Healthcare Information Security

Data Breach Response Plan

HIPAA Info Included in Updated MD Data Breach Notification Law

November 14, 2017 - Maryland has updated its data breach notification law, with information protected under HIPAA to be included under the definition of personal information. Should that data be compromised in a data breach, state organizations will need to notify consumers. The new provisions under the Maryland Personal Information Protection Act (HB 974) will go into effect on January 1, 2018. Personal information...

More Articles

Single National Data Breach Notification Standard Proposed

by Elizabeth Snell

A recently proposed bill calls for a single national data breach notification standard, which would replace the existing state notification laws and “clarify and strengthen” organizations’ reporting obligations. Rhode Island...

Recent Aetna Data Breach Leads to Class Action Lawsuit

by Elizabeth Snell

A federal class action lawsuit was recently filed against Aetna after it reportedly experienced a data breach that may have affected thousands of individuals. The Legal Action Center, AIDS Law Project of Pennsylvania, and Berger &...

HIMSS Stresses Proactive Healthcare Cybersecurity Measures

by Elizabeth Snell

Regular risk assessments, updating business continuity plans, and implementing a cybersecurity framework are all key ways for providers to follow a proactive healthcare cybersecurity approach, according to HIMSS Director of Privacy and Security...

DE Data Breach Notification Law Includes Medical Information

by Elizabeth Snell

Delaware Governor John Carney signed a bill last week to update the state’s data breach notification requirements. As part of extending cybersecurity protections, the law accounts for medical information being compromised in data breaches....

Creating a Healthcare Security Incident Reporting Process

by Clyde Hewitt of CynergisTek

With the recent wave of ransomware attacks, hacking attempts, and unauthorized disclosures, healthcare organizations have more opportunities to exercise their incident management plans. Unfortunately, these same organizations are learning the...

$115M Settlement Proposed in Anthem Data Breach Case

by Elizabeth Snell

Plaintiffs in the Anthem data breach litigation case recently filed a $115 million settlement proposal, which would also require the healthcare provider to guarantee a certain level of funding for information security. Anthem would also need...

TN Updates Data Breach Notification Law for Encrypted Data

by Elizabeth Snell

Any person or business that conducts business in Tennessee is only required give data breach notification if the information acquired was unencrypted, according to a recently passed amendment. Amended Senate Bill 547 states that encrypted data...

Encryption Aspect Amended in CA Data Breach Notification Law

by Elizabeth Snell

Starting in 2017, data breach notification will be required for instances when encrypted personal information of California residents has been breached and certain conditions are met, according to a recently amended state law. Previously, California’s...

FTC Releases Data Breach Response Guidance for Businesses

by Elizabeth Snell

The Federal Trade Commission (FTC) outlines the steps that businesses should take if they suspect that they have fallen victim to a data breach in a recently released data breach response guide and accompanying video. Along with securing physical...

Companies Lacking Confidence in Data Breach Preparedness

by Elizabeth Snell

More organizations are implementing data breach preparedness plans, but a recent survey showed that those same companies are not entirely confident in their ability to recover from potential data security incidents. The fourth annual Is Your...

Healthcare Data Breach Costs Still Highest Among Industries

by Elizabeth Snell

The healthcare industry is no stranger to data breaches, and as technology continues to evolve, covered entities and their business associates need to be especially vigilant when it comes to keeping patient data secure. A healthcare data breach...

Are Cybersecurity Measures Improving After OPM Data Breach?

by Elizabeth Snell

Nearly one year after the large-scale OPM data breach, the majority of federal employees state that the current cybersecurity measures are unclear. A Federal News Radio survey found that over half of those surveyed - 53 percent - do not believe...

Neb. Data Breach Notification Law Clarifies Encryption Aspect

by Elizabeth Snell

Nebraska Governor Pete Ricketts signed an amended version of the state’s data breach notification law last month, which further clarifies the data encryption exemption and expands the definition of personal information. LB835 made changes...

What is the Real Cost of a Healthcare Data Breach?

by Sean Doherty of TSC Advantage

The recent spate of ransomware attacks against hospitals have set a new precedent in healthcare cyber threats – literally holding data and operations ransom until paid.   While a ransom of $17,000 in the hard-to-track bitcoin...

US Appeals Court Affirms FCA Healthcare Data Breach Case

by Elizabeth Snell

The US Court of Appeals for the Sixth District affirmed a district court’s dismissal of a healthcare data breach case that alleged there had been False Claims Act (FCA) violations. In United States ex rel. Sheldon v. Kettering Health Network,...

California Adopts Statewide Data Breach Notification Laws

by Sara Heath

In the wake of several recent large-scale data breaches, such as the UCLA Health System, California Governor Jerry Brown recently signed a law that would provide statewide regulations for data breach notification. The law, which comes as a three-bill...

Why Prompt Health Data Breach Notification is Essential

by Elizabeth Snell

Proper health data breach notification is a critical aspect of HIPAA that healthcare organizations must adhere to. Along with federal laws, there are often state and local data breach notification requirements that must also be followed. Without...

State Data Breach Notification Laws Critical, Say State AGs

by Elizabeth Snell

It is essential that a federal data breach notification law does not preempt state laws, according to the National Association of Attorneys General (NAAG). The group wrote a letter to Congress this week, explaining that as many current state...

Data Breach Response Best Practices Guide Released by DOJ

by Elizabeth Snell

The Department of Justice’s (DOJ) Cybersecurity Unit recently released a data breach response guide to help facilities better prepare for data security incidents before they occur, as well as what to do after the fact. While the guide was created...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks