Healthcare Information Security

Patient Data Security

AHIMA Continues Push for Balance in Patient Data Access, Security

March 20, 2018 - Healthcare professionals should have access to their patients’ entire medical history, but patient data access and data security measures must also be considered, AHIMA members said in meetings with Congress today. Access to substance abuse disorder information can help providers better care for patients, AHIMA explained in an emailed press release. However, the release of substance...

More Articles

What the CareFirst Data Breach Decision Means for Healthcare

by Elizabeth Snell

In February 2018, the US Supreme Court denied certiorari in the CareFirst data breach case. CareFirst had requested the Court review the class action lawsuit against it that came from two separate incidents. The first occurred in June 2014, followed...

EmblemHealth Data Breach Leads to $575K NY State Settlement

by Elizabeth Snell

New York Attorney General Eric Schneiderman announced that a $575,000 settlement had been reached in the EmblemHealth data breach case, following a mailing error incident that exposed 81,122 Social Security numbers. The health plan discovered...

70K Notified in Tufts Health Plan Data Breach in Vendor Error

by Elizabeth Snell

A vendor that handles the mailing of member identification (ID) cards reportedly sent out envelopes with patient information visible in the mailing window, which created a Tufts Health Plan data breach. Tufts Medicare Preferred ID cards were...

Physical Safeguard Need Underlined in Recent VA Privacy Protocols

by Elizabeth Snell

A recent data breach involving old records from hospital patients, employees, and job applicants has led a VA medical center to launch new data privacy protocols. The John J. Pershing VA Medical Center said that it will be improving its...

Stakeholders Desire Clarification on Secure Data Exchange in TEFCA

by Elizabeth Snell

ONC must further clarify secure data exchange aspects in its Trusted Exchange Framework and Common Agreement (TEFCA) draft, and also explain how HIPAA regulations will apply, according to industry stakeholders. One of the TEFCA principles discusses...

CarePlus Health Reports PHI Data Breach Impacting 11K

by Elizabeth Snell

A series of programming and printing errors resulted in Explanation of Benefits (EOB) letters being sent to the incorrect CarePlus Health Plan members, an organization spokesperson confirmed to Approximately 11,200 individuals...

Common Rule Interim Version Released, Exempts HIPAA Research

by Elizabeth Snell

More secondary research of EHR data will be enabled through the recently announced interim version of the Federal Policy for the Protection of Human Subjects, or the Common Rule. Certain low-risk studies, such as observational studies meant to...

How the FTC Act, HIPAA Privacy Rule Impact Healthcare Orgs

by Elizabeth Snell

Collecting and sharing consumer health information is fairly standard practice for covered entities and their business associates. Organizations must ensure that they remain in compliance with the HIPAA Privacy Rule throughout that entire process,...

Class-Action Lawsuit Filed after Allscripts Ransomware Attack

by Elizabeth Snell

Florida-based Surfside Non-Surgical Orthopedics, P.A. (Orthopedics) filed a class-action lawsuit in the wake of the Allscripts ransomware attack that took place on January 18, 2018. Allscripts’ EHR system was infected by SamSam ransomware,...

KS Healthcare Organization Fined over Unsecured Patient Data

by Elizabeth Snell

Topeka, Kansas-based Pearlie Mae’s Compassion and Care LLC recently agreed to pay an $8,750 civil penalty after allegations that it had unsecured patient data in one of its office locations. Defendants Ann Marie Kaiser and Jenell Jones...

What Precedent Will Be Set in CareFirst Data Breach Case?

by Elizabeth Snell

The flood gates could potentially be opened for “no-injury class actions arising from virtually every data breach” if the US Supreme Court does not reaffirm the Washington DC circuit court’s decision with the CareFirst data...

$17M Settlement Agreement Reached in Aetna Data Breach Case

by Elizabeth Snell

Aetna has reached a $17 million settlement following a reported data breach from 2017 where 12,000 individuals were impacted. The healthcare company Aetna sent letters in the mail where information about ordering prescription HIV drugs was clearly...

VA Patient Data Disclosure to HIEs Permitted in Proposed Rule

by Elizabeth Snell

The Department of Veterans Affairs (VA) published a proposed rule that would amend its current regulations on allowing patient data disclosure to health information exchanges (HIEs). The updated rule would permit VA to release a patient’s...

Onco360 Email Data Security Incident Impacts 53K Patients

by Elizabeth Snell

Onco360 and CareMed Specialty Pharmacy are notifying patients that a data security incident stemming from unauthorized access to employee email accounts may have involved their health information. Suspicious activity on an employee’s email...

CT Supreme Court Rules Patients Can Sue Over PHI Disclosure

by Elizabeth Snell

There is a duty of confidentiality between a physician and patient, and patients have the right to sue should unauthorized PHI disclosure take place, according to the Connecticut Supreme Court. In Byrne v. Avery Center for Obstetrics & Gynecology,...

Patient Data Unaffected in Hancock Health Ransomware Attack

by Elizabeth Snell

Indiana-based Hancock Health experienced a ransomware attack on January 11, 2018, according to a statement posted on the organization’s website. Hancock recovered use of its computers and patient information was not adversely affected....

Potential WV Health Data Breach from Laptop Theft Affects 43K

by Elizabeth Snell

West Virginia-based Coplin Health Systems recently reported a possible health data breach after it discovered that a laptop potentially containing personal health information was stolen. The device was stolen from an employee’s automobile...

Kathryn Marchesini Named New ONC Chief Privacy Officer

by Elizabeth Snell

The Office of the National Coordinator (ONC) announced through an internal email that Katheryn Marchesini, JD, had been appointed to the ONC Chief Privacy Officer position. National Coordinator Donald Rucker, MD explained that Marchesini is an...

20% of RNs Had Patient Data Breaches, Claim Response Confidence

by Elizabeth Snell

There is potentially a disconnect between healthcare professionals’ confidence in preventing patient data breaches and actually being able to do so, according to recent research from the University of Phoenix. Twenty percent of registered...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks