Articles and Blogs

Data Privacy and Security

Safe Harbor Agreement Between United States and EU Ruled Invalid


Posted on October 6, 2015 in Health Information Technology

Written by: Alisa C. Kuehn

For years, companies in the United States have relied on a Safe Harbor to the EU Directives (the stringent privacy requirements imposed by the European Union) to qualify for the ability to transfer protected data between EU countries and the United States. Today, however, the European Court of Justice ruled that the agreement between... READ MORE

Tags: , , , ,

Anthem Data Breach: What You Need to Know Now


Posted on February 6, 2015 in Health Information Technology

Written by: Mark Swearingen

Health care data breaches are not new. The breach announced by health insurer Anthem on February 5, 2015 is notable mostly for its scope. According to Anthem’s statement, hackers utilized a very sophisticated cyber attack to gain access to the information of potentially 80 million current and former Anthem members. The information accessed included... READ MORE

Tags: ,

CMS Extends EHR Attestation Deadline for Eligible Hospitals


Posted on November 26, 2014 in Health Information Technology

Written by: Ammon R. Fillmore

This week, the Centers for Medicare & Medicaid Services (“CMS”) announced that it is extending the deadline for eligible hospitals and critical access hospitals (“CAHs”) to attest to meaningful use for the Medicare Electronic Health Record  Incentive Program for the 2014 reporting year from 11:59 PM EST on November 30, 2014 to 11:59 PM EST on December... READ MORE

Tags: , ,

OIG Fiscal Year 2015 Work Plan


Posted on November 5, 2014 in Health Information Technology

Written by: Justin C. Ralston

On October 31, 2014, the U.S. Department of Health and Human Services Office of Inspector General (“OIG”) released the Work Plan for Fiscal Year 2015 (“Work Plan”). The Work Plan confirms OIG will continue to concentrate a great deal of their enforcement efforts on the security and vulnerabilities of protected health information (“PHI”) contained... READ MORE

Tags: , , , , , ,

Impacts of Heartbleed Exploit Come to Light


Posted on April 15, 2014 in Health Information Technology

Written by: William A. Dummett

Following recent news about the Heartbleed exploit, CloudFlare, a San Francisco-based security services company, challenged hackers to use Heartbleed to get private encryption keys that would unlock secure data. It reported multiple winners to its challenge. By obtaining the private key for an SSL/TLS certificate, an attacker could set up a fake website that passes... READ MORE

Tags: , ,

IT Security Standards Hospitals Should Know About


Posted on August 30, 2013 in Health Information Technology

Written by: Joshua P. Reading

Health information technology solutions that are remotely hosted or cloud based are becoming more common.  In these scenarios, a health care provider  is allowing its data – often times including protected health information (“PHI”) – to flow through or be stored in the vendor’s data center.  If PHI is involved, the parties should determine... READ MORE

Tags: , ,

FTC Issues Mobile Privacy and Security Publications


Posted on February 22, 2013 in Health Information Technology

Written by: Mark R. Dahlby

On February 1, 2013, the Federal Trade Commission (FTC) issued two publications recommending ways that key players in the mobile marketplace, such as operating system providers, application developers, advertising networks and analytics companies, can promote mobile privacy and security. READ MORE

Tags: , , , , , , ,

Court finds security system of bank is not commercially reasonable


Posted on July 9, 2012 in Health Information Technology

Written by: Michael T. Batt

In analyzing a claim under Article 4A (Electronic Funds Transfers) of the Uniform Commercial Code, the U.S. Court of Appeals for the First Circuit determined that a bank did not utilize commercially reasonable security procedures when it failed to monitor risk reports and decreased the dollar threshold which triggered use of challenge questions by... READ MORE

Tags: , , , , , ,

Opinions about Mobile Device Privacy and Security Due to ONC by March 30, 2012


Posted on March 29, 2012 in Health Information Technology

Written by: Alisa C. Kuehn

The public comment period regarding securing health information while using mobile devices ends on March 30, 2012. Information regarding ONC’s Mobile Device Roundtable discussion and a link to provide comments can be found here. Should you have any questions, please contact Alisa Kuehn at 317.977.1475 or   READ MORE

Tags: , , ,

HHS Settles First Enforcement Action Resulting From HITECH Breach Notification Rule


Posted on March 13, 2012 in Health Information Technology

Written by: Ammon R. Fillmore

The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced on Tuesday, March 13, 2012, that Blue Cross Blue Shield of Tennessee (“BCBST”) will pay $1,500,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  BCBST had previously notified HHS that 57 unencrypted hard drives containing protected health information, social... READ MORE

Tags: ,