University’s $400,000 payment to HHS to settle HIPAA compliance allegations highlights critical role of risk assessments, and need for security policies and procedures.
Continue Reading Idaho State University Investigated by HHS Following Report of Data Breach
Information Management
We have to disclose patient records in response to a subpoena/attorney letter, right?
Health care practices and businesses generally need to be more careful when responding to requests for medical and other sensitive personal information.
Continue Reading We have to disclose patient records in response to a subpoena/attorney letter, right?
New York’s Highest Court To Say Whether Medical Practice Can Be Sued For Wrongful Texts By Non-Physician Employee
Will NY’s highest court allow patients to sue medical practices for fiduciary duty breaches when their non-physician employees disclose confidential medical records?
Continue Reading New York’s Highest Court To Say Whether Medical Practice Can Be Sued For Wrongful Texts By Non-Physician Employee
President Obama Issues Executive Order On Cybersecurity
President Obama issues executive order on cybersecurity…
Continue Reading President Obama Issues Executive Order On Cybersecurity
Maryland Attorney General Gansler Forms Internet Privacy Unit
Linking his announcement to National Privacy Day, January 28, 2013, Maryland Attorney General Douglas F. Gansler informed the public that his office has formed an Internet Privacy Unit. (See similar step taken by Connecticut AG)
The stated purpose of the Unit is to protect the privacy of online users. The Unit will be charged…
A Summary of the Final HIPAA Rule
As we continue to examine the final HIPAA privacy and security regulations, as amended by the HITECH Act and the Genetic Information Nondiscrimination Act, we pulled together a summary of some of the key points. We fully expect additional sub-regulatory guidance to be provided by OCR, such as frequently asked questions and sample business …
Top 13 for 2013 – Happy Privacy Day
Top 13 data privacy and security issues for 2013…
Continue Reading Top 13 for 2013 – Happy Privacy Day
Final HIPAA Regulations: “Business Associates” Include Subcontractors, Data Storage Companies (Cloud Providers?)
Under the HITECH Act, business associates are subject to the HIPAA privacy and security rules (the "HIPAA Rules") virtually to the same extent as covered entities. In addition to implementing this change for business associates ("BAs"), and providing additional guidance concerning what entities are business associates, the final HIPAA regulations issued last week also treat certain subcontractors of BAs as BAs directly subject to …
Final HIPAA/HITECH Privacy and Security Regulations Released
Final HIPAA regulations are out……
Continue Reading Final HIPAA/HITECH Privacy and Security Regulations Released
Privacy on the Go: California’s Recommendations for Mobile Device/App Privacy and Security
In 2012, California took significant steps to increase privacy protections for users of mobile applications (apps) which involved working with companies such as Amazon, Apple, Facebook, Google, Hewlett-Packard, and Microsoft. In July 2012, the Attorney General created the Privacy Enforcement and Protection Unit, with the mission of protecting the inalienable right to privacy conferred by the…