Last year, the HHS Office for Civil Rights started posting online a list of reported breaches of unsecured health data affecting at least 500 people. About one-quarter of all listed incidents involved laptops, and close to one-eighth were the result of a lost or stolen portable device or USB drive.
The federal law known as HIPAA that is meant to protect the privacy of patients “specifically allows medical centers to use patient information for fundraising activities,” The Seattle Times reports. “Information about diagnosis or treatment is off-limits, but federal and state laws allow hospitals, in most cases, to use a patient's name, address, contact information, dates of hospital service, gender, age and insurance status in fundraising efforts.”
HIPAA's privacy and security enforcer has hired an outside firm to help build its HITECH-required HIPAA auditing plan, the government agency tells HealthLeaders Media.
The Office for Civil Rights (OCR), which carries out for the Department of Health & Human Services (HHS) enforcement of the HIPAA privacy and security rules, says it does not have a timetable for when the audit plan begins.
The American Medical Association (AMA) and the American Osteopathic Association (AOA) today filed a lawsuit against the US Federal Trade Commission (FTC) to prevent the agency from subjecting medical practices to identify-theft regulations called “Red Flags Rules.”
On May 3, 2010, the Office for Civil Rights of the U.S. Department of Health & Human Services HHS issued a Request for Information RFI on the provisions of the Health Information Technology for Economic and Clinical Health HITECH Act that expand the requirements for accounting of disclosures of patients' protected health information PHI to include disclosures made through an electronic health record EHR for treatment, payment and health care operations purposes.
In a paper set to be presented at a security conference in Oakland, California, next week, the security researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car.
Ukrainian national has been arrested in India in connection with the most notorious hacking incident in U.S. history.
Sergey Valeryevich Storchark was one of 11 men charged in August 2008 with hacking into nine U.S. retailers and selling tens of millions of credit card numbers. He was arrested in India earlier this week, according to a spokesman with India's Central Bureau of Investigation (CBI)
The health care industry can soon expect a greater emphasis on enforcing the HIPAA security rule than in years past.
That’s the message that Susan McAndrew, deputy director for privacy at the Department of Health and Human Services’ Office for Civil Rights, delivered May 11 at the Safeguarding Health Information conference in Washington. OCR sponsored the conference with the National Institute of Standards and Technology.
The final draft of SP 800-53A, Revision 1 – Guide for Assessing the Security Controls in Federal Information Systems and Organizations, is the third in the series of publications and incorporates best practices in information security. The guideline includes security control assessment procedures for national security and non-national security systems and is intended to support a variety of assessment activities in all phases of the system development life cycle, including development, implementation and operation.
A new measure to strengthen credit card data protection was released by the PCI Security Standards Council today.
Version 3.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) standard is designed to streamline and simplify testing and implementation by providing a single set of modular evaluation requirements for all Personal Identification Number (PIN) acceptance Point of Interaction terminals. This standard is meant to enhance and prevent payment card fraud on devices that accept payment transactions and will cover everything from retail point of sale card readers to unattended payment terminals at gas stations and parking lots.