Posts tagged: 'technology'

The following posts are associated with the tag you have selected. You may subscribe to the RSS feed for this tag to receive future updates relevant to the topic(s) of your interest.

Heavy Fines Dropped Due to HIPAA Violations

Last week the Department of Health and Human Services flexed its HIPAA enforcement ability in a ruthless and unprecedented way. Heavy fines were dropped on not one, but two organizations totaling $5.3 million.

Last Thursday a civil monetary penalty of $4.3 million was handed out to Cignet Health for violating privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA). The Department of Health and Human Services said that the fines were being issued for two different reasons. First, $1.3 million for not handing over the medical records of 41 patients (between the years of 2008 and 2009) as requested by the patients. Second, in what appears to be a clear statement of power, an additional $3 million for lack of cooperation by Cignet with the investigation surrounding the first fine.

And a second organization, Massachusetts General Hospital, has agreed to pay a $1 million dollar fine related to a HIPAA privacy violation for an incident in March of 2009 when an employee allegedly left documents containing personal health information of 192 patients on the subway. Since its enactment in 2006, HIPAA has a total of 12,791 (source 1) violations registered. While many are reporting that this is the first time the DHHS has issued fines related to HIPAA privacy violations, it is not actually the case (source 2). In 2008, Seattle based Providence Health and Services was issued a $100,000 dollar fine for privacy violations surrounding the loss of data for over 386,000 patients.

Although the breaches related to last week’s fines do not appear to be the result of electronic data theft (it is not clear at this point why Cignet refused to turn over patient records when requested), a recent report by Kaufman Rossin and Co (source 3) shows theft to be the leading cause of data breaches with respect to personal health information from September 21st, 2009 to September 21st, 2010. These dates are significant because they represent the first year that these kinds of breaches were required to be publicly reported under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH).

With personal health data increasingly becoming a prime target for theft and with these recent fines it would seem clear that the DHHS is becoming more serious about enforcement. And while there are many factors at play influencing how the DHHS comes up with the amount of a specific fine it seems clear that it’s going to be getting a lot more expensive for HIPAA violations in the future.



Tags: , , ,

0 Comments | Security


Just when you thought it was safe to buy log management again….

The other day I was writing a response to someone about a particular point on our product architecture – one that I have seen come up before. The question was about whether or not LogRhythm’s use of a relational database somehow impacts overall performance.

The answer is actually pretty easy – the backend has been developed to maximize speed and performance, without giving up any of the usability and analysis advantages tied to the use of a relational database for log and event management. Our engineers also make sure that we architect our solutions based on a customer’s real requirements, not on flashy and exaggerated marketing numbers. The end-user will ultimately see an improvement in performance, not the supposed drawbacks that some people ask about.

But that’s not why I’m bringing it up. What it really got me to think about was the idea that a relational database is somehow a liability, despite the fact that the obvious gains in usability and functionality far outweigh the potential disadvantages. So how do concerns like that gain momentum? Maybe it’s just easier for some people to play off of the standard Fear, Uncertainty and Doubt arguments. It would be better for the customer if vendors focused more on their own strengths, rather than their competitors’ theoretical weaknesses.

The whole thing reminds me of the shark attack panics that hit the news every few years.  Suddenly they show up like a global pandemic – even though the odds of being attacked are less than one in 10 million. Sure, occasionally random shark attacks do happen. But if you don’t go sporting a wetsuit made out of meat, you’re probably okay to swim.

The same is true when you decide to leverage one technology over another. When approached properly, you minimize any potential drawbacks while capitalizing on the benefits that influenced your decision.

Tags: , , ,

0 Comments | General