Despite the new instructions on breach notification in the HIPAA Omnibus Rule, there's still plenty of uncertainty about what constitutes a "compromise" of data that triggers notification, says privacy attorney Adam Greene.
A $400,000 federal penalty stemming from the investigation of a breach at a clinic owned by Idaho State University is the latest example of how even relatively small security incidents can trigger hefty sanctions.
Adventist Health System faces a class action lawsuit in the wake of a health data theft case that resulted in three guilty pleas. The lawsuit alleges Adventist failed to adequately protect patient information.
In the aftermath of a massive health data breach last year and a smaller incident this year, the state of Utah is taking a number of steps, including creating a data security office within the health department.
Health data breaches involving the loss or theft of unencrypted computing devices are a persistent problem, according to the most recent federal statistics. A security expert offers insights and advice.
The HIPAA Omnibus Rule could play an important role in improving the security of medical devices that store patient data, says an official with the agency that enforces HIPAA. Find out what part the rule could play.
The HIPAA Omnibus Rule includes three new considerations for determining potential civil monetary penalties following a breach investigation. What are the implications for breach prevention strategies?
The HIPAA Omnibus Rule stresses the need for business associates to adequately safeguard patient information. What are the implications? Here's what a federal privacy officer and a consumer advocate have to say.