econintersect.com
  • 토토사이트
    • 카지노사이트
    • 도박사이트
    • 룰렛 사이트
    • 라이브카지노
    • 바카라사이트
    • 안전카지노
  • 경제
  • 파이낸스
  • 정치
  • 투자
No Result
View All Result
  • 토토사이트
    • 카지노사이트
    • 도박사이트
    • 룰렛 사이트
    • 라이브카지노
    • 바카라사이트
    • 안전카지노
  • 경제
  • 파이낸스
  • 정치
  • 투자
No Result
View All Result
econintersect.com
No Result
View All Result

Despite Wave of Data Breaches, Official Says Patient Privacy Isn’t Dead

admin by admin
3월 25, 2015
in 미분류
0
0
SHARES
0
VIEWS

Special Report fro ProPublica

by Charles Ornstein, ProPublica

This story was co-published with NPR’s Shots blog.

It’s hard to keep track of even the biggest health data breaches, given how frequently they seem to be happening. Just last week, health insurer Premera Blue Cross disclosed that hackers broke into its system and may have accessed the financial and medical records of some 11 million people. The intrusion began last May but wasn’t discovered until January and wasn’t shared publicly until this week.

Among the information that may have been taken about the insurers’ members and applicants: names, dates of birth, email addresses, street addresses, telephone numbers, Social Security numbers, member identification numbers, bank account information, and claims information, which may include sensitive medical details.

Premera’s announcement comes weeks after another health insurer, Anthem Inc., announced that it too had been hacked—and that the records of nearly 80 million people were exposed.

The task of investigating medical data breaches falls to the Office for Civil Rights, a small agency within the Department of Health and Human Services. Its staff of about 200 investigates thousands of complaints every year, large and small. Last month, ProPublica reported how, as the number of breaches has increased, the office infrequently uses its authority to fine organizations and health providers that fail to safeguard patient records.

The office’s director, Jocelyn Samuels, spoke on Monday to health privacy and security experts gathered in Washington, D.C., for the National HIPAA Summit, named for the Health Insurance Portability and Accountability Act. This 1996 federal law protects the privacy and security of patient records. Her speech preceded Premera’s public disclosure.

After her talk, Samuels sat down with ProPublica to talk about the current state of health privacy. The conversation has been edited for length and clarity.

Q. To start off with, the Anthem breach is still at the top of mind for so many people. Does this change the landscape in terms of health data breaches?

A. We won’t know until after we have investigated what the causes of the Anthem breach are or were, or whether there are concerns about HIPAA compliance. But I think that it illustrates both the increasing risks that exist in the cybersecurity space and the need for covered entities [health providers and others subject to HIPAA’s requirements] to continue to update and evaluate their risk analyses to ensure that their risk management plans adequately anticipate all of the kinds of threats they may face.

Q. I received a breach letter from Anthem [informing me that my data was accessed] and I heard from a lot of people who did. One of the things that they say is, ‘I don’t even know what to make of this. What of mine was taken? Will it be used against me?’ How do you advise them what to do?

A. We will be evaluating the kinds of information that was compromised and the source of the breach and the harm that accrued to the different individuals. Those are all question that I think will inform the work that we do in this space and we will have further answers as we learn more.

Q. Since HIPAA was passed in 1996, how would you say the state of play has changed with respect to patient privacy and the security of records?

A. The ability to access electronic health records is something that we obviously have clarified and expanded over time since HIPAA was enacted. And I anticipate that we will continue to evaluate the application of HIPAA standards to emerging issues, whether they are posed by new technology or new forms of risk that aren’t being adequately addressed. From a macro perspective, we are seeing an explosion of new approaches to delivering health care, to treating patients, to sharing information. And that changes on an exceptionally rapid basis, and so ensuring that we are providing adequate guidance about how HIPAA applies and what the standards are in these new environments is something that’s a high priority.

Q. Some people have suggested that the notion of patient privacy is sort of outmoded and that you really don’t have privacy anymore. Do you accept that?

A. No. I think that you are talking about some of the most intimate facts about any individual, whether it is their health condition or their diagnosis or their treatment choices, and that it is really critical to ensure that they feel confident that that information will be protected from public disclosure. That’s the underlying premise of patient involvement in health care decision-making, that they can entrust their providers with this really intimate information knowing that it won’t be misused or inappropriately disclosed. Although there are new threats and cybercriminals get smarter every day, we have to do our best to keep up and ensure that there are adequate protections in place so that we can gain the benefits that technology and delivery system reform are promising.

Q. Let’s talk numbers. OCR staff is small and yet you receive a ton of complaints every year, thousands, tens of thousands. Can you get to them?

A. Do we have resource constraints? Absolutely. Do we have an increasing caseload? Yes. We have to learn to be as effective and efficient with our resources as we possibly can because those are two factors that cut in opposite directions and create a situation that we have to address. So, some of the ways that we’ve done it are we’ve created centralized systems to respond to telephone calls, to process complaints as they come in, and these have produced significant efficiencies. We are freeing up our regional [office] resources to engage in substantive investigations when those are necessary.

Q. Your office has the ability to issue fines in ways that a lot of federal agencies can’t and in denominations that a lot of federal agencies can’t. You’ve noted that you used them about two dozen times. Is that enough?

A. You know, each case depends on its facts and I do think that we have been committed to using settlement agreements and monetary recoveries in situations where we think that the conduct has been egregious or where we want to create a deterrent or where we feel that the monetary settlement will help to reinforce the message that we’re serious about HIPAA compliance. That said, we are very serious about HIPAA compliance even in situations where we don’t seek monetary settlements or civil money penalties. And I think if you look at our corrective action plans [agreements in which providers promise to make changes following a complaint], you will see that those are uniformly robust efforts to ensure that covered entities and business associates undertake the infrastructure and structural reforms that are necessary to ensure compliance going forward. And at the end of the day, ensuring that they have the policies and procedures in place to protect information in the future is a significant component of the kind of remedial relief that we seek.

Q. It seems that the Office for Civil Rights receives far more reports of smaller breaches than larger ones, and these don’t get the same amount of attention, at least publicly. Are these less important?

A. As I mentioned, every case depends on its facts. That’s why we do monitor the small breach reports that come in. To the extent we identify situations that warrant further investigation, we engage in that investigation. And in fact we’ve entered into two settlement agreements that were based on small breach reports that resulted in monetary relief. I think it is critical in our efforts to efficiently allocate our resources to identify where we can have the greatest impact in promoting compliance going forward and to the extent in the small breaches that we see types of conduct or egregiousness of mindset of the covered entity or examples of pervasive problems that we think the industry needs to be aware of. Those are the kinds of things that will lead us to undertake investigations of small breaches even though we don’t trigger them automatically.

Has your privacy been violated? Please share your story to help inform our reporting. Also, use our app to check which health providers and organizations in your state have had health data breaches that affected more than 500 people. We’ve updated it this week.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

Previous Post

24Mar2015 Market Close: Markets Drifted Lower As Greece, Ukraine And A China Hard-Landing Become Investor Center Pieces

Next Post

Strategy to Profit Before the Markets Head South

Related Posts

Bitcoin Is Finally Trading Perfectly Like 'Digital Gold'
Economics

Bitcoin Is Finally Trading Perfectly Like ‘Digital Gold’

by admin
Namibia Will Regulate And Not Ban Crypto With New Law
Finance

Namibia Will Regulate And Not Ban Crypto With New Law

by admin
6,746 ETH Valued At $12M Was Just Burned
Economics

6,746 ETH Valued At $12M Was Just Burned

by admin
Bitcoin Is Steady Above $29,000 Awaiting US NFP Figures
Economics

Bitcoin: What Next After Consolidation Ends?

by admin
US Government Offloads Another 8,200 Bitcoin – On-chain Data
Economics

US Government Offloads Another 8,200 Bitcoin – On-chain Data

by admin
Next Post

Strategy to Profit Before the Markets Head South

답글 남기기 응답 취소

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다

Browse by Category

  • Business
  • Econ Intersect News
  • Economics
  • Finance
  • Politics
  • Uncategorized

Browse by Tags

adoption altcoins bank banking banks Binance Bitcoin Bitcoin market blockchain BTC BTC price business China crypto crypto adoption cryptocurrency crypto exchange crypto market crypto regulation decentralized finance DeFi Elon Musk ETH Ethereum Europe Federal Reserve finance FTX inflation investment market analysis Metaverse NFT nonfungible tokens oil market price analysis recession regulation Russia stock market technology Tesla the UK the US Twitter

Categories

  • Business
  • Econ Intersect News
  • Economics
  • Finance
  • Politics
  • Uncategorized

© Copyright 2024 EconIntersect

No Result
View All Result
  • 토토사이트
    • 카지노사이트
    • 도박사이트
    • 룰렛 사이트
    • 라이브카지노
    • 바카라사이트
    • 안전카지노
  • 경제
  • 파이낸스
  • 정치
  • 투자

© Copyright 2024 EconIntersect