Healthcare Information Security

Healthcare Breach Notifications

Potential WV Health Data Breach from Laptop Theft Affects 43K

January 11, 2018 - West Virginia-based Coplin Health Systems recently reported a possible health data breach after it discovered that a laptop potentially containing personal health information was stolen. The device was stolen from an employee’s automobile on or about November 2, 2017, the notification letter said, which was signed by Coplin Health Systems CEO Derek Snyder. The laptop was password protected...


More Articles

2017 Updated State Data Breach Laws Account for Medical Information

by Elizabeth Snell

State data breach laws can be critical for protecting sensitive data, and healthcare organizations must ensure they adhere to them along with federal regulations. The data breach notification process is a crucial aspect to state law, and can...

Senator Urges Prompt Data Breach Disclosure in Recent Bill

by Elizabeth Snell

Florida Senator Bill Nelson introduced legislation toward the end of November 2017 that would require organizations to adhere to a more prompt data breach disclosure process. Companies that do not follow the requirements and attempt to deliberately...

HIPAA Info Included in Updated MD Data Breach Notification Law

by Elizabeth Snell

Maryland has updated its data breach notification law, with information protected under HIPAA to be included under the definition of personal information. Should that data be compromised in a data breach, state organizations will need to notify...

Single National Data Breach Notification Standard Proposed

by Elizabeth Snell

A recently proposed bill calls for a single national data breach notification standard, which would replace the existing state notification laws and “clarify and strengthen” organizations’ reporting obligations. Rhode Island...

Tech Company Agrees to $264K Vermont Data Breach Settlement

by Elizabeth Snell

Technology company SAManage USA, Inc. recently agreed to pay $264,000 as part of a data breach settlement with the Vermont Attorney General, following a July 2016 incident. SAManage provides cloud-based IT support, which was used by WEX Health...

HHS Updates HIPAA Breach Reporting Tool, Empowers Consumers

by Elizabeth Snell

The recently updated HIPAA Breach Reporting Tool (HBRT) will highlight recent healthcare data breaches and help consumers learn how such incidents are investigated, according to OCR. The agency explained in a statement that the new HBRT “features...

$130K NY State Settlement from Late Data Breach Notification

by Elizabeth Snell

CoPilot Provider Support Services, Inc. recently agreed to a $130,000 settlement with New York after the company was found to have violated state data breach notification law, according to the New York Attorney General’s office. CoPilot...

OCR Highlights Proper Healthcare Cyberattack Response

by Elizabeth Snell

HIPAA covered entities and business associates must know the necessary steps to take following a healthcare cyberattack. Failing to either notify overseeing agencies or properly alert patients could lead to numerous issues for an organization....

OCR Newsletter Reviews Healthcare Cybersecurity Best Practices

by Elizabeth Snell

Even the most current and comprehensive security controls cannot guarantee that PHI security will never be compromised, which is why healthcare cybersecurity best practices should be regularly reviewed. OCR’s May cybersecurity newsletter...

Virginia Mason Patient Data Privacy Breach Leads to Lawsuit

by Elizabeth Snell

After receiving $8.5 million in a medical negligence lawsuit, a Washington couple is filing another lawsuit against Virginia Mason Medical Center for its alleged actions following a patient data privacy breach. Matthew and Sarah Hipps, MD, claim...

Va. Data Breach Legislation Update Accounts for Payroll Data

by Elizabeth Snell

Virginia recently updated its data breach legislation to require notification should payroll data become compromised. The amended statute applies to employers or payroll service providers who experience unauthorized access and acquisition of...

Do Healthcare Data Breach Lawsuits Have Reasonable Standards?

by Elizabeth Snell

Being able to prove fault in a healthcare data breach class action lawsuit is inherently difficult, but it is also important to understand the privacy expectations, according to a recent Corporate Clients Insight blog post. Data breach cases...

TN Updates Data Breach Notification Law for Encrypted Data

by Elizabeth Snell

Any person or business that conducts business in Tennessee is only required give data breach notification if the information acquired was unencrypted, according to a recently passed amendment. Amended Senate Bill 547 states that encrypted data...

N.M. Senate Committee Passes Data Breach Notification Bill

by Elizabeth Snell

A New Mexico data breach notification bill was recently passed by a state Senate Committee, and will move onto the Senate Judiciary Committee, according to the Los Alamos Daily Post.   Rep. Bill Rehm introduced House Bill 15, and explained...

Breach Notification Center of Presence Health HIPAA Settlement

by Elizabeth Snell

Healthcare network Presence Health recently agreed to a $475,000 OCR HIPAA settlement following a reported data breach and a subsequent delayed breach notification process. Presence submitted a breach notification report to OCR on January 31,...

Mass. Launches Online Data Breach Notification Archive

by Elizabeth Snell

As part of the recently updated Massachusetts Public Records Law, the state’s Office of Consumer Affairs and Business Regulation made its online Data Breach Notification Archive available to the public. Governor Charlie Baker signed the...

US-CERT Updates Cybersecurity Incident Notification Guidelines

by Elizabeth Snell

The U.S. Computer Emergency Readiness Team (US-CERT) announced its new cybersecurity incident notification guidelines, which will go into effect on April 1, 2017. The guidelines will affect all Federal departments and agencies, as well as state,...

Encryption Aspect Amended in CA Data Breach Notification Law

by Elizabeth Snell

Starting in 2017, data breach notification will be required for instances when encrypted personal information of California residents has been breached and certain conditions are met, according to a recently amended state law. Previously, California’s...

FTC Releases Data Breach Response Guidance for Businesses

by Elizabeth Snell

The Federal Trade Commission (FTC) outlines the steps that businesses should take if they suspect that they have fallen victim to a data breach in a recently released data breach response guide and accompanying video. Along with securing physical...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks