Posts Tagged ‘indentity coverage’

When a safe harbor isn’t safe enough

December 3, 2010 Leave a comment

In many data security circles, the word “encryption” will bring a glow of peaceful serenity. Encrypting data is one of the best ways to protect it from prying eyes and is recommended by almost all experts and required by many laws and regulations. But it is not always enough. A recent incident illustrates how human error can foil even the best data security methods.

Rainbow Hospice and Palliative Care in Illinois had duly encrypted its laptops in accordance with everyone’s best practices recommendations and many jurisdictions’ legal requirements. The laptop at issue contained personal medical and financial information about nearly 1,000 patients. Encryption was activated whenever the computer was shut off or its top closed, and two passwords were required for access to the confidential data. So far, so good. Read more…

Hospital data breach shows vulnerabilities in data protection and insurance

Hospital officials announced yesterday that computer files from South Shore Hospital in Weymouth, MA containing personal information for 800,000 individuals (patients, employees, doctors, volunteers, donors, vendors and business partners) may have been lost when they were shipped to a contractor to be destroyed. The notice posted to their website provides careful readers with some insights into some of the potential financial and insurance coverage risks that even the most careful organizations can face in connection with the compromise of confidential information. Read more…

Privacy risks extend beyond your own systems

A recent news item highlights one of the most challenging and frustrating aspects for companies and organizations dealing with their privacy and data security obligations: their potential responsibility for the behavior of others. Lincoln Medical and Mental Health Center in New York City has posted a notice on its website explaining that several CDs containing patients’ protected health and personal information had apparently been lost in transit. One of the hospital’s vendors had shipped the CDs to the hospital via overnight courier, but they never arrived. According to the website, the CDs contained the following types of information: name, address, social security number, medical record number, patient number, health plan information, date of birth, dates of admission and discharge, diagnostic and procedural codes and descriptions, and possibly a driver’s license number. Read more…

Healthcare organizations find themselves at risk of “low tech” privacy breaches

In an age of ever-increasing dependence on electronic records and cyber-security, it should come as little surprise that there is a steady diet of new examples of data breaches and the loss of private data. This is especially true in the case of healthcare institutions and providers. Read more…

Ask the Experts: Concerns for privacy in healthcare

March 11, 2010 Leave a comment

The Health Information Technology for Economic and Clinical Health Act (known as the “HITECH” Act), enacted as part of the American Recovery and Reinvestment Act of 2009, substantial expands the HIPAA privacy and security rules. A recent survey conducted with the readers of Modern Healthcare found that privacy is a big concern with several key changes in healthcare information privacy laws of the act. This installment of “Ask the Experts” takes a look at risk management issues regarding this issue within healthcare operations.

Ask the Experts: The advantages of a group excess program

December 18, 2009 Leave a comment

A Group Excess Liability program is a master umbrella policy issued to the sponsoring organization or employer that provides additional coverage to participants.