By Duane Morris partner Lisa W. Clark
On March 28 MedStar Health, the largest health system in the Washington, D.C. area, shut down its computer systems, including its electronic health records, on account of an apparent “ransom” attack in which the hackers infected its system with a virus. From media reports, it appears that the hackers demanded an unknown sum to stop the malware attack. The FBI is already involved. This incident, following February’s successful ransom attack on Hollywood Presbyterian Medical Center, reinforces the need for strong data security protection as well, as an incident response plan that includes law enforcement.
Last month, top health care investors and entrepreneurs came together with hospital, payor and government leaders at a conference sponsored by the University of Pennsylvania’s Wharton Healthcare Management Alumni Association to discuss the restructuring of the health care system. Jonathan Blum, CMS Deputy Administrator and Director of the Center of Medicare participated on a panel about about macro health care system changes and one of the key take aways was not surprisingly, that change in the health care system is all about the data. Continue reading Medicare and Health Care Reform: Why Isn’t Real Time Data a Priority?
We live in the data age where every day a new technology is announced in business- and consumer-oriented ecommerce and mobile health (mhealth). In response, in recent years, federal and state legislators have enacted strict data privacy and security laws, such as HIPAA, COPPA, and Gramm-Leach-Bliley, to protect data whether in electronic (IT) or physical form. This data is known as protected health information under HIPAA and personally identifiable information under other statutes. New federal and state laws also mandate comprehensive data breach responses, including notifications to individuals whose PHI or PII was breached and some agencies and state attorneys general. The shared premise behind these laws is that the public expects the highest standard of data protection from businesses and government. (Whether or not this is true – after all we regularly give our credit card numbers to anonymous persons over the phone – is a subject for another day…)
Continue reading Warning: If You Handle Protected Health Information (PHI) or Personally Identifiable Information (PII), Buy Data Breach and Security Incident Insurance!