HIPAA Security Breaches by India Contractor

 HIPAA Security Breaches by India Contractor to Cogent Healthcare 

Submitted: Fidel Gruber, HIPAA Privacy and Security Officer 

Practices need to be cautious not only of their EHR vendors, but the India contractors they out-source to. The evidence of security breaches only became known, when the EHR vendor cancelled the contract with the vendor. Practices must hold their EHR vendors accountable for HIPAA Security. The EHR vendors must impose HIPAA security regulations on India out-source contractors or not use them. 

Brentwood-based Cogent Healthcare has security lapse A security lapse by a vendor to Cogent Healthcare exposed the health information of 32,000 patients nationwide of doctors in physician groups managed by the hospitalist company.

Read complete article at: Physician Notes Vendor to Brentwood-based Cogent Healthcare has Security Lapse

Cogent Healthcare, which manages group practices of hospitalists and intensivists working in hospitals across the nation, is notifying about 32,000 patients following a breach of protected health information by a contractor. The breach affects 25 Cogent physician groups in at least 17 states.

Cogent Healthcare learned that M2ComSys, a medical transcription company in India, was not storing protected health information on secure Internet site, and care notes were accessed. “The access to these notes through the site began May 5, 2013, and ended following Cogent Healthcare’s discovery of the lapse on June 24, 2013,” according to a public notice from Cogent. “It involved care notes of approximately 32,000 patients from across the county. We are generally unable to identify who accessed the care notes. In some cases, the care notes were indexed by Google.”

Read complete article at:  Hospitalist's Firm India Contractor Breaches PHI.