The U.S. Department of Health & Human Services’ Indian Health Service (IHS) has been responding to a breach by a contract physician that affected patients at three IHS facilities. The IHS, an agency in the U.S. Department of Health and Human Services, provides a comprehensive health service delivery system for approximately 2.1 million American Indians and Alaska Natives. On…
Category: Uncategorized
More on PHI disclosures and public health emergencies
Via HIPAA Blog, here are two resources related to the issue of how much PHI covered entities can disclose without patient consent in situations like ebola concerns. The first is from HHS: Does the HIPAA Privacy Rule permit covered entities to disclose protected health information, without individuals’ authorization, to public officials responding to a bioterrorism…
Ca: Jack Layton’s hospital records were also accessed, Chow says
Elizabeth Church and Kelly Grant report: One day after news that Toronto Mayor Rob Ford’s medical records were inappropriately accessed while he underwent cancer treatment, Olivia Chow has confirmed her late husband and former NDP leader Jack Layton had the same experience while in the care of another major Toronto hospital. Ms. Chow, who is…
If HHS doesn't take stronger action against insider data theft cases for tax refund fraud, will the FTC?
Last month, PHIprivacy.net raised the question as to why we have seen no monetary penalties or strong enforcement actions by either OCR or the FTC when it came to cases of insider data theft for tax refund fraud schemes. As I commented in that post: Insider data theft is a serious problem with serious consequences to patients….
Ebola Presents Significant Workplace Challenges
Joseph J. Lazzarotti writes: We addressed the dangers of “snooping” into patient records by hospital workers spurred by incidents of Ebola and Enterovirus D-86 in the U.S. Of course, the workplace challenges created by Ebola, Enterovirus D-86 and other contagious diseases and illnesses in the workplace go far beyond snooping, and far beyond healthcare employers. Employers in all industries are facing…
FDA Releases Final Guidance on Cybersecurity in Medical Devices, Public Workshop to Follow on October 21-22, 2014
Morgan Kennedy writes: On October 2, 2014, the Food and Drug Administration (FDA) released a final guidance document titled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”. The FDA said that the “need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless,…