Healthcare Information Security

Patient Privacy News

EmblemHealth Data Breach Leads to $575K NY State Settlement


New York Attorney General Eric Schneiderman announced that a $575,000 settlement had been reached in the EmblemHealth data breach case, following a mailing error incident that exposed 81,122 Social Security numbers. The health plan...

Common Rule Interim Version Released, Exempts HIPAA Research


More secondary research of EHR data will be enabled through the recently announced interim version of the Federal Policy for the Protection of Human Subjects, or the Common Rule. Certain low-risk studies, such as observational studies...

Hospital Data Breaches Most Common, Affect the Most Patients


Hospital data breaches accounted for approximately 30 percent of large data security incidents reported to OCR from 2009 to 2016, according to a study published in the American Journal of Managed Care (AJMC). The largest number of...

Business Associate Dismissal Denied in HIPAA Data Breach Case


A HIPAA data breach case that stemmed from a business associate disclosing PHI will not be dismissed, according to a US District Court decision. CVS Pharmacy, Inc. and Caremark Rx LLC (CVS) sought reimbursement from its business...

New York Reaches $1.15M Settlement over Aetna Data Breach


New York Attorney General Eric Schneiderman announced that a $1.15 million settlement has been reached following the Aetna data breach that occurred in 2017. Aetna sent letters to patients in the mail back in July 2017. Information about...

KS Healthcare Organization Fined over Unsecured Patient Data


Topeka, Kansas-based Pearlie Mae’s Compassion and Care LLC recently agreed to pay an $8,750 civil penalty after allegations that it had unsecured patient data in one of its office locations. Defendants Ann Marie Kaiser and Jenell...

$17M Settlement Agreement Reached in Aetna Data Breach Case


Aetna has reached a $17 million settlement following a reported data breach from 2017 where 12,000 individuals were impacted. The healthcare company Aetna sent letters in the mail where information about ordering prescription HIV drugs...

VA Patient Data Disclosure to HIEs Permitted in Proposed Rule


The Department of Veterans Affairs (VA) published a proposed rule that would amend its current regulations on allowing patient data disclosure to health information exchanges (HIEs). The updated rule would permit VA to release a...

20% of RNs Had Patient Data Breaches, Claim Response Confidence


There is potentially a disconnect between healthcare professionals’ confidence in preventing patient data breaches and actually being able to do so, according to recent research from the University of Phoenix. Twenty percent of...

Data Security Cited in ONC Health Data Exchange Framework Praise


ONC’s Trusted Exchange Framework and Common Agreement (TEFCA) draft has so far been met with industry support, with organizations lauding ONC in working to strengthen trust and support for nationwide interoperability while also...

HHS Final Rule Differs from HIPAA Regulations on Data Sharing


The Department of Health and Human Services’ (HHS) Substance Abuse and Mental Health Services Administration (SAMHSA) published a final rule that simplifies data sharing for patients’ substance abuse records, differing from...

CMS Stresses Security in Healthcare Texting Clarification


The Centers for Medicare and Medicaid Services (CMS) explained in a recent Survey and Certification letter that healthcare texting, specifically texting patient information to members of the care team, is only allowed through a secure...

2017 Updated State Data Breach Laws Account for Medical Information


State data breach laws can be critical for protecting sensitive data, and healthcare organizations must ensure they adhere to them along with federal regulations. The data breach notification process is a crucial aspect to state law, and...

MA Reaches Settlement Following Medicaid Data Breach


New Hampshire-based Multi-State Billing Services (MSB) must pay $100,000 and improve its security practices per a consent judgment from the Massachusetts attorney general’s office. The settlement stems from a Medicaid data breach...

Health Data Privacy Concerns Key Influence in PHI Data Sharing


Patients might be more willing to participate in PHI data sharing when their health data privacy concerns have been properly addressed, according to a recent study published in the Journal of Medical Internet Research. Providers must...

Reducing Insider Data Breach Risk with Strong IAM Policies


Implementing effective identity and access management (IAM) policies and controls is essential for healthcare organizations that are looking to reduce the potential of insider data breach risk, according to the OCR November 2017...

$2M Settlement Reached in Cottage Health Data Breach Case


Cottage Health System recently reached a $2 million settlement with the California Attorney General’s office after two separate health data breach incidents that took place in 2013 and 2015. In total, more than 50,000 patients had...

HIPAA Info Included in Updated MD Data Breach Notification Law


Maryland has updated its data breach notification law, with information protected under HIPAA to be included under the definition of personal information. Should that data be compromised in a data breach, state organizations will need to...

CareFirst Data Breach Case Moves to US Supreme Court


A petition for writ of certiorari was recently filed with the US Supreme Court, pushing the CareFirst data breach case forward. CareFirst wants its case reviewed, which could potentially reignite the debate over how plaintiffs need to...

Increased Patient Data Access Requires Strong Health Data Security


As more healthcare organizations offer increased options for patient data access, it is crucial that health data security measures do not become an afterthought. HIPAA regulations allow for patients to access their own health data, but...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...