Contact Us
Subscribe to this blog via RSS
Join us on LinkedInCategories
- Data Privacy
- Department of Health and Human Services' Office of Civil Rights
- Medical Malpractice
- Medical Cannabis
- Workplace health
- Workplace Violence
- Assisted Living Facilities
- EMTALA
- FDA
- Reproductive Rights
- Roe v. Wade
- SCOTUS
- COVID-19
- Prescription Drugs
- Telemedicine
- Medical Spas
- Code Enforcement
- Corporate
- United States Department of Justice ("DOJ")
- Employee Contracts
- Non-Compete Agreement
- Compliance
- HIPAA
- Kentucky Board of Nursing
- Managed Care Organizations (“MCOs”)
- Primary Care Physicians ("PCPs")
- Accountable Care Organizations (“ACO”)
- Anti-Kickback Statute
- Data Breach
- Electronic Protected Health Information (ePHI)
- False Claims Act
- Health Information Technology for Economic and Clinical Health Act (HITECH Act)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- HPSA
- KASPER
- Kentucky Board of Medical Licensure
- Kentucky’s Department for Medicaid Services
- Medicaid
- Mental Health Care
- Office for Civil Rights ("OCR")
- Office of Inspector General of the United States Department of Health and Human Services (OIG)
- Patient Protection and Affordable Care Act (“ACA”)
- Pharmacists
- Physician Assistants
- Qui Tam
- Stark Laws
- Affordable Care Act
- APRNs
- Centers for Medicare & Medicaid Services (“CMS”)
- Charitable Hospitals
- Federally Qualified Health Centers (“FQHCs”)
- Health Professional Shortage Area ("HPSA")
- Hospitals
- HRSA
- Medicare
- Mid-Level Practitioners
- Rural Health Centers (“RHCs”)
- Rural Health Clinic
- Telehealth
- Business Associate Agreements
- Compliance Programs
- ERISA
- Fraud
- Hospice
- Overpayments
- Part D
- Appeal
- Electronic Health Records (“EHR")
- Advanced Practice Registered Nurses
- Business Associates
- Denied Claims
- Division of Regulated Child Care
- Employee Agreement
- Fair Labor Standards Act (FLSA)
- Licensed practical nurses (LPN)
- Licensure Requirements
- Nurse practitioners (NP)
- Part A
- Part B
- Patient Autonomy
- Personal Health Information
- Personal Service Entities
- Physician Payments
- Qualified Health Plan ("QHP")
- Registered nurses (RN)
- Abuse and Waste
- Occupational Safety and Health Administration (“OSHA”)
- Department of Health and Human Services (HHS)
- Health Insurance
- Healthcare Regulation
- Health Care Law
McBrayer Blogs
Showing 1 post in Fraud.
Health Care Industry Familiar with HIPAA Breaches, Not So Much Hackers
Community Health Systems (“Community”), which operates 206 hospitals in 29 states, recently notified 4.5 million of its patients that online hackers had stolen personal data information from its systems in a period between April and June 2014. The data included names, addresses, birthdates, telephone numbers and Social Security numbers—all of which are protected under HIPAA. According to Community, the data did not include financial or medical information.
It has been reported that the hackers responsible for the attack are a group of cybercriminals from China that traditionally go after intellectual property, including medical device and equipment development data. They used malicious software to obtain the data, which has since been removed by Community from the network. Further remedial efforts are already underway, including notifying affected patients and offering them identity theft protection services.
Hospitals should be accustomed to protecting data against privacy breaches as part of their HIPAA obligations, but outright cybertheft is a threat that many providers have not likely considered. The FBI, which is now investigating the Community incident, said in April that health care providers typically do not use the same high levels of security technology as companies in other industries (such as banking or retail). This makes providers an easy target for hackers. If a leading hospital system like Community can be breached, then hospitals of every size are at risk.
It is crucial that HIPAA-covered entities (and their business associates) understand and identify potential threats to their secured information. The importance of HIPAA risk analysis cannot be stressed enough; in fact, a risk analysis is required as the first step in HIPAA Security Rule compliance. While it may be impossible to build an impenetrable fortress of secured online information, it is evident that health care providers must continue to make it a top priority to protect patient records – both from HIPAA breaches and hackers.
Services may be performed by others.
This article does not constitute legal advice.
