Tag Archives: privacy

Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case – MarketWatch

Posted by on July 27, 2010 No comments

The OCR, which enforces the HIPAA Privacy and Security Rules, opened its investigation of RAC after television media videotaped incidents in which pharmacies were shown to have disposed of prescriptions and labeled pill bottles containing individuals’ identifiable information in industrial trash containers that were accessible to the public. These incidents were reported as occurring in a variety of cities across the United States. Rite Aid pharmacy stores in several of the cities were highlighted in media reports.

via Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case – MarketWatch.

HIPAA Rules Now Apply to PHRs

Posted by on July 10, 2010 No comments

It’s not a new law, but it’s a tangible, short-term step toward protecting the privacy of patient data that travels online. To address loopholes in current patient privacy legislation, the Health and Human Services Department on Thursday proposed privacy rules that would apply to vendors of technology that transmit personal health data.

via HIPAA Rules Now Apply to PHRs – Health IT Update.

HHS Proposal covers chain of subcontractors – HIPAA

Posted by on July 10, 2010 No comments

A key provision of the pending rules would make “downstream” healthcare subcontractors subject to HIPAA’s privacy and security requirements. HIPAA, as bolstered under the HITECH Act, already considers a health information exchange as a “business associate” of organizations covered by the law. Business associates are required to sign contacts that bind them to HIPAA.The proposed rule, however, would confer business associate status to subcontractors working with other business associates. Potentially, the requirement could work its way down a number of tiers as subcontractors to newly coined business associates would also fall under HIPAA’s scope.

via In the News.

OMB Completes HIPAA Rules Review

Posted by on July 6, 2010 No comments

The Office of Management and Budget (OMB) has finished its review of proposed rules related to changes to HIPAA privacy and security rules, meaning the rules could hit the streets this week.

The OMB reports that it has concluded its regulatory review of the rules HHS sent in April.

via OMB Completes HIPAA Rules Review.

Patients Question HIPAA Provision That Allows Use Of Patient Data For Fundraising

Posted by on May 25, 2010 No comments

The federal law known as HIPAA that is meant to protect the privacy of patients “specifically allows medical centers to use patient information for fundraising activities,” The Seattle Times reports. “Information about diagnosis or treatment is off-limits, but federal and state laws allow hospitals, in most cases, to use a patient's name, address, contact information, dates of hospital service, gender, age and insurance status in fundraising efforts.”

via Patients Question HIPAA Provision That Allows Use Of Patient Data For Fundraising.

OCR Building HIPAA Audit Plan With Outside Help

Posted by on May 25, 2010 No comments

HIPAA's privacy and security enforcer has hired an outside firm to help build its HITECH-required HIPAA auditing plan, the government agency tells HealthLeaders Media.

The Office for Civil Rights (OCR), which carries out for the Department of Health & Human Services (HHS) enforcement of the HIPAA privacy and security rules, says it does not have a timetable for when the audit plan begins.

via OCR Building HIPAA Audit Plan With Outside Help.

OCR Boosting HIPAA Security Enforcement

Posted by on May 13, 2010 No comments

The health care industry can soon expect a greater emphasis on enforcing the HIPAA security rule than in years past.

That’s the message that Susan McAndrew, deputy director for privacy at the Department of Health and Human Services’ Office for Civil Rights, delivered May 11 at the Safeguarding Health Information conference in Washington. OCR sponsored the conference with the National Institute of Standards and Technology.

via OCR Boosting Security Enforcement.

Hospital fulfills subpoena, gets hit with privacy suit

Posted by on May 3, 2010 No comments

The Cleveland Clinic in Ohio found itself in such a predicament when it agreed to turn over a patient’s records in response to a grand jury subpoena in a criminal investigation.

The subpoena request was prompted by a criminal investigation of James Turk, a private investigator and former police officer who was indicted in June 2007 for carrying a concealed weapon and having it despite an alleged drug and alcohol dependency, according to court records.

via amednews: Hospital fulfills subpoena, gets hit with privacy suit :: May 3, 2010 … American Medical News.

Health worker is first HIPAA privacy violator to get jail time

Posted by on April 30, 2010 No comments

A former UCLA Health System employee, apparently disgruntled over an impending firing, has been sentenced to four months in federal prison after pleading guilty in January to illegally snooping into patient records, mainly those belonging to celebrities

via Health worker is first HIPAA privacy violator to get jail time – SC Magazine US.

Deadline to disable WEP for PCI DSS compliance

Posted by on April 18, 2010 No comments

The clock is ticking! June 30, 2010 is the deadline for companies required to comply with the Payment Card Industry Data Security Standard (PCI DSS) to eliminate any use of Wired Equivalent Privacy (WEP) on their networks. This outdated standard uses insecure cryptography and hackers have clearly demonstrated the ability to penetrate WEP networks in a matter of seconds. With the release of PCI DSS 1.2 in late 2008, the PCI Security Standards Council set forth three new requirements for organizations using wireless networks:

* Use strong encryption and authentication for all wireless networks.

* Do not deploy any new WEP networks.

* Decommission any existing WEP networks by June 30, 2010.

via How to change from WEP to WPA for PCI DSS compliance.