Official guidance from the Office for Civil Rights
As Hurricane Florence makes landfall, the HHS Office for Civil Rights (OCR) and its federal partners remain in close coordination to help ensure that emergency officials effectively address the needs of at-risk populations as part of disaster response. If you believe that a person or organization covered by the Privacy and Security Rules (a "covered entity") violated your health information privacy rights or otherwise violated the Privacy or Security Rules, you may file a complaint with OCR. For additional information about how to file a complaint, visit OCR's web page on filing complaints at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.
Who is Revealing Your Private Medical Information?
This service from Pro Publica allows a person to search and find out whether your hospital, clinic, pharmacy or health insurer has been named in patient privacy complaints, breaches or violations. This tool includes data from the U.S. Department of Health and Human Services Office for Civil Rights (which enforces HIPAA), the California Department of Public Health (which enforces California’s medical privacy laws) and the U.S. Department of Veterans Affairs (which tracks privacy violations at its vast network of veterans hospitals and clinics).
Facebook's efforts to collect personal health information from hospitals
SUBJECTIVE: In an article reported by CNBC's Christina Farr it is reported that, "Facebook has asked several major U.S. hospitals to share anonymized data about their patients, such as illnesses and prescription info, for a proposed research project. Facebook was intending to match it up with user data it had collected, and help the hospitals figure out which patients might need special care or treatment."
An Office of the National Coordinator published web guide
This newly published web guide from ONC titled, "The Guide to Getting & Using Your Health Records: The steps, tips, and tools you’ll need to get, check, and use your health record" helps to instruct consumers on how to get their health record from healthcare providers, their rights to those records, and some specific ways in which to get a hold of that information.
Approximately 150 million accounts hacked in February 2018
The MyFitnessPal fitness app has reported that approximately 150 million accounts a part of their nutrition tracker were breached in February 2018. It is reported that an authorized user hacked into the MyFitnessPal database system and stole user data.
An article from Zapier
One consideration as you gather and store more personal health information on your computer and devices is making sure that you are not inadvertently sharing this information (or some other aspect of your personal health) through your webcam or mic.
This article from Zapier outlines several different ways and some handy applications that can help you control this on your PC or MAC.
A New York Times Personal Tech series article by Brian X. Chen
In this article written by Brian X. Chen from the New York Times he discusses some of the potential ways in which mobile apps that you download to your phone may be collecting and using your personal data in ways you did not know.
One of the key takeaways is that there are ways in which to protect yourself and tools that can help you figure out which apps are collecting your data and how to remove their ability to do so.
Personal Health Data Security
In this article from the New York Times guidance is provided on how to protect people's own personal data from Ransomware attacks such as the Wannacry virus that has been circulating lately. Wikipedia describes ransomware as a type of malicious software that blocks access to data or threatens to publish it until a ransom is paid. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.[
An ONC HIPAA Access Poster
From the HealthIT.Gov website:
This infographic, titled Your Health Information, Your Rights, was created by the Office of the National Coordinator for Health Information Technology and the U. S. Department of Health and Human Services Office for Civil Rights.
But were afraid to ask...
From the Troy Hunt article:
"The indictment also suggest that the hackers, in most cases, did not employ particularly sophisticated methods to gain initial entry into the corporate networks. The papers show that in most cases, the breach was made via SQL injection flaws -- a threat that has been thoroughly documented and understood for well over than a decade."