• Resources
  • Blog
  • Journalists
  • Log In
  • Sign Up
  • Data Privacy
  • Send a Release
Cision PR Newswire: news distribution, targeting and monitoring home
  • News
  • Products
    • Overview
    • Distribution by PR Newswire
    • Cision Communications Cloud®
    • Cision IR
    • Sponsored Placement
    • All Products
  • Contact
    • General Inquiries
    • Request a Demo
    • Editorial Bureaus
    • Partnerships
    • Media Inquiries
    • Worldwide Offices

 

When typing in this field, a list of search results will appear and be automatically updated as you type.

Searching for your content...

No results found. Please change your search terms and try again.
  • News in Focus
      • Browse News Releases

      • All News Releases
      • All Public Company
      • English-only
      • News Releases Overview

      • Multimedia Gallery

      • All Multimedia
      • All Photos
      • All Videos
      • Multimedia Gallery Overview

      • Trending Topics

      • All Trending Topics
  • Business & Money
      • Auto & Transportation

      • All Automotive & Transportation
      • Aerospace, Defense
      • Air Freight
      • Airlines & Aviation
      • Automotive
      • Maritime & Shipbuilding
      • Railroads and Intermodal Transportation
      • Supply Chain/Logistics
      • Transportation, Trucking & Railroad
      • Travel
      • Trucking and Road Transportation
      • Auto & Transportation Overview

      • View All Auto & Transportation

      • Business Technology

      • All Business Technology
      • Blockchain
      • Broadcast Tech
      • Computer & Electronics
      • Computer Hardware
      • Computer Software
      • Data Analytics
      • Electronic Commerce
      • Electronic Components
      • Electronic Design Automation
      • Financial Technology
      • High Tech Security
      • Internet Technology
      • Nanotechnology
      • Networks
      • Peripherals
      • Semiconductors
      • Business Technology Overview

      • View All Business Technology

      • Entertain­ment & Media

      • All Entertain­ment & Media
      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • Entertain­ment & Media Overview

      • View All Entertain­ment & Media

      • Financial Services & Investing

      • All Financial Services & Investing
      • Accounting News & Issues
      • Acquisitions, Mergers and Takeovers
      • Banking & Financial Services
      • Bankruptcy
      • Bond & Stock Ratings
      • Conference Call Announcements
      • Contracts
      • Cryptocurrency
      • Dividends
      • Earnings
      • Earnings Forecasts & Projections
      • Financing Agreements
      • Insurance
      • Investments Opinions
      • Joint Ventures
      • Mutual Funds
      • Private Placement
      • Real Estate
      • Restructuring & Recapitalization
      • Sales Reports
      • Shareholder Activism
      • Shareholder Meetings
      • Stock Offering
      • Stock Split
      • Venture Capital
      • Financial Services & Investing Overview

      • View All Financial Services & Investing

      • General Business

      • All General Business
      • Awards
      • Commercial Real Estate
      • Corporate Expansion
      • Earnings
      • Environmental, Social and Governance (ESG)
      • Human Resource & Workforce Management
      • Licensing
      • New Products & Services
      • Obituaries
      • Outsourcing Businesses
      • Overseas Real Estate (non-US)
      • Personnel Announcements
      • Real Estate Transactions
      • Residential Real Estate
      • Small Business Services
      • Socially Responsible Investing
      • Surveys, Polls and Research
      • Trade Show News
      • General Business Overview

      • View All General Business

  • Science & Tech
      • Consumer Technology

      • All Consumer Technology
      • Artificial Intelligence
      • Blockchain
      • Cloud Computing/Internet of Things
      • Computer Electronics
      • Computer Hardware
      • Computer Software
      • Consumer Electronics
      • Cryptocurrency
      • Data Analytics
      • Electronic Commerce
      • Electronic Gaming
      • Financial Technology
      • Mobile Entertainment
      • Multimedia & Internet
      • Peripherals
      • Social Media
      • STEM (Science, Tech, Engineering, Math)
      • Supply Chain/Logistics
      • Wireless Communications
      • Consumer Technology Overview

      • View All Consumer Technology

      • Energy & Natural Resources

      • All Energy
      • Alternative Energies
      • Chemical
      • Electrical Utilities
      • Gas
      • General Manufacturing
      • Mining
      • Mining & Metals
      • Oil & Energy
      • Oil and Gas Discoveries
      • Utilities
      • Water Utilities
      • Energy & Natural Resources Overview

      • View All Energy & Natural Resources

      • Environ­ment

      • All Environ­ment
      • Conservation & Recycling
      • Environmental Issues
      • Environmental Policy
      • Environmental Products & Services
      • Green Technology
      • Natural Disasters
      • Environ­ment Overview

      • View All Environ­ment

      • Heavy Industry & Manufacturing

      • All Heavy Industry & Manufacturing
      • Aerospace & Defense
      • Agriculture
      • Chemical
      • Construction & Building
      • General Manufacturing
      • HVAC (Heating, Ventilation and Air-Conditioning)
      • Machinery
      • Machine Tools, Metalworking and Metallurgy
      • Mining
      • Mining & Metals
      • Paper, Forest Products & Containers
      • Precious Metals
      • Textiles
      • Tobacco
      • Heavy Industry & Manufacturing Overview

      • View All Heavy Industry & Manufacturing

      • Telecomm­unications

      • All Telecomm­unications
      • Carriers and Services
      • Mobile Entertainment
      • Networks
      • Peripherals
      • Telecommunications Equipment
      • Telecommunications Industry
      • VoIP (Voice over Internet Protocol)
      • Wireless Communications
      • Telecomm­unications Overview

      • View All Telecomm­unications

  • Lifestyle & Health
      • Consumer Products & Retail

      • All Consumer Products & Retail
      • Animals & Pets
      • Beers, Wines and Spirits
      • Beverages
      • Bridal Services
      • Cannabis
      • Cosmetics and Personal Care
      • Fashion
      • Food & Beverages
      • Furniture and Furnishings
      • Home Improvement
      • Household, Consumer & Cosmetics
      • Household Products
      • Jewelry
      • Non-Alcoholic Beverages
      • Office Products
      • Organic Food
      • Product Recalls
      • Restaurants
      • Retail
      • Supermarkets
      • Toys
      • Consumer Products & Retail Overview

      • View All Consumer Products & Retail

      • Entertain­ment & Media

      • All Entertain­ment & Media
      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • Entertain­ment & Media Overview

      • View All Entertain­ment & Media

      • Health

      • All Health
      • Biometrics
      • Biotechnology
      • Clinical Trials & Medical Discoveries
      • Dentistry
      • FDA Approval
      • Fitness/Wellness
      • Health Care & Hospitals
      • Health Insurance
      • Infection Control
      • International Medical Approval
      • Medical Equipment
      • Medical Pharmaceuticals
      • Mental Health
      • Pharmaceuticals
      • Supplementary Medicine
      • Health Overview

      • View All Health

      • Sports

      • All Sports
      • General Sports
      • Outdoors, Camping & Hiking
      • Sporting Events
      • Sports Equipment & Accessories
      • Sports Overview

      • View All Sports

      • Travel

      • All Travel
      • Amusement Parks and Tourist Attractions
      • Gambling & Casinos
      • Hotels and Resorts
      • Leisure & Tourism
      • Outdoors, Camping & Hiking
      • Passenger Aviation
      • Travel Industry
      • Travel Overview

      • View All Travel

  • Policy & Public Interest
      • Policy & Public Interest

      • All Policy & Public Interest
      • Advocacy Group Opinion
      • Animal Welfare
      • Congressional & Presidential Campaigns
      • Corporate Social Responsibility
      • Domestic Policy
      • Economic News, Trends, Analysis
      • Education
      • Environmental
      • European Government
      • FDA Approval
      • Federal and State Legislation
      • Federal Executive Branch & Agency
      • Foreign Policy & International Affairs
      • Homeland Security
      • Labor & Union
      • Legal Issues
      • Natural Disasters
      • Not For Profit
      • Patent Law
      • Public Safety
      • Trade Policy
      • U.S. State Policy
      • Policy & Public Interest Overview

      • View All Policy & Public Interest

  • People & Culture
      • People & Culture

      • All People & Culture
      • Aboriginal, First Nations & Native American
      • African American
      • Asian American
      • Children
      • Diversity, Equity & Inclusion
      • Hispanic
      • Lesbian, Gay & Bisexual
      • Men's Interest
      • People with Disabilities
      • Religion
      • Senior Citizens
      • Veterans
      • Women
      • People & Culture Overview

      • View All People & Culture

      • In-Language News

      • español
      • português
      • Česko
      • Danmark
      • Deutschland
      • España
      • France
      • Italia
      • Nederland
      • Norge
      • Polska
      • Portugal
      • Россия
      • Slovensko
      • Suomi
      • Sverige
  • Overview
  • Distribution by PR Newswire
  • Cision Communications Cloud®
  • Cision IR
  • Sponsored Placement
  • All Products
  • General Inquiries
  • Request a Demo
  • Editorial Bureaus
  • Partnerships
  • Media Inquiries
  • Worldwide Offices
  • PR Newswire: news distribution, targeting and monitoring
  • Send a Release
    • ALL CONTACT INFO
    • Contact Us

      888-776-0942
      from 8 AM - 10 PM ET

  • Send a Release
  • Sign Up
  • Log In
  • Resources
  • Blog
  • Journalists
  • RSS
  • GDPR
  • News in Focus
    • Browse All News
    • Multimedia Gallery
    • Trending Topics
  • Business & Money
    • Auto & Transportation
    • Business Technology
    • Entertain­ment & Media
    • Financial Services & Investing
    • General Business
  • Science & Tech
    • Consumer Technology
    • Energy & Natural Resources
    • Environ­ment
    • Heavy Industry & Manufacturing
    • Telecomm­unications
  • Lifestyle & Health
    • Consumer Products & Retail
    • Entertain­ment & Media
    • Health
    • Sports
    • Travel
  • Policy & Public Interest
  • People & Culture
    • People & Culture
  • Send a Release
  • Sign Up
  • Log In
  • Resources
  • Blog
  • Journalists
  • RSS
  • GDPR
  • Overview
  • Distribution by PR Newswire
  • Cision Communications Cloud®
  • Cision IR
  • All Products
  • Send a Release
  • Sign Up
  • Log In
  • Resources
  • Blog
  • Journalists
  • RSS
  • GDPR
  • General Inquiries
  • Request a Demo
  • Editorial Bureaus
  • Partnerships
  • Media Inquiries
  • Worldwide Offices
  • Send a Release
  • Sign Up
  • Log In
  • Resources
  • Blog
  • Journalists
  • RSS
  • GDPR

Millions of Dollars in Privacy Violations are Wake-Up Call for Healthcare Industry; Experts Share Insight About What's Ahead

What's at Stake? What's to Come? What Can Healthcare Organizations Do?


News provided by

ID Experts

Apr 05, 2011, 09:00 ET

Share this article

Share this article


PORTLAND, Ore., April 5, 2011 /PRNewswire/ -- What can healthcare organizations learn from the multi-million dollar penalties recently issued by the Department of Health and Human Services Office for Civil Rights (OCR) for privacy violations?  Recently, the OCR singled out two prominent healthcare organizations—Cignet Health of Maryland with a penalty of $4.3 million dollars and Massachusetts General with a settlement of $1 million—both for allegedly violating the Federal HIPAA Privacy and Security Rule, the rule that protects the privacy of patient healthcare information.  A panel of healthcare experts representing legal, regulatory, IT, governance, technology, and data breach weigh in to share their insights as to what these first-round penalties indicate, what's to come, and what healthcare organizations and providers can do.  The overall conclusion: these sizeable fines signal a wake-up call for the healthcare industry and are only the beginning.  

Industry-Wide Experts Offer Their Insights

The top analyses include:

  1. Fines will bring more fines and lawsuits
  2. OCR enforcement is serious
  3. Electronic health information systems are nuclear; need to protect and proceed with caution
  4. Compliance matters
  5. What can be done: risk assessments, incident planning

Catherine A. Allen, chairman and CEO, The Santa Fe Group, manages the Shared Assessments Program

"The Stimulus Plan and the HITECH Act, combined with the rapid growth of electronic medical records, represent a sea change in the way the healthcare industry looks at the problem of data breaches.  In this climate, it is imperative that the healthcare industry understands the importance of using appropriate security and privacy safeguards and best practices.  A new industry group, the ANSI/Shared Assessments PHI Program, will look at these issues in depth.  In particular, we'll draw on the Shared Assessments Program's roots in financial services, bringing the members' knowledge of regulatory oversight issues and best practices to the table to help the healthcare industry meet these new demands."

Chris Apgar, CISSP, president, Apgar & Associates, LLC

"Even if OCR does not investigate, that does not stop the filing of lawsuits for damages.  Given HITECH, what looks to be increased enforcement by OCR was inevitable.  I think this should send a clear message to the healthcare industry that enforcement has just started and, per an earlier statement by OCR, the focus will not just be on large organizations.  While the OCR draft privacy, security and enforcement rule is not final, that does not mean OCR will not enforce rules that have been on the books since as far back as 2003.  This was demonstrated by the recent OCR monetary settlements.  The two provider organizations involved did not violate what could be termed HITECH requirements.  They violated the HIPAA Privacy Rule, which has been around since 2003. I think it is time for healthcare organizations to move security to the front burner, especially given the significant legal risk associated with breaches and other security incidents."  

Donald L. Bradfield, senior counsel, legal department, Johns Hopkins Health System

"My takeaways from the two events, but most particularly the Mass General event, are that OCR has discovered its teeth and will not hesitate to bite hard; that putting all of the administrative pieces in place is not sufficient—actual compliance matters; that human error will not excuse the institution; and that, once onsite, OCR will not limit itself to the circumstances of the particular event but will range more broadly to other areas of HIPAA compliance."

James Christiansen, CEO, Evantix, on-demand risk intelligence

"The healthcare organization needs to be in the driver's seat! The financial impact of the fines to the healthcare companies is just the tip of the iceberg.  The real big costs are tied to implementing the mandatory corrective actions and enduring the ongoing reporting that is typically part of the consent agreement.  The worst part is the financial and organizational impact of the oversight that lasts for years.  A better approach is implementing a program before an incident occurs including a plan for handling all the corrective actions.  The cost of the plan can then be spread out over years and made much more manageable."

Rick Kam, president and co-founder, ID Experts; comprehensive data breach solutions

"No healthcare organization wants a breach of their patients' information.  Without conducting regular risk assessments, all organizations are in jeopardy.  Putting a documented risk assessment in place helps demonstrate HIPAA compliance and effectively addresses patient privacy gaps that might delay or complicate EHR implementation and Meaningful Use qualification.  Unfortunately, the ramifications for not meeting compliance with HIPAA privacy and security rules go beyond significant fines—there will be Corrective Action Plans to follow, creation and implementation of revised policies, government agency monitoring—not to mention the potential damage and harm caused to the individuals whose information was breached."

James C. Pyles, principal, Powers Pyles Sutter & Verville PC

"Electronic health information systems are the nuclear energy of health reform.  They can bring great benefit if carefully used and controlled, and can be costly and produce catastrophic damage if not tightly controlled.  Electronic health information systems make it possible, for the first time in the history of medicine, to breach the health information privacy of millions of individuals with the punch of a button; steal health information without having physical access to it (or even be on the same continent); and breach health privacy in a manner that it can never be restored."

Larry W. Walker, president of The Walker Company; governance consultant to health care organizations

"Based on my experience working with hospital governing boards, the large majority of board members have little or no real knowledge about the risk of patient health information breaches in their organizations, nor do they typically know what systems and processes are in place to prevent these breaches.  It's not due to neglect—it's simply not a part of their governance thinking, and yet it's a distinctly critical governance accountability that must be understood and addressed by the board. The safety and security of patient health information is a vital trust that boards must protect through robust policies and careful, deliberate oversight.  Accomplishing that begins with a board-wide understanding of the vital importance of the issue.  It's followed by ensuring the resources necessary to safeguard patients' information are properly allocated, and that the systems and processes put into place are successfully working 24/7/365 to prevent a breach."

Media Contact:
Kelly Stremel
MacKenzie Marketing Group
503-225-0725
[email protected]

SOURCE ID Experts

Modal title

Contact Cision

  • Cision Distribution 888-776-0942
    from 8 AM - 9 PM ET

  • Chat with an Expert
  • General Inquiries
  • Request a Demo
  • Editorial Bureaus
  • Partnerships
  • Media Inquiries
  • Worldwide Offices

Products

  • Cision Communication Cloud®
  • For Marketers
  • For Public Relations
  • For IR & Compliance
  • For Agency
  • For Small Business
  • All Products

About

  • About PR Newswire
  • About Cision
  • Become a Publishing Partner
  • Become a Channel Partner
  • Careers
  • COVID-19 Resources
  • Accessibility Statement
  • Asia
  • Brazil
  • Canada
  • Czech
  • Denmark
  • Finland
  • France
  • Germany
  • India
  • Israel
  • Italy
  • Mexico
  • Middle East
  • Netherlands
  • Norway
  • Poland
  • Portugal
  • Russia
  • Slovakia
  • Spain
  • Sweden
  • United Kingdom

My Services

  • All New Releases
  • Online Member Center
  • ProfNet

Contact Cision

Products

About

My Services
  • All News Releases
  • Online Member Center
  • ProfNet
Cision Distribution Helpline
888-776-0942
  • Terms of Use
  • Privacy Policy
  • Information Security Policy
  • Site Map
  • RSS
  • Cookie Settings
Copyright © 2022 Cision US Inc.