Healthcare Information Security


Patient Files Another Class Action Community Health Systems

by Patrick Ouellette

Community Health Systems, Inc. (CHSI) is facing more legal action resulting from its data breach that affected 4.5 million patients, as patient Briana Brito filed a class-action lawsuit against CHSI on September 19. Brito, who was hospitalized...

HIPAA Privacy Rule: Reminders to Avoid Enforcement Penalties

by Elizabeth Snell

As healthcare evolves, it’s important to remain up-to-date on all changes, such as the HIPAA Omnibus Rule. However, because patient privacy remains a pressing topic, decided to review the basics of the HIPAA Privacy Rule....

Reviewing California’s Mobile App, PHR Privacy Regulations

by Patrick Ouellette

California enacted legislation, AB 658, earlier this year to shield patient health information stored in personal health records personal health records (PHRs) and mobile health applications. Deven McGraw and Susan Ingargiola of Manatt Health...

Bronx RHIO implements direct secure messaging

by Elizabeth Snell

Maintaining security standards as Health Information Exchange (HIE) expansion continues is critical for any healthcare provider. It’s also essential that patient data stays secure as it is transported from one organization to the next. Those...

Dorn VA medical center faces class action lawsuit

by Elizabeth Snell

William Jennings Bryan Dorn Veterans Affairs (VA) medical center has been hit with yet another lawsuit following a health data breach. On July 14, staff members first noticed that four boxes with patients’ information had gone missing....

AltaMed Health Services alerts 2,995 patients of data breach

by Patrick Ouellette

AltaMed Health Services announced last week that 2,995 patients’ data were potentially compromised when an employee stole patient records in an apparent identity theft ring. AltaMed, which offers a variety of healthcare services, posted...

OCR investigating Idaho Medicaid contractor data disclosures

by Patrick Ouellette

Idaho Medicaid is on the receiving end of more federal scrutiny for vendor management practices, as state agencies and the Department of Health and Human Services (HHS) are investigating patient data disclosures at Optum Idaho. Optum Idaho was...

Updating HIPAA BAAs before Sept. 23, 2014: Compliance tips

by Patrick Ouellette

With fall quickly approaching, the last compliance piece to the HIPAA Omnibus Rule is coming up quick as well. As of September 23, 2014, all HIPAA business associate agreements (BAAs) must be up to date and in line with the regulations set forth...

Boston judge refuses hospital PHI disclosure waiver request

by Patrick Ouellette

A Boston judge provided a reminder this week that a healthcare organization’s and a patient’s rights to release medical records under HIPAA are very different and a bid for a court order wouldn’t help a provider sidestep record...

Managing security risk in the new age of integrated care

by Jim Campbell

Almost 20 years after HIPAA was enacted, the healthcare industry is facing unprecedented risks to patient privacy and security, and it’s only going to get worse. To take control, providers need to act now and manage security and compliance...

Where do ACOs fit into the HIPAA compliance landscape?

by Patrick Ouellette

Most stakeholders in the healthcare industry have a different take on HIPAA. Regulators see privacy and security laws as fair and necessary to patient care. Many covered entities view HIPAA compliance enforcement as inconsistent and, at times,...

House Committee hears new FTC v. LabMD arguments

by Patrick Ouellette

Though the FTC v. LabMD trial has been temporarily put on hold, there is still a war of words going on between the two sides. The House Committee on Oversight and Government Reform governed a three-hour meeting to help determine whether the Federal...

S.C. hospital reports laptop theft, patient data breach

by Patrick Ouellette

Self Regional Healthcare of Greenwood, S.C. is alerting patients of a data breach that occurred over Memorial Day weekend when two men stole an unencrypted laptop containing an unknown number of patient records. The Index Journal reports...

Johns Hopkins reaches preliminary privacy breach agreement

by Patrick Ouellette

More than a year after patients filed a potential class action lawsuit against Johns Hopkins Medicine following a privacy breach, the hospital has reached a preliminary $190 million settlement. For background, former Johns Hopkins gynecologist...

VA accused of using HIPAA to block waiting list disclosures

by Patrick Ouellette

Are there instances where federal privacy laws are misused and actually end up being detrimental to the patient? According to a recent Washington Post report, some believe the Department of Veterans Affairs (VA) is using HIPAA as a mechanism...

Do third parties regularly access consumer health data?

by Patrick Ouellette

Consumer-generated healthcare data privacy doesn’t appear to have caused too many ripples in the general public’s consciousness to this point. But a recent California Healthcare Foundation report looks at how personal health information...

Blue Shield, DMHC of Calif. release Social Security numbers

by Patrick Ouellette

Blue Shield of California and the California Department of Managed Health Care (DMHC) announced that they inadvertently distributed 18,000 doctors’ Social Security numbers. Blue Shield mistakenly sent rosters to DMHC that mistakenly included...

Indianapolis hospital reports patient mailing data exposure

by Patrick Ouellette

St. Vincent Breast Center of Indianapolis recently alerted about 63,000 patients that their data had been potentially compromised after the organization mistakenly sent letters with patient information to the wrong addresses. As reported by,...

NRAD Medical Associates notifies 97,000 patients of breach

by Patrick Ouellette

NRAD Medical Associates of Garden City, New York has informed 97,000 patients that an internal employee inappropriately accessed protected health information (PHI) and patient billing data back in April 2014. According to,...

Securing a healthcare mobile environment during EHR transition

by Frank Baer

As evidenced by all of the recent healthcare regulation news, our industry is in a state of evolution. While government, healthcare professionals and patients are the ones actually driving change, it is technology that is helping to power and...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks