The Department of Health and Human Services has recorded its first enforcement action resulting from the 2009 breach notification rule, reaching a $1.5 million settlement with Blue Cross Blue Shield of Tennessee over a breach of more than 1 million records contained on stolen hard drives.
It has been two years since enforcement of the federal breach notification rule began, and in that time covered entities and their business associates have logged [...]
The online version of the October practice brief “Sanction Guidelines for Privacy and Security Violations”includes a sample severity determination document. The form and table can be used electronically or in paper copy for spreadsheet or database creation.
For the first time the Office for Civil Rights has released figures on the “small” data breaches reported to it under the federal breach notification rule. Small breaches, it turns out, are very, very small.
Theft remains the leading cause of large-scale data breaches, according to a review of Office for Civil Rights’ statistics. Simple practices and technologies can help secure laptops and other equipment and safeguard the data they contain.
Feedback on accountings of disclosure the Office for Civil Rights solicited last year offers insight into the provider and consumer experience with accountings to date. That experience shows in OCR’s newly proposed rule, which seeks to both ease the burden and improve the information.
Perhaps it’s not the biggest challenge within the proposed modifications to the accounting of disclosure provision, but it will require planning and budget. As the implementation [...]
The online version of the June practice brief “Limiting the Use of the Social Security Number in Healthcare” includes three additional appendixes. Appendix A provides a [...]
