Healthcare Information Security


OCR investigating Idaho Medicaid contractor data disclosures

by Patrick Ouellette

Idaho Medicaid is on the receiving end of more federal scrutiny for vendor management practices, as state agencies and the Department of Health and Human Services (HHS) are investigating patient data disclosures at Optum Idaho. Optum...

Updating HIPAA BAAs before Sept. 23, 2014: Compliance tips

by Patrick Ouellette

With fall quickly approaching, the last compliance piece to the HIPAA Omnibus Rule is coming up quick as well. As of September 23, 2014, all HIPAA business associate agreements (BAAs) must be up to date and in line with the regulations set...

Boston judge refuses hospital PHI disclosure waiver request

by Patrick Ouellette

A Boston judge provided a reminder this week that a healthcare organization’s and a patient’s rights to release medical records under HIPAA are very different and a bid for a court order wouldn’t help a provider sidestep...

Managing security risk in the new age of integrated care

by Jim Campbell

Almost 20 years after HIPAA was enacted, the healthcare industry is facing unprecedented risks to patient privacy and security, and it’s only going to get worse. To take control, providers need to act now and manage security and...

Where do ACOs fit into the HIPAA compliance landscape?

by Patrick Ouellette

Most stakeholders in the healthcare industry have a different take on HIPAA. Regulators see privacy and security laws as fair and necessary to patient care. Many covered entities view HIPAA compliance enforcement as inconsistent and, at...

House Committee hears new FTC v. LabMD arguments

by Patrick Ouellette

Though the FTC v. LabMD trial has been temporarily put on hold, there is still a war of words going on between the two sides. The House Committee on Oversight and Government Reform governed a three-hour meeting to help determine whether...

S.C. hospital reports laptop theft, patient data breach

by Patrick Ouellette

Self Regional Healthcare of Greenwood, S.C. is alerting patients of a data breach that occurred over Memorial Day weekend when two men stole an unencrypted laptop containing an unknown number of patient records. The Index Journal...

Johns Hopkins reaches preliminary privacy breach agreement

by Patrick Ouellette

More than a year after patients filed a potential class action lawsuit against Johns Hopkins Medicine following a privacy breach, the hospital has reached a preliminary $190 million settlement. For background, former Johns Hopkins...

Amazon: HIPAA, BA scope should be narrowed for research

by Patrick Ouellette

Amazon is the latest organization to publicly refer to HIPAA as a barrier to business initiatives. Paul Misener, Amazon’s vice president for global public policy, recently said that HIPAA impedes research in front of a House Energy...

VA accused of using HIPAA to block waiting list disclosures

by Patrick Ouellette

Are there instances where federal privacy laws are misused and actually end up being detrimental to the patient? According to a recent Washington Post report, some believe the Department of Veterans Affairs (VA) is using HIPAA as a...

Do third parties regularly access consumer health data?

by Patrick Ouellette

Consumer-generated healthcare data privacy doesn’t appear to have caused too many ripples in the general public’s consciousness to this point. But a recent California Healthcare Foundation report looks at how personal health...

Blue Shield, DMHC of Calif. release Social Security numbers

by Patrick Ouellette

Blue Shield of California and the California Department of Managed Health Care (DMHC) announced that they inadvertently distributed 18,000 doctors’ Social Security numbers. Blue Shield mistakenly sent rosters to DMHC that mistakenly...

Indianapolis hospital reports patient mailing data exposure

by Patrick Ouellette

St. Vincent Breast Center of Indianapolis recently alerted about 63,000 patients that their data had been potentially compromised after the organization mistakenly sent letters with patient information to the wrong addresses. As reported...

NRAD Medical Associates notifies 97,000 patients of breach

by Patrick Ouellette

NRAD Medical Associates of Garden City, New York has informed 97,000 patients that an internal employee inappropriately accessed protected health information (PHI) and patient billing data back in April 2014. According to...

Securing a healthcare mobile environment during EHR transition

by Frank Baer

As evidenced by all of the recent healthcare regulation news, our industry is in a state of evolution. While government, healthcare professionals and patients are the ones actually driving change, it is technology that is helping to power...

Penn State Hershey Medical Center alerts 1,801 patients of breach

by Patrick Ouellette

Penn State Milton S. Hershey Medical Center began alerting 1,801 patients last week that an employee had accessed clinical data without having proper IT security protections in place. According to the Penn State statement, the employee, a...

Healthcare data breach trends: Areas of needed improvement

by Patrick Ouellette

Recent news that a Montana Department of Public Health and Human Services server had been hacked into served as a reminder that there are a number of different ways in which HIPAA covered entities can endure data breaches. With that in...

Server hack leads to Montana Health Department investigation

by Patrick Ouellette

Just less than a year after a Montana Department of Public Health and Human Services server was hacked into, the department is alerting both public program clients and employees that their data was inappropriately accessed. After seeing...

Should healthcare organizations be wary of FTC regulations?

by Patrick Ouellette

The most anticipated part of the Federal Trade Commission (FTC) v. LabMD case’s administrative hearing had been the FTC potentially providing details on its data security standards in a public forum. For the moment, however, the...

Hurley Medical Center notifies employees of data breach

by Patrick Ouellette

Hurley Medical Center is in the process of dealing with an employee data breach that was a result of an error made while the organization was working to resolve payment errors with its health plan. According to, an email...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...