Written by Kate Stewart Recent enforcement actions by the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) have highlighted that, not surprisingly, Covered Entities should not leave medical records in a physician’s driveway and should not dispose of protected health information (“PHI”) in a dumpster. From an action against a home… Continue Reading
Tag Archives: PHI
Changes in Breach Notification Risk Assessments Under HIPAA
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy RegulationReposted from Mintz Levin’s Health Law & Policy Matters blog The American Bar Association Health Law Section’s July 2014 eSource publication includes an article by Dianne Bourque, Kimberly Gold, and Stephanie Willis that provides examples of how risk assessments under the Breach Notification Rule have changed since the HIPAA Omnibus Rule went into effect in September 2013. The examples analyzed… Continue Reading
Monday Morning Privacy 101
Posted in Data Breach, Data Breach Notification, HIPAA/HITECH, UncategorizedCan you identify the major problems lurking in this one short paragraph? We’ve given you some help. The UCLA Health System has notified more than 16,000 patients of the theft of their PHI during a home invasion of a former employee. The PHI was contained on an external computer hard drive and although the information… Continue Reading
How Accountable Care Organizations (ACOs) Will Use and Disclose Protected Health Information While Complying with HIPAA
Posted in UncategorizedWritten by Dianne Bourque The Centers for Medicare & Medicaid Services (CMS) has released proposed regulations establishing Accountable Care Organizations (ACOs) and creating the Medicare Shared Savings Program (the Program). The Program will permit health care providers and suppliers to form ACOs and to reward those that lower health care costs for Medicare fee-for-service beneficiaries,… Continue Reading
HHS Withdraws Breach Notification Final Rule (but breach notification still effective)
Posted in Data BreachInteresting press release from the Department of Health and Human Services (HHS) relating to the HITECH Breach Notification Final Rule. The Interim Final Rule is still effective, but one can’t help but wonder what HHS may be reconsidering given the numbers of breaches reported since September 2009.
Improper Disposal Costs Rite Aid $1 Million
Posted in Data BreachWritten by Dianne Bourque Rite Aid has agreed to pay $1 million to settle allegations that it violated HIPAA by disposing of labeled pill bottles in unsecured dumpsters accessible to the public. The $1 million fine settles a joint Office of Civil Rights (OCR)/Federal Trade Commission (FTC) investigation prompted by televised media reports of pharmacies… Continue Reading
Privacy and Security Bits and Bytes
Posted in Data BreachOn this last day of April, there are a couple of breaches and another clarion warning about copy machines — We have blogged on this issue here and here — and again, there is another warning about the treasure trove of information residing on the hard drive of your copy machine. A CBS Evening News… Continue Reading
Security Bits and Bytes
Posted in Data BreachA few items to wrap up/review privacy and security issues in 2009 and open up 2010: Gonzalez Pleads Guilty in December 2009 – but this piece from Retail Research Systems explains why retailers should not be sanguine about data security: Privacy Risks for 2010 RFID in 2010: The New Hampshire House of Representatives voted this… Continue Reading
Privacy and Security Bits and Bytes
Posted in Data BreachAfter a bit of a hiatus, our Friday afternoon feature is back: Do you know what your information is worth on the black market? It may just surprise you. Good piece on a new Symantec tool to let you do the calculations. See Information Security Resources – What Are You Worth On The Black Market?… Continue Reading
