A Downfall of Giant PHI Databases

Posted by on Apr 17, 2012 in HIPAA Headlines | 0 comments

As we are pushed to put all of our medical records in electronic form, we open ourselves up to new issues. This headline is what we can expect to see more of in the future: GE Healthcare Admits Sending NHS Patient Data To US NHS IT Provider says 600,000 patients have no need to worry Whoops.  I especially like the “no need to worry” statement. As our records become electronic, more mishaps will occur. The last bit of the above mentioned article goes on to add these confidence building statements: “The ICO has...

read more

Secure Email is Not

Posted by on Jan 20, 2011 in HIPAA Headlines | 0 comments

I don’t do “told you so” moments. I do learn from incidents. Now, let’s learn: Indianapolis, Indiana:  St. Vincent Hospital, Nov. 12, 2010 approximately 1,800 patient’s PHI was revealed to third parties. Read the disclosure announcement here. What happened? The hospital apparently has a secure email system. On November 12, 2010 some “hospital employees unintentionally revealed their email login information to third parties.” From here, the “third parties” were able to access  PHI...

read more

Army Soldier Data Stolen

Posted by on May 14, 2010 in HIPAA Headlines | 0 comments

Arg! Nope, not speak like a pirate day. That is me censoring and keeping things clean here. Details: Government Contractor Laptop Stolen from office CD-ROM in laptop had data on 207,000 Reservists Questions: Why was data not encrypted? Why was data on a CD-ROM? What is going on here? PHI on a mobile device (laptop/external hard drive/CD-ROM/DVD-ROM/thumbdrive) that is not encrypted is just asking for disaster. Don’t let this happen to you. Our suggestions: Don’t let PHI out of your office Don’t put PHI on a...

read more

De-Identified Health Information

Posted by on Mar 11, 2010 in HIPAA Headlines | 0 comments

What does it take for PHI to not be PHI? Glad you asked…though in reality for a practice, this will not come up much, it is good to have an idea of what make a patient’s information PHI and therefore covered under HIPAA. Key Points: De-identified health information, as described in the Privacy Rule, is not PHI, and thus is not protected by the Privacy Rule. PHI may be used and disclosed for research with an individual’s written permission in the form of an Authorization. PHI may be used and disclosed for research...

read more