On December 27, I blogged: Four days after a computer was stolen from Inspira Medical Center Vineland, the hospital still can’t say whether there was any patient data on it? The hospital issued a statement the next day saying that no patient data was on the stolen computers, but as I noted on January 17, when they announced an…
Category: Uncategorized
HHS Issues HIPAA Guidance on Sharing Information Related to Mental Health
The U.S. Department of Health and Human Services (HHS) has released new guidance explaining how the HIPAA Privacy Rule operates to protect individuals’ privacy rights with respect to their mental health information and in what circumstances the Privacy Rule permits health care providers to communicate with patients’ family members and others to enhance treatment and assure…
UK: Durham County Council reassures pensioners after their information goes missing when a memory stick is lost
Here’s one I missed from earlier this month. Mark Summers reports: Council chiefs say security was not breached when a computer memory stick containing the personal details of thousands of vulnerable pensioners was lost. Clients of Durham County Council’s Care Connect warden service have been advised to set a new code on their key safe…
UK: NHS in England delays sharing of medical records
Peter Walker and James Meikle report: The NHS delayed for at least six months a controversial plan to share data from people’s medical records on Tuesday following concerns from doctors and patients’ groups, acknowledging there was insufficient public confidence in the scheme. The postponement by NHS England was welcomed by critics who had complained too…
WEDI publishes health data breach notification tips
Patrick Ouellette reports: The Workgroup for Electronic Data Interchange (WEDI) Privacy and Security Workgroup recently published its Breach Risk Assessment Issue Brief to offer reminders to healthcare organizations regarding the breach notification decision process. According to WEDI, organizations can use this brief as a reference used to help determine probability and requirements for breach notification. Read Patrick’s…
Employee’s Unauthorized Texting of Confidential Health Information May Impose Employer Liability
Jeffrey M. Schlossberg writes about the Doe v. Guthrie Clinic case and lawsuit discussed previously on this blog. When does a medical clinic’s employee’s unauthorized texting of patient confidential health information result in liability to the clinic? The answer; it depends. In Doe v. Guthrie Clinic, Ltd., the Second Circuit Court of Appeals dismissed a patient’s claim against…