Healthcare Information Security

State Patient Privacy Laws

California Moves to Close Gaps in Data Breach Notification Law

February 22, 2019 - California Attorney General Xavier Becerra and Assembleymember Marc Levine are seeking to strengthen the state’s data breach notification law, which aims to close a loophole and expand requirements to include compromised biometrics or passport numbers. Introduced in 2003, California currently has one of the toughest data breach notification laws in the country. It was one of the...


More Articles

Ransomware Attacks Classified as a Felony Under Proposed Maryland Bill

by Jessica Davis

Hackers who launch ransomware attacks would face felony charges and stiffer penalties under recent legislation proposed by Maryland state Senators and cross-filed with House members. The bill directly names hackers who attempt to...

Wyoming Seeks to Repeal Hospital Privacy Regulation for HIPAA Clarity

by Jessica Davis

Wyoming state senators recently proposed a bill that would clarify regulations around patient privacy in the state. Introduced on Tuesday, the legislation would repeal the state’s Hospital Records Act of 1991, which was designed to...

Aetna Reaches Settlement with California Over 2017 Privacy Breach

by Jessica Davis

Aetna will pay California $935,000 for its 2017 privacy breach, stemming from a mailing error that inadvertently revealed the HIV-related information of 1,991 Californians and 12,000 total patients by the envelope’s clear...

Illinois Rules Actual Harm Not Required in Biometric Privacy Law

by Jessica Davis

The Illinois Supreme Court ruled on Friday that an individual can bring a lawsuit against an organization that violates the state’s Biometric Information Privacy Act, without alleging actual injury or adverse event. The court ruled...

North Carolina Reintroduces Strict Data Breach Notification Law

by Jessica Davis

North Carolina Attorney General Josh Stein and Rep. Jason Saine reintroduced data privacy legislation that would give organizations just 30 days to report a breach. For healthcare providers in the state, the law would effectively cut in...

Could HIPAA be Repealed, Replaced with a Unified Federal Privacy Law?

by Jessica Davis

The Information Technology and Innovation Fund is recommending a repeal of privacy regulations across the U.S., including HIPAA, to replace the patchwork of federal laws with a unified approach. Among its recommendations, ITIF is calling...

Avery Center to Pay Patient $853K for Impermissible Data Disclosure

by Jessica Davis

The Bridgeport Superior Court ruled the Avery Center of Obstetrics and Gynecology must pay a former Connecticut resident $853,000, for releasing the woman’s medical records to her past boyfriend without her consent. The lawsuit,...

LifeBridge Health Sued over Data Breach of 530,000 Patients

by Jessica Davis

A class-action lawsuit was filed against Baltimore-based LifeBridge Health on Thursday over its 2016 health data breach, disclosed to the public in May 2018. According to the release, law firm Murphy, Falcon and Murphy filed the statewide...

EmblemHealth Fined $100K for 2016 Healthcare Data Breach

by Jessica Davis

New Jersey Attorney General Gurbir Grewal fined health insurance vendor EmblemHealth $100,000, for its 2016 health data breach of more than 6,000 New Jersey residents. The New York-based insurer’s subsidiary Group Health is also...

12 States Sue Business Associate for 2015 Health Data Breach

by Jessica Davis

A dozen states have filed a Federal lawsuit against Indiana-based Medical Informatics Engineering (MIE) and subsidiary NoMoreClipboard, over a 2015 hack that breached the data of more than 3.9 million patients nationwide. The Attorneys...

Woman Charges WV Firm With Violating Her Patient Privacy Rights

by Fred Donovan

Elizabeth Fry, a resident of Logan County, West Virginia, has filed a state lawsuit in Kanasha Circuit Court charging that Charleston-based Molina Information Systems violated her patient privacy rights by providing third party access to...

NTIA Privacy Principles Plan Parallels NIST Privacy Framework Bid

by Fred Donovan

In parallel with the NIST Privacy Framework effort, the Commerce Department’s NTIA is working on a set of consumer data privacy principles. On Tuesday, it published a request for comment to get consumer and industry feedback on the...

Oklahoma Government in Row Over Alleged HIPAA Violation

by Fred Donovan

Two branches of Oklahoma’s government are embroiled in a controversy over whether the Oklahoma Department of Veterans Affairs committed a HIPAA violation when it allowed VA medical aides to access patient medical records using their...

Judge Dismisses Lawsuit Charging LabCorp with HIPAA Violation

by Fred Donovan

US District Court Judge Rudolph Contreras dismissed a lawsuit by Hope Lee-Thomas accusing LabCorp of a HIPAA violation for not providing adequate privacy protections at its Providence Hospital computer intake station. Lee-Thomas argued in...

Washington Bolsters Patient Privacy Rights with New Law

by Fred Donovan

A Washington state law (SB 6027) set to take effect June 7 limits the use of medical and mental health records in discrimination lawsuits, strengthening patient privacy rights, the Seattle Times reported.  The state House passed SB...

Patient Privacy Protections Extended to EOB in Massachusetts

by Fred Donovan

Patient privacy protections have been extended to cover explanation of benefits (EOB) summaries sent out by health insurers, under a Massachusetts bill signed in to law by Governor Charlie Baker (R) earlier this month. Sensitive health...

Alabama Last US State to Enact Data Breach Notification Law

by Fred Donovan

Alabama Governor Kay Ivey has inked a data breach notification law that requires organizations and agencies to notify data breach victims within 45 days, becoming the last US state to enact such a statute. The law, which takes effect...

Preparing for a Potential Healthcare Data Breach Investigation

by Elizabeth Snell

A current and comprehensive risk management plan, including a good auditing process, will be critical for organizations that must deal with a healthcare data breach investigation. Covered entities and business associates will be better...

South Dakota is 49th State to Pass Data Breach Notification Law

by Elizabeth Snell

South Dakota became the 49th state to have a data breach notification law when Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The bill includes health information in its definition of personal information as well, which...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...