Medical Records Personally Identifiable Information

News & Analysis as of

Purchasing Cyber Insurance? Important Considerations from the Recent Nossaman/ UCI Cyber Symposium

On October 12, 2015, Nossaman and UC Irvine hosted a Cyber Symposium at the City Club in Los Angeles. The event included four panels of Nossaman lawyers, UCI professors, and private professionals who are experts in the areas...more

Employee Health Information: Separate and Secure

There are several reasons an employer might have employee health information, ranging from the results of a pre-employment physical to the contents of a request for FMLA leave to what’s written in a health provider’s note...more

Comment period extended for NIST Cybersecurity Practice Guide

The National Institute of Standards and Technology has announced that due to stakeholder feed-back, the period to submit comments for the draft guide, “Securing Electronic Health Records on Mobile Devices” has been extended...more

Jury Clears UCLA Health in Lawsuit Stemming From Improper Access to PHI by Plaintiff’s Romantic Rival

A UCLA employee and patient now has celebrity-level security on her protected health information (PHI) as maintained by the UCLA Health system, but a jury denied her the $1.25 million in emotional distress damages she sought...more

UCLA cleared in lawsuit alleging breach as to sexually transmitted disease information

UCLA was absolved by a California judge last week in a suit filed by a patient of a UCLA affiliated doctor’s group, who alleged that a temporary worker in the doctor’s office used the doctor’s username and password to get...more

UCLA suffers another data breach

Last week, UCLA notified 1242 patients that their health information may have been compromised in July when a faculty member’s laptop was stolen. UCLA has notified the patients, the Office for Civil Rights and the California...more

Time for a HIPAA Security Check-Up!

The 2015 HIPAA Security conference held by the National Institute of Standards and Technology (“NIST”) and the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) kicked off last week with OCR’s...more

Using Student Medical Records: Department of Education Issues New Guidance

When is it legal and proper for higher education institutions to use student medical records other than for a student's healthcare? In answering that question, institutions have to balance students' privacy interests,...more

Proposed class action case filed against Medical Informatics Engineering

Medical Informatics Engineering, Inc., an electronic medical record service provider, recently disclosed a data breach affecting approximately 4 million individuals. Within days of the disclosure, Medical Informatics was hit...more

Getting More Personal: California Amends Data Security Law

California’s data security statute will get a little more “personal” as of January 1, thanks to a recently-passed amendment revising the definition of covered personal information. On July 14 California expanded the...more

Federal Data Breach Bill Stalled in Congress

A key distinguishing feature of U.S. data privacy laws is their patchwork nature. There are industry-specific data privacy laws at the federal level (think HIPAA or the GLBA), yet there are no comprehensive federal standards...more

Oregon Amends Data Breach Law — Companies Can Expect More Enforcement Actions

Oregon Gov. Kate Brown recently signed into law amendments to the state’s data breach law. These amendments recognize the growing definition of data, expand the role of the Attorney General in addressing data breaches,...more

2015 Data Breach Legislation Six Month Review: Many Proposals, Few Changes

The heat of summer may be upon us, but in Congress and in many state legislatures the attitude toward passing major data breach legislation has considerably cooled. We predicted some months ago that 2015 might be the...more

Advocate Health data breach class action suit dismissal upheld by Appellate Court

In August of 2013, four computers of Advocate Health and Hospitals Corporation (Advocate Health) were stolen from one of its offices. The computers contained the names, dates of birth, Social Security numbers, health...more

FTC and Accretive Health Settle Unfair Business Practice Complaint Centered on Data Security Measures

Accretive Health recently agreed to settle a Federal Trade Commission (FTC) complaint that stems from a July, 2011 incident in which an Accretive employee’s laptop was stolen from his car. As a medical billing and revenue...more

Privacy Monday – July 22, 2013

Privacy gaffes and tidbits to start your week. Keeping up with Kardashians is NOT a defense under HIPAA - The LA Times recently reported the firing of six workers at Cedars-Sinai Medical Center in connection...more

HIPAA and the Omnibus Rule: How to Assess Whether and What your Company Must Do to Comply

A key amendment to the Health Insurance Portability and Accountability Act (“HIPAA”) called the “Omnibus Rule” took effect on March 26, 2013. The Omnibus Rule impacts both companies that directly collect protected health...more

Business Associates Beware

If you haven’t yet caught up with the new HIPAA Omnibus Rule and its consequences for those businesses who are not themselves healthcare providers, but are service providers to healthcare entities (and even further downstream...more

Cord Blood Bank Settles FTC Charges that it Failed to Protect Consumers’ Sensitive Personal Information

On January 28, 2013, CBR Systems, Inc. (CBR) agreed to settle FTC charges that it failed to protect its customers’ personal information, including nearly 300,000 customers’ Social Security numbers and credit and debit card...more

Be Prepared: Redline Version of the HIPAA/HITECH Final Rule

The final rule is significant for any organization that is considered to be a HIPAA covered entity (“CE”) (health systems, health care providers, health plans, etc.) or the more broadly defined business associate (“BA”)....more

Massachusetts AGO Enters Into Another Settlement For Data Security Violations

For the fourth time since the Massachusetts data security regulations took effect in March 2010, the Massachusetts Attorney General’s Office (“AGO”) has settled allegations that Massachusetts-based entities violated the...more

21 Results
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.