Awareness : Newsletter Articles

“Store it on the Cloud”: What You Need to Know About Cloud-Based File Solutions

We are all familiar with this phrase but what exactly is the “cloud”? “Cloud” is a buzzword used to describe a network of servers with different functions housed in difference places throughout the world.

Published in the February 2018 Newsletter

The Cost of a Data Breach – Anthem Pays $115 Million to Settle

Anthem Inc, the largest health insurance company in the nation, has agreed to settle litigation in what is said to be the largest settlement ever for a data breach.

Published in the February 2018 Newsletter

Ransomware: What You Need to Know

Cybercrime continues to generate huge profits for criminals so it’s no secret that hackers are getting more sophisticated with their attacks. Ransomware is a malicious piece of software designed to block access to a computer system until payment is received.

Published in the February 2018 Newsletter

How can I access my medical records?

The Electronic Health Record (EHR) has proven to provide more efficient access to patient information thus streamlining workflows and positively impacting patient care. The University provides employees with access to the EHR as a means to carry out the normal functions of their job.

Published in the February 2018 Newsletter

Text Messaging and PHI

Text messaging has become a major part of how we communicate. Texting is an essential and valuable means of communication, particularly among healthcare team members. One of the many benefits of messaging over mobile phone apps is that they facilitate rapid dissemination and interaction. But this ease of dissemination can cause real problems for physicians and hospitals if the information is disclosed improperly. The Centers for Medicare & Medicaid Services (CMS) and the Joint Commission take the position that texting of orders is prohibited.

Published in the May 2018 Newsletter

Massachusetts Physician Criminally Convicted of HIPAA Violation

On April 30, 2018, a physician in Springfield, Massachusetts was convicted of a criminal HIPAA violation and obstructing a criminal health care investigation by the Department of Justice (DOJ). The DOJ was investigating the pharmaceutical company Warner Chilcott for suspected healthcare fraud related to illegal marketing practices and for providing payments to physicians in return for higher prescription rates.

Published in the May 2018 Newsletter

General Data Protection Regulation (GDPR)

You may have noticed an influx of emails regarding privacy policies and terms of service updates. Companies everywhere are rushing to update their policies and be in compliant with the new General Data Protection Regulation (GDPR) regulation. The GDPR is a new, European data privacy regulation that goes into effect May 25, 2018 and will be enforced internationally.

Published in the May 2018 Newsletter

Industry Representatives in Clinical Areas: What you need to know

At UHealth, vendors and industry representatives play an important role in patient care, education and research. From the purchasing of devices to implementation in operating rooms, medical faculty and staff often interact with vendors and industry representatives at various levels. These interactions support UHealth but must be properly managed to maintain patient safety and the integrity of the Health System.

Published in the May 2018 Newsletter

Alert: Scary Pop-up Messages on your PC. Call UM Information Technology Immediately!

Imagine you are browsing the internet when all of the sudden a window pops up with an alarming message: “You’re machine is being compromised!” or “Your machine is engaged in illegal activity!” These windows are an attempt by cyber criminals to induce panic and steal your information. Find out how to avoid these cybercrimes and protect yourself.

Published in the January 2017 Newsletter

Viewing Medical Records of Family Members and Friends

System access is a privilege. As a University employee, you receive a Confidentiality and Acceptable Use Agreement and a HIPAA and Computer Usage Form.

Published in the January 2017 Newsletter

Vendors & Privacy: What you need to know

Covered entities are required to enter into a contract with the business associate under the HIPAA regulation to ensure that they will appropriately safeguard protected health information.

Published in the January 2017 Newsletter

FairWarning Update

Reviews of user access logs are required by the HIPAA regulations to protect the privacy of patient information and to detect any unauthorized access, use, or disclosure.

Published in the January 2017 Newsletter

Live Training Sessions

The Office of HIPAA Privacy & Security continues to provide live Privacy and Security training sessions for University faculty and staff.

Published in the January 2017 Newsletter

Data Broker Program

The Office of HIPAA Privacy and Security, in collaboration with the IRB, CTSI, and UHealth, has established a “data broker” program.

Published in the January 2017 Newsletter

HIPAA Security Walkthroughs

The Office of HIPAA Privacy and Security conducts random unannounced walkthroughs of the various sites of service of the University of Miami Health System.

Published in the January 2017 Newsletter

Equifax Data Breach – One of the Most Costly in History

In late 2017, Equifax, one of the largest credit reporting agencies in the U.S., reported a massive data breach. On May 7, 2018, Equifax executives provided a statement to the Securities and Exchange Commission (SEC) that detailed the extent of consumer data that had been exposed. When all is said and done, this breach may cost Equifax upwards of $600 million, making it one of the most costly breaches in history.

Published in the May 2018 Newsletter

Kudos Corner: Walkthroughs

The UHealth Privacy Office conducts random unannounced walkthroughs of various UHealth sites in order to review practices that safeguard protected health information (PHI). The Privacy Office would like to congratulate the following sites for having no current privacy deficiencies in 2018.

Published in the May 2018 Newsletter

Posting Patient Photographs: Are You Compliant?

Patient photographs are used for a variety of reasons related to medical care.  Patient photographs taken in a clinical setting become part of a patient’s designated record set as Protected Health Information (PHI) and thus should be treated with the same privacy, confidentiality and safeguards as any other part of the medical record.

Published in the August 2018 Newsletter

 

Tough on Encryption: University of Texas Cancer Center to Pay $4.35 Million in Penalties to the HHS

The U.S. Department of Health and Human Services’ Office of Civil Rights orders the University of Texas MD Anderson Cancer Center to pay $4,348,000 in civil penalties for HIPAA violations. This settlement, the fourth largest monetary settlement with the Office for Civil Rights (OCR), was affirmed this summer by an administrative law judge from the Department of Health and Human Services (HHS).

Published in the August 2018 Newsletter

 

Back-to-School Security Tips

It’s that time of year again! School is in session and whether you are a student, parent, faculty or staff, it is important to follow some essential security tips and reminders. The new school year brings new opportunities for hackers, cyber criminals and identity thieves.

Published in the August 2018 Newsletter

Save the Date! 2018 Compliance & Ethics Week

Mark your calendars! The University of Miami’s third annual Compliance and Ethics Week will take place November 5-9, 2018. Compliance fairs and seminars will be held across all three campuses and provide a unique opportunity for faculty and staff to engage and learn about the University’s various compliance and ethics initiatives.

Published in the August 2018 Newsletter

Former Patient Coordinator Criminally Convicted of HIPAA Violations

On June 28, 2018, a former patient coordinator for the University of Pittsburgh Medical Center (UPMC) was indicted by a federal grand jury on six counts for wrongfully obtaining and disclosing protected health information (PHI).  The Federal Bureau of Investigation handled this case and brought it to indictment.

Published in the August 2018 Newsletter

Kudos Corner: Walkthroughs

The UHealth Privacy Office conducts random unannounced walkthroughs of various UHealth sites in order to review practices that safeguard protected health information (PHI). The Privacy Office would like to congratulate the following sites for having no current privacy deficiencies.

Published in the August 2018 Newsletter

Breaking Records: Anthem Pays the HHS Office for Civil Rights $16 Million in Record HIPAA Settlement

Anthem Inc., a licensee of the Blue Cross Blue Shield and one of the largest health insurance companies in the nation, has agreed to pay the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) a record $16 million greatly surpassing the previous high of $5.55 million paid to OCR in 2016. What caused the largest U.S. health data breach in history? Cyber-attacks through spear phishing emails.

Published in the December 2018 Newsletter

Phishing: One in Every Hundred Emails is a Hacking Attempt

Email continues to be the most popular method for cyber-attacks. According to a study conducted by FireEye, one in 101 emails contains a malicious hacking attempt such as “phishing”. Phishing is a form of fraudulent solicitation in which an email is cleverly disguised to appear to be from trusted brands such as banks, credit card companies, online retailers or even one of your friends.

Published in the December 2018 Newsletter

Kudos Corner: Walkthroughs

The UHealth Privacy Office conducts random unannounced walkthroughs of various UHealth sites in order to review practices that safeguard protected health information (PHI). The Privacy Office would like to congratulate the following sites for having no current privacy deficiencies.

Published in the December 2018 Newsletter

Data Privacy Day at the U

The Privacy Office, in conjunction with UMIT, held its second annual Data Privacy Day on February 6. It was exciting to see the UM community come together to learn about the importance of privacy in our evolving world. One of the University’s distinguished faculty members, Dr. Mary Anne Franks, was the featured speaker and presented “Privacy at the Intersection,” a discussion of how privacy trends and the development of new technologies affect society’s most vulnerable populations.

Published in the February 2019 Newsletter

Another Record Breaking Year: 2018 HIPAA Settlements Reach an All-time High of $28.7 Million

As technology evolves, privacy and security continue to be a growing area of concern, and the risk of data breaches continues to increase. According to HIPAA Journal, 2018 has seen a total of 365 breaches by covered entities, totaling a massive $28.7 million in financial penalties, which is nearly a 50% increase from 2017.

Published in the February 2019 Newsletter

It’s Tax Season: Protect Yourself from Identity Theft

Have you filed your taxes yet? Tax season is upon us, and you aren’t the only one preparing paperwork; criminals go into overdrive ready to steal your information. Criminals know how profitable it can be for them to file fake tax returns, and hence are constantly inventing new schemes to maliciously obtain your personal information. Protecting yourself from tax fraud and identity theft takes time and vigilance.

Published in the February 2019 Newsletter

Kudos Corner: Walkthroughs

The UHealth Privacy Office conducts random unannounced walkthroughs of various UHealth sites in order to review practices that safeguard protected health information (PHI). The Privacy Office would like to congratulate the following sites for having no current privacy deficiencies. Thank you for your effort to protect patient privacy and reduce privacy related incidents!

Published in the February 2019 Newsletter

Email Phishing Attacks are on the Rise

With so much media attention on phishing attacks, why do so many health care entities still fall victim?  The answer – human weakness. Phishing and related attacks are often aimed at health care employees due to their continued success. Phishing is a scam used by cyber criminals to lure individuals into sharing sensitive data, such as personally identifiable information (PII).

Published in the May 2019 Newsletter

Protected Health Information: Who Can You Talk To?

The HIPAA Privacy Rule states that covered entities must take certain steps to keep a person’s health information confidential and secure. Therefore, health care providers and staff frequently question whether they may disclose protected health information (PHI) to family members or other persons involved in the patient’s care.

Published in the May 2019 Newsletter

 

Data Broker Corner: Obtaining Medical Record Data to Conduct Your Research

You’ve received IRB approval to begin your research study and you are ready to start collecting and analyzing data. What’s your next step? The specific requirements to receive data derived from patient care at UHealth for research studies may vary based on the design of your study. If you anticipate direct contact with research subjects prior to requesting this data from UChart, requirements are generally based on whether patients have authorized such use of their medical record data).

Published in the May 2019 Newsletter

Kudos Corner: Walkthroughs

The UHealth Privacy Office conducts random unannounced walkthroughs of various UHealth sites in order to review practices that safeguard protected health information (PHI). The Privacy Office would like to congratulate the following sites for having no current privacy deficiencies.

Published in the May 2019 Newsletter

Kudos Corner: Walkthroughs

The UHealth Privacy Office conducts random unannounced walkthroughs of various UHealth sites in order to review practices that safeguard protected health information (PHI). The Privacy Office would like to congratulate the following sites for having no current privacy deficiencies.

Published in the August 2019 Newsletter

Data Broker Corner

The Data Broker Group within the UHealth Privacy Office is here to provide a variety of data services for the UHealth community at large to utilize. A main function of the Data Broker Group is to provide both a centralized and standardized review of clinical data requests, such as Patient Contact List requests.

Published in the August 2019 Newsletter

Data Breaches in the First Half of 2019 Now Double that of Last Year

According to a breach report released by Protenus, an IT data monitoring firm, 32 million patient records were compromised between January and June of 2019, which is more than double that of the 15 million patient records breached in the entire 2018 calendar year.

Published in the August 2019 Newsletter

A New Social Media Policy for UHealth!

Social networks are among the most popular websites on the Internet. Facebook has over a billion users, and Instagram and Twitter have hundreds of millions of users each. Social networks were generally built on the idea of sharing posts, photographs, and personal information. However, the use of social media presents privacy and security risks especially in the health care industry.

Published in the August 2019 Newsletter

Privacy in the Digital World

Is privacy dead? No, not by a long shot, but our concept of privacy has changed. There was a time where we would not have “checked in” on social media or purchased a “smart” phone nor doorbell. However, those times have vanished. We now live in a world of the Internet of Things, where a “smart” version of any device is the norm and by transmitting many of our daily tasks and interactions online, we have created a detailed digital imprint of our lives.

Published in the November 2019 Newsletter

Division of Clinical Engineering: Managing Medical Equipment

Over the past few years, the health industry has seen a number of exciting advancements to medical device technology that have assisted in revolutionizing the quality of treatment to patients. However, when it comes to medical equipment and HIPAA compliance, how do we know if the data being collected is kept private and secure?

Published in the November 2019 Newsletter

Data Broker Corner: How May Investigators Contact Potential Research Subjects?

In our August 2019 newsletter, we have discussed the process for obtaining lists of patients that may be eligible to participate in research studies. The next step is to start the conversation with those patients. Generally, initial contact with an eligible patient must be made by someone with whom the potential research subject has had prior clinical contact.

Published in the November 2019 Newsletter

Kudos Corner: Walkthroughs

The UHealth Privacy Office conducts random unannounced walkthroughs of various UHealth sites in order to review practices that safeguard protected health information (PHI). The Privacy Office would like to congratulate the following sites for having no current privacy deficiencies. Thank you for your effort to protect patient privacy and reduce privacy related incidents!

Published in the November 2019 Newsletter

Data Privacy Day at the U

The Privacy Office, in conjunction with UMIT, held its third annual Data Privacy Day on January 30th. It was exciting to see the UM community come together to learn about the importance of privacy in our evolving world. Miami native Kate Black was the featured speaker and presented “The Privacy Frontier in the Age of Digital Surveillance”.

Published in the February 2020 Newsletter

Alabama Health System Briefly Shuts Down after Ransomware Attack

Last Fall, an Alabama based health system became the target of a ransomware attack that severely interrupted operations at three hospitals. The health system paid the hackers an undisclosed amount in order to obtain the decryption key. In early October, the FBI issued a warning concerning the “high-impact” these types of attacks can have on businesses and organizations. Ransomware attacks are becoming more sophisticated and hackers are demanding larger payouts.

Published in the February 2020 Newsletter

Data Broker Corner: Data Requests for Reviews Preparatory to Research

The Data Broker Group is here to provide a variety of data services for the University community at large. A main function of the Data Broker Group is to provide both a centralized and standardized review of clinical data requests to ensure approved, authorized releases of such data. For research related requests typically require an IRB approved protocol. Alternatively, if the data is needed more to determine feasibility for a potential study, then such a request is described as “Reviews Preparatory to Research.”

Published in the February 2020 Newsletter

Kudos Corner: Walkthroughs

The UHealth Privacy Office conducts random unannounced walkthroughs of various UHealth sites in order to review practices that safeguard protected health information (PHI). The Privacy Office would like to congratulate the following sites for having no current privacy deficiencies. Thank you for your effort to protect patient privacy and reduce privacy related incidents!

Published in the February 2020 Newsletter