Technology

Did you get a $100,000 fine for a data breach?

Actually, what is a breach?

Almost every day the news carries a story about a company that has had a “Breach” of their security and PHI has been disclosed. There are so many of them that most go unreported now and only the really big ones get any attention. But what exactly is a breach anyway?

Technically it is “make a gap in and break through …”, so whales breach the surface, people regularly breach their contracts, and babies who come out bottom first, yikes, are “breach birth.” But those are not what the news is talking about!

Breach in the case of PHI and HPIAA (I will define those in a minute) means somebody did not protect the information they have on themselves and other people that they are legally responsible to care for.

So now you ask me “Then Bill a breach might not be just somebody getting into our computer?”

Move to the front chair, you caught the brass ring on that one! (Antique reference to Merry go Rounds for the younger readers)

Yes, a breach can be as simple as sending somebody your log in credentials in an open email. “Who would be watching my email, I’m no big deal?” The bad guys do not have to watch “your” email, they just run a bot that looks for email patterns that look like passwords.

In our case we tell employers every day we will provide a secure format to transmit information to us. They ignore that and then send us a census with every employee’s personal information, including all of their identifying data. By anybody’s definition that is a breach.

It discloses PHI – “PHI is any health information that can be tied to an individual..(Google)”

It violates HIPAA – “HIPAA is the acronym for the Health Insurance Portability and Accountability Act (Hipaastore.com)”

And that causes this “The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record)(Truevault.com)”

Life has truly become a regulatory minefield, but unlike abandoned war mines, there are maps for HIPAA and other legal mines. And this is where I again stress the importance of professionals in your life. Not every “Professional” is the same so you need to do your own due diligence but the stakes are high and violation costs can put you out of business so the search is worth the effort.

And, of course, you can always contact me and say “what was that thing you wrote about, I’m confused.”

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter

Love Hate with technology

Tech today – fun but do you really want it?

 

I recently read some articles about self reporting technology for insurance claims management. That just has to be good, Right?

 

First was an article about a “Device” that installs on your car and automatically reports all aspects of a claim as it happens. How cool is that?

  • No more recording any details yourself – your carrier already has it.
  • No need to call anybody – a tow truck and self drive rental, and maybe an ambulance, have been dispatched to your location. A drone may even have done a fly by for some pictures.
  • No need to worry about claims payment – a check was sent to everybody shortly after the claim occurred.

 

No need to worry about who was at fault or the other driver’s insurance – both of your cars already reported all of that and the guilty party has already been referred to the police???

 

Hold on just a minute!

 

Ok, let’s say just before an accident in traffic your car reports being stopped at, or near, a bar where you were delivering a package to a client. Then it reports you were speeding or changing lanes erratically, based on an algorithm?  Well you were probably guilty so why waste time waiting for the police, and “ Oh By the Way”, because your car reported you are at fault, some parts of your claim might not be covered.

 

The other item was about automatically reporting  employees, with high medical claims, to employers because they are costing the employer too much money.

 

And how about the tooth brush that reports to your employer when, and how much, you brush your teeth. Yes, that is true! They sent me two of them to try out.

 

Do you really want some electronic device reporting on you to your employer, the police, your insurance company, about your life, let alone your medical claims?

 

The real point here is that it is never a good idea to give up your freedom and privacy for convenience, or out of fear. Whenever you decide it would just be easier to have your life managed by somebody else electronically you might as well check into a care home and get into bed. Real people who are professional, accessible, and might actually have to look you in the eye, are still your best bet to partner with.

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter