Healthcare Information Security

State Patient Privacy Laws

Oklahoma Government in Row Over Alleged HIPAA Violation

August 13, 2018 - Two branches of Oklahoma’s government are embroiled in a controversy over whether the Oklahoma Department of Veterans Affairs committed a HIPAA violation when it allowed VA medical aides to access patient medical records using their smartphones during an internet outage. On July 25, a scheduled internet outage prevented aides at VA centers in Norman and Lawton from accessing...


More Articles

Judge Dismisses Lawsuit Charging LabCorp with HIPAA Violation

by Fred Donovan

US District Court Judge Rudolph Contreras dismissed a lawsuit by Hope Lee-Thomas accusing LabCorp of a HIPAA violation for not providing adequate privacy protections at its Providence Hospital computer intake station. Lee-Thomas argued in...

Washington Bolsters Patient Privacy Rights with New Law

by Fred Donovan

A Washington state law (SB 6027) set to take effect June 7 limits the use of medical and mental health records in discrimination lawsuits, strengthening patient privacy rights, the Seattle Times reported.  The state House passed SB...

Patient Privacy Protections Extended to EOB in Massachusetts

by Fred Donovan

Patient privacy protections have been extended to cover explanation of benefits (EOB) summaries sent out by health insurers, under a Massachusetts bill signed in to law by Governor Charlie Baker (R) earlier this month. Sensitive health...

Alabama Last US State to Enact Data Breach Notification Law

by Fred Donovan

Alabama Governor Kay Ivey has inked a data breach notification law that requires organizations and agencies to notify data breach victims within 45 days, becoming the last US state to enact such a statute. The law, which takes effect...

Preparing for a Potential Healthcare Data Breach Investigation

by Elizabeth Snell

A current and comprehensive risk management plan, including a good auditing process, will be critical for organizations that must deal with a healthcare data breach investigation. Covered entities and business associates will be better...

South Dakota is 49th State to Pass Data Breach Notification Law

by Elizabeth Snell

South Dakota became the 49th state to have a data breach notification law when Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The bill includes health information in its definition of personal information as well, which...

Attorneys General Stress Need for State Data Breach Laws

by Elizabeth Snell

It would be greatly detrimental to have federal regulations that preempt state data security and state data breach laws, according to a group of 32 attorneys general, led by Illinois Attorney General Lisa Madigan. The letter explains...

Alabama Data Breach Notification Act Accounts for Medical Data

by Elizabeth Snell

Alabama may soon join 48 other states in having its own state data breach notification legislation, as the Alabama Senate passed a bill earlier this month that would require companies to provide notice should they experience a breach. The...

EmblemHealth Data Breach Leads to $575K NY State Settlement

by Elizabeth Snell

New York Attorney General Eric Schneiderman announced that a $575,000 settlement had been reached in the EmblemHealth data breach case, following a mailing error incident that exposed 81,122 Social Security numbers. The health plan...

Nebraska Data Breach Notification Bill Passes Unanimously

by Elizabeth Snell

Individuals or commercial entities that hold Nebraska residents’ personal information must implement and maintain reasonable security procedures, according to a recently passed data breach notification bill. The Nebraska legislature...

Amended Data Privacy Law Proposed in Colorado Legislature

by Elizabeth Snell

The Colorado House Committee on State, Veterans, and Military Affairs unanimously approved an amended data privacy law that would require entities to implement “reasonable security procedures” to protect consumers’...

MA Data Breach Reporting Tool Aids in Notification Process

by Elizabeth Snell

Massachusetts businesses and organizations that need to complete the data breach notification process will now be able to do so through an online data breach reporting tool. Massachusetts Attorney General Maura Healey explained in a...

Proposed Iowa Data Breach Bill Accounts for Health Data

by Elizabeth Snell

Recently proposed updates to Iowa’s data breach bill would include medical information and health insurance information under the definition of “personal information.” Organizations would also need to provide notification...

New York Reaches $1.15M Settlement over Aetna Data Breach

by Elizabeth Snell

New York Attorney General Eric Schneiderman announced that a $1.15 million settlement has been reached following the Aetna data breach that occurred in 2017. Aetna sent letters to patients in the mail back in July 2017. Information about...

KS Healthcare Organization Fined over Unsecured Patient Data

by Elizabeth Snell

Topeka, Kansas-based Pearlie Mae’s Compassion and Care LLC recently agreed to pay an $8,750 civil penalty after allegations that it had unsecured patient data in one of its office locations. Defendants Ann Marie Kaiser and Jenell...

Colorado Data Privacy Law Updated, Includes Medical Information

by Elizabeth Snell

Bipartisan legislation aiming to improve current data privacy laws was recently introduced in Colorado. The bill would require entities implement “reasonable security procedures” to protect consumers’ personal information...

NC Data Breach Legislation Accounts for Ransomware Attacks

by Elizabeth Snell

Following an increase in reported state data breaches in 2017, North Carolina’s attorney general and a state representative introduced data breach legislation to better protect individuals. The updated Act to Strengthen Identity...

2017 Updated State Data Breach Laws Account for Medical Information

by Elizabeth Snell

State data breach laws can be critical for protecting sensitive data, and healthcare organizations must ensure they adhere to them along with federal regulations. The data breach notification process is a crucial aspect to state law, and...

Senator Urges Prompt Data Breach Disclosure in Recent Bill

by Elizabeth Snell

Florida Senator Bill Nelson introduced legislation toward the end of November 2017 that would require organizations to adhere to a more prompt data breach disclosure process. Companies that do not follow the requirements and attempt to...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks