Protecting Personal Health Information (PHI)

1. Frances L. Oliveri, RHIA, CCA
July 23, 2015

2.  Department of Homeland Security Issues
Warning on Medical DeviceThreats
 Hospital network hacked, 4.5 million records
stolen
 Health care data breaches have hit 30 million
patients and counting

3.  Medical identity theft victims pay on average
$13,500 to resolve the crime
 Medical records 10x more valuable to hackers
than credit card information
 Two-thirds of US adults would not return to a
business if their personal information were
stolen

4.  HHS Announces HIPAA Audit program
 Office for Civil Rights “Phase 2” HIPAA audits
 Office of the Inspector General Audits
 Increased fines and penalties

5.  Do’s
 Recognize the risks
 Protect IDs and passwords
 Report incidents
 Don’ts
 Fall for phishing and other scams
 Circumvent processes where expediency or
convenience overrule protecting information

6.  Facility Privacy Official
 Ethics & Compliance Officer
 Facility Information Security Official
 Your IT&S CIO

7.  Horowitz, B.T. (2012). Department of Homeland Security IssuesWarning on
Medical DeviceThreats. Eweek, 2.
 Jose, P. (2014, August 18). Hospital network hacked, 4.5 million records stolen.
CNNWire.
 Millman, J. (2014). Health care data breaches have hit 30 million patients and
counting. TheWashington Post.
 Munro, D. (2015, February 23). New Study Says Over 2 MillionAmericans Are
VictimsOf Medical IdentityTheft.
 Jayanthi, A. (2014, October 1). Medical records 10x more valuable to hackers than
credit card information.
 ConsumersTakeTheir Business ElsewhereAfter a Data Breach. (2013, October
22).
 Goedert J. SECURITY:Waiting Game Continues for HIPAA SecurityAudits; OCR's
long-promised audit program is still in development; meanwhile, the office
remains focused on 'high-impact' breaches. Health Data Management [serial
online]. 2015:Available from: Academic OneFile, Ipswich, MA. Accessed July 24,
2015.