Privacy/Security

Wisconsin Health System Announces Breach

February 15, 2013     Gabriel Perna
news
Froedtert Health, a three-hospital health system based in Milwaukee, announced a data breach, reporting that one of its employee’s computer account was hacked. The breach, according to a report from the Milwaukee-Wisconsin Journal Sentinel, may have affected more than 40,000 patients, although the health system says it found no evidence that any personal information or medical records were accessed.

Large-Scale Data Breaches Have Increased, but Fewer Patients Affected, Report Says

February 14, 2013     Rajiv Leventhal
news
According to a report from Carpinteria, Calif.-based Redspin Inc., a provider of IT security assessments, the number of large-scale health data breaches increased from 2011 to 2012, but the number of patients affected by such breaches decreased last year.

Will HIPAA Rule Help CISOs Make the Case for Investment?

February 5, 2013     David Raths
blog
Analysts, attorneys and regulators weigh in on the impact of changes regarding privacy, breach notification, and business associate agreements

Cord Blood Bank Settles with FTC Over Alleged Breach Involving 300,000

January 30, 2013     Rajiv Leventhal
news
The operator of Cbr Systems, Inc., a cord blood bank based in San Bruno, Calif., agreed to settle Federal Trade Commission (FTC) charges that it failed to protect the security of customers’ personal information, and that its inadequate security practices contributed to a breach that exposed Social Security numbers and credit and debit card numbers of nearly 300,000 consumers.

Another Breach for Utah DOH

January 24, 2013     Gabriel Perna
news
For the second time within a year, the Utah Department of Health (UDOH) is dealing with a data breach of Medicaid patient information. This time, a third-party contract lost a USB device that contained the personal information, including name, Medicaid ID number, age, and prescription drug history, of 6,000 Medicaid patients.

Stanford Hospital Notifies 57,000 Patients of Data Breach

January 23, 2013     Rajiv Leventhal
news
Lucile Packard Children’s Hospital at Stanford and the Stanford University School of Medicine are notifying approximately 57,000 patients by mail that a password-protected laptop computer containing limited medical information on pediatric patients was stolen from a physician’s car away from campus on Jan. 9.

HIPAA Final Rule Drops 'Risk of Harm' Standard

January 18, 2013     David Raths
blog
In its HIPAA final rue, HHS chose to drop the harm standard that a breach does not occur unless the disclosure poses "a significant risk of financial, reputational, or other harm to an individual." Instead, a breach notification is necessary in all situations except those in which the provider demonstrates that there is a low probability that the protected health information has been compromised.

BREAKING: HHS Releases HIPAA Update

January 17, 2013     Gabriel Perna
news
The U.S. Department of Health and Human Services (HHS) has released an update to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), aiming to better protect patient privacy and safeguard patients' health information in the digital age, according to HHS Secretary Kathleen Sebelius.

Alleged PHI Dumping Leads to $140,000 HIPAA Settlement

January 9, 2013     Gabriel Perna
news
Massachusetts Attorney General Martha Coakley has announced the former owners of a Marblehead, Mass.-based medical billing practice and four pathology groups have agreed to pay $140,000 to pay possible HIPAA violations. According to the press release, the confidential billing information for approximately 67,000 Massachusetts-based patients was improperly disposed of at a public dump.

Let’s Make Data Protection an Industry-Wide New Year’s Resolution

January 4, 2013     Gabriel Perna
blog
For those in the healthcare industry, there are countless things that could be filed under, “New Year’s resolution.” Perhaps more than anything else, providers should look at ways of preventing data breaches, which have become a growing issue.

Indiana Hospital Notifies 29,000 Patients of Data Breach

January 2, 2013     Rajiv Leventhal
news
Indiana’s Gibson General Hospital has mailed letters to approximately 29,000 patients informing them of the theft of a hospital laptop containing personal health information.

HITRUST Updates Security Framework, Adds Web-Based Tool

December 19, 2012     Gabriel Perna
news
According to the Frisco,Texas-based Health Information Trust Alliance (HITRUST), its latest updates to the HITRUST Common Security Framework (CSF), will allow healthcare organization to more easily perform and manage CSF assessments, through a newly-created web-based tool and other upgrades. HITRUST, a collaboration of various healthcare, security, and risk management leaders, has created the CSF for healthcare organizations to “manage their information protection programs.”
Page
of 12Next