Blog Archives

HHS begins enforcement of breach notification requirements

As of February 22, 2010, HHS is expected to begin enforcing the new breach notification requirements created by the privacy and security provisions within the HITECH Act.  Although such requirements went into effect last fall, HHS gave covered entities and business

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , ,

80 million patient records breached in Anthem hack

Health insurance giant Anthem reports that it has been the target of a cyberattack exposing tens of millions of customer records. Anthem, until very recently known as WellPoint, the largest of the Blue Cross Blue Shield for-profit managed health care

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

Breaking: HHS releases final rule on HITECH Act provisions

HHS has announced a long-awaited omnibus final rule that implements a number of provisions of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, commonly known as the “Stimulus Bill,” to strengthen the privacy

Posted in HIPAA Tagged with: , , , , , , , , , , , , , , ,

Settlement of first small scale HIPAA breach announced by HHS

In a sign that HHS is serious about small data breaches, the Office of Civil Rights (OCR) and The Hospice of North Idaho reached a settlement agreement to resolve allegations of a 2010 breach involving 441 patient records. OCR Director Leon Rodriguez

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

3.8 million record breach in South Carolina: lessons learned

Hackers recently infiltrated South Carolina’s state tax records, absconding with the largest haul to date of Social Security numbers, credit and debit card numbers from a state agency. State officials describe how the theft was worked, and list enhanced security

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

HHS settlement amounts dwarfed by total costs of data breaches

A surge in data privacy breaches and the accompanying string of recent HHS enforcement actions should serve as an important reminder to healthcare providers regarding the importance of data privacy protection and the skyrocketing costs of failures to comply. 2011 saw

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , ,

HHS settles HIPAA violation case for $100,000, Corrective Action Plan

On April 17, 2012, HHS announced that its Office for Civil Rights (OCR) settled a HIPAA violation case against a surgery practice in Arizona, for $100,000 and a Corrective Action Plan (CAP), which requires implementation of policies and procedures to

Posted in HIPAA Tagged with: , , , , , , , , , ,

OCR to release final breach notification rule in March

Via Healthcare Info Security: The Department of Health and Human Services’ Office for Civil Rights has set a March target date for release of the long-delayed final version of Health Insurance Portability and Accountability Act modifications and the HIPAA breach

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , ,

Nemours reports breach affecting 1.6 million individuals

Nemours, a children’s health system with hospitals in Pennsylvania, Delaware, Florida and New Jersey, reported a massive breach affecting 1.6 million people, including patients, employees, and vendors. Via Health Data Management: ‘On September 8, 2011, we learned that a locked

Posted in HIPAA Tagged with: , , , , , , , , ,

Major data breach at Stanford Hospital

A spreadsheet containing personal data of 20,000 emergency room patients of Stanford Hospital appeared on Student of Fortune, a Web site which “crowdsources” homework to other students online. The lost data included names, admission dates, diagnoses and other sensitive information.

Posted in HIPAA Tagged with: , , , , , , , , , ,

Study: Most data breaches are caused by insiders

A survey by Veriphyr, a provider of identity and access intelligence solutions, found that insiders were responsible for over 60% of data breaches of protected health information (PHI). Specifically, 35% of the PHI breaches were due to insiders’ snooping into

Posted in HIPAA Tagged with: , , , , , , , , , , , ,

California agency to investigate HealthNet

As we predicted yesterday, HealthNet’s breach of personal information of almost 2 million people, is already the subject of a state government agency’s investigation. Via Health Leaders Media: After Health Net, Inc. in California announced Monday that several data servers

Posted in HIPAA Tagged with: , , , , , , ,

HealthNet breach affects 1.9 million individuals

HealthNet, a California-based insurer, suffered another major data breach last month. Modern Healthcare reports that HealthNet lost data of almost two million employees, members and healthcare providers, including their medical information, Social Security numbers and other sensitive information. The loss

Posted in HIPAA Tagged with: , , , , , , , , , , , , , , ,

New York City hospitals suffer enormous data breach

New York City’s Health and Hospital Corporation notified its patients last week of a loss of electronic files containing personal data, including PHI of some 1.7 million people. Electronic files were stolen while the information management company’s van was left

Posted in HIPAA Tagged with: , , , , , , , , , , , ,

HHS issues NPRM on HIPAA Privacy, Security and Enforcement Rules

On July 7, 2010, HHS issued a notice of proposed rule making (NPRM) regarding the changes to the HIPAA Privacy, Security and Enforcement Rules, as provided in the HITECH Act, in order “to strengthen the privacy and security protections for health information and to

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

Updated: breaches and fines on the rise

The number of reported health information breaches is growing rapidly: 32 breaches were reported on the OCR web site from September 2009 to February 2010, but the number almost tripled, to 93 breaches, by June 11, 2010.  Such significant increases in reported

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , ,

In the news: patient privacy edition

HHS’s Office of Civil Rights (OCR) filed a notice in theFederal Register lifting a requirement preventing OCR from posting names of sole practitioners who suffer breaches of patient data without first obtaining consent from such practitioners.  Pursuant to the HITECH Act, any covered

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , ,

Rising numbers and costs of data breaches

There is little doubt that the healthcare industry must prepare for a growing number of – and expanding costs associated with – data breaches, particularly for breaches of protected health information.  Here are just a few notable reports on this

Posted in ARRA Tagged with: , , , , , , , , , , , , , , , , ,

In the news: Privacy breaches and de-identification

According to LA Weekly, Huping Zhou, a former employee at the UCLA Healthcare System, pleaded guilty to federal charges of breaches of patient privacy.  Zhou, 48, accessed the UCLA patient records system 323 times during the three-week period, mostly looking for the

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , ,

HHS News: Interim Final Regulations on Breach Notification; Regional Office Privacy Advisors

On August 19, 2009, pursuant to the HITECH Act, the Department of Health and Human Services (HHS) published the interim final regulations regarding breach notification requirements for health care providers and other entities covered by HIPAA. According to the HHS press release:

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News Tagged with: , , , , , , , , , , , , , ,

FTC Issues Final Breach Notification Rule for Electronic Health Information

Pursuant to the American Recovery and Reinvestment Act of 2009 (ARRA), the Federal Trade Commission (FTC) issued the final rule regarding notification requirements for breaches of electronic health information by vendors of personal health records and certain affiliated entities: The rule

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

This just in: New HHS guidance about securing protected information

From HHS: On April 17, 2009, HHS issued guidance specifying the technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , ,

In the news

Kaiser Permanente and IBM inked a $500 million, seven-year IT services deal.  IBM will manage Kaiser’s data center operations, storage and software, but IBM will not have access to patients’ medical records.  AP, San Francisco Chronicle (March 17, 2009). A new study expects that

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , ,