Healthcare Information Security

Healthcare Breach Notifications

Alabama Last US State to Enact Data Breach Notification Law

April 4, 2018 - Alabama Governor Kay Ivey has inked a data breach notification law that requires organizations and agencies to notify data breach victims within 45 days, becoming the last US state to enact such a statute. The law, which takes effect May 1, includes medical and health insurance information in the definition of “personally identifying information” subject to...

Read More


More Articles

Federal Lawsuit Filed Following Alleged CVS Health Data Breach

by Elizabeth Snell

Three plaintiffs filed a federal lawsuit on March 21, 2018, claiming that a CVS Health data breach exposed the PHI of over 6,000 individuals, including revealing the HIV status of the individuals.  CVS Health, Caremark LLC (a...

Preparing for a Potential Healthcare Data Breach Investigation

by Elizabeth Snell

A current and comprehensive risk management plan, including a good auditing process, will be critical for organizations that must deal with a healthcare data breach investigation. Covered entities and business associates will be better...

South Dakota is 49th State to Pass Data Breach Notification Law

by Elizabeth Snell

South Dakota became the 49th state to have a data breach notification law when Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The bill includes health information in its definition of personal information as well, which...

Attorneys General Stress Need for State Data Breach Laws

by Elizabeth Snell

It would be greatly detrimental to have federal regulations that preempt state data security and state data breach laws, according to a group of 32 attorneys general, led by Illinois Attorney General Lisa Madigan. The letter explains...

Alabama Data Breach Notification Act Accounts for Medical Data

by Elizabeth Snell

Alabama may soon join 48 other states in having its own state data breach notification legislation, as the Alabama Senate passed a bill earlier this month that would require companies to provide notice should they experience a breach. The...

Nebraska Data Breach Notification Bill Passes Unanimously

by Elizabeth Snell

Individuals or commercial entities that hold Nebraska residents’ personal information must implement and maintain reasonable security procedures, according to a recently passed data breach notification bill. The Nebraska legislature...

Amended Data Privacy Law Proposed in Colorado Legislature

by Elizabeth Snell

The Colorado House Committee on State, Veterans, and Military Affairs unanimously approved an amended data privacy law that would require entities to implement “reasonable security procedures” to protect consumers’...

MA Data Breach Reporting Tool Aids in Notification Process

by Elizabeth Snell

Massachusetts businesses and organizations that need to complete the data breach notification process will now be able to do so through an online data breach reporting tool. Massachusetts Attorney General Maura Healey explained in a...

Proposed Iowa Data Breach Bill Accounts for Health Data

by Elizabeth Snell

Recently proposed updates to Iowa’s data breach bill would include medical information and health insurance information under the definition of “personal information.” Organizations would also need to provide notification...

Colorado Data Privacy Law Updated, Includes Medical Information

by Elizabeth Snell

Bipartisan legislation aiming to improve current data privacy laws was recently introduced in Colorado. The bill would require entities implement “reasonable security procedures” to protect consumers’ personal information...

Potential WV Health Data Breach from Laptop Theft Affects 43K

by Elizabeth Snell

West Virginia-based Coplin Health Systems recently reported a possible health data breach after it discovered that a laptop potentially containing personal health information was stolen. The device was stolen from an employee’s...

2017 Updated State Data Breach Laws Account for Medical Information

by Elizabeth Snell

State data breach laws can be critical for protecting sensitive data, and healthcare organizations must ensure they adhere to them along with federal regulations. The data breach notification process is a crucial aspect to state law, and...

Senator Urges Prompt Data Breach Disclosure in Recent Bill

by Elizabeth Snell

Florida Senator Bill Nelson introduced legislation toward the end of November 2017 that would require organizations to adhere to a more prompt data breach disclosure process. Companies that do not follow the requirements and attempt to...

HIPAA Info Included in Updated MD Data Breach Notification Law

by Elizabeth Snell

Maryland has updated its data breach notification law, with information protected under HIPAA to be included under the definition of personal information. Should that data be compromised in a data breach, state organizations will need to...

Single National Data Breach Notification Standard Proposed

by Elizabeth Snell

A recently proposed bill calls for a single national data breach notification standard, which would replace the existing state notification laws and “clarify and strengthen” organizations’ reporting obligations. Rhode...

Tech Company Agrees to $264K Vermont Data Breach Settlement

by Elizabeth Snell

Technology company SAManage USA, Inc. recently agreed to pay $264,000 as part of a data breach settlement with the Vermont Attorney General, following a July 2016 incident. SAManage provides cloud-based IT support, which was used by WEX...

HHS Updates HIPAA Breach Reporting Tool, Empowers Consumers

by Elizabeth Snell

The recently updated HIPAA Breach Reporting Tool (HBRT) will highlight recent healthcare data breaches and help consumers learn how such incidents are investigated, according to OCR. The agency explained in a statement that the new HBRT...

$130K NY State Settlement from Late Data Breach Notification

by Elizabeth Snell

CoPilot Provider Support Services, Inc. recently agreed to a $130,000 settlement with New York after the company was found to have violated state data breach notification law, according to the New York Attorney General’s...

OCR Highlights Proper Healthcare Cyberattack Response

by Elizabeth Snell

HIPAA covered entities and business associates must know the necessary steps to take following a healthcare cyberattack. Failing to either notify overseeing agencies or properly alert patients could lead to numerous issues for an...

Most Read Stories

Upcoming Webcasts

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks