Healthcare Information Security

HITECH Breach Notification Rule

Nebraska Data Breach Notification Bill Passes Unanimously

February 28, 2018 - Individuals or commercial entities that hold Nebraska residents’ personal information must implement and maintain reasonable security procedures, according to a recently passed data breach notification bill. The Nebraska legislature passed the bill on February 23, 2018 in a 46-0 vote, and was introduced by Senator Adam Morfeld. Legislative Bill 757 amended sections of the Credit...

More Articles

Amended Data Privacy Law Proposed in Colorado Legislature

by Elizabeth Snell

The Colorado House Committee on State, Veterans, and Military Affairs unanimously approved an amended data privacy law that would require entities to implement “reasonable security procedures” to protect consumers’...

2017 Updated State Data Breach Laws Account for Medical Information

by Elizabeth Snell

State data breach laws can be critical for protecting sensitive data, and healthcare organizations must ensure they adhere to them along with federal regulations. The data breach notification process is a crucial aspect to state law, and...

Senator Urges Prompt Data Breach Disclosure in Recent Bill

by Elizabeth Snell

Florida Senator Bill Nelson introduced legislation toward the end of November 2017 that would require organizations to adhere to a more prompt data breach disclosure process. Companies that do not follow the requirements and attempt to...

HHS Updates HIPAA Breach Reporting Tool, Empowers Consumers

by Elizabeth Snell

The recently updated HIPAA Breach Reporting Tool (HBRT) will highlight recent healthcare data breaches and help consumers learn how such incidents are investigated, according to OCR. The agency explained in a statement that the new HBRT...

$130K NY State Settlement from Late Data Breach Notification

by Elizabeth Snell

CoPilot Provider Support Services, Inc. recently agreed to a $130,000 settlement with New York after the company was found to have violated state data breach notification law, according to the New York Attorney General’s...

Breach Notification Center of Presence Health HIPAA Settlement

by Elizabeth Snell

Healthcare network Presence Health recently agreed to a $475,000 OCR HIPAA settlement following a reported data breach and a subsequent delayed breach notification process. Presence submitted a breach notification report to OCR on...

Data Breach Notification Law Passes Unanimously in Wash.

by Elizabeth Snell

The Washington state Senate unanimously passed the proposed data breach notification law last week by a 47-0 vote. HB 1078 is designed to “strengthen the data breach notification requirements to better safeguard personal...

Healthcare Data Breaches Can Push Patients Away, Says Survey

by Elizabeth Snell

Healthcare data breaches can be devastating for patients and the healthcare facility that was attacked. The organization could face severe penalties from the Department of Health & Human Services (HHS) if it is deemed that it violated...

Are You Ready for the HIPAA Breach Notification Deadline?

by Elizabeth Snell

Covered entities (CEs) that experienced a data breach in 2014 that affected fewer than 500 people have an important HIPAA breach notification deadline approaching: March 1. That is the deadline that those organizations must notify the...

Data Breach News: Cone Health Mailing Error; New Calif. Law

by Patrick Ouellette

Cone Health of Greensboro, N.C. has alerted 2,076 Southeastern Heart and Vascular Center patients that their data was compromised as a result of a mailing error. reports that a clerical mistake led to letters, which included...

Touchstone Medical Imaging Posts Data Breach Notification

by Patrick Ouellette

Touchstone Medical Imaging, LLC has sent out notices to some patients treated prior to August of 2012 that it learned on May 9, 2014 that a shared folder holding sensitive data was exposed on the internet. The imaging specialist...

Texas HHSC sues Xerox; Tri-City Medical Center reports breach

by Patrick Ouellette

The Texas Health and Human Services Commission (HHSC) recently filed a lawsuit against Xerox for withholding patient documents that it held as state’s former primary Medicaid claims administrator. HHSC recently terminated the Xerox...

Indianapolis hospital reports patient mailing data exposure

by Patrick Ouellette

St. Vincent Breast Center of Indianapolis recently alerted about 63,000 patients that their data had been potentially compromised after the organization mistakenly sent letters with patient information to the wrong addresses. As reported...

OIG releases biannual report, includes security recommendations

by Patrick Ouellette

The Office of Inspector General (OIG) and Department of Health and Human Services (HHS) summarized their activities from October 2013 through March 2014 in the Semiannual Report to Congress. Among the more prominent topics raised in OIG...

WEDI publishes health data breach notification tips

by Patrick Ouellette

The Workgroup for Electronic Data Interchange (WEDI) Privacy and Security Workgroup recently published its Breach Risk Assessment Issue Brief to offer reminders to healthcare organizations regarding the breach notification decision...

ONC, OCR publicize HIPAA Digital Privacy Notice Challenge

by Patrick Ouellette

After providing four approved notice of privacy practices (NPP) templates in September, the Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) are focusing on digital NPPs and...

Healthcare attorney highlights HIPAA Omnibus changes

by Patrick Ouellette‘s recent webcast, “HIPAA Omnibus Rule compliance tips and best practices“, provided a variety of takeaways from presenter and Dunkiel¬†Saunders healthcare attorney¬†Eileen Elliott. One of the biggest...

Register now for Feb. 5 HIPAA Omnibus Rule webcast

by Patrick Ouellette will be holding a webcast, “HIPAA Omnibus Rule compliance tips and best practices“, on February 5 at 1 p.m. EST to help further clarify changes to the HIPAA privacy and security rules that went into effect...

Law firm iOS app aggregates federal, state breach statutes

by Patrick Ouellette

While Fox Rothschild LLP’s new Data Breach 411 iOS application shouldn’t be the sole resource healthcare organizations and their business associates (BAs) use when responding to data breaches, the app may be useful for...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...