Health insurance

Emergency bill by Maryland General Assembly

February 5th, 2015

The Maryland General Assembly passed an emergency bill which is designed to highlight and implement certain aspects of HIPAA and patient privacy. According to the new bill, forms will be made available to patients allowing them to request confidential communications with their health insurer or provider. The new bill also allows patients to send their medical information to a different address other than residence.

“The bill also specifies that certain written notices from an insurer to a claimant regarding denial of a claim made on an individual health insurance policy and certain annual summary explanations of benefits provided to an insured are subject to confidential communications requirements under HIPAA privacy rule,” stated the bill.

Simply put, HIPAA Privacy Rule explains that individual can request sending of medical information to another location if he or she is endangered because of the disclosure of certain information.

“Privacy concerns may encourage an individual to delay or avoid seeking services or to pay out-of-pocket despite insurance coverage,” the bill stated.

“This may present a barrier to care for sensitive services such as reproductive care, substance abuse, or mental health. While confidential communication protections are already required under the HIPAA privacy rule, they are not well known.”

“It is important for patients to have confidence in how clinicians and others use their sensitive health information,” Lucia Savage, chief privacy officer of the Office of the National Coordinator for Health Information Technology, told Clemson University, which helped conduct the study.

“Patient-centered decision making in electronic health information exchange can inspire trust in health IT and the papers in the journal, along with this study, give us new insights on these issues.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

PHI exposed on emails

November 22nd, 2014

Anthem Blue Cross members in California received emails from their health insurer having their own PHI in the subject line. It is not known whether the act of sending PHI in email is considered as data breach. The email was related to routine checkups and preventative screenings with their doctors. But the email also included information like age range and language along with possible medical screening tests – marked “Y” for recommended tests and “N” for tests not listed in the email.

This information is certainly sensitive, as you can imagine, because a call for certain tests, and frequency, could indicate a health problem,” wrote one female Anthem patient who received the email.

The woman said she received the following subject line from her health insurer:

Don’t miss out — call your doctor today; PlanState: CA; Segment: Individual; Age: Female Older; Language: EN; CervCancer3yr: N; CervCancer5yr: Y; Mammogram: N; Colonoscopy: N

“We know that patient privacy and security is just as important as having the most comprehensive medical records,” Mark Morgan, president of Anthem Blue Cross, told a reporter at the time of the HIE announcement. The incident occurred when the Anthem Blue Cross is working to further expand in the health IT world.

Blue Shield of California and Anthem Blue Cross has combined strength of 9 million customers in a new comprehensive network, Cal INDEX.

“Hospitals have moved away from using ordinary email because there are all sorts of ways in which it can be compromised, intercepted in transit, or seen by your email provider,” said Jonathan Mayer, a computer scientist and lawyer at Stanford who specializes in data security and privacy.

He added, “It’s especially bad when the information is in the subject line because who knows where that could pop up — on a desktop, a phone.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

South Carolina Insurance data stolen: Notofication sent after two months

January 9th, 2014

State mandated health insurance program in S.C. notified customers about laptop theft which has occurred two months earlier according to website, GoUpstate.com. The laptop belonged to one of the company’s auditor and reportedly it was password protected, the laptop was stolen from individual’s car. Information about stolen laptop was notified to the police next day and the SC Health Insurance Pool.

SC Health Insurance Pool, run by the SC Department of Insurance had hired Columbia accounting firm DeLoach & Williamson to review their claims and payments. The laptop had important personal information like patient names, dates of service, provider identification numbers, and Social Security numbers as per The Post and Courier. In total 3,432 customers were affected who earlier used the program in 2011 and 2012.

Personal information may lead to data theft due to possible violation of company policy as per the Attorneys for DeLoach. It is prohibited to leave laptop in vehicle unattended which leads to theft. The pool mentioned that it does not allow employees to take customer information outside company offices.

Despite theft knowledge within week, customers were not informed. All the affected customers were mailed about the incident.

“First, we had to determine what type of information was included,” Cynthia Hutto of Nelson Mullins Riley & Scarborough said. Apparently delay was caused due to the process of information collection for mailing address and setting up free credit monitoring. Cost for same is covered for one year by the auditor and respective mailing notification is sent for same.

With the present scenario it is advisable to have security software which prevents major data loss. With the possible penalty of breach and potential loss of customers trust more stringent security measures has to be applied. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Hackers new target: Health Insurance data

August 18th, 2013

The work “health insurance” brings up images of medical bills to people’s mind, but for hackers it is a way to make dollars.

The packages of data on individual people, which include verified bank account numbers and credentials, Social Security numbers, and other personally identity information, are known in the underground as “fullz.”

When further packaged with custom manufactured documents, such as credit cards and driver’s licenses, the hacker merchandise is referred to as “kitz,” each of which sells for between $1,200 and $1,300 a piece.

Don Jackson, Senior Security Researcher for Dell SecureWorks’ Counter Threat Unit said “Selling fullz and kitz aren’t new, but the selling of kitz, which is focused on health insurance credentials and all the other supporting credentials and documents needed to use those stolen health insurance credentials, is a new trend. Selling credentials by themselves does not have enough value, as those other credentials are needed to obtain medical services.”

The fullz is sold at comparatively less price, about $500 each based on the information included – full names, addresses, phone numbers, email addresses with passwords, and so on. Health insurance credentials are priced $20 each, with an additional $20 added whenever there is a dental, vision, or chiropractic plan associated with the health plan. Other data such as U.S credit card with CVV code is priced at $1 to $2, or $20 to $200 for a PayPal account with a verified balance.

“The health insurance information is being used to get free medical services. Theft of medical services, including doctor visits, drugs, and surgeries, are the primary goal for buying these stolen credentials” said Jackson.

He further commented “We have seen the cost of health insurance and the cost of medical services continue to rise. As such, we have seen more demand for stolen health insurance data and the associated credentials needed to use the health insurance, such as physical documents like the insurance card, the driver’s license, the SSN, address, payment card, etc. There is definitely an increase in the buying and selling of information like health insurance contracts. So the selling of kitz with this type of information, like health insurance credentials, is on the rise, and that is a new trend.”

Jackson has not identified exactly who was behind the underground marketplaces hawking the data, but he is sure about the fact that the criminals are located in the U.S.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta