Think HIPAA fines aren’t serious for violations of security and privacy rules around Protect Health Information? You may want to think again. Here’s the headline from a story out today: “Anthem Mega-Breach: Record $16 Million HIPAA Settlement“, which links to our friends at Gov InfoSecurity https://www.govinfosecurity.com/anthem-mega-breach-record-16-million-hipaa-settlement-a-11622 Though many enter into HIPAA/HITECH-driven Business Associate Agreements on a near […]
Category: HIPAA/HITECH
New Cloud Computing Guidance From Health & Human Services’ OCR
The digital world has migrated to the Cloud, on both personal and business levels. But for “covered entities” and “business associates” subject to the Health Insurance Portability and Accountability Act regime, better known by the moniker of “HIPAA”, many CE and BA’s must often determine how (and whether) they can take advantage of cloud computing while […]
2014 Trends in State Data Breach Laws
A recent publication from the National Conference of State Legislatures has highlighted several intriguing trends with regards to recent and upcoming data breach legislation. Given most states reactive nature, the 2013 holiday season generated a “we must do something!” response in many state capitols following the front page data breaches of Target and Neiman Marcus. […]
Ready for Your HIPAA Compliance Audit? HHS’ OCR Sure Is…
It’s been a long time coming. Now it’s here. The Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently placed a notice in the Federal Register that it intends to survey up to 1,200 covered entities (health plans, health care clearinghouses, and certain health care providers) and business associates to “determine their […]
BYOD Doesn’t Mean “Bring Your Own Data Breach”
4th Annual Ponemon Benchmark Study – Reveals New Problems for PHI Security Same as it ever was? You’d be forgiven for thinking that after reading the Fourth Annual Benchmark Study on Patient Privacy & Data Security Report (the “Study”). Conducted by the Ponemon Institute and sponsored by our friends at ID Experts, the picture […]
Finally. Google Cloud Announces it will enter into HIPAA BAA’s
Well, it took long enough. Google Cloud Platform service has finally publicly announced they will willingly enter into Business Associate Agreements (“BAA’s”) with “Covered Entities” regarding use of Google Cloud services and Protected Health Information (“PHI”). Google’s announcement comes nearly five months the after Sept 23, 2013 effective date for compliance with the HIPAA/HITECH Omnibus […]
FTC’s 50th Data Security Settlement Highlights Best Practices
The FTC’s recently announced “50th data security settlement,” with GMR Transcription Services, has been highlighted by the Commission as a “golden opportunity to check your [data security] practices.” We agree. The facts behind the settlement read like a veritable case study of what not to do and how companies get into hot water with regulators […]
Survey: Medical ID Theft Now Fastest Growing Fraud
Medical and healthcare-related security and privacy concerns have been front page news in 2013, especially with recent launches of federal and state medical healthcare exchanges and changes stemming from the “HIPAA Omnibus Final Rule” enacted early this year that went into effect as of September 23rd. In a timely and notable report, the Ponemon Institute […]
Ponemon Study on Patient Privacy Highlights Security Failings
Released today, the Ponemon Institute‘s Third Annual Benchmark Study on Patient Privacy & Data Security (available at, http://www2.idexpertscorp.com/ponemon2012/) starkly highlights the continued serious challenges faced by healthcare organizations in adequately safeguarding protected health information (“PHI”). As the study notes straight out of the gate “the threats to healthcare organizations have become increasingly more difficult to […]
A Handful of 2012 Privacy & Security Predictions
Even though 2011 was an extremely active year on the information security and privacy fronts – with a blizzard of proposed legislation, near weekly front page data breaches and the continued full leap into the cloud with its securities issues – I predict that 2012 events across the privacy and data security landscape will make […]
Health Net Agrees to $250,000 Fine and “Corrective Action Plan” to Settle Loss of PHI
It didn’t take long for an Attorney General to latch onto Title XII of the American Recovery and Reinvestment Act of 2009 (a/k/a the Health Information Technology for Economic and Clinical Health Act [the HITECH Act]) in order to convince a covered entity to enter a data loss-related settlement. Indeed, Heath Net of the North […]