HHS has finally announced a long-awaited final rule that implements a number of provisions of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, commonly known as the "Stimulus Bill," to strengthen the privacy and security protections for health information...
Posted to
News
by
Health IT Law Blog
on
Thu, Jan 17 2013
Filed under:
Filed under: news, hipaa, HITECH, ARRA, Articles, HHS, Security, HITECH Act, Privacy & Security, privacy, Rule, breach, access, notification, final, Higher Ed
In a sign that HHS is serious about small data breaches, the Office of Civil Rights (OCR) and The Hospice of North Idaho reached a settlement agreement to resolve allegations of a 2010 breach involving 441 patient records. OCR Director Leon Rodriguez reminded the industry that every covered entity, regardless...
Posted to
News
by
Health IT Law Blog
on
Thu, Jan 3 2013
Filed under:
Filed under: news, hipaa, HITECH, ARRA, data security, Articles, ED, OCR, HHS, Security, Patient records, Health Insurance Portability and Accountability Act, HITECH Act, Act, Privacy & Security, breach, data breach, American recovery and reinvestment act, Hospice, encryption, mobile device, mobile device security, HIPAA Security Rule, Idaho, U.S. Department of Health and Human Services, settlement, Higher, Higher Ed, records, ePHI, encrypt, computer security, Health Information Technology for Economic and Clinical Health Breach Notification Rule, impermissible use, HHS Office for Civil Rights, small scale, resolution agreement, electronic protected health information, settlement agreement, risk analysis, Health Information Technology for Economic and Clinical Health, Health Breach Notification Rule, civil penalty, HONI, Hospice of North Idaho, Covered Entities
Hackers recently infiltrated South Carolina's state tax records, absconding with the largest haul to date of Social Security numbers, credit and debit card numbers from a state agency. State officials describe how the theft was worked, and list enhanced security measures that could have prevented...
Posted to
News
by
Health IT Law Blog
on
Wed, Nov 21 2012
Filed under:
Filed under: news, hipaa, HITECH, ARRA, data security, Articles, ED, Security, HITECH Act, Act, Privacy & Security, breach, American recovery and reinvestment act, spam, South Carolina, Higher, Higher Ed, records, identity theft, encrypt, hacker, cyberattack, computer security, password
Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates (MEEI) will be paying HHS $1.5 million in installments over three years for a 2010 incident. While the most recent settlement of a similar size was for a data breach involving over a million EHRs, the MEEI data breach involved...
Posted to
News
by
Health IT Law Blog
on
Mon, Oct 1 2012
Filed under:
Filed under: news, Medical Records, hipaa, EHR, HITECH, ARRA, electronic health records, electronic medical records, data security, Articles, ED, OCR, Massachusetts, HHS, Security, HITECH Act, Legal, Act, Privacy & Security, privacy, data breach, American recovery and reinvestment act, encryption, risk, settlement, Higher, Higher Ed, EHR breach, Office for Civil Rights, medical practice, electronic files, patient confidentiality, patient privacy, U.S. Dept. of Health and Human Services, portable device
State and federal privacy laws rigorously restrict sharing of mental health and other highly sensitive patient records. A technique called “data tagging” may be key in facilitating health care providers’ compliance with these requirements. Via Modern Healthcare : Using off-the-shelf...
Posted to
News
by
Health IT Law Blog
on
Mon, Sep 24 2012
Filed under:
Filed under: news, hipaa, EHR, ARRA, ONC, HIT, electronic health records, electronic medical records, health information exchange, Articles, HHS, Security, Health Insurance Portability and Accountability Act, HITECH Act, Legal, Privacy & Security, privacy, Veterans Affairs Department, Veterans Health Administration, VA, Veterans Administration, Higher education, Higher Ed, electronic files, patient confidentiality, selective sharing, data segmentation, SAMHSA, Substance Abuse and Mental Health Services Administration, data tagging, Data Segmentation for Privacy Initiative
Hackers recently struck a small medical practice in suburban Chicago, encrypted the facility’s digital medical records, and then demanded a ransom payment in exchange for allowing the facility to regain access to its records. Medical industry observers note that this is not the first instance of...
Posted to
News
by
Health IT Law Blog
on
Thu, Aug 23 2012
Filed under:
Filed under: news, hipaa, EHR, ARRA, electronic health records, electronic medical records, health information exchange, Articles, Security, HITECH Act, Privacy & Security, privacy, data breach, encryption, risk, Higher education, Higher Ed, criminal, extortion, medical-data blackmail, ransom, medical practice, blackmail, electronic files, patient confidentiality, hackers
South Shore Hospital in Weymouth, Massachusetts agreed this week to pay $475,000 to settle allegations connected with a 2010 data breach affecting the confidential health records of more than 800,000 patients. The hospital has already spent $275,000 on new security measures, since the breach, bringing...
Posted to
News
by
Health IT Law Blog
on
Fri, May 25 2012
Filed under:
Filed under: news, Articles, Security, HITECH Act, Privacy & Security, privacy, breach, data, penalty, and, settlement, civil
The ONC’s Office of the Chief Privacy Officer (OCPO) has published a "Guide to Privacy and Security of Health Information” intended to help healthcare practitioners and their staffs better understand the roles of privacy and security in the meaningful use of electronic health records...
Posted to
News
by
Health IT Law Blog
on
Wed, May 23 2012
Filed under:
Filed under: news, hipaa, Meaningful Use, HITECH, Articles, OCR, HHS, Security, HITECH Act, Act, Privacy & Security, privacy, MU, guide, and, OCPO
Capital's transport authority tests the water for replacement of Oyster card and supporting systems Transport for London has begun to sound out suppliers over the replacement of its Oyster card and supporting systems. The authority has issued a prior information notice (PIN) to test the market for...
One in eight breaches reported by health service organisations resulted in staff dismissal Figures released to the privacy campaign group Big Brother Watch show that 806 separate incidents involving patient medical records being compromised took place at 152 NHS trusts between July 2008 and July 2011...
Posted to
News
by
Healthcare Network | guardian.co.uk
on
Thu, Oct 27 2011
Filed under:
Filed under: news, health, informatics, Scotland, England, Security, Healthcare Network, Guardian Professional, Guardian Government Computing, Information security, Wales, Northern Ireland
Staff at University Hospitals Coventry and Warwickshire trust accidentally dropped medical records in public bin University Hospitals Coventry and Warwickshire trust breached the Data Protection Act by twice losing patients' medical records, the Information Commissioner's Office (ICO) has said...
New contract will replace current deal which is set to expire July 2012 The National Institute of Health and Clinical Excellence (NICE) has tendered for an access and identity management system and services for the whole of the NHS. A spokesman for NICE, which provides guidance and sets quality standards...
Posted to
News
by
Healthcare Network | guardian.co.uk
on
Mon, Oct 17 2011
Filed under:
Filed under: news, informatics, England, Security, Healthcare Network, Guardian Professional, GPs and primary care, Guardian Government Computing, Hospitals and acute care, Mental health, Identification
It is a 'conundrum' that data security breaches continue to occur in the health service, according to a senior colleague of the information commissioner NHS staff should be more aware of data security risks as patient confidentiality "is at the heart of what they do", Jonathan Bamford...
Posted to
News
by
Healthcare Network | guardian.co.uk
on
Wed, Oct 5 2011
Filed under:
Filed under: news, health, informatics, England, Security, Healthcare Network, Guardian Professional, South, Guardian Government Computing, Information security