A new sheriff in town: Federal Trade Commission enforcement of medical information security=, 09/17/2014, _www.lexology.com
A recent court decision found that the Federal Trade Commission (FTC) has authority to enforce the requirements for security of Protected Health Information, or PHI, as defined under the Health Information Portability and Accountability Act (HIPAA), against a defense asserted that the FTC has no authority under that statute.
Fourth Annual Benchmark Study on Patient Privacy and Data Security, 3/22/2014, www.bespacific.com
Ponemon Institute: “…we are releasing our Fourth Annual Benchmark Study on Patient Privacy and Data Security. We hope you will read the report sponsored by ID Experts that reveals some fascinating trends. Specifically, criminal attacks on healthcare systems have risen a startling 100 percent since we first conducted the study in 2010. This year, we found the number and size of data breaches has declined somewhat. Employee negligence is a major risk and is being fueled by BYOD.”
Data Broker Removes Rape-Victims List After Journal Inquiry, 12/19/2013, www.pogowasright.org
If you missed Senator Rockefeller’s hearing on data brokers yesterday, Pam Dixon of the World Privacy Forum made a powerful point in her opening statement about how data brokers have no shame. She cited the fact that brokers were selling lists of rape victims’ names for 7.9 cents per name.
NZ privacy commissioner finds that physician properly mitigated harm following a breach, 09/18/2013, www.phprivacy.net
A doctor working in a suburban medical practice had his car broken into and bag stolen. The bag contained a USB stick holding the personal information of a number of patients, including the complainant.
PPR Releases Trust Framework© for Data Privacy, 04/03/2013, www.phiprivacy,net
Patient Privacy Rights (PPR) is pleased to announce the publication of its Privacy Trust Framework©, a set of 75+ auditable criteria based on 15 key privacy principles.
At long last, HHS unveils Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules, 01/17/2013, www.phiprivacy.net
The U.S. Department of Health and Human Services (HHS) moved forward today to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
De-identifying protected health information: OCR issues long-awaited guidance=, 01/04/2013, www.lexocology.com
The HIPAA Privacy Rule is intended to protect individually identifiable health information by limiting its use and disclosure. But the Privacy Rule expressly permits the de-identification of that information, and in doing so recognizes the usefulness of that information for “secondary purposes” such as comparative effectiveness studies, policy assessment and life sciences research.
Data Breach Investigation | Due Process of Law, 11/30/2010, www.databreaches.net
The following is cross-posted from PHIprivacy.net:
In September, I posted an excerpt from a thought-provoking commentary by attorney Benjamin Wright. In discussing a fine levied against Lucile Salter Packard Hospital for late notification under California’s breach notification law, he had written, in part…
New Ponemon study: patient data inadequately protected, many hospitals do not notify patients of breaches, 11/09/2010, www.phiprivacy.net
The Ponemon Institute has released a new study sponsored by ID Experts, “Benchmark Study on Patient Privacy and Data Security.” The study examined hospitals’ patient privacy practices, breaches involving patient information, and compliance policies and activities.
Did the punishment fit the “crime?”, 09/29/2010, www.phiprivacy.net
Lucile Salter Packard Children’s Hospital at StanfordUniversity was fined $250,000 earlier this year by the California Department of Public Health (“CDPH”) for an alleged delay in reporting a breach under California’s health information privacy law.
Judge won’t accept pleas in Jackson Memorial Hospital ID theft case, www.databreaches.net
A husband-and-wife duo charged with running a racket to pilfer patient records from Jackson Memorial Hospital to sell to lawyers for injury claims tried to plead guilty Tuesday in Miami federal court.
Hospital fulfills subpoena, gets hit with privacy suit , 5/3/2010, www.pogowasright.org
Patient privacy is no doubt paramount in any physician practice. But when a subpoena suddenly is thrust into the physician-patient relationship, doctors may find themselves caught between the law and their privacy obligations.
Virginia Adds Medical Information Breach Notice Law, 4/8/2010, www.phiprivacy.net
The state of Virginia has passed a breach notice law requiring notice of security breaches involving medical information.
EMR Data Theft Booming, 3/26/10, www.privacy.net
Acceleration in the use of electronic medical records may lead to an increase in personal health information theft, according to a new study that shows there were more than 275,000 cases of medical information theft in the U.S. last year.
Better safe than sorry: Express Scripts should notify everyone, 10/02/09, www.databreaches.net
Almost a year after it was contacted by an extortionist, pharmacy benefits management company Express Scripts first learned that the extortionist was in possession of at least 700,000 more members’ personal information…
FTC issues Health Breach Notification Rule, 08/18/09, www.pogowasright.org
The Federal Trade Commission (“FTC” or “Commission”) is issuing this final rule…
‘Anonymized’ data really isn’t – and here’s why not, 09/08/09, www.pogowasright.org
The Massachusetts Group Insurance Commission had a bright idea back in the mid-1990s—it decided to release “anonymized” data on state employees that showed every single hospital visit.
Patient’s Guide to HIPAA: How to Use the Law to Guard your Health Privacy
Report: Rethinking the Role of Consent in Protecting Health Information Privacy, 1/26/09, www.pogowasright.org
News release: “CDT today released a major policy paper intended to move the health privacy debate…
Prescription Data Used To Assess Consumers, 8/4/08, www.pogowasright.org
Health and life insurance companies have access to a powerful new tool for evaluating whether to cover individual consumers: a health “credit report” drawn from databases containing prescription drug records on more than 200 million Americans.
ANNOUNCE: Pogo’s Medical Privacy News Section is Moving to its Own Site, 03/05/08, www.pogowasright.org
Privacy Group Sounds Alarms Over Personal Health Records Systems, 02/20/08, www.pogowasright.org
Concerns over Limits of HIPAA Medical Privacy Rule, 10/23/06, www.kaisernetwork.org
GAO: Medicare Data Network Vulnerable, 10/03/06, www.infoworld.com
U.S. Congress to Gut State Medical Privacy Laws? , 2/11/06, www.medicalnewstoday.com
Medical Data on 365,000 Stolen, 1/26/06, www.slashdot.org
Data Protection Used as Smokescreen, 1/18/06, www.theregister.co.uk
HIPAA Privacy Rule, 10/4/04, www.bespacific.com