Healthcare Information Security

State Data Breach Law

Florida Proposes State Biometric Data Privacy Legislation

March 11, 2019 - The Florida state legislature is currently considering two bills that address biometric information privacy, one introduced by State Rep. Bobby DuBose and another from State Sen. Gary Farmer, Jr. SB 1270 and HB 1153 are both designed to establish requirements and restrictions on private businesses for the use, collection, and maintenance of biometric identifiers and biometric data....

More Articles

Ohio Enacts Law with Cybersecurity Requirements for Health Insurers

by Jessica Davis

A new Ohio Senate Bill will go into effect on March 20, which will create new cybersecurity requirements for insurance companies, including health plans. The bill is based on the National Association of Insurance Commissioners’...

California Moves to Close Gaps in Data Breach Notification Law

by Jessica Davis

California Attorney General Xavier Becerra and Assembleymember Marc Levine are seeking to strengthen the state’s data breach notification law, which aims to close a loophole and expand requirements to include compromised biometrics...

Ransomware Attacks Classified as a Felony Under Proposed Maryland Bill

by Jessica Davis

Hackers who launch ransomware attacks would face felony charges and stiffer penalties under recent legislation proposed by Maryland state Senators and cross-filed with House members. The bill directly names hackers who attempt to...

Wyoming Seeks to Repeal Hospital Privacy Regulation for HIPAA Clarity

by Jessica Davis

Wyoming state senators recently proposed a bill that would clarify regulations around patient privacy in the state. Introduced on Tuesday, the legislation would repeal the state’s Hospital Records Act of 1991, which was designed to...

Community Health Systems Reaches Settlement over 2014 Breach of 4.5M

by Jessica Davis

Tennessee-based Community Health Systems reached a settlement with the 4.5 million patients impacted by its 2014 data breach. CHS operates more than 200 hospitals across the country and is one of the largest hospital networks in the U.S....

Aetna Reaches Settlement with California Over 2017 Privacy Breach

by Jessica Davis

Aetna will pay California $935,000 for its 2017 privacy breach, stemming from a mailing error that inadvertently revealed the HIV-related information of 1,991 Californians and 12,000 total patients by the envelope’s clear...

North Carolina Reintroduces Strict Data Breach Notification Law

by Jessica Davis

North Carolina Attorney General Josh Stein and Rep. Jason Saine reintroduced data privacy legislation that would give organizations just 30 days to report a breach. For healthcare providers in the state, the law would effectively cut in...

Judge Approves Flowers Hospital Settlement over 2014 Data Breach

by Jessica Davis

A federal judge has approved a settlement between Flowers Hospital and the 1,200 patients whose data was stolen from the hospital in 2014, according to Alabama news station WTVY. The Alabama-based provider will pay the victims up to...

LifeBridge Health Sued over Data Breach of 530,000 Patients

by Jessica Davis

A class-action lawsuit was filed against Baltimore-based LifeBridge Health on Thursday over its 2016 health data breach, disclosed to the public in May 2018. According to the release, law firm Murphy, Falcon and Murphy filed the statewide...

12 States Sue Business Associate for 2015 Health Data Breach

by Jessica Davis

A dozen states have filed a Federal lawsuit against Indiana-based Medical Informatics Engineering (MIE) and subsidiary NoMoreClipboard, over a 2015 hack that breached the data of more than 3.9 million patients nationwide. The Attorneys...

Pennsylvania Judge Rules UPMC Must Protect Employee Data

by Jessica Davis

The Pennsylvania Supreme Court ruled last week that the University of Pittsburgh Medical Center is responsible for protecting personal employee data from hackers: The latest in a lengthy class-action lawsuit filed by UPMC employees against...

NJ Fines Vendor Behind Virtua Healthcare Data Breach $200K

by Fred Donovan

New Jersey is slapping a $200,000 fine on a defunct Georgia-based medical transcription company that caused the Virtua Medical Group breach impacting more than 1,650 individuals in 2016. The $200,000 fine includes $191,492.00 in civil...

UMass Memorial to Pay $230,000 for Healthcare Data Breaches

by Fred Donovan

UMass Memorial healthcare entities have agreed to pay $230,000 to the state of Massachusetts to resolve claims that two separate healthcare data breaches exposed PHI of more than 15,000 state residents. The lawsuit by the Massachusetts...

Bill Would Exempt HIPAA Covered Entities from California Privacy Law

by Fred Donovan

The California legislature has passed amendments to the sweeping California Consumer Privacy Act that would, among other changes, exempt HIPAA covered entities and business associates from the state law’s requirements. It would also...

Children’s Mercy Faces Lawsuit Over Healthcare Data Breach

by Fred Donovan

A class action lawsuit was filed this week against Kansas City, Missouri-based Children’s Mercy Hospital in response to a healthcare data breach that affected more than 60,000 individuals earlier this year, the Kansas City Star...

Healthcare Data Breaches Now Covered by Arizona Law

by Fred Donovan

Arizona is now including healthcare data breaches in its data breach notification law. Under legislation introduced in January and signed into law by Arizona Governor Doug Ducey earlier this month, information about an individual's...

Alabama Last US State to Enact Data Breach Notification Law

by Fred Donovan

Alabama Governor Kay Ivey has inked a data breach notification law that requires organizations and agencies to notify data breach victims within 45 days, becoming the last US state to enact such a statute. The law, which takes effect...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...