What If Your Google Search Reveals Your Medical Record? HIPAA & HITECH Act Blog by Jonathan P. Tomes
A patient at St. Joseph Health System of Orange County, California, discovered that his medical record was available through search engines. This discovery resulted in the system notifying approximately 30,000 individuals that their protected health information (“PHI”) had been accessible by search engines for almost a year. St. Joseph stated that the records were stored .. read more
Proposed Budget Cuts for HIPAA Enforcement—Hardly a Help! HIPAA & HITECH Act Blog by Jonathan P. Tomes
The president’s proposed fiscal 2013 budget may appear helpful to covered entities and business associates that are concerned with HIPAA compliance. The budget calls for an overall 8 percent increase in spending for the Department of Health and Human Services (“DHHS”), but more importantly for those that have to comply with HIPAA, the proposed budget .. read more
Another Federal HIPAA Lawsuit—This One against a Business Associate! HIPAA & HITECH Act Blog by Jonathan P. Tomes
The Minnesota Attorney General Lori Swanson has sued a debt collection company in federal court for HIPAA violations involving an employee’s laptop stolen in Minneapolis. The defendant, Accretive Health, Inc., is a business associate for Fairview Health and North Memorial Hospital in Minnesota. Accretive’s stolen laptop contained unencrypted patient data for 23,500 patients, including names, .. read more
More on the HHS Audit Pilot Program: HIPAA & HITECH Act Blog by Jonathan P. Tomes with Guest Commentator Richard D. Dvorak
To follow up on the blog item that Jonathan P. Tomes posted November 9, 2011, regarding the new Health and Human Services (“HHS”) audit program for HIPAA compliance, the consulting firm KPMG was awarded a $9.2 million contract to assist the Office of Civil Rights (“OCR”) at HHS in developing HIPAA privacy and security audit .. read more
Does a Client Have a HIPAA Right of Access to Psychological Test Record Forms? HIPAA & HITECH Act Blog by Jonathan P. Tomes
At a recent HIPAA seminar that I gave in Oklahoma, a psychologist asked whether the HIPAA right of access to protected health information (“PHI”)maintained in a system of records by a covered entity required the entity to provide access to copyright protected actual assessment instruments, test stimuli or questions, or laboratory devices. I have always .. read more
More Details of Senate Blasting of HIPAA Enforcement: HIPAA & HITECH Act Blog by Jonathan P. Tomes
In my November 14, 2011, post, I reported that the Senate Judiciary Subcommittee on Privacy, Technology, and Law had recently held a hearing to discuss federal enforcement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). Since that post, more .. read more
Fake Doctor Sentenced for Fraud and Criminal HIPAA Violation: HIPAA & HITECH Act Blog by Jonathan P. Tomes
According to a press release from the Federal Bureau of Investigation (“FBI”), Atlanta Division, Matthew Paul Brown, 30, formerly of Atlanta, Georgia, was sentenced to more than five years in prison on charges of health care fraud and wrongful disclosure of individually identifiable health information. The FBI press release said, “Brown was sentenced to five .. read more
Major Breach Results in California State Court Lawsuit: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Sutter Health of California suffered the theft of a computer containing health information on 4.2 million patients. A Sacramento law firm filed a class action lawsuit in Sacramento Superior Court on November 21, 2011, seeking $1,000 per patient plus attorney’s fees and costs. The data consisted of the name, address, date of birth, phone number, .. read more
Doctors, You’d Better Encrypt! HIPAA & HITECH Act Blog by Jonathan P. Tomes
A recent breach dramatically illustrates the importance of encryption in protecting health information. UCLA Health System warned more than 16,000 patients that their personal information was on a computer hard drive stolen from a doctor’s home in a burglary. The data was encrypted, but the encryption password was on a sheet of paper near the .. read more
Congress Joins the OIG in Slamming DHHS HIPAA Enforcement! HIPAA & HITECH Act Blog by Jonathan P. Tomes
In my July 6, 2011, blog posting, I reported that the Office of the Inspector General (“OIG”) had slammed DHHS on its lack of effective HIPAA enforcement. Now, Congress has gotten in on the act. During a Senate Judiciary Committee’s Privacy, Technology and the Law Subcommittee hearing on November 9, 2011, witnesses called for stronger .. read more
