DBR ON DATA

Security, Privacy and Information Governance

Author: Sumaya M. Noush (page 1 of 4)

$4 Million Judgment Awarded to Office for Civil Rights for HIPAA Violation

Share

A U.S. Department of Health and Human Services (HHS) Administrative Law Judge (ALJ) has ruled that the University of Texas MD Anderson Cancer Center violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in its failure to encrypt its electronic devices and ordered MD Anderson to pay $4,348,000 in civil monetary penalties  to the Office for Civil Rights (OCR). This is the second summary judgment ordered in favor of the OCR in its history, and the fourth largest amount recovered by OCR for HIPAA violations.

Continue reading

Massive Data Breach Exposes 500,000 Patients’ Medical Records

Share

LifeBridge Health in Maryland is the most recent health system to have its patient records impermissibly accessed through a malware cyberattack. Indication of an attack was first detected in March 2018, upon which the hospital hired a national forensic firm to investigate the attack and determined that an unauthorized person had accessed LifeBridge’s server in September 2016.

Continue reading

CMS Proposed Rule, Rebranding of Medicare and Medicaid Electronic Health Records Incentives Program Shifts Focus to Interoperability and Patient Access

Share

The Centers for Medicare and Medicaid Services (CMS) recently released its Proposed Rule that, in major part, rebrands the previously known Medicare and Medicaid Electronic Health Records (EHR) Incentives Program into the Promoting Interoperability Program. The rebrand shifts the focus of the program to ensure that providers facilitate patient access to their own health data, and  limit the burden on health care providers when it comes to monitoring clinical care using health technology.

Continue reading

Continued Special Privacy Treatment for Substance Use Disorder Information

Share

The Senate Health, Education, Labor and Pensions Committee recently passed the Opioid Crisis Response Act of 2018 (OCRA) – a bipartisan package of more than 40 proposals designed to help families and entire communities affected by the nation-wide opioid crisis.

Continue reading

New York Attorney General Penalizes Health Plan for Widespread Disclosure of Social Security Numbers

Share

New York Attorney General Eric T. Schneiderman announced a $575,000 settlement with EmblemHealth and its subsidiary, Group Health Incorporated, (together, “EmblemHealth”) after EmblemHealth admitted a mailing error that resulted in the disclosure of 81,122 social security numbers.  EmblemHealth is one of the largest health plans in the United States.

Continue reading

New Initiative Examines Ethics of Research Using ‘Pervasive’ Data

Share

Data – big or small – has tremendous potential for use (and misuse).  For example, using mobile apps to keep track of one’s own physical activity or caloric intake may empower individuals to improve their health.  Should other parties (e.g., that app’s developer, physician, employer, insurance company, online friends) be able to access the same information, and if so, under what conditions? As another example, expressing one’s own feelings and preferences on a social media platform may strengthen bonds within a professional community or a family group, expedite academic collaborations, and/or improve an individual’s sense of belonging.  However, may those same messages – freely expressed in a public domain – be re-purposed for a study of mental health trends or for marketing strategies; and if so – when/how/by whom, or why/why-not?  Questions like these touch on a host of ethical and legal issues that only recently began to be explored in depth, even as new norms of individual behavior, human interactions, and treatment of data are evolving.     

Continue reading

Older posts

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy