News & Analysis as of

Personally Identifiable Information Healthcare Electronic Medical Records

Ballard Spahr LLP

2024 HIPAA Developments

Ballard Spahr LLP on

Over the course of the past few months, the Office of Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC), both of which are divisions of the U.S. Department of Health and...more

Wyrick Robbins Yates & Ponton LLP

Don’t Call It a Breach Rule: FTC Health Breach Notification Rule Has Been Here for Years, Now Updated to Serve as a Backdoor...

As our loyal Practical Privacy readers may remember, back in December of 2021, the Federal Trade Commission (the “FTC” or “Commission”) began a rulemaking process to update the Commission’s Health Breach Notification Rule...more

Troutman Pepper

Final Rule Aligns 42 CFR Part 2 with HIPAA and HITECH

Troutman Pepper on

On February 8, 2024, the Department of Health and Human Services (HHS) posted a final rule that aims to align 42 CFR Part 2 (Part 2) — which protects certain substance abuse disorder (SUD) records — with the Health Insurance...more

Troutman Pepper

New California Law Imposes Significant Data Management Requirements for Sensitive Health Data

Troutman Pepper on

On January 1, California's Assembly Bill No. 352 (AB 352) went into effect, introducing significant changes to the handling and sharing of sensitive health information — particularly information related to reproductive health...more

Ballard Spahr LLP

HIPAA Breach Notifications – A Question of Timing

Ballard Spahr LLP on

You are the HIPAA privacy official of a hospital or health plan (a covered entity under HIPAA). You receive an email from a vendor that handles protected health information (a business associate), informing you that one month...more

Foley & Lardner LLP

Changing Landscape: Federal and State Regulators Focus on Protecting Consumer Health Data

Foley & Lardner LLP on

Recent developments at the federal and state level demonstrate that regulators are focused on protecting consumer health data. Specifically, state and federal regulators want to close the gap between HIPAA-protected data and...more

Wyrick Robbins Yates & Ponton LLP

My Health, My Data, My Class Action Lawsuit: Why the Washington My Health My Data Act Deserves EVERY Company’s Attention

To say there’s been a lot of new privacy law in the last decade is an understatement. For those of us who think we’ve “seen it all,” many of these new laws arrive and elicit a sense of challenge (for the optimists) or mild...more

Robinson+Cole Data Privacy + Security Insider

Reporting of Breaches Under 500 Due by March 1

HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than...more

Foley & Lardner LLP

COVID-19: HHS Permits Business Associates to Use and Disclose PHI for Public Health and Health Oversight Purposes Without Amending...

Foley & Lardner LLP on

The Department of Health and Human Services (HHS) announced on April 2 that HHS is exercising its enforcement discretion to permit business associates to use and disclose protected health information (PHI) for public health...more

Robinson+Cole Data Privacy + Security Insider

Jackson Health System Fined by OCR for $2.15 Million

The Office for Civil Rights (OCR) announced on October 23, 2019, that Jackson Health System (“Jackson”), a not for profit hospital system comprised of six hospitals, urgent care centers, nursing facilities and primary care...more

Robinson+Cole Data Privacy + Security Insider

Ransomware Attacks Double in 2019: Medical Providers Can’t Recover and Shut Down

Consistent with our experience, security firm McAfee has confirmed in a report that ransomware attacks have doubled in 2019. Medical providers have been hit hard this year, and one provider, Wood Ranch Medical, located in...more

Robinson+Cole Data Privacy + Security Insider

Healthcare Organizations Have Highest Costs for Data Breaches

As readers of this blog know, data breaches in the health care industry are all too common. Healthcare organizations are an attractive target for hackers because of the nature and amount of personal information that they...more

Robinson+Cole Data Privacy + Security Insider

2.6 Million Atrium Health Patient Records Compromised by Vendor AccuDoc

Atrium Health and its vendor AccuDoc Solutions have released a joint announcement this week that AccuDoc’s database of 2.6 million billing records of Atrium Health’s patients has been compromised by a hacking incident....more

Robinson+Cole Data Privacy + Security Insider

Healthcare Industry Continues to Fight Cyber-Attacks at Alarming Rate—Healthcare Data Breaches Cost Average of $408 Per Record

It is clear that the healthcare industry continues to be targeted with cyber-attacks. In 2018, the 10 largest health care breaches, outlined here, include unauthorized access to protected health information (PHI) through a...more

Ballard Spahr LLP

HIPAA: Privacy Required, Even When Information Goes Public

Ballard Spahr LLP on

A celebrity collapses on stage and is rushed to the hospital. Rumors race through social media faster than the ambulance can navigate city streets. Was it exhaustion? Was it her heart? Was there a gunshot? ...more

Robinson+Cole Data Privacy + Security Insider

Thousands Of Patients’ PHI Exposed By Transcription Provider MEDantex

Medical transcription provider MEDantex has reportedly exposed the protected health information of thousands of patients through its unsecured provider portal, which did not require a password for access....more

Robinson+Cole Data Privacy + Security Insider

Fresenius Pays OCR $3.5M for Five Separate Data Breaches Affecting a Total of 521 Individuals

In the first settlement for HIPAA violations in 2018, Fresenius Medical Care North America (Fresenius) has agreed to pay $3.5 million to the Office for Civil Rights (OCR) to settle allegations against it relating to five data...more

Akerman LLP - Health Law Rx

Lack of Timely Action and Knowledge of Risk Results in $3.2 Million Civil Monetary Penalty for HIPAA Violations

Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect...more

Robinson+Cole Data Privacy + Security Insider

Children’s Medical Center of Dallas Clobbered by OCR

In a rare move by the OCR, it assessed a $3.2 million fine against Children’s Medical Center of Dallas (Children’s) after it issued a Notice of Proposed Determination against Children’s and Children’s failed to request a...more

Ballard Spahr LLP

Data Breach Class Action Reinstated Against Horizon Healthcare Services Inc.

Ballard Spahr LLP on

The U.S. Court of Appeals for the Third Circuit has vacated a district court's dismissal of a data breach class action filed against Horizon Healthcare Services Inc., in the wake of the 2013 theft of two computer laptops...more

Robinson+Cole Data Privacy + Security Insider

New Hampshire Psychiatric Hospital Patient Records Posted Online by Former Patient

The New Hampshire Department of Health and Human Services has notified up to 15,000 patients of its psychiatric hospital (New Hampshire Hospital) that their names, addresses, Social Security numbers, Medicaid ID numbers and...more

Robinson+Cole Data Privacy + Security Insider

Confusing Joint Guidance published by OCR and FTC on HIPAA Authorization Forms

There are arguments that there is a dearth of guidance by both the Office for Civil Rights (OCR) and Federal Trade Commission (FTC), so when guidance comes out, we listen. But the most recent guidance jointly issued by the...more

Stinson LLP

HHS Publishes New Guidance on HIPAA and Cloud Computing

Stinson LLP on

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

Robinson+Cole Data Privacy + Security Insider

Central Ohio Urology Group Notifies 300,000 Patients of Breach

Approximately 300,000 patients of Central Ohio Urology Group have been notified that their protected health information has been stolen and posted online. Although the actual date of the hacking has not been released,...more

Robinson+Cole Data Privacy + Security Insider

Information From 700+ Patients Stolen from LAC+USC Medical Center

Los Angeles County-USC Medical Center (LAC+USC) has notified patients that the protected health information of over 700 patients seen in the LAC+USC neurosurgery clinic was stolen from an employee’s car. The information,...more

36 Results
 / 
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide