" willful neglect Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘willful neglect’

What is Willful Neglect Under HIPAA?

Thursday, March 7th, 2019

HIPAA, the Health Insurance Portability and Accountability Act of 1996, spells out rules and regulations for the privacy and protection of individually identifiable health information. The HIPAA Privacy Rule and the HIPAA Security Rule establish standards related to the implementation of physical, administrative, and technical safeguards to ensure that PHI or Protected Health Information is handled with the utmost confidentiality and integrity.

The failure to adhere to the regulations established under HIPAA can lead to criminal and civil penalties, followed by progressive disciplinary actions. These penalties apply to to healthcare entities, as well as individuals.

The reckless or intentional failure to comply with the rules set forward under HIPAA is what is referred to as “Willful Neglect.”  Violations, as a result of willful neglect, can carry severe penalties, civil or criminal depending on the exact facts of the case.

what is willful neglect HIPAA

Case in point

In early 2011, the HHS (The Department of Health and Human Services) levied a fine of $4.3 million on an entity named Cignet Health Center for willful neglect. What’s unique about this case is that the entity was not fined for breach of privacy.

Read the rest of this post »

SMS is Broken and Hackers can Read Text Messages. Never use Regular Texting for ePHI.

Thursday, June 23rd, 2016

Security firm Positive Technologies has published a report (see their overview of attack on one time passwords and PDF of the SS7 security problems) that explains how attackers can easily attack the protocols underlying the mobile text messaging networks (i.e. the Signaling System 7 or “SS7” protocol).  In their report, they indicate how this makes it easy to attack the two-factor login methods and password recovery schemes where a one-time security code is sent via an insecure text message.

Devices and applications send SMS messages via the SS7 network to verify identity, and an attacker can easily intercept these and assume identity of the legitimate user.

SMS is Insecure due to SS7 protocol

Read the rest of this post »

Unsecured Text Messaging = Willful Neglect

Monday, March 30th, 2015

We have come across this scenario a number of times:

  1. Hospital knows that doctors are texting ePHI
  2. Hospital makes and informs of policies against it
  3. People are doing it anyway and Hospital management / IT staff know it
  4. Since a policy is in place, the infractions to the policy are ignored

This is willful neglect, folks.  This is the kind of thing that will come back to bite you and leave a serious wound.  Just having a policy does not protect your organization from infractions of that policy.  If you know (or even suspect) that infractions may be occurring, you are required to take action.

In a 2014 survey on Physician’s At-work texting habits (in Telemedicine and e-Health), researchers found:

Read the rest of this post »

LUXSCI