New Hampshire Insurance Data Security Law
Recently, the Governor of New Hampshire approved Senate Bill 194 (SB 194), an insurance data security law that requires insurers who handle nonpublic information (including health [...]
Another Day, Another Healthcare Breach
Massachusetts General Hospital (MGH) experienced a healthcare breach that left 9,900 patients’ protected health information (PHI) exposed. Hackers gained access to MGH’s research databases through a third-party vendor. The [...]
Healthcare Breach Caused by Database Misconfiguration Affected Thousands
Two incidents of database misconfiguration caused data breaches that affected 90,000 patients. Health vendor Medico and Amarin Pharma’s databases were exposed to the public, risking patients’ protected health information [...]
HIPAA Security Risk Analysis Element 2: Identifying and Documenting Potential Threats and Vulnerabilities
The HIPAA Security Rule requires covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related [...]
The HIPAA Whistleblower Exception to the Privacy Rule
The HIPAA Privacy Rule restricts the ability of covered entities and business associates to use and disclose individuals’ protected health information. For example, employees of covered entities [...]
Ransomware Attack at Harbor Medical Group
Harbor Medical Group, a multi-clinic covered entity in Washington State, was the target of a ransomware attack on Saturday, June 15, 2019. Two days later, the [...]
HIPAA and HITRUST: What’s the Difference?
HIPAA and HITRUST are acronyms that sound alike, and are related. However, the two terms, HIPAA and HITRUST, embody different things. So what is the difference between HIPAA [...]
Nevada Consumer Privacy Law Allows for Opt-Out of Sale of Covered Information
In May of 2019, the Governor of Nevada approved Senate Bill 220 (SB 220), an updated Nevada consumer privacy law. This legislation, which becomes effective on [...]
HIPAA Security Rule Technical Safeguards and Employee Logins
Under the HIPAA Security Rule, covered entities must implement security safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health [...]
The Integrity of ePHI Under HIPAA Security Rule
The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA-related [...]
