Health IT, HIPAA, and the CMS Incentive Programs Blog
For physicians, hospitals, government agencies, and business associatesEncryption with BitLocker – Protecting against Attacks
Covered entities and business associates who need to comply with HIPAA encryption standards first have some high-level planning which is addressed in the post Encrypting Mobile Devices - First Create a Plan. Many organizations will choose to use Microsoft's BitLocker...
Encrypting Mobile Devices – First Create a Plan
The recent enforcement actions against Concentra Health Services and QCA Health Plan, Inc. are two more messages to HIPAA covered entities (and business associates!) to encrypt their PHI. For most organizations, encrypting mobile devices is usually the first priority...
Concentra Health and QCA Health Plan settle with OCR over HIPAA violations
Stolen laptops have led to major HIPAA enforcement actions, announced yesterday, for two more covered entities. Concentra Health Services (Concentra) and QCA Health Plan, Inc. of Arkansas have paid the HHS Office for Civil Rights (OCR) $1,975,220 collectively to...
Unauthorized EHR access causes data breach of 1,400 medical records Lubbock, Texas
Lubbock Cardiology Clinic in Lubbock, Texas posted an online notification of a data breach that affected 1,400 patient medical records and patient demographics (names, addresses, phone numbers and social security numbers). The breach was caused when an unauthorized...
Data breach in MI Health Department affects 2,595 individuals
On February 3, the Michigan Department of Community Health announced that thousands of individuals had their compromised in a data breach caused by the theft of a laptop and flash drive. The equipment was stolen on the evening of January 30 or the morning of January...
Widespread Internet Security Flaw Affects Web Users Worldwide
Details about the Heartbleed bug, a serious vulnerability in the popular OpenSSL cryptographic software library, were published earlier this week. This vulnerability has the potential to affect web users worldwide. The bug, caused by a programming error, allows the...
Pending bill would standardize breach response process
Large hospitals and national organizations would benefit from a single, national security breach response process. The recent breaches at Target, Neiman Marcus and other retailers have gotten the attention of our national legislators. Last month, US Legislators...
Patient Privacy- Will Walgreens be OCR’s newest poster child for HIPAA non-compliance?
Walgreens’ new pharmacy model may be unintentionally violating customers' patient privacy rights. Named the “Well Experience,” this new store layout/business model gets pharmacists out in the store, with the intention of increasing the pharmacists’ accessibility to...
