Archive for February, 2015

Emergency bill by Maryland General Assembly

February 5th, 2015

The Maryland General Assembly passed an emergency bill which is designed to highlight and implement certain aspects of HIPAA and patient privacy. According to the new bill, forms will be made available to patients allowing them to request confidential communications with their health insurer or provider. The new bill also allows patients to send their medical information to a different address other than residence.

“The bill also specifies that certain written notices from an insurer to a claimant regarding denial of a claim made on an individual health insurance policy and certain annual summary explanations of benefits provided to an insured are subject to confidential communications requirements under HIPAA privacy rule,” stated the bill.

Simply put, HIPAA Privacy Rule explains that individual can request sending of medical information to another location if he or she is endangered because of the disclosure of certain information.

“Privacy concerns may encourage an individual to delay or avoid seeking services or to pay out-of-pocket despite insurance coverage,” the bill stated.

“This may present a barrier to care for sensitive services such as reproductive care, substance abuse, or mental health. While confidential communication protections are already required under the HIPAA privacy rule, they are not well known.”

“It is important for patients to have confidence in how clinicians and others use their sensitive health information,” Lucia Savage, chief privacy officer of the Office of the National Coordinator for Health Information Technology, told Clemson University, which helped conduct the study.

“Patient-centered decision making in electronic health information exchange can inspire trust in health IT and the papers in the journal, along with this study, give us new insights on these issues.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Hackers potentially compromise data of 80 million individuals

February 2nd, 2015

Anthem, Inc.’s database was attacked by hackers potentially compromising the personal information of approximately 80 million former and current customers, as well as employees. The affected information includes  names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses.

According to a statement from Anthem president and CEO Joseph Swedish posted on the company website:

“Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised,” Swedish said. “Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.”

Swedish added that the personal information of Anthem employees, including himself, were also compromised in this data breach using “very sophisticated external cyber attack”.

“We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” he said.

Anthem will notify the affected individuals.

“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information,” Swedish said. “We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem.”

The HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3) has been collaborating with Anthem since it discovered the breach.

“As additional information becomes available, Anthem has committed to continue to work with the HITRUST C3 to disseminate any findings and lessons learned that can help other organizations better prepare and respond to these type of cyber incidents.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.