The Center For Democracy and Technology (CDT) just sent out this announcement: The U.S. Department of Health and Human Services (HHS) proposed a set of significant updates to health privacy rules. The proposed rule tackles how sensitive patient information is handled under the Health Insurance Portability and Accountability Act (HIPAA), which is the nation’s foremost…
Thousands of ‘Subcontractors’ May Soon Have to Comply With HIPAA
AIS’s Health Business Daily has reprinted an article from REPORT ON PATIENT PRIVACY that talks about the expansion of mandates to subcontractors: Perhaps the biggest surprise in HHS’s July 14 proposed rulemaking was a concept that went beyond language contained in the HITECH Act, namely the appearance of the term “subcontractors” in the list of…
United HealthGroup reports second breach involving paper records
For the second time in as many months, United HealthGroup has reported a breach to HHS that involved paper records. Because HHS does not provide a lot of details on its web site, all we know for this latest incident is that 735 individuals were affected by an incident involving “theft, unauthorized access” that occurred…
eBay photocopier data risk ignored
John Leyden reports: The security threat from carelessly ditched computers increasingly applies to a much wider range of office equipment, as sophisticated storage technology finds its way into humble devices such as fax machines and printers. The risk that sensitive documents might make their way into the hands of undesirables was neatly illustrated by a…
UK: Council slated for sex data blunder
Vivienne Nicoll reports: Council chiefs have been severely censured for losing sensitive data about some of Glasgow’s worst sex offenders. And they were warned they faced unlimited fines unless immediate improvements were made to stop it happening again. The rap came after a computer stick containing personal details of registered sex offenders, victims and witnesses…
Hackers find a new target in payroll processing
Oh ho…. this explains the confusion created by a recent breach report by Regeneron to the New Hampshire Attorney General’s Office. I had been wondering why Regeneron was claiming that they had first found out about a breach involving Ceridian in June when Ceridian had claimed back in February that everyone was notified. I had…