February 15, 2013 Gabriel Perna
news
Froedtert Health, a three-hospital health system based in Milwaukee, announced a data breach, reporting that one of its employee’s computer account was hacked. The breach, according to a report from the Milwaukee-Wisconsin Journal Sentinel, may have affected more than 40,000 patients, although the health system says it found no evidence that any personal information or medical records were accessed.
February 14, 2013 Rajiv Leventhal
news
According to a report from Carpinteria, Calif.-based Redspin Inc., a provider of IT security assessments, the number of large-scale health data breaches increased from 2011 to 2012, but the number of patients affected by such breaches decreased last year.
February 5, 2013 David Raths
blog
Analysts, attorneys and regulators weigh in on the impact of changes regarding privacy, breach notification, and business associate agreements
January 30, 2013 Rajiv Leventhal
news
The operator of Cbr Systems, Inc., a cord blood bank based in San Bruno, Calif., agreed to settle Federal Trade Commission (FTC) charges that it failed to protect the security of customers’ personal information, and that its inadequate security practices contributed to a breach that exposed Social Security numbers and credit and debit card numbers of nearly 300,000 consumers.
January 24, 2013 Gabriel Perna
news
For the second time within a year, the Utah Department of Health (UDOH) is dealing with a data breach of Medicaid patient information. This time, a third-party contract lost a USB device that contained the personal information, including name, Medicaid ID number, age, and prescription drug history, of 6,000 Medicaid patients.
January 23, 2013 Rajiv Leventhal
news
Lucile Packard Children’s Hospital at Stanford and the Stanford University School of Medicine are notifying approximately 57,000 patients by mail that a password-protected laptop computer containing limited medical information on pediatric patients was stolen from a physician’s car away from campus on Jan. 9.
January 18, 2013 David Raths
blog
In its HIPAA final rue, HHS chose to drop the harm standard that a breach does not occur unless the disclosure poses "a significant risk of financial, reputational, or other harm to an individual." Instead, a breach notification is necessary in all situations except those in which the provider demonstrates that there is a low probability that the protected health information has been compromised.
January 17, 2013 Gabriel Perna
news
The U.S. Department of Health and Human Services (HHS) has released an update to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), aiming to better protect patient privacy and safeguard patients' health information in the digital age, according to HHS Secretary Kathleen Sebelius.
January 9, 2013 Gabriel Perna
news
Massachusetts Attorney General Martha Coakley has announced the former owners of a Marblehead, Mass.-based medical billing practice and four pathology groups have agreed to pay $140,000 to pay possible HIPAA violations. According to the press release, the confidential billing information for approximately 67,000 Massachusetts-based patients was improperly disposed of at a public dump.
January 4, 2013 Gabriel Perna
blog
For those in the healthcare industry, there are countless things that could be filed under, “New Year’s resolution.” Perhaps more than anything else, providers should look at ways of preventing data breaches, which have become a growing issue.
January 2, 2013 Rajiv Leventhal
news
Indiana’s Gibson General Hospital has mailed letters to approximately 29,000 patients informing them of the theft of a hospital laptop containing personal health information.
December 19, 2012 Gabriel Perna
news
According to the Frisco,Texas-based Health Information Trust Alliance (HITRUST), its latest updates to the HITRUST Common Security Framework (CSF), will allow healthcare organization to more easily perform and manage CSF assessments, through a newly-created web-based tool and other upgrades. HITRUST, a collaboration of various healthcare, security, and risk management leaders, has created the CSF for healthcare organizations to “manage their information protection programs.”
