Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case ? MarketWatch
The OCR, which enforces the HIPAA Privacy and Security Rules, opened its investigation of RAC after television media videotaped incidents in which pharmacies were shown to have disposed of prescriptions and labeled pill bottles containing individuals’ identifiable information in industrial trash containers that were accessible to the public. These incidents were reported as occurring in [...]
|
Healthcare Breaches Spin Out Of Control
If the past week is any indication and I’m afraid it is, health care companies are doing an abysmal job at protecting personal health care data.This evening the Colorado Department of Health Care Policy and Financing announced that state officials discovered an unauthorized removal of a computer hard drive from the state’s Office of Information [...]
|
Visa Clarifies Security Rules
This week Visa Inc. said it?s going to reduce unnecessary storage of sensitive card information in merchant payment systems. Specifically, Visa is clarifying that existing operating regulations ensure acquirers and issuers allow merchants to present a truncated, disguised or masked card number on a transaction receipt for dispute resolution in place of the full 16-digit [...]
|
Connecticut AG reaches agreement with Health Net over data breach
Connecticut Attorney General Richard Blumenthal has announced that his office has reached a settlement with health insurance company Health Net over a failure to secure patient information on almost a half-million state enrollees, and subsequent failure to promptly notify consumers about the breach. The settlement involves Health Net of the Northeast Inc., Health Net of [...]
|
13 essential steps to integrating control frameworks ? CSO Online
# The organization must understand which frameworks or framework elements are needed to address, at a minimum, the critical security concerns. When addressing control requirements, more is not necessarily better, and each additional control entity represents an investment in time, money, and effort. # Choose a base framework to use. An organization should identify a [...]
|
HIPAA Rules Now Apply to PHRs
It’s not a new law, but it’s a tangible, short-term step toward protecting the privacy of patient data that travels online. To address loopholes in current patient privacy legislation, the Health and Human Services Department on Thursday proposed privacy rules that would apply to vendors of technology that transmit personal health data. via HIPAA Rules [...]
|
HHS Proposal covers chain of subcontractors ? HIPAA
A key provision of the pending rules would make ?downstream? healthcare subcontractors subject to HIPAA?s privacy and security requirements. HIPAA, as bolstered under the HITECH Act, already considers a health information exchange as a ?business associate? of organizations covered by the law. Business associates are required to sign contacts that bind them to HIPAA.The proposed [...]
|
OMB Completes HIPAA Rules Review
The Office of Management and Budget (OMB) has finished its review of proposed rules related to changes to HIPAA privacy and security rules, meaning the rules could hit the streets this week. The OMB reports that it has concluded its regulatory review of the rules HHS sent in April. via OMB Completes HIPAA Rules Review.
|
Health Net of the Northeast will pay $250,000 in fines
Health Net of the Northeast will pay $250,000 in fines to Connecticut as part of a settlement regarding a lost or stolen hard-drive that contained medical records and personal information of 1.5 million people, including 446,000 in Connecticut. via Insurance Capital – News, Conversation and Links about Connecticut’s Insurance Industry.
|
IRS fails to identify contractors with access to taxpayer data
The Internal Revenue Service risked disclosing taxpayer information when it failed to identify contractors that had access to financial records and to fix known security weaknesses at facilities where files are stored. According to an audit released on Tuesday by the Treasury Inspector General for Tax Administration, the IRS did not identify all the vendors [...]
|
