Health Information Privacy

Subscribe to Health Information Privacy

In the U.S. District Court for the Central District of California last week, SuperCare Health, Inc. was hit with another proposed class action based on a data breach that allegedly compromised the personal and health information of over 300,000 current and former patients. SuperCare Health is a respiratory-care provider.

Lead plaintiff, Hamid Shalviri, alleges that

In general, both state and federal laws apply to health information or protected health information that is in the possession of hospitals, health systems, and medical providers.

HIPAA requires that covered entities protect the confidentiality and integrity of protected health information in their possession and secure it from unauthorized access, use, or disclosure. In addition,

On February 28, 2022, the Office of the National Coordinator for Health Information Technology (ONC) issued data on information blocking claims received since April 5, 2021, the effective date of information blocking regulations enacted under the 21st Century Cures Act (Cures Act). As a reminder, in accordance with the Cures Act’s prohibition on certain

HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than 60 days following the calendar year in which the breach occurred.

This year, the deadline for reporting breaches that occurred in

As if health care entities don’t have enough to worry about  during this chaotic and difficult time in the pandemic, a new report released by Cynerio, entitled “The State of IoMT Device Security 2022,” provides a list of medical devices that are considered Internet of Things, and therefore dubbed Internet of Medical Things (IoMT) that

On January 1, 2022, Broward Health, which operates dozens of health care facilities in Broward County, Florida, notified over 1.3 million individuals that a threat actor gained access to and removed data from its system on October 15, 2021. The data exfiltrated and compromised included individuals’ names, addresses, dates of birth, driver’s license numbers, Social

One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for HIPAA violations. The old double whammy.

States enforce those rights sparingly, but New Jersey is getting itself on the map

A federal district court in Montana has confirmed that HIPAA precludes a private right of action for patients to claim an unauthorized access, use, or disclosure of protected health information.  Nonetheless, the court denied the defendant covered entity’s motion to dismiss the complaint, holding that the plaintiff could move forward with state-specific claims of invasion

The Office for Civil Rights (OCR) recently announced that it has entered into the 20th settlement under its Right of Access Initiative. The settlement with Children’s Hospital and Medical Center in Nebraska includes an $80,000 payment by the hospital for failing to provide a mother with timely access to her daughter’s medical records.

According

Eskenazi Health in Indianapolis has been diverting emergency department patients arriving by ambulance to other area hospitals since it shut down its network following a ransomware attack on August 4, 2021. The diversion is “out of an abundance of caution and to maintain the safety and integrity of our patient care” according to a hospital