A Florida healthcare provider, Orlando Health, is notifying patients impacted by a breach, involving insider record snooping during the treatment period, of patients brought from the Pulse Night Club Incident.
During high-profile emergency situations and other crises, it is a challenge for healthcare organizations to protect the privacy and security of patient information, from inappropriate access, of people who are part of the organizations workforce. Curiosity &snooping seem to be part of human nature. With that said, it is extremely important for healthcare organizations to be diligent in limiting access, monitoring access and providing repercussions for those who don’t follow the rules. In a letter to patients, dated July 12 2016, Orlando Health, which operates several hospitals in central Florida, said: “While conducting patient record access audits, we learned that on June 15, an Orlando Health employee accessed patient records outside of the employee’s current job responsibilities. had no reason to access these records and we believe the employee was viewing these records out of personal curiosity. The employee was sanctioned, per Orlando Health policy.” The letter goes on to state that “the employee could view limited information in electronic medical records, including patient name, date of birth, weight, hospital location, hospital account number, hospital medical record number, date and time of admission, physician and visit reason. The information did not include any other clinical information. The employee did not have access to your full Social Security number or other financial information. The information was not downloaded or printed, and we have no evidence that your information has been used in any way or removed from the hospital.” The letter does not specify that patients affected by the breach were victims of the June 12 Pulse nightclub shooting. Nor does the letter indicate how many patients were impacted by the privacy incident. It was however, reported to WFTV, “that patients receiving the letter, and in some cases phone calls, from Orlando health, were treated for shotgun and other injuries sustained at the attack.”
In a statement, Orlando Health tells Information Security Media Group: “Numerous team members across our system require access to vital records and information in order to provide our patients with the highest levels of care. All team members are made aware, that they too, have a responsibility to maintain our patients’ privacy, and protect their personal information. As a result of this incident, we are re-educating our workforce members and increasing our already vigilant program of auditing and monitoring of patient record access. Any instance of team members accessing patient records outside of their current job responsibilities violates our policies, and steps are taken internally to discipline anyone involved. We want to assure our patients that the policies and procedures we have in place protect their information, and we are continually evaluating and modifying our practices and the practices of our employees to enhance the security and privacy of all confidential and protected health information entrusted to us.”
According to a 2016 study published by Blancco Technology Group, out of 200 used computer drives purchased, from eBay and Craigslist, 67 percent of the drives held personally identifiable information and 11 percent contained sensitive corporate data. The only way, to be sure, that your information is gone, is to destroy the hard drive. Crown Information Management can destroy those hard drives for you, providing you with a complete chain of custody.
Brian Copic spent a little time with McGruff, the Crime Dog, at the “National Night Out Against Crime”. This is an annual community-building campaign that promotes police-community partnerships and neighborhood camaraderie to make our neighborhoods safer, better places to live. Neighbors participate across thousands of communities, from all
50 states, United States territories, Canadian cities, and military bases worldwide.
Crown Information Management is a proud sponsor of this event to benefit Winter Haven’s Women’s Hospital – Neonatal Intensive Care Unit (NICU). We hope you will join us in our support!
Jenniforth MayForth and Crown Information Management participate in the Manatee County Food Drive.
Crown Information Management will once again be a TOYS for TOTS Official Collection point this year. Our goal is to collect 500 toys! If you are one of our regular Route Customers you may give your toy donation to our service technicians.
The Toys for Tots Campaign collects new, unwrapped toys in the weeks leading up to Christmas by placing collection bins in local businesses, like Crown Information Management. Once the toys are collected, Toys for Tots distributes these Christmas gifts to less fortunate children in our community. Donated toys should be unwrapped. Toys are collected for all aged children from infants to teenagers. Often times, pre-teens and teenagers are left out, as they can be more challenging to shop for. Please keep these teenage boys and girls in mind while you do your holiday shopping.
The U.S. Marine Corps Reserve Toys for Tots program has helped less fortunate children experience the joy of Christmas by uniting communities in the spirit of giving. We Thank You in advance for your contribution!
Is Your Doctor Safeguarding Your Information?
Identity Theft – and Medical Identity Theft in particular – are on the rise. More than 250,000 Americans have had their medical information stolen and misused in recent years. And this isn’t petty larceny. Experts note that while individuals who have had their credit-card data stolen are usually wrangling with their banks over losses of as little as a few thousand dollars, medical ID theft can leave victims, and the doctors and hospitals that provided the care, staring at bills that are exponentially higher.
“The American Medical Association will continue its leadership in protecting the confidentiality, integrity and security of patient specific data,” said Robert Mills, spokesman for the American Medical Association in Chicago. “The patient is paramount in the practice of medicine and everything that can reasonably and lawfully be done to serve that interest must be done by all physicians who have served or are serving the patient”.
Law enforcement authorities say that more and more frauds are being perpetrated by organized crime rings who steal dozens, and sometimes thousands, of medical records, as well as the billing codes for doctors. The rings then set up fake medical clinics—offering free health screenings as a ruse to draw in patients—that submit bogus bills to insurers, collect payments for a few months, and then disappear before the insurers realize they’ve been had. Health records now fetch $50 to $60 each on the black market, vs. a mere 7 cents for stolen résumés.
Last year, California authorities busted a ring that recruited patients from a local senior citizen center with offers of a free checkup and a case of Ensure nutritional supplement. In the three months before authorities raided the clinic, the ring had billed $900,000 for diagnostic tests it had never performed. “Yesterday’s drug dealers are now working in today’s health-care fraud,” says John Askins, an investigator in Florida’s state insurance fraud division. “It’s more lucrative, and they don’t face the same dangers they do in the narcotics trade.” The penalties, if they’re caught, are lower, too.
Health-care providers say the Bush Administration’s initiative to push doctors and hospitals to convert their paper-based patient files into digital records should help reduce the number of medical ID frauds. “Our software has become more sophisticated, particularly in identifying spikes in usage—someone who normally goes to the doctor once a year and suddenly goes 25 times in a 12-month period. It’s a red flag,” says Byron Hollis, national anti-fraud director for the Blue Cross Blue Shield Assn., a trade group for 39 health plans.
But some privacy advocates fear that the rush toward digital health records could ironically create new nightmares for victims of medical ID theft. Rather than residing in a single doctor’s paper files, fraudulent information could circulate in other medical databases across the country. Given that some medical ID thefts are “inside jobs,” wherein rogue clerks sell patient data to fraudsters on the outside, privacy advocates believe that allowing data to flow more freely around a national network could make such thefts even easier. “they can expect [medical ID theft] to grow the more they move toward an electronic health-care system. It’s going to be a disaster,” says Dr. Deborah Peel, an Austin, TX psychiatrist and founder of the Patient Privacy Rights Foundation.
So what can the medical community do to help stop this nightmare and keep our reputations in tact? There are some very simple & inexpensive steps that can be taken to help safeguard the patients information and the Doctor’s reputation.
1) First, they can run criminal background checks on all employees and continue to run them on a routine basis.
2) Another simple thing they can do is take pictures of the patients. Digital cameras are inexpensive and the photo can be downloaded directly into the patients record. When the patient comes, in they simply match him to his patient identification that they have on file. If there is something that doesn’t quite match up then they can request more documentation from the patient.
3) Third, When it’s time to update the equipment, they can have the old computers and hard drives, etc. destroyed by a professional destruction service.
4) Another important thing they can do is to provide training for staff on records management and security. “I can’t tell you how many times I have walked into offices and found stacks of records just sitting on desks, open to anyone who walks by. Worse yet are the huge number of file boxes stacked and dated with information available to anyone who has access to the offices, such as a janitorial staff, or courier service, even other patients.” says Marylee Jacobs of CROWN SHREDDING. “ Simple training on how to manage the desk area and create new habits, could deter huge losses.”
5) Staff equipped with individual, secured desk consoles is one of the best ways to help companies manage their risk for identity theft. They spend large amounts of money on equipment for the office, such as computers and copiers – but because they have not established the habit of utilizing security consoles with document destruction services – they neglect the security of the patients, clients and customers, not to mention their own reputation! By not spending money on secure document destruction they potentially risk their practice.
What to do if you might be a victim of identity theft . . .
Those of us in the information security business talk about identity theft all the time. Identity Theft has risen 13% from 2010 to 2011. We thought it might be a good idea for our clients to have a check list of things to do if you feel you have become a victim. Remember: “THIS IS NOT LEGAL ADVICE”. It’s just a suggestion on where you can start when you feel victimized!
Call the IRS and inform them you believe you are a victim of identity theft. (Often the way you will find out that something is amiss is when you don’t receive your refund check. It may have been issued to the thief who has assumed your identity).
Fill out IRS Form 14039 and fax or mail back to IRS.
Contact the Social Security Administration ( If you go to their website they have an Identity Theft webpage). If you contact them by phone they will tell you to contact the Federal Trade Commission.
Contact the Federal Trade Commission (877-438-4338). After you contact them by phone, you will be sent an Identity Theft Complaint Affidavit.
Contact your local police department and tell them you have been a victim of identity theft. Make sure you get a case number and follow up in a few days to get the full police report. Make sure you put that police report in your Credit bureau file.
Contact one of the three credit bureaus: Equifax at 800-525-6285, Trans Union at 800-680-7289, or Experian at 888-397-3742.Tell them you are entitled to make a victim-of-fraud statement that will be put into your credit history along with your police report.
During various season throughout the year, many of us will be traveling on vacations and to share holiday time with our friends and loved ones. We laugh, shop, eat, attend parties and do whatever we can to bring joy the trip!
Below are a few “Helpful Hints” to protect you and your family from becoming possible victims of Fraud or Identity Theft. Also remember that Children are often victims of identity theft too – so check those credit reports for everyone in the family!
Make the Call: If you’re traveling during vacations or holidays take the time to let your credit card companies know in advance.
Air Travel: When traveling by plane keep all important documents with you in the plane. Never put them in luggage others will have access to when you’re not around!
Secure Locations: Don’t use ATM’s from any location except banks and reputable stores. This will help protect you from temporary and fly by night machines set up to access your sensitive information.
Shoulder Surfing: Those who either purposely overhear conversations or look over shoulders for information to “borrow” sensitive information. Take a few extra moments to protect credit cards, driver’s licenses and checks from wandering eyes.
Credit Card Receipts: Businesses must now truncate all but the last five numbers on credit card numbers on the customer copy of receipts. Place that receipt in a secure location in your wallet.
Credit Card Skimming: Credit card skimming occurs when a clerk slides your credit card through a second machine that scans the information from the magnetic strip and stores it until it is downloaded onto a counterfeit card. The golden rule is “Out of sight, out of control.” Information Protection: Shred any receipts you no longer want, especially those with credit card numbers on them. Lock up any documents with financial, credit or social security information on them BEFORE allowing guests into your home for that holiday party.
Dumpster Diving: We all get more mail than we can deal with at this time of year. Take the time to look through each envelope. Don’t assume an envelope contains a business gift card or advertisement. It may well be a pre-approved credit card offer or transfer balance check that looks a greeting card.
On-line Shopping: Keep a printout of the web page(s) describing the item you ordered, any email messages, and the page that shows the seller’s name, address, telephone number and return policies should you have any problems. Never provide a social security number.
In Your Wallet: Minimize what you carry with you. Leave extra credit cards, check books, deposit slips and debit cards at home. Debit cards are not credit cards: They are a direct link to your bank account. Debit cards electronically transfer money immediately. Don’t use bank cards, ATM cards or checks. Fraudulent charges are much easier to remove from a credit card versus a bank card.
What to do if you might be a victim of identity theft . . .
Those of us in the information security business talk about identity theft all the time. Identity Theft has risen 13% from 2010 to 2011. We thought it might be a good idea for our clients to have a check list of things to do if you feel you have become a victim. Remember: “THIS IS NOT LEGAL ADVICE”. It’s just a suggestion on where you can start when you feel victimized!
Call the IRS and inform them you believe you are a victim of identity theft. (Often the way you will find out that something is amiss is when you don’t receive your refund check. It may have been issued to the thief who has assumed your identity).
Fill out IRS Form 14039 and fax or mail back to IRS.
Contact the Social Security Administration ( If you go to their website they have an Identity Theft webpage). If you contact them by phone they will tell you to contact the Federal Trade Commission.
Contact the Federal Trade Commission (877-438-4338). After you contact them by phone, you will be sent an Identity Theft Complaint Affidavit.
Contact your local police department and tell them you have been a victim of identity theft. Make sure you get a case number and follow up in a few days to get the full police report. Make sure you put that police report in your Credit bureau file.
Contact one of the three credit bureaus: Equifax at 800-525-6285, Trans Union at 800-680-7289, or Experian at 888-397-3742.Tell them you are entitled to make a victim-of-fraud statement that will be put into your credit history along with your police report.
Pay Online
Client Login