay Group
    • Immediate Profit
    • BitIQ
    • Bitcoin Loophole
    • Crypto Boom
    • Bitcoin Era
    • Bitcoin Treasure
    • Bitcoin Lucro
    • Bitcoin System
    • Oil Profit
    • The News Spy
    • British Bitcoin Profit
    • Bitcoin Trader
  • Bitcoin Reddit

© Copyright 2021 EconIntersect - Economic news, analysis and opinion.

en English
ar Arabicbg Bulgarianda Danishnl Dutchen Englishfi Finnishfr Frenchde Germanel Greekit Italianja Japaneselv Latvianno Norwegianpl Polishpt Portuguesero Romanianes Spanishsv Swedish