Healthcare Information Security

Patient Privacy Rights

California Moves to Close Gaps in Data Breach Notification Law

February 22, 2019 - California Attorney General Xavier Becerra and Assembleymember Marc Levine are seeking to strengthen the state’s data breach notification law, which aims to close a loophole and expand requirements to include compromised biometrics or passport numbers. Introduced in 2003, California currently has one of the toughest data breach notification laws in the country. It was one of the...

More Articles

Facebook Accused of Exposing User Health Data in Complaint to FTC

by Jessica Davis

A group of health privacy experts recently filed a complaint with the Federal Trade Commission, accusing Facebook of misleading users about its privacy policies of its “closed” health groups. Filed in December with the FTC and...

Slack Adds HIPAA-Compliant Features to Enterprise Grid Messaging

by Jessica Davis

Slack recently added HIPAA compliance to its security features, directly related to file uploads. While the compliance is not currently related to communication channels or direct messaging between patients and providers, two sources told...

Wyoming Seeks to Repeal Hospital Privacy Regulation for HIPAA Clarity

by Jessica Davis

Wyoming state senators recently proposed a bill that would clarify regulations around patient privacy in the state. Introduced on Tuesday, the legislation would repeal the state’s Hospital Records Act of 1991, which was designed to...

Community Health Systems Reaches Settlement over 2014 Breach of 4.5M

by Jessica Davis

Tennessee-based Community Health Systems reached a settlement with the 4.5 million patients impacted by its 2014 data breach. CHS operates more than 200 hospitals across the country and is one of the largest hospital networks in the U.S....

Illinois Rules Actual Harm Not Required in Biometric Privacy Law

by Jessica Davis

The Illinois Supreme Court ruled on Friday that an individual can bring a lawsuit against an organization that violates the state’s Biometric Information Privacy Act, without alleging actual injury or adverse event. The court ruled...

Could HIPAA be Repealed, Replaced with a Unified Federal Privacy Law?

by Jessica Davis

The Information Technology and Innovation Fund is recommending a repeal of privacy regulations across the U.S., including HIPAA, to replace the patchwork of federal laws with a unified approach. Among its recommendations, ITIF is calling...

Judge Approves Flowers Hospital Settlement over 2014 Data Breach

by Jessica Davis

A federal judge has approved a settlement between Flowers Hospital and the 1,200 patients whose data was stolen from the hospital in 2014, according to Alabama news station WTVY. The Alabama-based provider will pay the victims up to...

Avery Center to Pay Patient $853K for Impermissible Data Disclosure

by Jessica Davis

The Bridgeport Superior Court ruled the Avery Center of Obstetrics and Gynecology must pay a former Connecticut resident $853,000, for releasing the woman’s medical records to her past boyfriend without her consent. The lawsuit,...

LifeBridge Health Sued over Data Breach of 530,000 Patients

by Jessica Davis

A class-action lawsuit was filed against Baltimore-based LifeBridge Health on Thursday over its 2016 health data breach, disclosed to the public in May 2018. According to the release, law firm Murphy, Falcon and Murphy filed the statewide...

McLean Hospital Pays Massachusetts $75,000 for 2015 Breach

by Jessica Davis

Belmont, Massachusetts-based McLean Hospital settled with the state over its 2015 data breach, agreeing to implement new security and training and pay $75,000. The settlement will resolve claims the psychiatric hospital exposed the data...

Social Media Needs Transparent Privacy Policies for Healthcare Data

by Jessica Davis

Two healthcare leaders are calling for greater transparency and stronger laws that outline the data collection practices of social media platforms. In Applied Clinical Informatics, Carolyn Petersen, Mayo Clinic Global Business Solutions...

Proposed Bill Gives Consumers Right to Dispute PHI Record Accuracy

by Jessica Davis

The Center for Democracy & Technology released a proposed draft federal privacy bill, centered around a consumer’s right to understanding where their data is located and reasonable access to data upon request. While the draft...

OCR Settles with Colorado Provider for $111,000 over HIPAA Failures

by Jessica Davis

The Department of Health and Human Services’ Office for Civil Rights settled with Pagosa Springs Medical Center for $111,400, for failing to terminate a former employee’s access to electronic protected health...

EmblemHealth Fined $100K for 2016 Healthcare Data Breach

by Jessica Davis

New Jersey Attorney General Gurbir Grewal fined health insurance vendor EmblemHealth $100,000, for its 2016 health data breach of more than 6,000 New Jersey residents. The New York-based insurer’s subsidiary Group Health is also...

20,000 Patients Impacted by Ransomware Attack on Illinois Specialist

by Jessica Davis

The Center for Vitreo-Retinal Diseases in Illinois recently began notifying 20,371 patients that their data was potentially breached after a ransomware attack in September. On September 18, officials discovered a ransomware attack...

12 States Sue Business Associate for 2015 Health Data Breach

by Jessica Davis

A dozen states have filed a Federal lawsuit against Indiana-based Medical Informatics Engineering (MIE) and subsidiary NoMoreClipboard, over a 2015 hack that breached the data of more than 3.9 million patients nationwide. The Attorneys...

Allergy Associates Settles with OCR for $125K over HIPAA Violation

by Jessica Davis

Connecticut-based Allergy Associates of Hartford settled with the Office for Civil Rights for $125,000, for a 2015 incident involving impermissible disclosure of a patient’s protected health information to a reporter. In February...

AMIA Calls for Federal Alignment of Health Data Privacy Policies

by Jessica Davis

The American Medical Informatics Association is calling on the Trump Administration to better align data privacy policies from both the health and consumer sectors. In a letter to the National Telecommunications and Information...

NIH Reboots Genomic Data Access After Patient Privacy Fears Eased

by Fred Donovan

The National Institutes of Health (NIH) has resumed public access to its genomic summary results after restricting access for ten years over patient privacy concerns. Genomic summary results “convey information relevant to...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...