“I don’t know what HIPAA stands for, but I believe in it and I practice it,” Manning said, joking, referring to the federal law protecting medical privacy. “So, uh, I’ll leave it at that.”
Responding to the theft of 57 hard drives in 2009 , BlueCross BlueShield of Tennessee has completed a $6 million project to encrypt all of its at-rest data.
The company announced late last month that it spent more than 5,000 man-hours on the encryption effort, which encompassed about 885TB of data.
A judge in a murder trial in June wanted to see the medical records of a woman whose husband was charged with killing her.
Rhode Island Hospital’s records department rejected the court order –– and answered the subsequent subpoena by saying the law allowed 20 days to respond.
KPMG, which won OCR’s $9.2 million contract for HITECH-required HIPAA audits in June 2011, told the Saint Barnabas Health Care System of West Orange, NJ, in June 2010 that a KPMG employee lost an unencrypted flash drive that may have contained a list with some patient names and information about their care, Saint Barnabas reported on its website.
Data Breaches Involving Business Associates
According to data on OCR’s website, there have been 292 breaches affecting 500 or more individuals since September 2009. Business associates have been involved in 57, or about 20%, of those breaches.
An official at HHS Office for Civil Rights says the agency has not decided whether to include business associates in its HIPAA-compliance audit plans, HealthLeaders Media reports.
The Department of Health and Human Services should not require hospitals and other entities covered by the Health Insurance Portability and Accountability Act to provide to individuals on request a report detailing all internal disclosures of their personal health information from electronic designated record sets, the AHA told the department in a letter today. AHA said the proposal, included in a proposed rule modifying the HIPAA privacy rule under the HITECH Act, fails to meet the law’s requirement to “appropriately balance the relevant privacy interests of individuals with the substantial burdens on covered entities, including hospitals.” The association urged HHS to withdraw the proposal and “reissue a request for information aimed at better reflecting the statutory requirements, the technological realities, and better alignment of the regulation’s effectiveness with the compliance burdens.” While generally endorsing the rule’s proposed accounting of disclosures revisions, AHA urged additional changes to ensure a proper balance of the value of the information to patients with the burdens to covered entities of producing it. AHA also urged HHS to retract the rule’s preamble commentary about the HIPAA security rule in order to reflect longstanding department guidance.
An Alabama woman has been charged with violations of the HIPAA privacy rule for stealing paper surgery schedules of about 4,500 patients from Trinity Medical Center in Birmingham and intending to use the names, dates of birth and Social Security numbers to commit identity theft.
An Alabama woman has been charged with violating the HIPAA Privacy Rule following allegations that she stole identifying information on about 4,500 patients from Trinity Medical Center in Birmingham
Legal experts say a Michigan court ruling over disclosing patient names places tighter restrictions on what information physicians can release during legal proceedings.
The decision also could impact peer review and lead to a rise in lawsuits against health care professionals over patient-privacy violations, they said.