Issue link: https://beckershealthcare.uberflip.com/i/1092388
66 CIO / HEALTH IT Cigna, Sentara join Aetna, IBM's blockchain ecosystem By Mackenzie Garrity C igna and Norfolk, Va.-based Sentara Health- care joined a collaborative blockchain proj- ect designed to improve transparency and interoperability in healthcare. Aetna, Anthem, Health Care Services Corp. and PNC Bank launched the blockchain ecosystem initiative Jan. 24. Together, the organizations are exploring use cases for blockchain to address challenges in healthcare, such as payment processing, healthcare information exchanges and maintaining accurate provider directors. "Cigna sees enormous potential for blockchain to improve the way we harness insights across the healthcare ecosystem to better serve our customers and community," said company CIO and Executive Vice President Mark Boxer, PhD. IBM and PNC are already collaborating on a way to use blockchain to develop shared efficiencies, promote bundled payments and improve the quality of care. "Sentara is dedicated to leveraging information technology to continuously improve health every day," said company Chief Information and Innova- tion Officer and Senior Vice President Mike Reagin. "Blockchain is poised to help solve some of health- care's most crucial data security and IT interopera- bility issues as we look to implement new custom- er-centric healthcare delivery models." n Record-breaking $28M in HIPAA settlements reached in 2018 By Julie Spitzer T he federal Office for Civil Rights reached 10 settlements resolving HIPAA violations and one judgment in 2018, bringing in a record $28.7 million in fines. 2018's total surpassed the previous record of HIPAA fines set in 2016 of $23.5 million and included the office's largest individual HIPAA settlement of $16 million with health insurer Anthem. The 10 settlements and fines, listed in order of occurrence: 1. Filefax: $100,000 2. Fresenius Medical Care North America in Waltham, Mass.: $3.5 million 3. Boston Medical Center: $100,000 4. Brigham and Women's Hospital in Boston: $384,000 5. Massachusetts General Hospital in Boston: $515,000 6. Advanced Care Hospitalists in Lakeland, Fla.: $500,000 7. Allergy Associates of Hartford (Conn.): $125,000 8. Anthem: $16 million 9. Pagosa Springs (Colo.) Medical Center: $111,400 10. Cottage Health in Santa Barbara, Calif.: $3 million The office's single judgment in 2018 involved MD Anderson Can- cer Center in Houston and resulted in a fine of $4.348 million. n Cottage Health agrees to $3M HIPAA settlement By Jessica Kim Cohen S anta Barbara, Calif.-based Cottage Health agreed to pay $3 million and implement a corrective action plan as part of a HIPAA settlement to resolve alle- gations it had unintentionally disclosed elec- tronic patient information. Cottage Health, which operates four hospitals in California, notified HHS' Office for Civil Rights about two breaches of unsecured elec- tronic protected health information — one in December 2013 and another in December 2015 — affecting more than 62,500 individuals. e first breach occurred when the security configuration settings of the health system's Windows operating system reportedly per- mitted access to files containing ePHI with- out requiring a username and password. As a result, patient information was available to anyone on the internet with access to Cottage Health's server. e second breach, which also reportedly exposed unsecured ePHI over the internet, occurred aer a server was misconfigured in response to an IT troubleshooting ticket. During its investigation, OCR determined that Cottage Health had failed to perform pe- riodic evaluations in response to operational changes affecting the security of ePHI and failed to obtain a written business associate agreement with a contractor that maintained ePHI on its behalf, among other issues. "e Cottage settlement reminds us that in- formation security is a dynamic process and the risks to ePHI may arise before, during and aer implementation covered entity makes system changes," OCR Director Roger Seve- rino said in a news release. In an emailed statement to Becker's Hospital Review, a Cottage Health spokesperson said: "is settlement involves data incidents that occurred in 2013 and 2015. Since that time Cottage Health has completed a third-party audit of data systems and implemented ad- ditional measures to secure private informa- tion. We are committed to ongoing advances in data security." n