BAS Blog


 

HIPAA Breach in Insurer's Research Study

Over 5,000 patients participating in research studies with Kaiser Permanente may have had their personal information compromised. A research computer used to store names, birth dates, medical record numbers and lab results was found to be infected with malicious software. It was reported that the computer was infected for more than two and a half years before being discovered.

Read More »

Heartbleed Bug- No Indication BAS Was Impacted

The Heartbleed Bug is a security risk that made headlines last week. It presents a vulnerability in the OpenSSL cryptographic software library that implicates encryption features. It is the encryption technology behind many websites that collect personal or financial information (typically indicated by a lock icon in the browser to tell the user the site is secure).

Read More »

Mobile Device Policies

The organization HealthIT.gov has issued guidance for employers who allow employees to access information through a mobile device. This information may be helpful for employers in setting up security protocols for mobile devices. Click here for access to a summary of best practices.

Read More »

HHS Releases HIPAA Security Risk Assessment Tool

The Department of Health and Human Services released an online tool to help mid-sized organizations perform a security risk assessment under HIPAA. Click here to access the tool.

Read More »

Encrypt Computers to Avoid HIPAA Breach upon Theft

A third party billing vendor, Sutherland Healthcare Solutions, caused a HIPAA breach when several of its unencrypted computers were stolen last month. The computers at the Los Angeles County public health and health services departments contained patient Social Security Numbers, billing information, date of birth and medical diagnoses. The computers were not encrypted according to HIPAA standards.

Read More »

County Pays HHS for HIPAA Deficiencies

Skagit County, Washington must pay the U.S. Department of Health and Human Services (HHS) $215,000. HHS investigated the County after learning that protected health information from the Skagit County Public Health Department was accessible through a public server.

Read More »

Puerto Rico Insurance Company Subject to Huge Fines for Privacy Violation

A Puerto Rico based insurance company, Triple-S Salud, was found to have exposed protected health information in Medicare-eligible individuals’ medical records.

The company manages Medicaid in Puerto Rico. In September 2013, Triple-S Salud mailed letters to Medicare Advantage customers with Medicare numbers visible from the envelope.

Read More »

New Government Cybersecurity Framework Issued

The National Institute of Standards and Technology (NIST) issued a new cybersecurity framework describing best practices for organizations to develop their information security programs. The framework is the result of a collaboration between government groups and private businesses.

Read More »

Another Health System Security Breach

A Texas healthcare system was the target of a recent security breach in which hackers accessed protected health information of around 405,000 individuals.

Read More »

Unencrypted Hard Drive Stolen from Pharmacy School

A health insurance company based in Wisconsin notified over 41,000 participants of a possible HIPAA breach.

Read More »