Medical Records Data Protection

News & Analysis as of

Employee Health Information: Separate and Secure

There are several reasons an employer might have employee health information, ranging from the results of a pre-employment physical to the contents of a request for FMLA leave to what’s written in a health provider’s note...more

Comment period extended for NIST Cybersecurity Practice Guide

The National Institute of Standards and Technology has announced that due to stakeholder feed-back, the period to submit comments for the draft guide, “Securing Electronic Health Records on Mobile Devices” has been extended...more

Jury Clears UCLA Health in Lawsuit Stemming From Improper Access to PHI by Plaintiff’s Romantic Rival

A UCLA employee and patient now has celebrity-level security on her protected health information (PHI) as maintained by the UCLA Health system, but a jury denied her the $1.25 million in emotional distress damages she sought...more

U.S. Department of Education issues FERPA guidance related to medical information

In conjunction with the new school year, the U.S. Department of Education issued guidance, in the form of a “Dear Colleague” letter, to higher education institutions to remind them of FERPA’s requirements as they relate to...more

Time for a HIPAA Security Check-Up!

The 2015 HIPAA Security conference held by the National Institute of Standards and Technology (“NIST”) and the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) kicked off last week with OCR’s...more

[Webinar] Beam It Up Safely: Navigating Data Privacy and Security in Telemedicine's Uncharted Territory - Sept. 17, 12:00pm EDT

Science fiction programs once imagined a future where a doctor on a spaceship could treat a patient on a distant planet using groundbreaking technology. The health care industry may not yet have made this giant leap, but...more

Second class action suit filed against Medical Informatics

We previously reported that Medical Informatics Engineering, Inc. was sued over a data breach that occurred in May and affected over 4 million individuals. Thereafter, Indiana AG Gregory Zoeller advised all Hoosiers to freeze...more

Proposed class action case filed against Medical Informatics Engineering

Medical Informatics Engineering, Inc., an electronic medical record service provider, recently disclosed a data breach affecting approximately 4 million individuals. Within days of the disclosure, Medical Informatics was hit...more

Oregon Amends Data Breach Law — Companies Can Expect More Enforcement Actions

Oregon Gov. Kate Brown recently signed into law amendments to the state’s data breach law. These amendments recognize the growing definition of data, expand the role of the Attorney General in addressing data breaches,...more

2015 Data Breach Legislation Six Month Review: Many Proposals, Few Changes

The heat of summer may be upon us, but in Congress and in many state legislatures the attitude toward passing major data breach legislation has considerably cooled. We predicted some months ago that 2015 might be the...more

Technology in Healthcare [Video]

From the 2015 PLUS Medical PL Symposium session “Technology in Healthcare: EHRs & PHI,” moderator Patricia Marzella-Graubert (Swiss Re American Holdings Corporation) and panelist Alexander Grijalva (New York Presbyterian...more

Will Your Cyber Insurance Respond When You Need It Most?

On May 7, Columbia Casualty Company, an insurance company, filed one of the first lawsuits by an insurer seeking to deny coverage for a privacy class action under a cyber insurance policy. Why is this significant? As the...more

Health Update - February 2015

Cyber Risk Insurance Policies: What You Need to Know - Editor’s Note: As data breach incidents and related cyber risks continue to increase and gain publicity—and government agencies become more actively involved in...more

Business Associate Compliance With HIPAA: Findings From a Survey of Covered Entities and Business Associates

The delivery of health care – and payment for that care – is a complex endeavor, and health care providers and health plans rely on third parties to help them operate as businesses and fulfill their responsibilities to...more

HIPAA Violation Results in $4.8 Million Settlement: An IT Perspective

In today’s healthcare industry, information technology (“IT”) systems play an ever-expanding role in the success of a medical practice. Medical practitioners consistently juggle e-billing and electronic medical records...more

Top 5 takeaways on telemedicine and eHealth

Here are the main legal topics on telemedicine and eHealth discussed during the ETSI eHealth Workshop on telemedicine where I gave a speech on the legal implications of telemedicine. The Workshop was very interesting...more

Data Breach Wall of Shame: 2013's Highlights and Lessons

Since 2009, the HHS Office for Civil Rights (“OCR”) has posted all large data breaches – those that involve 500 or more individuals – online on its so-called “Wall of Shame.” In 2013, 160 large data breaches were reported to...more

FTC and Accretive Health Settle Unfair Business Practice Complaint Centered on Data Security Measures

Accretive Health recently agreed to settle a Federal Trade Commission (FTC) complaint that stems from a July, 2011 incident in which an Accretive employee’s laptop was stolen from his car. As a medical billing and revenue...more

Privacy Class Action – Theories of Liability – 2013 Year in Review

One hot area of data privacy litigation over the past several years has been data breach class actions brought under the California Confidentiality of Medical Information Act (“CMIA”), which provides that a person may recover...more

Health Law Blog: HIPAA Update: Don't Forget Your Photocopiers

Affinity Health Plan has agreed to pay more than $1.2 million to settle potential violations of the HIPAA Privacy and Security Regulations....more

Seven-Figure HIPAA Settlement Prompted by Photocopier Breach

The Office for Civil Rights’ (OCR) latest seven-figure fine for HIPAA violations resulted from a failure to remove protected health information or “PHI” from the hard drive of a leased photocopier. The $1,215,780 settlement...more

HIPAA and the Omnibus Rule: How to Assess Whether and What your Company Must Do to Comply

A key amendment to the Health Insurance Portability and Accountability Act (“HIPAA”) called the “Omnibus Rule” took effect on March 26, 2013. The Omnibus Rule impacts both companies that directly collect protected health...more

HIPAA’s New Rules: Expanding Scope, Clarifying Uncertainties, & Reinforcing Fundamentals

On January 25, 2013, the Secretary for the United States Department of Health and Human Services, Office for Civil Rights (the “Department”) officially published the long-awaited final regulations (the “Final Rule”)...more

The HITECH Final Rule: The New Privacy/Security Rules of the Road Have Finally Arrived

Since the 2009 enactment of the Health Information Technology for Economic and Clinical Health Act (the “Act” or “HITECH Act”), compliance efforts associated with the Health Insurance Portability and Accountability Act of...more

HIPAA Omnibus Final Rule Imposes New Obligations on Business Associates

On January 25, 2013, the Department of Health and Human Services/Office for Civil Rights (HHS/OCR) published in the Federal Register (78 Fed. Reg. 5566) the long-awaited final rule titled Modifications to the HIPAA Privacy,...more

33 Results
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.