Although the HIPAA Omnibus Rule is a step in the right direction for protecting health information, the regulation still leaves large privacy gaps, says patient advocate Deborah Peel, M.D. “HIPAA Omnibus finally affirmed that states can pass laws that are tougher than HIPAA, and that’s really good news because HIPAA is so full of flaws and defects that…
Search Results for: patient
HHS update to breach tool shows laptop theft is not a thing of the past, Part 1
HHIS updated its breach tool this week, adding a baker’s dozen of incidents. Significantly, 6 of the 13 involved stolen laptops while 3 others involved theft or loss of electronic devices. Two of the 13 incidents were already known through either media coverage or reports to a state’s attorney general. In both cases, HHS’s breach…
Does being coy with the media pay or does the lack of transparency hurt reputation more?
Personally, I detest it when entities won’t disclose any many people were notified or affected by a breach. It’s one of the few times that I think the “nothing to hide” argument applies. When it comes to healthcare sector breaches affecting more than 500, refusal to disclose to the media makes even less sense to…
Nassau County DA says multiple ID theft crews hit North Shore-LIJ
More information has been disclosed about data security breaches affecting patients at North Shore University Hospital – Long Island Jewish Hospital. In April 2012, we learned that there had seemingly been two separate incidents, one involving a nurse from Brooklyn. But it seems that there was a lot more data theft and misuse going on…
Did Samaritan Hospital violate HIPAA?
Over on Healthcare IT News, Erin McCann has a bit more on the Samaritan Hospital breach I blogged about yesterday. I found some of her assertions interesting, and because I’m not sure I agree with her on her reading of HIPAA’s requirements, thought I would discuss them here. Erin bases most of her commentary on…
Lucile Salter Packard Children's Hospital avoids $250,000 penalty for late breach notification (updated)
UPDATE: In a statement sent to PHIprivacy.net on March 7, a CDPH spokesperson writes: The original $250,000 penalty posting was an error discovered during the appeal. The correct calculation should have been $100/day times the number of days the facility failed to report the breach to CDPH, for a total penalty of $1100. So after…