Columbia University

New Healthcare Apps possess security threat?

November 4th, 2014

With the growth in technology, healthcare organizations are implementing policies to secure data. But there are few application loopholes which may lead to severe data breach.

Founder and Chief Medical officer Dr. Joshua La told that the application has more than 150,000 users in six countries including the US, Canada, UK and Australia.

“In Australia, a customized consent form can be signed by patient or representative before images can be taken,” Landy said. “After that images are reviewed by privacy moderators to make sure they have educational value. [They are] being taken respectfully, there’s no sensationalistic images.”

Bryan Vartabedian, a pediatric gastroenterologist at Texas Children’s Hospital wrote in his blog post that the overall concept makes sense as images in medicine are a good way to teach. He is also wary of Figure 1 and what it could mean to patient privacy.

“There’s a difference between de-identification of images on a level that’s compliant with health privacy law and de-identification that respects a patient’s wishes,” Vartabedian wrote. “I operate within the understanding that if a patient can individually identify their own leg, finger, laceration within an image, they should understand very clearly that the image is headed for the very public domain.”

Healthcare professionals must follow rules to keep patients’ protected health information (PHI) secure, even if they are working to improve a patient’s health.

“In the old days medical images never left the medical library or the glossy paper on which they were printed,” he said. “But times have changed, technology is advancing faster than the discussion surrounding its use, and we have to think carefully about how we repurpose and share the images of those under our care.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Largest ever violation settlement by NYP and CU

May 10th, 2014

The Department of Health and Human Services (HHS) has issued $4.8 million worth of HIPAA fines to New York and Presbyterian Hospital (NYP) and Columbia University (CU). Earlier NYP and CU had violated both the HIPAA Privacy and Security Rules which resulted in electronic Protected Health Information (ePHI) of 6800 patients to data breach. NYP and CU learned of the breach when a deceased patient’s partner found the former patient’s ePHI on the internet.

Breach occurred when the application developer for the affiliate organizations tried deactivating a personally owned computer server on the network which held the data. Soon the ePHI become accessible on the internet search engines after the process of server deactivation.

NYP and CU had submitted a joint breach report after ePHI held on their network suffered data breach. EPHI included patient status, vital signs, medications, and laboratory results.  NYP paid OCR $3,300,000 and CU had to give $1,500,000, with both agreeing to complete corrective action plans. It includes risk analyses, developing risk management plans, revising policies and procedures, staff training, and providing OCR with progress reports.

“When entities participate in joint compliance arrangements, they share the burden of addressing the risks to protected health information,” said Christina Heide, Acting Deputy Director of Health Information Privacy for OCR. “Our cases against NYP and CU should remind health care organizations of the need to make data security central to how they manage their information systems.”

According to the hhs.gov website,

In addition to the impermissible disclosure of ePHI on the internet, OCR’s investigation found that neither NYP nor CU made efforts prior to the breach to assure that the server was secure and that it contained appropriate software protections.  Moreover, OCR determined that neither entity had conducted an accurate and thorough risk analysis that identified all systems that access NYP ePHI.  As a result, neither entity had developed an adequate risk management plan that addressed the potential threats and hazards to the security of ePHI.  Lastly, NYP failed to implement appropriate policies and procedures for authorizing access to its databases and failed to comply with its own policies on information access management.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

– See more at: http://blog.alertsec.com/#sthash.4Btkgtu7.dpuf

Enhanced by Zemanta