SlideShare uma empresa Scribd logo

Protecting Patient Information - Feds Find Security Lapses in State and Local Government Systems

Patton Boggs LLP
Patton Boggs LLP

This document summarizes two recent announcements from the Department of Health and Human Services highlighting the need for state and local governments to regularly review their policies and procedures for protecting patient health information. An audit found serious cybersecurity lapses in 10 state Medicaid systems, including lack of security plans, encryption of laptops, and disaster recovery testing. Additionally, Skagit County, Washington agreed to a $215,000 settlement for exposing patient information on a public server in violation of privacy and security rules. Both announcements emphasize the importance of risk assessments, administrative and technical safeguards, and compliance with health information privacy laws.

Notícias e política
1 de 2
Baixar para ler offline
MARCH 18, 2014 This alert provides only general information and should not be relied upon as legal advice. This alert may be considered attorney advertising under court and bar rules in certain jurisdictions. For more information, contact your Patton Boggs LLP attorney or the authors listed below. STEPHEN NASH snash@pattonboggs.com KAREN THIEL kthiel@pattonboggs.com NORMA KRAYEM nkrayem@pattonboggs.com LU ZAWISTOWICH lzawistowich@pattonboggs.com TODD TUTEN ttuten@pattonboggs.com MEL GATES mgates@pattonboggs.com ABU DHABI ANCHORAGE DALLAS DENVER DOHA DUBAI NEW JERSEY NEW YORK RIYADH WASHINGTON DC PattonBoggs.com Client Alert: Protecting Patient Information – Feds Find Security Lapses in State and Local Government Systems 1 HEALTH CARE AND CYBERSECURITY CLIENT ALERT PROTECTING PATIENT INFORMATION – FEDS FIND SECURITY LAPSES IN STATE AND LOCAL GOVERNMENT SYSTEMS Taken together, two recent announcements from the U.S. Department of Health and Human Services (HHS) highlight the need for state and local governments (and others who collect and maintain patient information) to regularly review their policies, procedures and safeguards for protecting patient information under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. First, on March 5, 2014, the HHS Office of Inspector General (OIG) issued an audit report regarding High-Risk Security Vulnerabilities Identified During Reviews of Information Technology General Controls at State Medicaid Agencies that summarizes a series of serious cybersecurity lapses found during audits of 10 state Medicaid Management Information Systems (MMIS) performed between 2010 and 2012 (report at available at this link). Second, on March 7, 2014, the HHS Office for Civil Rights (OCR) announced that Skagit County, Washington, has agreed to a $215,000 monetary settlement and corrective action plan related to apparent lapses in protecting the privacy and security of patient information. The Skagit County Public Health Department provides essential health care services to needy individuals in the 118,000 person county. As OCR stated, this “case marks the first settlement with a county government and sends a strong message about the importance of HIPAA compliance to local and county governments, regardless of size” (announcement and Resolution Agreement available at this link). Both these events reiterate the need for state and local government agencies that handle patient data – specifically, “protected health information (PHI)” under the HIPAA/HITECH regulations – to perform regular risk assessments and ensure that proper administrative, physical, and technical safeguards are in place
PattonBoggs.com Client Alert: Protecting Patient Information – Feds Find Security Lapses in State and Local Government Systems 2 and working. In the Skagit County case, an OCR investigation commenced after the county reported a data breach involving several individuals’ information that was inadvertently exposed on, and accessed from, a publicly (Internet) accessible server. The ensuing review found that information regarding some 1,581 individuals had been placed at risk, including sensitive data regarding testing and treatment for infectious diseases, and what OCR characterized as “widespread non-compliance” with the HIPAA Privacy, Security, and Breach Notification Rules. Returning to the OIG report, the agency’s audits focused on information system general controls, including those that provide structure, policies, and procedures for managing an organization’s information technology systems and cybersecurity posture. The report details a number of high risk security vulnerabilities across the 10 states reviewed, characterizing several of them as “systemic” and thus likely to be concerns for other states and their MMIS. In publishing its report, OIG emphasized that its objective was to “increase public awareness of these pervasive vulnerabilities” and hopefully lead the Centers for Medicare & Medicaid Services (CMS) and state agencies to meet the challenge and strengthen system security. The vulnerabilities were explained using three broad categories:  Entity-wide controls,  Access controls, and  Network operations controls. Examples of the vulnerabilities cited include lack of proper security plans, failure to encrypt laptops, and lack of formal disaster recovery plan testing. Additional deficiencies were seen in a variety of other areas, including asset inventory controls, risk assessments, user access controls, anti-virus procedures, and patch management. Such cybersecurity deficiencies place agencies, and patient information, at high risk of unauthorized disclosure or widespread system attacks. But, these unfortunate issues can be avoided with regular attention to safeguards, planning, documentation, and workforce training. As noted in the OIG report, resources such as technical standards and guidance are available from the National Institute of Standards and Technology (NIST). In addition, all health care organizations should be mindful of the growing momentum for adoption of the recently NIST-published Cybersecurity Framework, created under the direction of Executive Order 13636, and its support for building a proactive cybersecurity program (see EO 13636, the Framework, and supporting materials at this link). Patton Boggs has deep experience in assisting public and private sector organizations with their cybersecurity planning and HIPAA/HITECH compliance programs, including policy development, vendor governance, workforce training, and risk assessment.

Recomendados

Sarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim
 
Addressing Data Security Issues in Healthcare
Addressing Data Security Issues in Healthcare Addressing Data Security Issues in Healthcare
Addressing Data Security Issues in Healthcare Managed Outsource Solutions
 
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...mosmedicalreview
 
GIST 698 Research Paper
GIST 698 Research PaperGIST 698 Research Paper
GIST 698 Research PaperRyan Flanagan
 
Fraud Analytics- Healthcare
Fraud Analytics- HealthcareFraud Analytics- Healthcare
Fraud Analytics- HealthcareKurt Krueger
 
Key Obamacare Official Stepping Down
Key Obamacare Official Stepping DownKey Obamacare Official Stepping Down
Key Obamacare Official Stepping Downresale422
 
Maintaining patient privacy
Maintaining patient privacyMaintaining patient privacy
Maintaining patient privacyspoullard1
 
Patient Privacy Protections
Patient Privacy ProtectionsPatient Privacy Protections
Patient Privacy Protectionskwittman
 

Recomendados

Sarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim
 
Addressing Data Security Issues in Healthcare
Addressing Data Security Issues in Healthcare Addressing Data Security Issues in Healthcare
Addressing Data Security Issues in Healthcare Managed Outsource Solutions
 
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...mosmedicalreview
 
GIST 698 Research Paper
GIST 698 Research PaperGIST 698 Research Paper
GIST 698 Research PaperRyan Flanagan
 
Fraud Analytics- Healthcare
Fraud Analytics- HealthcareFraud Analytics- Healthcare
Fraud Analytics- HealthcareKurt Krueger
 
Key Obamacare Official Stepping Down
Key Obamacare Official Stepping DownKey Obamacare Official Stepping Down
Key Obamacare Official Stepping Downresale422
 
Maintaining patient privacy
Maintaining patient privacyMaintaining patient privacy
Maintaining patient privacyspoullard1
 
Patient Privacy Protections
Patient Privacy ProtectionsPatient Privacy Protections
Patient Privacy Protectionskwittman
 
Test
TestTest
Testludicrousempath46
 
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...Polsinelli PC
 
Obama administration reverses on HealthCare.gov privacy policy after concerns
Obama administration reverses on HealthCare.gov privacy policy after concernsObama administration reverses on HealthCare.gov privacy policy after concerns
Obama administration reverses on HealthCare.gov privacy policy after concernsjoblessbeach6696
 
Obama administration reverses on HealthCare.gov privacy policy after concerns
Obama administration reverses on HealthCare.gov privacy policy after concernsObama administration reverses on HealthCare.gov privacy policy after concerns
Obama administration reverses on HealthCare.gov privacy policy after concernswretchedphantom97
 
Obama's CMS nominee Slavitt could face rough road to confirmation
Obama's CMS nominee Slavitt could face rough road to confirmationObama's CMS nominee Slavitt could face rough road to confirmation
Obama's CMS nominee Slavitt could face rough road to confirmationnicheshub44
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training Tara Goodwin
 
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Request for Comments on Risk-Based Regulatory Framework for Health IT
Request for Comments on Risk-Based Regulatory Framework for Health ITRequest for Comments on Risk-Based Regulatory Framework for Health IT
Request for Comments on Risk-Based Regulatory Framework for Health ITPatton Boggs LLP
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft- Mark - Fullbright
 
The New Era of Individual Responsibility in Health Care Fraud and Abuse
The New Era of Individual Responsibility in Health Care Fraud and AbuseThe New Era of Individual Responsibility in Health Care Fraud and Abuse
The New Era of Individual Responsibility in Health Care Fraud and AbuseSamuel M. Shapiro
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data SecurityFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security- Mark - Fullbright
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data SecurityFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security- Mark - Fullbright
 
Compliance
ComplianceCompliance
ComplianceMark Lanterman
 
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Building blockchain based Healthcare infrastructure with beyond block labs
Building blockchain based Healthcare infrastructure with beyond block labsBuilding blockchain based Healthcare infrastructure with beyond block labs
Building blockchain based Healthcare infrastructure with beyond block labsBeyond Block Labs
 
WhitepaperBlockchainForClaims_V11
WhitepaperBlockchainForClaims_V11WhitepaperBlockchainForClaims_V11
WhitepaperBlockchainForClaims_V11Kyle Culver
 
Security concerns about HealthCare.gov are overblown, Democrats say
Security concerns about HealthCare.gov are overblown, Democrats saySecurity concerns about HealthCare.gov are overblown, Democrats say
Security concerns about HealthCare.gov are overblown, Democrats saybashfulshopper843
 
Compliance in medical practices
Compliance in medical practicesCompliance in medical practices
Compliance in medical practicesJose Ivan Delgado, Ph.D.
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 
DATA BREACH CHARTS
DATA BREACH CHARTSDATA BREACH CHARTS
DATA BREACH CHARTS- Mark - Fullbright
 
Page 1 Executive Summary Policy makers are looking.docx
Page 1 Executive Summary Policy makers are looking.docxPage 1 Executive Summary Policy makers are looking.docx
Page 1 Executive Summary Policy makers are looking.docxsmile790243
 
Cost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, CourtneyCost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, Courtneycourtneyquinlan
 

Mais conteúdo relacionado

Mais procurados

Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...Polsinelli PC
 
Obama administration reverses on HealthCare.gov privacy policy after concerns
Obama administration reverses on HealthCare.gov privacy policy after concernsObama administration reverses on HealthCare.gov privacy policy after concerns
Obama administration reverses on HealthCare.gov privacy policy after concernsjoblessbeach6696
 
Obama administration reverses on HealthCare.gov privacy policy after concerns
Obama administration reverses on HealthCare.gov privacy policy after concernsObama administration reverses on HealthCare.gov privacy policy after concerns
Obama administration reverses on HealthCare.gov privacy policy after concernswretchedphantom97
 
Obama's CMS nominee Slavitt could face rough road to confirmation
Obama's CMS nominee Slavitt could face rough road to confirmationObama's CMS nominee Slavitt could face rough road to confirmation
Obama's CMS nominee Slavitt could face rough road to confirmationnicheshub44
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training Tara Goodwin
 
Request for Comments on Risk-Based Regulatory Framework for Health IT
Request for Comments on Risk-Based Regulatory Framework for Health ITRequest for Comments on Risk-Based Regulatory Framework for Health IT
Request for Comments on Risk-Based Regulatory Framework for Health ITPatton Boggs LLP
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft- Mark - Fullbright
 
The New Era of Individual Responsibility in Health Care Fraud and Abuse
The New Era of Individual Responsibility in Health Care Fraud and AbuseThe New Era of Individual Responsibility in Health Care Fraud and Abuse
The New Era of Individual Responsibility in Health Care Fraud and AbuseSamuel M. Shapiro
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data SecurityFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security- Mark - Fullbright
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data SecurityFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security- Mark - Fullbright
 
Building blockchain based Healthcare infrastructure with beyond block labs
Building blockchain based Healthcare infrastructure with beyond block labsBuilding blockchain based Healthcare infrastructure with beyond block labs
Building blockchain based Healthcare infrastructure with beyond block labsBeyond Block Labs
 
WhitepaperBlockchainForClaims_V11
WhitepaperBlockchainForClaims_V11WhitepaperBlockchainForClaims_V11
WhitepaperBlockchainForClaims_V11Kyle Culver
 
Security concerns about HealthCare.gov are overblown, Democrats say
Security concerns about HealthCare.gov are overblown, Democrats saySecurity concerns about HealthCare.gov are overblown, Democrats say
Security concerns about HealthCare.gov are overblown, Democrats saybashfulshopper843
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 

Mais procurados (20)

Test
TestTest
Test
 
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
Driving Health Care Change Through Telehealth: Understanding Strategic and Co...
 
Obama administration reverses on HealthCare.gov privacy policy after concerns
Obama administration reverses on HealthCare.gov privacy policy after concernsObama administration reverses on HealthCare.gov privacy policy after concerns
Obama administration reverses on HealthCare.gov privacy policy after concerns
 
Obama administration reverses on HealthCare.gov privacy policy after concerns
Obama administration reverses on HealthCare.gov privacy policy after concernsObama administration reverses on HealthCare.gov privacy policy after concerns
Obama administration reverses on HealthCare.gov privacy policy after concerns
 
Obama's CMS nominee Slavitt could face rough road to confirmation
Obama's CMS nominee Slavitt could face rough road to confirmationObama's CMS nominee Slavitt could face rough road to confirmation
Obama's CMS nominee Slavitt could face rough road to confirmation
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training
 
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...
 
Request for Comments on Risk-Based Regulatory Framework for Health IT
Request for Comments on Risk-Based Regulatory Framework for Health ITRequest for Comments on Risk-Based Regulatory Framework for Health IT
Request for Comments on Risk-Based Regulatory Framework for Health IT
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft
 
The New Era of Individual Responsibility in Health Care Fraud and Abuse
The New Era of Individual Responsibility in Health Care Fraud and AbuseThe New Era of Individual Responsibility in Health Care Fraud and Abuse
The New Era of Individual Responsibility in Health Care Fraud and Abuse
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data SecurityFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data SecurityFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security
 
Compliance
ComplianceCompliance
Compliance
 
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...
 
Building blockchain based Healthcare infrastructure with beyond block labs
Building blockchain based Healthcare infrastructure with beyond block labsBuilding blockchain based Healthcare infrastructure with beyond block labs
Building blockchain based Healthcare infrastructure with beyond block labs
 
WhitepaperBlockchainForClaims_V11
WhitepaperBlockchainForClaims_V11WhitepaperBlockchainForClaims_V11
WhitepaperBlockchainForClaims_V11
 
Security concerns about HealthCare.gov are overblown, Democrats say
Security concerns about HealthCare.gov are overblown, Democrats saySecurity concerns about HealthCare.gov are overblown, Democrats say
Security concerns about HealthCare.gov are overblown, Democrats say
 
Compliance in medical practices
Compliance in medical practicesCompliance in medical practices
Compliance in medical practices
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power point
 
DATA BREACH CHARTS
DATA BREACH CHARTSDATA BREACH CHARTS
DATA BREACH CHARTS
 

Semelhante a Protecting Patient Information - Feds Find Security Lapses in State and Local Government Systems

Page 1 Executive Summary Policy makers are looking.docx
Page 1 Executive Summary Policy makers are looking.docxPage 1 Executive Summary Policy makers are looking.docx
Page 1 Executive Summary Policy makers are looking.docxsmile790243
 
Cost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, CourtneyCost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, Courtneycourtneyquinlan
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxkarlhennesey
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxhoney690131
 
Laws & regulations surrounding the evolution of Telemedicine
Laws & regulations surrounding the evolution of TelemedicineLaws & regulations surrounding the evolution of Telemedicine
Laws & regulations surrounding the evolution of TelemedicineLynne Watanabe
 
Apa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes agoApa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes agoaman341480
 
Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Arete-Zoe, LLC
 
Business Associate Risk - HC SC Sept 2014
Business Associate Risk - HC SC Sept 2014Business Associate Risk - HC SC Sept 2014
Business Associate Risk - HC SC Sept 2014garyjohnson500
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraRapid7
 
Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009canadianlawyer
 
Data security
Data securityData security
Data securityoco26
 
Big Data, CEP and IoT : Redefining Holistic Healthcare Information Systems an...
Big Data, CEP and IoT : Redefining Holistic Healthcare Information Systems an...Big Data, CEP and IoT : Redefining Holistic Healthcare Information Systems an...
Big Data, CEP and IoT : Redefining Holistic Healthcare Information Systems an...Tauseef Naquishbandi
 
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSMANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSijsptm
 
Running head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxRunning head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxwlynn1
 
D2015 Protected-Health-Information-Data-Breach-Report
D2015 Protected-Health-Information-Data-Breach-ReportD2015 Protected-Health-Information-Data-Breach-Report
D2015 Protected-Health-Information-Data-Breach-ReportThe Internet of Things
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Hybrid Cloud
 
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...Brian Dickerson
 

Semelhante a Protecting Patient Information - Feds Find Security Lapses in State and Local Government Systems (20)

Page 1 Executive Summary Policy makers are looking.docx
Page 1 Executive Summary Policy makers are looking.docxPage 1 Executive Summary Policy makers are looking.docx
Page 1 Executive Summary Policy makers are looking.docx
 
Cost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, CourtneyCost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, Courtney
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
 
Laws & regulations surrounding the evolution of Telemedicine
Laws & regulations surrounding the evolution of TelemedicineLaws & regulations surrounding the evolution of Telemedicine
Laws & regulations surrounding the evolution of Telemedicine
 
Apa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes agoApa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes ago
 
Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...
 
Business Associate Risk - HC SC Sept 2014
Business Associate Risk - HC SC Sept 2014Business Associate Risk - HC SC Sept 2014
Business Associate Risk - HC SC Sept 2014
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH Era
 
Risk management in Healthcare on Cloud
Risk management in Healthcare on CloudRisk management in Healthcare on Cloud
Risk management in Healthcare on Cloud
 
Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009
 
Data security
Data securityData security
Data security
 
Big Data, CEP and IoT : Redefining Holistic Healthcare Information Systems an...
Big Data, CEP and IoT : Redefining Holistic Healthcare Information Systems an...Big Data, CEP and IoT : Redefining Holistic Healthcare Information Systems an...
Big Data, CEP and IoT : Redefining Holistic Healthcare Information Systems an...
 
Accounting
AccountingAccounting
Accounting
 
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSMANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
 
Running head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxRunning head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docx
 
D2015 Protected-Health-Information-Data-Breach-Report
D2015 Protected-Health-Information-Data-Breach-ReportD2015 Protected-Health-Information-Data-Breach-Report
D2015 Protected-Health-Information-Data-Breach-Report
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
 
Data Breach: It Can Happen To You
Data Breach: It Can Happen To YouData Breach: It Can Happen To You
Data Breach: It Can Happen To You
 
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
 

Mais de Patton Boggs LLP

Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...
Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...
Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...Patton Boggs LLP
 
Update: Employer Responsibilities Under the Affordable Care Act
Update: Employer Responsibilities Under the Affordable Care ActUpdate: Employer Responsibilities Under the Affordable Care Act
Update: Employer Responsibilities Under the Affordable Care ActPatton Boggs LLP
 
Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...
Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...
Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...Patton Boggs LLP
 
American University International Law Review Annual Symposium: Managing the G...
American University International Law Review Annual Symposium: Managing the G...American University International Law Review Annual Symposium: Managing the G...
American University International Law Review Annual Symposium: Managing the G...Patton Boggs LLP
 
Reinsurance Newsletter - March 2014
Reinsurance Newsletter - March 2014Reinsurance Newsletter - March 2014
Reinsurance Newsletter - March 2014Patton Boggs LLP
 
Supreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent Cases
Supreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent CasesSupreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent Cases
Supreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent CasesPatton Boggs LLP
 
FTC Announces Study of "Patent Assertion Entities"
FTC Announces Study of "Patent Assertion Entities"FTC Announces Study of "Patent Assertion Entities"
FTC Announces Study of "Patent Assertion Entities"Patton Boggs LLP
 
ALJ Ruling on Heart Attack Reporting Requirements Creates Split of Authority
ALJ Ruling on Heart Attack Reporting Requirements Creates Split of AuthorityALJ Ruling on Heart Attack Reporting Requirements Creates Split of Authority
ALJ Ruling on Heart Attack Reporting Requirements Creates Split of AuthorityPatton Boggs LLP
 
New TCPA Requirements for "Prior Express Written Consent" Effective October 16
New TCPA Requirements for "Prior Express Written Consent" Effective October 16New TCPA Requirements for "Prior Express Written Consent" Effective October 16
New TCPA Requirements for "Prior Express Written Consent" Effective October 16Patton Boggs LLP
 
Reinsurance Newsletter ~ September 2013
Reinsurance Newsletter ~ September 2013Reinsurance Newsletter ~ September 2013
Reinsurance Newsletter ~ September 2013Patton Boggs LLP
 
The U.S. Chemical Safety Board to OSHA: Get to Work on Combustible Dust
The U.S. Chemical Safety Board to OSHA: Get to Work on Combustible DustThe U.S. Chemical Safety Board to OSHA: Get to Work on Combustible Dust
The U.S. Chemical Safety Board to OSHA: Get to Work on Combustible DustPatton Boggs LLP
 
The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...Patton Boggs LLP
 
Capital Thinking ~ July 29, 2013
Capital Thinking ~ July 29, 2013Capital Thinking ~ July 29, 2013
Capital Thinking ~ July 29, 2013Patton Boggs LLP
 
Capital Thinking ~ July 22, 2013
Capital Thinking ~ July 22, 2013Capital Thinking ~ July 22, 2013
Capital Thinking ~ July 22, 2013Patton Boggs LLP
 
CFTC Cross-Border Guidance Frequently Asked Questions
CFTC Cross-Border Guidance Frequently Asked QuestionsCFTC Cross-Border Guidance Frequently Asked Questions
CFTC Cross-Border Guidance Frequently Asked QuestionsPatton Boggs LLP
 
Australia Elects a New Federal Government
Australia Elects a New Federal GovernmentAustralia Elects a New Federal Government
Australia Elects a New Federal GovernmentPatton Boggs LLP
 
"Advance Australia Fair" - The Australian Federal Election 2013
"Advance Australia Fair" - The Australian Federal Election 2013"Advance Australia Fair" - The Australian Federal Election 2013
"Advance Australia Fair" - The Australian Federal Election 2013Patton Boggs LLP
 
U.S. Securities and Exchange Commission Proposes New Rule on Pay Disclosure
U.S. Securities and Exchange Commission Proposes New Rule on Pay DisclosureU.S. Securities and Exchange Commission Proposes New Rule on Pay Disclosure
U.S. Securities and Exchange Commission Proposes New Rule on Pay DisclosurePatton Boggs LLP
 
Legal Q&A: Hotel Operations in the Arabian Gulf
Legal Q&A: Hotel Operations in the Arabian GulfLegal Q&A: Hotel Operations in the Arabian Gulf
Legal Q&A: Hotel Operations in the Arabian GulfPatton Boggs LLP
 

Mais de Patton Boggs LLP (20)

Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...
Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...
Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...
 
Update: Employer Responsibilities Under the Affordable Care Act
Update: Employer Responsibilities Under the Affordable Care ActUpdate: Employer Responsibilities Under the Affordable Care Act
Update: Employer Responsibilities Under the Affordable Care Act
 
Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...
Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...
Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...
 
American University International Law Review Annual Symposium: Managing the G...
American University International Law Review Annual Symposium: Managing the G...American University International Law Review Annual Symposium: Managing the G...
American University International Law Review Annual Symposium: Managing the G...
 
Reinsurance Newsletter - March 2014
Reinsurance Newsletter - March 2014Reinsurance Newsletter - March 2014
Reinsurance Newsletter - March 2014
 
Social Impact Bonds
Social Impact BondsSocial Impact Bonds
Social Impact Bonds
 
Supreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent Cases
Supreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent CasesSupreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent Cases
Supreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent Cases
 
FTC Announces Study of "Patent Assertion Entities"
FTC Announces Study of "Patent Assertion Entities"FTC Announces Study of "Patent Assertion Entities"
FTC Announces Study of "Patent Assertion Entities"
 
ALJ Ruling on Heart Attack Reporting Requirements Creates Split of Authority
ALJ Ruling on Heart Attack Reporting Requirements Creates Split of AuthorityALJ Ruling on Heart Attack Reporting Requirements Creates Split of Authority
ALJ Ruling on Heart Attack Reporting Requirements Creates Split of Authority
 
New TCPA Requirements for "Prior Express Written Consent" Effective October 16
New TCPA Requirements for "Prior Express Written Consent" Effective October 16New TCPA Requirements for "Prior Express Written Consent" Effective October 16
New TCPA Requirements for "Prior Express Written Consent" Effective October 16
 
Reinsurance Newsletter ~ September 2013
Reinsurance Newsletter ~ September 2013Reinsurance Newsletter ~ September 2013
Reinsurance Newsletter ~ September 2013
 
The U.S. Chemical Safety Board to OSHA: Get to Work on Combustible Dust
The U.S. Chemical Safety Board to OSHA: Get to Work on Combustible DustThe U.S. Chemical Safety Board to OSHA: Get to Work on Combustible Dust
The U.S. Chemical Safety Board to OSHA: Get to Work on Combustible Dust
 
The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...
 
Capital Thinking ~ July 29, 2013
Capital Thinking ~ July 29, 2013Capital Thinking ~ July 29, 2013
Capital Thinking ~ July 29, 2013
 
Capital Thinking ~ July 22, 2013
Capital Thinking ~ July 22, 2013Capital Thinking ~ July 22, 2013
Capital Thinking ~ July 22, 2013
 
CFTC Cross-Border Guidance Frequently Asked Questions
CFTC Cross-Border Guidance Frequently Asked QuestionsCFTC Cross-Border Guidance Frequently Asked Questions
CFTC Cross-Border Guidance Frequently Asked Questions
 
Australia Elects a New Federal Government
Australia Elects a New Federal GovernmentAustralia Elects a New Federal Government
Australia Elects a New Federal Government
 
"Advance Australia Fair" - The Australian Federal Election 2013
"Advance Australia Fair" - The Australian Federal Election 2013"Advance Australia Fair" - The Australian Federal Election 2013
"Advance Australia Fair" - The Australian Federal Election 2013
 
U.S. Securities and Exchange Commission Proposes New Rule on Pay Disclosure
U.S. Securities and Exchange Commission Proposes New Rule on Pay DisclosureU.S. Securities and Exchange Commission Proposes New Rule on Pay Disclosure
U.S. Securities and Exchange Commission Proposes New Rule on Pay Disclosure
 
Legal Q&A: Hotel Operations in the Arabian Gulf
Legal Q&A: Hotel Operations in the Arabian GulfLegal Q&A: Hotel Operations in the Arabian Gulf
Legal Q&A: Hotel Operations in the Arabian Gulf
 

Último

30042024_First India Newspaper Jaipur.pdf
30042024_First India Newspaper Jaipur.pdf30042024_First India Newspaper Jaipur.pdf
30042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx
2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx
2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docxkfjstone13
 
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...hyt3577
 
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost LoverPsychicRuben LoveSpells
 
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...Andy (Avraham) Blumenthal
 
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...AlexisTorres963861
 
China's soft power in 21st century .pptx
China's soft power in 21st century .pptxChina's soft power in 21st century .pptx
China's soft power in 21st century .pptxYasinAhmad20
 
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...Faga1939
 
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docxkfjstone13
 
Kishan Reddy Report To People (2019-24).pdf
Kishan Reddy Report To People (2019-24).pdfKishan Reddy Report To People (2019-24).pdf
Kishan Reddy Report To People (2019-24).pdfKISHAN REDDY OFFICE
 
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...Axel Bruns
 
04052024_First India Newspaper Jaipur.pdf
04052024_First India Newspaper Jaipur.pdf04052024_First India Newspaper Jaipur.pdf
04052024_First India Newspaper Jaipur.pdfFIRST INDIA
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceDelhi Call girls
 
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptxKAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptxjohnandrewcarlos
 
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's DevelopmentNara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Developmentnarsireddynannuri1
 
Group_5_US-China Trade War to understand the trade
Group_5_US-China Trade War to understand the tradeGroup_5_US-China Trade War to understand the trade
Group_5_US-China Trade War to understand the tradeRahatulAshafeen
 
Embed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdhEmbed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdhbhavenpr
 
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptxLorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptxlorenzodemidio01
 

Último (20)

30042024_First India Newspaper Jaipur.pdf
30042024_First India Newspaper Jaipur.pdf30042024_First India Newspaper Jaipur.pdf
30042024_First India Newspaper Jaipur.pdf
 
2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx
2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx
2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx
 
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
 
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
 
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
 
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
 
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
 
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
 
China's soft power in 21st century .pptx
China's soft power in 21st century .pptxChina's soft power in 21st century .pptx
China's soft power in 21st century .pptx
 
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
 
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
 
Kishan Reddy Report To People (2019-24).pdf
Kishan Reddy Report To People (2019-24).pdfKishan Reddy Report To People (2019-24).pdf
Kishan Reddy Report To People (2019-24).pdf
 
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
 
04052024_First India Newspaper Jaipur.pdf
04052024_First India Newspaper Jaipur.pdf04052024_First India Newspaper Jaipur.pdf
04052024_First India Newspaper Jaipur.pdf
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptxKAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
 
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's DevelopmentNara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
 
Group_5_US-China Trade War to understand the trade
Group_5_US-China Trade War to understand the tradeGroup_5_US-China Trade War to understand the trade
Group_5_US-China Trade War to understand the trade
 
Embed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdhEmbed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdh
 
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptxLorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
 

Protecting Patient Information - Feds Find Security Lapses in State and Local Government Systems

  • 1. MARCH 18, 2014 This alert provides only general information and should not be relied upon as legal advice. This alert may be considered attorney advertising under court and bar rules in certain jurisdictions. For more information, contact your Patton Boggs LLP attorney or the authors listed below. STEPHEN NASH snash@pattonboggs.com KAREN THIEL kthiel@pattonboggs.com NORMA KRAYEM nkrayem@pattonboggs.com LU ZAWISTOWICH lzawistowich@pattonboggs.com TODD TUTEN ttuten@pattonboggs.com MEL GATES mgates@pattonboggs.com ABU DHABI ANCHORAGE DALLAS DENVER DOHA DUBAI NEW JERSEY NEW YORK RIYADH WASHINGTON DC PattonBoggs.com Client Alert: Protecting Patient Information – Feds Find Security Lapses in State and Local Government Systems 1 HEALTH CARE AND CYBERSECURITY CLIENT ALERT PROTECTING PATIENT INFORMATION – FEDS FIND SECURITY LAPSES IN STATE AND LOCAL GOVERNMENT SYSTEMS Taken together, two recent announcements from the U.S. Department of Health and Human Services (HHS) highlight the need for state and local governments (and others who collect and maintain patient information) to regularly review their policies, procedures and safeguards for protecting patient information under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. First, on March 5, 2014, the HHS Office of Inspector General (OIG) issued an audit report regarding High-Risk Security Vulnerabilities Identified During Reviews of Information Technology General Controls at State Medicaid Agencies that summarizes a series of serious cybersecurity lapses found during audits of 10 state Medicaid Management Information Systems (MMIS) performed between 2010 and 2012 (report at available at this link). Second, on March 7, 2014, the HHS Office for Civil Rights (OCR) announced that Skagit County, Washington, has agreed to a $215,000 monetary settlement and corrective action plan related to apparent lapses in protecting the privacy and security of patient information. The Skagit County Public Health Department provides essential health care services to needy individuals in the 118,000 person county. As OCR stated, this “case marks the first settlement with a county government and sends a strong message about the importance of HIPAA compliance to local and county governments, regardless of size” (announcement and Resolution Agreement available at this link). Both these events reiterate the need for state and local government agencies that handle patient data – specifically, “protected health information (PHI)” under the HIPAA/HITECH regulations – to perform regular risk assessments and ensure that proper administrative, physical, and technical safeguards are in place
  • 2. PattonBoggs.com Client Alert: Protecting Patient Information – Feds Find Security Lapses in State and Local Government Systems 2 and working. In the Skagit County case, an OCR investigation commenced after the county reported a data breach involving several individuals’ information that was inadvertently exposed on, and accessed from, a publicly (Internet) accessible server. The ensuing review found that information regarding some 1,581 individuals had been placed at risk, including sensitive data regarding testing and treatment for infectious diseases, and what OCR characterized as “widespread non-compliance” with the HIPAA Privacy, Security, and Breach Notification Rules. Returning to the OIG report, the agency’s audits focused on information system general controls, including those that provide structure, policies, and procedures for managing an organization’s information technology systems and cybersecurity posture. The report details a number of high risk security vulnerabilities across the 10 states reviewed, characterizing several of them as “systemic” and thus likely to be concerns for other states and their MMIS. In publishing its report, OIG emphasized that its objective was to “increase public awareness of these pervasive vulnerabilities” and hopefully lead the Centers for Medicare & Medicaid Services (CMS) and state agencies to meet the challenge and strengthen system security. The vulnerabilities were explained using three broad categories:  Entity-wide controls,  Access controls, and  Network operations controls. Examples of the vulnerabilities cited include lack of proper security plans, failure to encrypt laptops, and lack of formal disaster recovery plan testing. Additional deficiencies were seen in a variety of other areas, including asset inventory controls, risk assessments, user access controls, anti-virus procedures, and patch management. Such cybersecurity deficiencies place agencies, and patient information, at high risk of unauthorized disclosure or widespread system attacks. But, these unfortunate issues can be avoided with regular attention to safeguards, planning, documentation, and workforce training. As noted in the OIG report, resources such as technical standards and guidance are available from the National Institute of Standards and Technology (NIST). In addition, all health care organizations should be mindful of the growing momentum for adoption of the recently NIST-published Cybersecurity Framework, created under the direction of Executive Order 13636, and its support for building a proactive cybersecurity program (see EO 13636, the Framework, and supporting materials at this link). Patton Boggs has deep experience in assisting public and private sector organizations with their cybersecurity planning and HIPAA/HITECH compliance programs, including policy development, vendor governance, workforce training, and risk assessment.