Data Privacy

This past January, the AAA hosted a webinar presented by EMS/healthcare Attorneys Matthew Streger, Margaret Keavney, and Rebecca Ragkoski, titled Cybersecurity, Top 10 Considerations in Healthcare and How to Address Them. During this very informative webinar, Matt, Margaret, and Rebecca covered one of the biggest issues facing EMS and other healthcare providers today, data security. If you did not get chance to listen in on this program, it is available on-demand at the AAA website. As highlighted in their webinar, data security and data breach concerns are one of the most frequently encountered issues facing EMS agencies as healthcare providers but also as employers. Ensuring that patient and employee protected health information (PHI) and personally identifiable information (PII) is adequately protected from access or intrusion is critically important. Alabama becomes the 50th state to enact data breach requirements for all individuals and businesses in the state. The Society for Human Resource Management (SHRM) provides a great summary of the new breach requirements in several article resources published this week. The National Conference on State Legislatures is a great resource for learning the laws that apply to your organization. Of course, it is recommended that all members engage a law firm...

This content is available only to AAA members.
Log In or Register

HIPAA and Mobile Devices: What Your Service Needs to Know

For ambulance services, HIPAA compliance is a particularly sensitive issue. Because of the sensitive nature of the health data that EMS and EMT professionals deal with on a daily basis, HIPAA Privacy and Security standards must be carefully adhered to. This issue becomes even more sensitive when you consider that most of the data collected during pre-hospital care will likely be collected, tracked, and documented on a mobile device. Laptops, smartphones, and tablets are indispensable tools for ambulance care. Most of these devices will have access to electronic health records (EHR) platforms, which will in turn be connected to the rest of a hospital’s EHR data. While mobile devices can provide convenience in life-or-death situations, they are also particularly vulnerable to the risk of a data breach. A data breach of unsecured health information can lead to serious HIPAA violations and put patient privacy at risk. The kind of health information that these devices have access to is called protected health information, or PHI. PHI is any demographic information that can be used to identify a patient. Common examples of PHI include names, dates of birth, medical information, insurance ID numbers, addresses, full facial photos, and telephone numbers, to name...

This content is available only to AAA members.
Log In or Register

Ransomware: A Ticking Time Bomb for Health Care

By Cindy Elbert President, Cindy Elbert Insurance Services, Inc If you’re doing business online, you need cyber-insurance. This fact was never made truer than on May 12, 2017 when 50,000 businesses in at least 74 countries were hit by a ransomware attack code named “WannaCry”. Hackers demanded companies to pay a $300 ransom fee or their files would be published on the Internet. The data thieves targeted mostly hospitals and other medical facilities because their data not only included names, home addresses, addiction histories, financial information and religious affiliations but also disclosed patients’ mental health and medical diagnoses, HIV statuses and sexual assault and domestic violence reports. A gold mine of personal information for those with dark purposes. Two days earlier, a data breach at the Bronx Lebanon Hospital Center in New York compromised the medical records of at least 7,000 people. According to NBC News, “Leaks from the Rsync servers, which transfer and synchronize files across systems, are common. How many more nude photos of patients or ultrasound images will be exposed because of misconfigured Rsync backups?” On May 4, 2017, a group calling themselves TheDarkOverload uploaded almost 180,000 stolen patient/medical records from three companies onto the Internet because (more…)

Ransomware Alert

A few days ago, multiple news agencies reported that there has been a large scale cyber-attack on healthcare agency networks worldwide.  The New York Times and the Washington Post reported yesterday that hackers have exploited malware that was stolen from the National Security Agency (NSA) and have executed an attack on numerous healthcare agency networks, including the Britain’s public health system.  The hackers have essentially held the system hostage freezing users from accessing data.  The cyber-attack has spread to nearly 74 countries, including India, Africa, and several in South America countries.  This cyber-attack highlights the vulnerability of many healthcare providers, including ambulance services who have become increasingly technology dependent. If your service has not performed an Risk Analysis as required under the Security Rule by the Health Insurance Portability & Accountability Act (HIPAA), or have not performed the analysis in the last year, I suggest that you do so as soon as possible.  If members are uncertain or concerned about how they can come into compliance with the requirements of HIPAA, please contact the consultants available as part of their AAA membership.