Does Data Security Have Your Healthcare Practice “On the Hook”?

hook-159682I recently had the pleasure of presenting in a webinar series titled Is Your Practice “On the Hook?” to members of the Texas Dental Association and the Oklahoma Dental Association. Key points of the presentation, which focused on cyber security and data breaches in the healthcare industry, explained why protected health information (PHI) and electronic healthcare records are so valuable to cyber criminals and provided case studies of recent data breaches in the healthcare industry.

This presentation was arranged by my friend Larry Lewis (@SmartTraininglc) at Smart Training, LLC. If you are interested in obtaining a replay of this presentation, please contact Larry at Smart Training, LLC.

 


About the author

Shawn Tuma is a lawyer who is experienced in representing and advising clients on digital business risk which includes complex digital information law and intellectual property issues. This includes things such as trade secrets litigation and misappropriation of trade secrets (under common law and the Texas Uniform Trade Secrets Act), unfair competition, and cyber crimes such as the Computer Fraud and Abuse Act; helping companies with data security issues from assessing their data security strengths and vulnerabilities, helping them implement policies and procedures for better securing their data, preparing data breach incident response plans, leading them through responses to a data breach, and litigating disputes that have arisen from data breaches. Shawn is a partner at BrittonTuma, a boutique business law firm with offices near the border of Frisco and Plano, Texas which is located minutes from the District Courts of Collin County, Texas and the Plano Court of the United States District Court, Eastern District of Texas. He represents clients in lawsuits across the Dallas / Fort Worth Metroplex including state and federal courts in Collin County, Denton County, Dallas County, and Tarrant County, which are all courts in which he regularly handles cases (as well as throughout the nation pro hac vice). Tuma regularly serves as a consultant to other lawyers on issues within his area of expertise and also serves as local counsel for attorneys with cases in the District Courts of Collin County, Texas, the United States District Court, Eastern District of Texas, and the United States District Court, Northern District of Texas.

Why do cyber criminals want your healthcare data?

During a recent presentation a member of the audience asked me why cyber criminals would want to steal a person’s healthcare data. It is easy to understand why they would want to steal payment card data — but healthcare data — not so obvious. Here is a great answer:

A crook would love [healthcare data] because, “in the world of black market information, a medical record is considered more valuable than everything else,” says Larry Ponemon, the Institute’s founder.

The study was sponsored by ID Experts, and its founder, Rick Kam, says that the “black market is being flooded with payment card data.” Health care data includes a Social Security number and personal health record—data that sticks around for a long time, versus a credit card number.

via Healthcare Data under Attack | Robert Siciliano.

 

Upcoming Webinar: Anatomy of a Data Breach

I am looking forward to presenting a (free) webinar for healthcare professionals on “Anatomy of a Data Breach.”

The webinar is free because it is being brought to you by the great folks at SmartTraining, LLC. You can learn more about the topics that will be covered on this page. It will be from 12:00 PM to 1:30 PM on Wednesday, July 31, 2013.

For more information, feel free to ask me or click the following to email SmartTraining, LLC or find them on Twitter @SmartTraininglc.

You can register right HERE.

What do the penalties look like for a HIPAA violation?

Here you go — they are rising and here is where they currently stand. As you can see, data breach is serious business and serious for your business.

VIOLATION TYPE EACH VIOLATION REPEAT VIOLATIONS/YR
Did Not Know $100 – $50,000 $1,500,000
Reasonable Cause $1,000 – $50,000 $1,500,000
Willful Neglect – Corrected $10,000 – $50,000 $1,500,000
Willful Neglect – Not Corrected $50,000 $1,500,000

You can read the full article here: HIPAA Violation Penalties Rise in Response to Data Breaches | SmartData Collective.

Holy Cow – Do You Think This Is A HIPAA Privacy Violation?

Here is the best way I can frame this up: if you were the patient that had to go to the emergency room for constipation, would you want that information displayed publicly?

Here is why I ask …

It is Saturday morning and I am blogging on my iphone from a semi-private room in the emergency room (at a hospital I will not name). Why?

Fortunately we found out that we aren’t here for anything major so we have found some way to occupy our time by following — in real time on a computer monitor — the things people have come to the emergency room for, a few of which are:
• constipation
• fever
• ankle injury
• kidney stones

Interesting right? And, you know how i love technology — especially when i am just sitting around twiddling my thumbs.

But how about the fact that along with these symptoms are the patients’ names, ages, and gender? Wow!

Yes — you read that right. The monitors where this information is displayed are placed in plain view where anyone with decent eyesight can easily see everything on them. Hmmm….

What do you think? If you were “Mr Constipation” would you want it publicly displayed for the world to know?