Archive

Posts Tagged ‘PHI’

Notable Breaches of PHI in 2009…

December 15, 2009 Leave a comment

This week, Network World posted an interesting slide show of some notable breaches of Health Record privacy from 2009. The mode of disclosure is telling, with internal misuse/fraud and stolen devices/media being prevalent.

http://www.networkworld.com/slideshows/2009/090209-health-breaches.html

The companies mentioned are: Read more…

Repeat Data Loss Offenders…

October 1, 2009 3 comments

I was doing some data mining this week on the excellent DataLossDB.com site and it occurred to me to dig a little deeper into where the risky places to give your PII/PHI to are. I was hoping to find that some segments are cleaning up their act, but it seems not. The fact we’re seeing multiple entries by people could have two possible meanings: Read more…

Categories: Data Loss, PHI, PII, Privacy Laws Tags: , ,

McAfee Data Protection, HIPPA, HITECH and breach notification.

September 14, 2009 Leave a comment

Last week, one of my colleagues asked me to comment on 45 CFR Parts 160 and 164, which for those of us who can’t remember all the code names for the various USA Federal docs, is the one in which the Department of Health and Human Services publishes its interim final rule under HIPPA and HITECH re what data falls under these regulations, what a “breach” means, and the conditions in which data is deemed to have been “protected”.

Under HITECH/HIPPA, basically there is a duty in the USA to care for the privacy of “unsecured protected health information” – this means that anyone electronically processing our heath information has a duty of care to make sure no unauthorised people gain access to it, and a legal duty to inform us if a breach (or possible breach) of trust occurs. Read more…