Healthcare Information Security

Patient Privacy News

Healthcare Data Breaches Now Covered by Arizona Law

April 23, 2018 - Arizona is now including healthcare data breaches in its data breach notification law. Under legislation introduced in January and signed into law by Arizona Governor Doug Ducey earlier this month, information about an individual's medical or mental health treatment or diagnosis by a healthcare professional is now considered "personal information". Any breach involving that information...


Articles

Health Data Privacy Rears Its Head at Facebook Hearing

by

During Congressional hearings last week, Rep. Marsha Blackburn (R-Tenn.) called on Facebook Chairman and CEO Mark Zuckerberg to support her bill, Balancing the Rights of Web Surfers Equally and Responsibly (BROWSER) Act, which would require companies...

Patient Privacy Protections Extended to EOB in Massachusetts

by

Patient privacy protections have been extended to cover explanation of benefits (EOB) summaries sent out by health insurers, under a Massachusetts bill signed in to law by Governor Charlie Baker (R) earlier this month. Sensitive health information...

Data Privacy Rights Hinder Effective Treatment, Warns AHA

by

The American Hospital Association (AHA) is pushing for passage of HR 3545, the Overdose Prevention and Patient Safety Act, which would curb data privacy rights under 42 Code of Federal Regulations (CFR) Part 2 that prevent healthcare providers...

HIPAA Covered Entities Get Pass on OR Data Breach Notification Law

by

HIPAA covered entities in Oregon are exempt from a new requirement that organizations in the state report data breaches within 45 days of discovery. Oregon Governor Kate Brown signed into law at the end of March amendments (Senate Bill 1551)...

How EU Data Privacy Rule Could Impact US Healthcare Providers

by

US healthcare organizations that handle personal information of EU individuals will face stricter regulatory requirements and possibly hefty fines under the EU’s new data privacy rule set to take effect May 25, 2018. The General Data Protection...

25% of Patients Did Not Access Data Over Patient Privacy Concerns

by

The HIPAA Privacy Rule guarantees patient data access as well as patient privacy.   While both guarantees are important, they can sometimes be at odds. The goal of HHS under the HIPAA Privacy Rule is to ensure patient privacy is protected,...

Federal Lawsuit Filed Following Alleged CVS Health Data Breach

by

Three plaintiffs filed a federal lawsuit on March 21, 2018, claiming that a CVS Health data breach exposed the PHI of over 6,000 individuals, including revealing the HIV status of the individuals.  CVS Health, Caremark LLC (a subsidiary...

Healthcare Data Breach Leads to Identity Theft Guilty Plea

by

Robert Ashley Bond of Thackerville, Oklahoma recently pled guilty to charges over his alleged involvement in a 2017 healthcare data breach.  The United States Attorney’s Office for the Eastern District of Oklahoma announced that...

Uber Health Prioritizes Patient Data Security, HIPAA Compliance

by

Ridesharing company Uber launched a platform in March 2018 that aimed to provide more transportation options to patients. Individuals can use Uber Health to get a ride to their provider, while being reassured that HIPAA compliance remains a top...

Data Security Key Consideration for Healthcare Blockchain Success

by

Healthcare data security, data storage, data availability, and confidentiality are some of the most important characteristics in the application of healthcare blockchain, according to the latest edition of Blockchain in Healthcare...

AHIMA Continues Push for Balance in Patient Data Access, Security

by

Healthcare professionals should have access to their patients’ entire medical history, but patient data access and data security measures must also be considered, AHIMA members said in meetings with Congress today. Access to substance abuse...

Alabama Data Breach Notification Act Accounts for Medical Data

by

Alabama may soon join 48 other states in having its own state data breach notification legislation, as the Alabama Senate passed a bill earlier this month that would require companies to provide notice should they experience a breach. The Alabama...

What the CareFirst Data Breach Decision Means for Healthcare

by

In February 2018, the US Supreme Court denied certiorari in the CareFirst data breach case. CareFirst had requested the Court review the class action lawsuit against it that came from two separate incidents. The first occurred in June 2014, followed...

EmblemHealth Data Breach Leads to $575K NY State Settlement

by

New York Attorney General Eric Schneiderman announced that a $575,000 settlement had been reached in the EmblemHealth data breach case, following a mailing error incident that exposed 81,122 Social Security numbers. The health plan discovered...

Common Rule Interim Version Released, Exempts HIPAA Research

by

More secondary research of EHR data will be enabled through the recently announced interim version of the Federal Policy for the Protection of Human Subjects, or the Common Rule. Certain low-risk studies, such as observational studies meant to...

Hospital Data Breaches Most Common, Affect the Most Patients

by

Hospital data breaches accounted for approximately 30 percent of large data security incidents reported to OCR from 2009 to 2016, according to a study published in the American Journal of Managed Care (AJMC). The largest number of individuals...

Business Associate Dismissal Denied in HIPAA Data Breach Case

by

A HIPAA data breach case that stemmed from a business associate disclosing PHI will not be dismissed, according to a US District Court decision. CVS Pharmacy, Inc. and Caremark Rx LLC (CVS) sought reimbursement from its business associate, Press...

New York Reaches $1.15M Settlement over Aetna Data Breach

by

New York Attorney General Eric Schneiderman announced that a $1.15 million settlement has been reached following the Aetna data breach that occurred in 2017. Aetna sent letters to patients in the mail back in July 2017. Information about ordering...

KS Healthcare Organization Fined over Unsecured Patient Data

by

Topeka, Kansas-based Pearlie Mae’s Compassion and Care LLC recently agreed to pay an $8,750 civil penalty after allegations that it had unsecured patient data in one of its office locations. Defendants Ann Marie Kaiser and Jenell Jones...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks

Continue to site...