Healthcare Information Security

Patient Privacy

NHHIO expands legislation for use and disclosure of protected health information

by Elizabeth Snell

The New Hampshire Health Information Organization (NHHIO) announced on Tuesday (Sept. 16) that state Senate Bill 229 is now in effect. The bill expands the availability of the health network to a larger group of care providers and also helps...

Dorn VA medical center faces class action lawsuit

by Elizabeth Snell

William Jennings Bryan Dorn Veterans Affairs (VA) medical center has been hit with yet another lawsuit following a health data breach. On July 14, staff members first noticed that four boxes with patients’ information had gone missing....

Apple bars HealthKit developers from selling health data

by Patrick Ouellette

Apple has answered prominent privacy questions regarding its soon-to-be-released iOS 8 HealthKit application by creating firm data disclosure rules for developers. The tech giant, according to The Guardian, stipulated that developers cannot sell...

Patient data de-identification: Keeping data private and useful

by Patrick Ouellette

Most healthcare IT experts would agree that, at the very least, there is great promise in health data analytics, even if the industry is still finding ways to maximize the value of these data sets. Part of the equation is preserving patient privacy...

Boston judge refuses hospital PHI disclosure waiver request

by Patrick Ouellette

A Boston judge provided a reminder this week that a healthcare organization’s and a patient’s rights to release medical records under HIPAA are very different and a bid for a court order wouldn’t help a provider sidestep record...

U.S. Digital Service team “playbook” includes data security

by Patrick Ouellette

President Barack Obama’s U.S. Digital Service team recently released its “playbook” that collected successful digital systems best practices from the private sector and government. The Digital Service team’s goal is to...

New Blue Cross, Blue Shield HIE prompts privacy questions

by Patrick Ouellette

Blue Shield of California and Anthem Blue Cross joining forces this week was big news in healthcare, as a total of 9 million customers will have their records in the new comprehensive network, Cal INDEX. However, this large health information...

Essentia Health acknowledges patient privacy breach

by Patrick Ouellette

Essentia Health of Fargo, North Dakota, has announced a patient privacy breach after a marketing firm was able to acquire 430 patient names and addresses without their consent. The firm, Get Marketing, was mistakenly given the some sort of portable...

Healthcare warming to Google Glass, privacy questions remain

by Patrick Ouellette

If nothing else, Google Glass remains a polarizing topic in healthcare as hospitals continue to work with the technology and attempt to create efficiency gains by connecting the product to electronic health records. However, there are still...

Sutter lawsuit plaintiffs plan to go to Calif. Supreme Court

by Patrick Ouellette

Despite the Third District Court of Appeal of California’s decision that Sutter Medical Foundation hadn’t violated the Confidentiality of Medical Information Act (CMIA), the patient plaintiffs who filed the suit aren’t ready...

HIPAA Privacy Rule: Notice of Privacy Practices requirements

by Patrick Ouellette

The Department of Health and Human Services (HHS) has proven how important it considers the Notices of Privacy Practices (NPPs) as part of the HIPAA Privacy Rule by both offering sample NPPs last year and recently introducing its NPP challenge...

Appeals court: Sutter record exposure didn’t violate CMIA

by Patrick Ouellette

The Third District Court of Appeal of California again ruled in favor of Sutter Medical Foundation on Monday, as the court maintained that Sutter had not violated the Confidentiality of Medical Information Act (CMIA). This was the second appellate...

VA accused of using HIPAA to block waiting list disclosures

by Patrick Ouellette

Are there instances where federal privacy laws are misused and actually end up being detrimental to the patient? According to a recent Washington Post report, some believe the Department of Veterans Affairs (VA) is using HIPAA as a mechanism...

Reviewing the qualities of a healthcare privacy officer

by Patrick Ouellette

A common mistake in healthcare is to lump privacy and security as one unit, as each require their own areas of expertise. Similar to IT security professionals, there are some basic qualities that a privacy officer should have to best serve...

Do third parties regularly access consumer health data?

by Patrick Ouellette

Consumer-generated healthcare data privacy doesn’t appear to have caused too many ripples in the general public’s consciousness to this point. But a recent California Healthcare Foundation report looks at how personal health information...

State VA clinics dealing with patient privacy issues

by Patrick Ouellette

On top of myriad public image issues it’s dealing with, the U.S. Department of Veteran Affairs (VA) is currently resolving two different patient privacy breaches in Minneapolis and Baltimore, respectively. First, the recently-opened Shakopee...

How private should medical billing collection data be?

by Patrick Ouellette

A recent report by the Argus Leader looked at the effects on patient privacy when medical debt is collected and reports are filed in court. These files may include items such as patient treatments or other private information and the privacy...

Medtronic reveals patient data exposure in SEC filing

by Patrick Ouellette

Though medical device maker Medtronic revealed that hackers had entered network on two separate occasions last year in its Securities and Exchange Commission (SEC) filing and didn’t steal anything, the incident appears to be in a bit of...

HIPAA Privacy Rule: Authorized patient data disclosures

by Patrick Ouellette

Assuming a disclosure is not permitted in the HIPAA Privacy Rule, a healthcare organization must limit patient data uses and disclosures to only those that are authorized. In reviewing the HIPAA Privacy Rule, the Department of Health and Human...

HIPAA Privacy Rule: Permitted PHI uses and disclosures

by Patrick Ouellette

Though sometimes the goals of the HIPAA Privacy Rule can get lost in data breach and monetary penalty news, ensuring that patient data is both properly protected and accessible should be a consistent focus for the healthcare industry. Balancing...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks