Healthcare Information Security

Patient Privacy News

Alabama Data Breach Notification Act Accounts for Medical Data

by

Alabama may soon join 48 other states in having its own state data breach notification legislation, as the Alabama Senate passed a bill earlier this month that would require companies to provide notice should they experience a breach. The...

What the CareFirst Data Breach Decision Means for Healthcare

by

In February 2018, the US Supreme Court denied certiorari in the CareFirst data breach case. CareFirst had requested the Court review the class action lawsuit against it that came from two separate incidents. The first occurred in June...

EmblemHealth Data Breach Leads to $575K NY State Settlement

by

New York Attorney General Eric Schneiderman announced that a $575,000 settlement had been reached in the EmblemHealth data breach case, following a mailing error incident that exposed 81,122 Social Security numbers. The health plan...

Common Rule Interim Version Released, Exempts HIPAA Research

by

More secondary research of EHR data will be enabled through the recently announced interim version of the Federal Policy for the Protection of Human Subjects, or the Common Rule. Certain low-risk studies, such as observational studies...

Hospital Data Breaches Most Common, Affect the Most Patients

by

Hospital data breaches accounted for approximately 30 percent of large data security incidents reported to OCR from 2009 to 2016, according to a study published in the American Journal of Managed Care (AJMC). The largest number of...

Business Associate Dismissal Denied in HIPAA Data Breach Case

by

A HIPAA data breach case that stemmed from a business associate disclosing PHI will not be dismissed, according to a US District Court decision. CVS Pharmacy, Inc. and Caremark Rx LLC (CVS) sought reimbursement from its business...

New York Reaches $1.15M Settlement over Aetna Data Breach

by

New York Attorney General Eric Schneiderman announced that a $1.15 million settlement has been reached following the Aetna data breach that occurred in 2017. Aetna sent letters to patients in the mail back in July 2017. Information about...

KS Healthcare Organization Fined over Unsecured Patient Data

by

Topeka, Kansas-based Pearlie Mae’s Compassion and Care LLC recently agreed to pay an $8,750 civil penalty after allegations that it had unsecured patient data in one of its office locations. Defendants Ann Marie Kaiser and Jenell...

$17M Settlement Agreement Reached in Aetna Data Breach Case

by

Aetna has reached a $17 million settlement following a reported data breach from 2017 where 12,000 individuals were impacted. The healthcare company Aetna sent letters in the mail where information about ordering prescription HIV drugs...

VA Patient Data Disclosure to HIEs Permitted in Proposed Rule

by

The Department of Veterans Affairs (VA) published a proposed rule that would amend its current regulations on allowing patient data disclosure to health information exchanges (HIEs). The updated rule would permit VA to release a...

20% of RNs Had Patient Data Breaches, Claim Response Confidence

by

There is potentially a disconnect between healthcare professionals’ confidence in preventing patient data breaches and actually being able to do so, according to recent research from the University of Phoenix. Twenty percent of...

Data Security Cited in ONC Health Data Exchange Framework Praise

by

ONC’s Trusted Exchange Framework and Common Agreement (TEFCA) draft has so far been met with industry support, with organizations lauding ONC in working to strengthen trust and support for nationwide interoperability while also...

HHS Final Rule Differs from HIPAA Regulations on Data Sharing

by

The Department of Health and Human Services’ (HHS) Substance Abuse and Mental Health Services Administration (SAMHSA) published a final rule that simplifies data sharing for patients’ substance abuse records, differing from...

CMS Stresses Security in Healthcare Texting Clarification

by

The Centers for Medicare and Medicaid Services (CMS) explained in a recent Survey and Certification letter that healthcare texting, specifically texting patient information to members of the care team, is only allowed through a secure...

2017 Updated State Data Breach Laws Account for Medical Information

by

State data breach laws can be critical for protecting sensitive data, and healthcare organizations must ensure they adhere to them along with federal regulations. The data breach notification process is a crucial aspect to state law, and...

MA Reaches Settlement Following Medicaid Data Breach

by

New Hampshire-based Multi-State Billing Services (MSB) must pay $100,000 and improve its security practices per a consent judgment from the Massachusetts attorney general’s office. The settlement stems from a Medicaid data breach...

Health Data Privacy Concerns Key Influence in PHI Data Sharing

by

Patients might be more willing to participate in PHI data sharing when their health data privacy concerns have been properly addressed, according to a recent study published in the Journal of Medical Internet Research. Providers must...

Reducing Insider Data Breach Risk with Strong IAM Policies

by

Implementing effective identity and access management (IAM) policies and controls is essential for healthcare organizations that are looking to reduce the potential of insider data breach risk, according to the OCR November 2017...

$2M Settlement Reached in Cottage Health Data Breach Case

by

Cottage Health System recently reached a $2 million settlement with the California Attorney General’s office after two separate health data breach incidents that took place in 2013 and 2015. In total, more than 50,000 patients had...

HIPAA Info Included in Updated MD Data Breach Notification Law

by

Maryland has updated its data breach notification law, with information protected under HIPAA to be included under the definition of personal information. Should that data be compromised in a data breach, state organizations will need to...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks