Category Archives: General

Role-Specific Learning and Independence Blue Cross

The recent Breach of 12,500 records at Independence Blue Cross is yet another example of where an incident could have been prevented by role-specific learning and appropriate process. In addition to the fines that are certain to follow, the fix

Slave computers and Cassidy Wolf (Miss Teen USA)

Dateline’s special broadcast regarding the hacking of the computers of Cassidy Wolf (Miss Teen USA) and her friends for the purpose of extortion was a sobering reminder about the ease of setting up slave computers. Did you know that there

Software updates and HIPAA

HHS/OCR has made it clear by the recently assessed $150,000 fine that a Breach due to the failure to maintain software via updates and patches will be dealt with harshly. Just ask Anchorage Community Mental Health Services after its AVOIDABLE

The Metric for Compliance in a Negligence Suit

The previous HIPAA Update News by addressed the Connecticut Supreme Court’s ruling in the Emily Byrne vs. Avery Center for Obstetrics and Gynecology case. That ruling is allowing a case to be heard that is using HIPAA as the

HIPAA and the right to Sue

It has been generally understood that HIPAA has not permitted individuals impacted by a Breach to sue for damages. Some Covered Entities have even relied on this “shelter from non-governmental litigation” in their risk management. However, the recent ruling in

HIPAA and the Need-to-Know

 HIPAA and the Need-to-know HIPAA prohibits the disclosure of protected health information to anyone that does not have a professional need-to-know. The need-to-know standard is applied on a person-by-person basis and NOT by departments or units. HIPAA and EBOLA in

Defense of Marriage Act and HIPAA

The U.S. Supreme Court’s ruling regarding the Defense of Marriage Act (“DOMA”) in United States v. Windsor has impacted a number of rules and regulations including HIPAA. HIPAA’s Privacy Rule allows care providers (as Covered Entities) to share information about

Remorse and repercussions

Your invited to share as appropriate. So the story goes something like this… Two thieves broke into an office and steal a laptop on May 25th from Self Regional Healthcare. The theft was caught on video and reported to the

$4.8 million settlement for only 6,800 individuals

SUMMARY: Two health care organizations have agreed to settle charges that they potentially violated HIPAA Privacy and Security Rules by failing to secure thousands of patients’ electronic protected health information (ePHI) held on their network. The monetary payments of $4,800,000

Target reportedly knew it had a problem BEFORE the Breach

Target has acknowledged that its computer security system (by FireEye, Inc.) had detected suspicious hacker activity and alerted the company. However, Target chose to ignore the information about the hacker’s infiltration of its system. This failure-to-act ultimately resulted in a