August 19, 2013 Mac McMillan
blog
There seems to still be a fair amount of discussion around what makes a vendor a business associate. This is actually troubling when you consider that we are about 30 days away from enforcement of the new rules.
August 18, 2013 Mark Hagland
article
The stringent requirements embedded in what is being called the HIPAA Final Omnibus Rule, as published by the Office for Civil Rights within the Department of Health and Human Services on Jan. 25, are requiring compliance by next month with a whole new range of patient data privacy protection requirements. Kathryn Coburn of the Cooke, Kobrick & Wu law firm shares her perspectives on what healthcare IT leaders need to know.
August 16, 2013 Rajiv Leventhal
news
Affinity Health Plan, a New York-based managed care plan, will pay more than $1.2 million in HIPAA violations after a photocopier containing confidential medical information was compromised, according to the U.S. Department of Health and Human Services (HHS).
July 30, 2013 Rajiv Leventhal
news
Information for 3,044 patients at the Portland-based Oregon Health & Science University (OHSU) has been compromised after medical residents inappropriately stored the data on a cloud computing system, according to the institution’s announcement.
July 23, 2013 John DeGaspari
blog
How prepared is your provider organization against cyber threats? A recent special report, “Cyber Security and Investigations,” released by Kroll Inc., a New York-based corporate investigation and risk assessment firm, points to often-overlooked areas of data security, and offers practical tips for bolstering security in those areas.
July 19, 2013 Rajiv Leventhal
news
Many of the most popular mobile health and fitness apps (both free and paid) carry considerable privacy risks for users—and the privacy policies for those apps that have policies do not describe those risks, according to a new study from the Privacy Rights Clearinghouse.
July 12, 2013 Rajiv Leventhal
news
Texas Health Harris Methodist Hospital Fort Worth, a 726-bed full-service medical center, has notified patients of a privacy breach in which portions of their protected health information has been compromised and found in a park as well as other public locations.
July 12, 2013 Gabriel Perna
news
WellPoint, a large health payer headquartered in Indianapolis, will pay $1.7 million to the U.S. Department of Health and Human Services (HHS) for a data breach that left the protected health information (PHI) of 612,402 people accessible to unauthorized individuals over the Internet during the course of a five month period.
July 11, 2013 Gabriel Perna
news
Two Texas organizations are participating in an Office of the National Coordinator for Health Information Technology (ONC) sponsored pilot program that will explore how patients can better control the release of their protected health information (PHI).
July 1, 2013 Rajiv Leventhal
news
Former patients at the Mental Health Institute in Independence, Ia., and hundreds of state employees there and at other state facilities are being informed about a possible breach of their confidential information.
June 27, 2013 David Raths
blog
The privacy requirements for business associates are changing. The HIPAA Omnibus Rule that became effective March 26 started the clock running on the transition. Starting in September, business associates and their subcontractors must follow the privacy provisions of a business associate agreement and the HIPAA Security Rule, and they face legal obligations and enforcement risk if they do not.
June 13, 2013 Rajiv Leventhal
news
Lucile Packard Children’s Hospital at Stanford is notifying nearly 13,000 patients by mail that a password-protected, non-functional laptop computer that could potentially contain limited medical information on pediatric patients was stolen from a secured, badge-access controlled area of the hospital sometime between May 2 and May 8.