The Alaska Department of Health and Social Services has agreed to pay $1.7 million to settle a HIPAA case stemming from a relatively small breach. Federal authorities listed numerous security shortcomings at the department, which oversees Medicaid in the state.
A Massachusetts hospital that reported a 2010 breach involving lost backup tapes with information on 800,000 individuals has agreed to pay a $475,000 penalty to settle a state attorney general's HIPAA lawsuit.
A laptop stolen from an employee of Accretive Health last year was not encrypted "due to the oversight of an individual IT employee," the company says in a 29-page comment letter sent to Sen. Al Franken, D-Minn. That employee subsequently was fired, the company reports.
Accretive Health Inc., a Chicago-based medical debt collection agency, has filed a motion to dismiss the Minnesota attorney general's lawsuit against the company that stems, in part, from a data breach incident involving a stolen unencrypted laptop.
What do the proposed Stage 2 rules for the HITECH Act electronic health record incentive program have to say about encryption and other security measures? Consumer advocate Deven McGraw provides an analysis.
An omnibus package of regulations that includes a final version of extensive HIPAA modifications, which have been pending since 2010, as well as a final version of the HIPAA breach notification rule has moved one major step closer to completion.
Consumer advocate Deven McGraw describes what she likes and doesn't like about the privacy and security provisions in the proposed rules for Stage 2 of the HITECH Act electronic health record incentive program.
Healthcare breach statistics reflect an unfortunate trend: "IT security has not really kept pace with the progress that's been made in the adoption of electronic health records," says Dan Berger, CEO of Redspin.