On February 1, 2013, the Federal Trade Commission (FTC) issued two publications recommending ways that key players in the mobile marketplace, such as operating system providers, application developers, advertising networks and analytics companies, can promote mobile privacy and security.
Archive for the ‘Data Privacy and Security’ Category
Establishing an Effective Records Management and Data Retention Program: Health Care Industry Considerations
Authored By: Mark T. Garsombke
Attached is a link to a webinar that I recently conducted with Teramedica on Establishing an Effective Records Management and Data Retention Program: Health Care Industry Considerations.
This one-hour webinar helps health care organizations gain tactical insight into the essential legal and business requirements of establishing an effective records management and data retention program. Patient data storage and data access is becoming one of the most costly and challenging areas of health care delivery.
(more…)
Court finds security system of bank is not commercially reasonable
Authored By: Michael T. Batt
In analyzing a claim under Article 4A (Electronic Funds Transfers) of the Uniform Commercial Code, the U.S. Court of Appeals for the First Circuit determined that a bank did not utilize commercially reasonable security procedures when it failed to monitor risk reports and decreased the dollar threshold which triggered use of challenge questions by customers. Patco Construction Company, Inc. v. Peoples United Bank (July 3, 2012) . The practical take away from this ruling is that “commercially reasonable security” requires active monitoring and that the effectiveness and commercially reasonableness of security procedures can be impacted by treating all transactions as “high risk.” (more…)
Opinions about Mobile Device Privacy and Security Due to ONC by March 30, 2012
Authored By: Alisa C. Kuehn
The public comment period regarding securing health information while using mobile devices ends on March 30, 2012. Information regarding ONC’s Mobile Device Roundtable discussion and a link to provide comments can be found here.
Should you have any questions, please contact Alisa Kuehn at 317.977.1475 or akuehn@hallrender.com.
HHS Settles First Enforcement Action Resulting From HITECH Breach Notification Rule
Authored By: Ammon R. Fillmore
The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced on Tuesday, March 13, 2012, that Blue Cross Blue Shield of Tennessee (“BCBST”) will pay $1,500,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). BCBST had previously notified HHS that 57 unencrypted hard drives containing protected health information, social security numbers, diagnosis codes, dates of birth, and other sensitive information were stolen from a BSCST leased facility.
This settlement represents the first enforcement action by OCR under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act Breach Notification Rule. HITECH requires that covered entities report a protected health information breach for 500 individuals or more both to the media and to HHS. BCBST reported the breach, but according to OCR, failed to implement appropriate administrative safeguards to adequately protect information remaining at the leased facility by not performing the required security evaluation in response to operational changes. In addition, the investigation showed a failure to implement appropriate physical safeguards by not having adequate facility access controls; both of these safeguards are required by the HIPAA Security Rule.
For additional details regarding the enforcement action and settlement click here.
Should you have any questions, please contact Ammon Fillmore at 317.977.1492 or afillmore@hallrender.com.
Financial Impact of Breached PHI Study Released
Authored By: Mark T. Garsombke
On Monday, March 5th, the American National Standards Institute (“ANSI”) issued its long-awaited report, “Financial Impact of Breached Protected Health Information” (http://webstore.ansi.org/phi/). The Report provides a good summary of the current state of health data privacy and security in the U.S., HIPAA legislative history, and some potential measures that can be taken to strengthen the protection of health data privacy and security. Most interesting, the Report also discusses the financial impact of breached PHI, giving examples of actual costs that an organization might incur when a data breach occurs.
Let us know what you think of the Report’s findings and what steps your organization is taking to protect PHI. We’re also interested in any insights you have for other organizations to better protect PHI.
Should you have any questions, please contact Mark Garsombke at 414.721.0907 or mgarsombke@hallrender.com
Topical Index
- Data Management (3)
- Data Privacy and Security (6)
- EHRs (32)
- FDA (2)
- Health Information Exchange (2)
- Health Information Technology (38)
- HIPAA (2)
- HITECH ACT (6)
- IP (3)
- IT (11)
- Meaningful Use (19)
- Mobile apps (5)
- Mobile Devices (6)
- Mobile Medical Apps (6)
- Patient Safety (1)
- Records Retention (2)
- Social Media (3)
- Uncategorized (15)
Blog Roll
- False Claims Act Defense
- Federal Advocacy
- Hall Render Blog
- Health Care Real Estate Law
- HR Insights for Health Care
- Litigation Analysis
- Long-Term Care
