An error made by a transcription service provider during a software upgrade on Orlando Orthopaedic Center (OOC)’s server in December 2017 has resulted in the exposure of more than 19,000 patients’ protected health information (PHI). PHI stored on OOC’s server from December 2017 until February 2018 – when the breach was finally discovered – was freely exposed over the internet without any authentication. Upon full investigation, patients’ names, social security numbers, dates of birth, insurance information, employer details, and treatment types were deemed accessible.
The Federal Communications Commission (FCC) announced its intention to launch a $100 million pilot program to provide greater access to health care for rural and low-income Americans, as well as veterans, through the use of telehealth last month. The FCC is now moving forward with a Notice of Inquiry (NOI), which will kick off a comment period on the proposed program.
Health care technology, particularly digital medicine, promises great new capabilities that will improve outcomes and reduce overall costs and time constraints. Digital medicine encompasses a broad-range of technologies, from technologies used to record, retain, and manipulate health data (i.e., Electronic Health Records aka., EHRs) and thereby make it more useable and amenable to analysis; to actual tools in clinical care (i.e., medical imaging, wearable sensors) that can measure physiological parameters or patient activity and facilitate clinical care and decision-making.
Health care data breaches cost health care entities an average $408 per record– the highest of any industry for the eighth straight year, according to IBM and the Ponemon Institute’s 2018 Cost of a Data Breach Report, and three times higher than the cross-industry average of $148 per record. The cost for a health care data breach increased from last year’s reported average of $380 per record. Contributing factors to the high costs include compliance with laws and regulations and abnormally high churn rates due to consumer mistrust.
The Centers for Medicare and Medicaid Services’ (CMS) proposed reimbursements for certain telehealth services are a significant step forward for increasing access to telehealth services. The proposed revisions would benefit both providers and patients, allowing coverage for virtual visits and physician review of pre-recorded patient images and videos.
A U.S. Department of Health and Human Services (HHS) Administrative Law Judge (ALJ) has ruled that the University of Texas MD Anderson Cancer Center violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in its failure to encrypt its electronic devices and ordered MD Anderson to pay $4,348,000 in civil monetary penalties to the Office for Civil Rights (OCR). This is the second summary judgment ordered in favor of the OCR in its history, and the fourth largest amount recovered by OCR for HIPAA violations.