Center for Children’s Digestive Health agrees to $31k HIPAA … – Becker’s Hospital Review


Healthcare IT News
Center for Children's Digestive Health agrees to $31k HIPAA ...
Becker's Hospital Review
Park Ridge, Ill.-based Center for Children's Digestive Health will pay $31000 and implement a corrective action plan as part of a HIPAA settlement to resolve ...
Provider hit with $31000 HIPAA settlement over lack of business associate's agreementHealthcare IT News
Illinois Provider Pays $31,000 HIPAA Settlement Due to Lack of BA ...Healthcare Informatics

all 4 news articles »

Center for Children’s Digestive Health agrees to $31k HIPAA settlement – Becker’s Hospital Review


Healthcare IT News
Center for Children's Digestive Health agrees to $31k HIPAA settlement
Becker's Hospital Review
Park Ridge, Ill.-based Center for Children's Digestive Health will pay $31,000 and implement a corrective action plan as part of a HIPAA settlement to resolve allegations it failed to establish a business associate agreement with FileFax. The Center ...
Provider hit with $31000 HIPAA settlement over lack of business associate's agreementHealthcare IT News
Illinois Provider Pays $31000 HIPAA Settlement Due to Lack of BA AgreementHealthcare Informatics
Small Healthcare Provider Pays $31000 for Failing to Have a Business Associate Agreement With File Storage VendorThe National Law Review

all 4 news articles »

Center for Children’s Digestive Health agrees to $31k HIPAA settlement – Becker’s Hospital Review


Healthcare IT News
Center for Children's Digestive Health agrees to $31k HIPAA settlement
Becker's Hospital Review
Park Ridge, Ill.-based Center for Children's Digestive Health will pay $31,000 and implement a corrective action plan as part of a HIPAA settlement to resolve allegations it failed to establish a business associate agreement with FileFax. The Center ...
Provider hit with $31000 HIPAA settlement over lack of business associate's agreementHealthcare IT News
Illinois Provider Pays $31000 HIPAA Settlement Due to Lack of BA AgreementHealthcare Informatics
Small Healthcare Provider Pays $31000 for Failing to Have a Business Associate Agreement With File Storage VendorThe National Law Review

all 4 news articles »

Provider hit with $31000 HIPAA settlement over lack of business associate’s agreement – Healthcare IT News


Healthcare IT News
Provider hit with $31000 HIPAA settlement over lack of business associate's agreement
Healthcare IT News
Center for Children's Digestive Health shared protected health info with FileFax, but didn't have a BAA in place. By Mike Miliard. April 21, 2017. 02:09 PM. Share. HIPAA settlement Center for Children's Digestive Health. The failure of one Illinois ...
Illinois Provider Pays $31000 HIPAA Settlement Due to Lack of BA AgreementHealthcare Informatics
Center for Children's Digestive Health agrees to $31k HIPAA settlementBecker's Hospital Review
Small Healthcare Provider Pays $31000 for Failing to Have a Business Associate Agreement With File Storage VendorThe National Law Review

all 4 news articles »

Provider hit with $31000 HIPAA settlement over lack of business associate’s agreement – Healthcare IT News


Healthcare IT News
Provider hit with $31000 HIPAA settlement over lack of business associate's agreement
Healthcare IT News
Center for Children's Digestive Health shared protected health info with FileFax, but didn't have a BAA in place. By Mike Miliard. April 21, 2017. 02:09 PM. Share. HIPAA settlement Center for Children's Digestive Health. The failure of one Illinois ...
Illinois Provider Pays $31000 HIPAA Settlement Due to Lack of BA AgreementHealthcare Informatics
Small Healthcare Provider Pays $31000 for Failing to Have a Business Associate Agreement With File Storage VendorThe National Law Review

all 2 news articles »

Illinois Provider Pays $31000 HIPAA Settlement Due to Lack of BA Agreement – Healthcare Informatics

Illinois Provider Pays $31000 HIPAA Settlement Due to Lack of BA Agreement
Healthcare Informatics
The Center for Children's Digestive Health has paid the U.S. Department of Health and Human Services (HHS) $31,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and agreed to ...

and more »

68% of Healthcare Employees Would Share Regulated Data

The Dell End User Security Survey has revealed that sensitive information, including data covered by HIPAA Rules, would be shared by employees without authorization under certain circumstances.

The Dell End User Security Survey sought to uncover how widespread the unauthorized sharing of confidential information has become. The results show that even in heavily regulated industries such as healthcare, unauthorized data sharing is occurring.

The survey was conducted on 2,608 individuals whose job duties involve handling confidential information. Across all industries, an alarming 72% of employees said they would willingly share sensitive information. 68% of healthcare employees who took part in the survey also confirmed that they would share PHI without authorization under certain circumstances.

Dell explains that in most cases, unauthorized sharing of confidential data is not malicious. It occurs when employees are trying to be more efficient and work as effectively as possible. Unfortunately, however, in an effort to get more work completed in less time, those employees are taking considerable security risks. In the case of healthcare employees, those actions could potentially violate the privacy of patients and result in their organization facing a significant HIPAA penalty.

Across all industries, 43% of employees would share sensitive, confidential data if they were directed to do so by management and 37% would share data with a person that was authorized to receive it. As Dell points out, this is why cybercriminals pose as trusted individuals and why business email compromise is so effective.

Other situations when employees would share data include if the risk was low and the benefit was high (23%), if it would allow them to perform their job more effectively (22%) and if it made the recipient of the information able to work more effectively (13%).

Dell explains that employees make the decision to share data independently and that they assess the risks and benefits of doing so on a case by case basis and points out that it is up to organizations to put policies and procedures in place to define the circumstances under which information can be shared. However, it is also important to ensure that employees are aware that when data are shared, it happens in a secure fashion.

Some of the most common security risks taken by the respondents who work in highly regulated industries such as finance and healthcare were using personal email accounts to send confidential information – 52% of respondents – and accessing confidential data via public Wi-Fi hotspots – 48% of respondents.

35% of respondents said it was common to take confidential work information with them when they changed employment. When that does occur, 61% used a USB drive and 56% sent the information to a personal email account.

Other risky behaviors involved using work-issued devices to access personal social media accounts – 46% of respondents – and using public cloud services to store or save their work – 56% of respondents.

The survey revealed that two out of three employees feel it is their own responsibility to educate themselves on possible risks, rather than being told by their company. However, while training on cybersecurity is important, it is not 100% effective. Even when provided with training on best practices, 24% of trained employees said they still engaged in unsafe behavior in order to get their work done.

The post 68% of Healthcare Employees Would Share Regulated Data appeared first on HIPAA Journal.