Privacy and security

HHS Settles HIPAA Investigation for $1.5 Million

The Department of Health and Human Services has recorded its first enforcement action resulting from the 2009 breach notification rule, reaching a $1.5 million settlement with Blue Cross Blue Shield of Tennessee over a breach of more than 1 million records contained on stolen hard drives.

Mar 22, 2012 11:43 am    |    posted by Kevin Heubusch   |    ARRAPrivacy and security
Breach List Hits 400 Reports, 19 Million Records

It has been two years since enforcement of the federal breach notification rule began, and in that time covered entities and their business associates have logged [...]

Mar 01, 2012 08:37 am    |    posted by Kevin Heubusch   |    Privacy and security
Sample Severity Determination Document Available

The online version of the October practice brief “Sanction Guidelines for Privacy and Security Violations”includes a sample severity determination document. The form and table can be used electronically or in paper copy for spreadsheet or database creation.

Oct 01, 2011 06:03 am    |    posted by Meg Featheringham   |    CompliancePrivacy and security
Little Breaches

For the first time the Office for Civil Rights has released figures on the “small” data breaches reported to it under the federal breach notification rule. Small breaches, it turns out, are very, very small.

Sep 13, 2011 11:38 am    |    posted by Kevin Heubusch   |    Privacy and security
Low-Tech Security Risks Still Leading Cause of Breaches

Theft remains the leading cause of large-scale data breaches, according to a review of Office for Civil Rights’ statistics. Simple practices and technologies can help secure laptops and other equipment and safeguard the data they contain.

Jul 19, 2011 04:10 pm    |    posted by Harry Rhodes   |    HIPAAPrivacy and security
Uncertain Benefits, Certain Difficulties Inform Disclosure Rule

Feedback on accountings of disclosure the Office for Civil Rights solicited last year offers insight into the provider and consumer experience with accountings to date. That experience shows in OCR’s newly proposed rule, which seeks to both ease the burden and improve the information.

Jun 21, 2011 09:08 am    |    posted by Kevin Heubusch   |    ARRAPrivacy and security
Dusting off the NPP

Perhaps it’s not the biggest challenge within the proposed modifications to the accounting of disclosure provision, but it will require planning and budget. As the implementation [...]

Jun 09, 2011 05:31 pm    |    posted by Chris Dimick   |    ARRAHIM operationsPrivacy and security
Additional SSN Resources

The online version of the June practice brief “Limiting the Use of the Social Security Number in Healthcare” includes three additional appendixes. Appendix A provides a [...]

Jun 01, 2011 06:05 am    |    posted by Meg Featheringham   |    HIM operationsPrivacy and security

Next Page »