A Florida healthcare provider, Orlando Health, is notifying patients impacted by a breach, involving insider record snooping during the treatment period, of patients brought from the Pulse Night Club Incident.

During high-profile emergency situations and other crises, it is a challenge for healthcare organizations to protect the privacy and security of patient information, from inappropriate access, of people who are part of the organizations workforce. Curiosity &snooping seem to be part of human nature. With that said, it is extremely important for healthcare organizations to be diligent in limiting access, monitoring access and providing repercussions for those who don’t follow the rules. In a letter to patients, dated July 12 2016, Orlando Health, which operates several hospitals in central Florida, said: “While conducting patient record access audits, we learned that on June 15, an Orlando Health employee accessed patient records outside of the employee’s current job responsibilities. had no reason to access these records and we believe the employee was viewing these records out of personal curiosity. The employee was sanctioned, per Orlando Health policy.” The letter goes on to state that “the employee could view limited information   in electronic medical records, including patient name, date of birth, weight, hospital location, hospital account number, hospital medical record number, date and time of admission, physician and visit reason. The information did not include any other clinical information. The employee did not have access to your full Social Security number or other financial information. The information was not downloaded or printed, and we have no evidence that your information has been used in any way or removed from the hospital.” The letter does not specify that patients affected by the breach were victims of the June 12 Pulse nightclub shooting. Nor does the letter indicate how many patients were impacted by the privacy incident. It was however, reported to WFTV, “that patients receiving the letter, and in some cases phone calls, from Orlando health, were treated for shotgun and other injuries sustained at the attack.”

In a statement, Orlando Health tells Information Security Media Group: “Numerous team members across our system require access to vital records and information in order to provide our patients with the highest levels of care. All team members are made aware, that they too, have a responsibility to maintain our patients’ privacy, and protect their personal information. As a result of this incident, we are re-educating our workforce members and increasing our already vigilant program of auditing and monitoring of patient record access. Any instance of team members accessing patient records outside of their current job responsibilities violates our policies, and steps are taken internally to discipline anyone involved. We want to assure our patients that the policies and procedures we have in place protect their information, and we are continually evaluating and modifying our practices and the practices of our employees to enhance the security and privacy of all confidential and protected health information entrusted to us.”

Comprehensive government study of identity theft turns up . . .

WASHINGTON DC – Even federal regulators were surprised by what the most comprehensive government study of identity theft turned up: nearly 10 million victims and a loss of $53 billion for businesses and consumers last year alone. And those numbers probably are low because many identity thefts go unreported, Federal Trade Commission officials said Wednesday.

It is a crime of the times. It is a growing crime, said Howard Beales, the FTC’s consumer protection director. “Unfortunately, a fair number of thieves have found it’s a fairly easy way to make money.” The FTC did a random telephone survey of 4,057 adults to try to gauge the extent of identity theft crimes in the last five years. It found 27.3 million people were victimized when someone made unauthorized charges on their credit cards, took money from their bank accounts, or obtained a credit card or official document in their name.

In 2002 alone, the cost was $48 billion for businesses and $5 billion for consumers. Beales said the number of victims was higher than he expected. In 2002, for example, the FTC received 161,819 complaints about identity theft. The commission has set up a Web site with tips on how to avoid identity theft, www.consumer.gov/idtheft and urges consumers to carefully review their credit card statements each month, destroy charge slips rather than simply throw them in the trash, and check their accounts annually with the three credit reporting bureaus. |

The agency also urged financial institutions to pay more attention to whom they are extending credit. Wayne Abernathy, the Treasury Department’s assistant secretary for financial institutions, said the FTC’s report underscores the need for Congress to act. The Bush administration favors legislation that would create a national fraud alert system and improve the accuracy of credit reports. “The problem is so great and its impact on consumers so terrible that we should not delay giving consumers and law enforcers these important new tools to fight identity theft,” he said.

But Rob Schneider of Consumers Union said the administration backed bill- the Fair Credit Reporting Act – would undermine efforts to curtail identity theft. One provision would invalidate state laws such as on recently signed by California Gov. Gray Davis that lets consumers bar companies from sharing information with an affiliated firm in a different business.

The FTC survey found more than half the victims discovered the problem by checking their accounts, and another quarter was alerted by their banks to suspicious activity on their cards. Of the 9.9 million victims last year, 5.2 million discovered unauthorized charges on existing credit card accounts, and 1.5 million found new accounts were opened by others in their names.

By Jonathan D. Salant,  Associated Press

The Office of Privacy Protection reminds parents to tell their children not to give out personal information…

Now that school is in full-swing, many children are spending extra hours in front of a computer or on their cell phone with Internet access. Unfortunately, this also makes them ideal targets for identity thieves.
“The younger the victim, the more time these thieves have to exploit the child’s identity,” said Sandy Chalmers, Administrator of the Wisconsin Division of Trade and Consumer Protection. “Identity theft against a child can go undetected for years and do a lot of damage to their good name.”
The Office of Privacy Protection, part of the Bureau of Consumer Protection, reminds parents to tell their children not to give out personal information unless it’s vitally important and exchanged with a reliable source.

In addition to talking to children about potential online dangers, the Bureau of Consumer Protection’s Office of Privacy Protection also encourages parents to occasionally check their child’s credit report. If a report exists, that is a red flag, and often the first sign of identity theft.
“The credit reporting agencies do not knowingly maintain credit files on children,” Chalmers explained. “A check of your child’s credit should turn up nothing until the age of 18 unless they are the victim of identity theft or a secondary user on a credit card authorized by a parent.”

ConsumerAffairs.com

Proposed rule requires an accounting of detailed information for disclosures that affect a person’s rights or interests…

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) is proposing changes to the Privacy Rule, pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act. HITECH is part of the American Recovery and Reinvestment Act of 2009.

“This proposed rule represents an important step in our continued efforts to promote accountability across the health care system, ensuring that providers properly safeguard private health information,” said OCR Director Georgina Verdugo. “We need to protect peoples’ rights so that they know how their health information has been used or disclosed.”

People would obtain this information by requesting an access report, which would document the particular persons who electronically accessed their protected health information. Although covered entities are currently required by the HIPAA Security Rule to track access to electronic protected health information, they are not required to share this information.

The proposed rule requires an accounting of more detailed information for certain disclosures that are most likely to affect a person’s rights or interests. The proposed changes to the accounting requirements provide information of value to individuals while placing a reasonable burden on covered entities and business associates.

Article provided by Human Health Services

Nearly half of all identity theft victims have difficulties…

The monetary costs of identity theft can be quite hefty. In fact, victims of identity theft lose an average of $2,000 to 15,000 in wages trying to deal with their cases. This is because victims spend between a day and 9 months trying to repair the financial damage caused by identity thieves, and some even spend up to a year trying to deal with their cases. On average, victims spend between $850 to $1400 in expenses related to their cases, which includes paperwork and any other legal fees.

As a result of identity theft, nearly half of all identity theft victims have difficulties obtaining credit and loans, and roughly 1/5 of victims have higher credit interest rates. Over 2/3 of victims have difficulties removing negative information from their credit scores.

The psychological impact of identity theft is also extensive on both the victims and their families. Victims often times experience anger, anxiety and depression as a result of losing their finances. Nearly half of all victims experience denial, disbelief, feel filed, and develop an inability to trust others, and over half feel unprotected by the police as well as experience rage.

IdentityTheftFacts.com

Strict security should be practiced when using smart phones, laptops, iPads . . .

Christopher Chaney, of Jacksonville Florida, has been accused of targeting the entertainment industry, by hacking into the personal e-mail accounts of celebrities. He was arrested after being charged with a range of cyber-related crimes. Investigators believe that Chaney used publicly available sources to mine for data about his victims, all of whom are associated with the entertainment industry.

Once Chaney gained access and control of an e-mail account, he would obtain private information, such as e-mails and file attachments, according to the indictment. In addition, investigators believe that Chaney was led to new victims by accessing the address books of victims whose computers he already controlled. “It’s important to remember that, although these victims appear to have been targeted based on their celebrity, similar methods may be used to illegally access any one of our computers,” said Steven Martinez, Assistant Director in Charge of the FBI’s Los Angeles Field Office. “Strict computer security should be practiced when using smart phones, laptops, desktops, iPads, or any other device that provides Internet access.”

-Associated Press

Thieves are using unsecured wireless networks to infiltrate smartphones . . .

Imagine this:  You’ve been invited to deliver a speech, to the United States Treasury Department, on Identity Theft.  The Conference will be held at Disney World, so you take your family along to enjoy the resort and parks.  When you return home you find you have become a victim of identity theft.  Likely, the thief used a smartphone to snap a picture of you purchasing an item, when you pulled out your credit card and ID for verification.

Thieves are also, now using unsecured wireless networks and infiltrating smartphones through Bluetooth technology.  Experts say it is best to have updated virus software, and to encrypt sensitive data and never type passwords or credit card number over an unsecured wireless network.  They also recommend that you keep your phone’s Bluetooth turned off unless you are actively using it and monitoring it, to prevent unauthorized access to the phone.

Info provided by Sarrelson Law

Information used to open credit cards and bank accounts. . .

Jonathan Morris II, the owner of St. Augustine-based cleaning company Mr. Janitor, was arrested for allegedly stealing personal information from some Eagle Harbor Country Club members.

According to the Clay County Sheriff’s Office, Morris used that information to open credit cards and bank accounts in alleged victims’ names.  Morris is scheduled for a pre-trial hearing in January.  His charge is listed as identity theft of more than twenty persons or $50,000.