Header graphic for print
HIPAA, HITECH & HIT Legal Issues, Developments and Other Pertinent Information Relating To The Creation, Use and Exchange of Electronic Health Records

Category Archives: Privacy & Security

Subscribe to Privacy & Security RSS Feed

Dumpster Diving for PHI Exposes Business Associate (and Physician Practice) to Liability

Posted in Lawsuits, Privacy & Security, Uncategorized

A Chicago record storage and disposal company has been named in a complaint filed by the Illinois Attorney General as a result of the negligent disposal of a medical practice’s patient records in an unlocked dumpster.   The complaint alleges that FileFax, Inc. violated the Illinois Consumer Fraud and Deceptive Business Practices Act by failing to… Continue Reading

HIPAA-Type Protections Are Not Just For Humans – When It Comes To Medical Records, Animals Have Privacy Rights, Too (Part 1)

Posted in Privacy & Security, Sensitive Health Information

Co-authored by Nancy Halpern, DVM, Esq.; also posted on Animal Law Update HIPAA does not protect animals’ health information – it applies to the protected health information (or PHI) of an “individual”, defined as “the person who is the subject of” the PHI. However, state laws governing the confidentiality of health information also come into… Continue Reading

Athletes Do Not Leave Their HIPAA Rights At The Locker Room Door

Posted in Articles, Privacy & Security

HIPAA has made an unlikely appearance twice already this month in news reports involving famous athletes. Between the Pierre-Paul medical record tweet by ESPN reporter Adam Schefter earlier this month (discussed by my partner and fellow blogger Bill Maruca here) and the ticker-tape parade featuring confetti made of shredded (but apparently legible) medical information raining… Continue Reading

Expert Interview with William Maruca About Protecting Medical Records

Posted in HIPAA Business Associates, Privacy & Security

Our partner Bill Maruca, who is the Editor and a frequent contributor to this blog, was recently interviewed by PracticeSuite as part of their Expert Interview program.  In the course of his interview, Bill discusses patient confidentiality, keeping records safe and private, and trends in the medical billing industry.  One important recommendation by Bill is taken from his… Continue Reading

The Jiggery-Pokery of HIPAA Hacks

Posted in Health IT, Privacy & Security

I must thank Justice Scalia for injecting this delightfully descriptive term into the realm of health care.  Justice Scalia’s scathing dissent from the majority in the recent Supreme Court decision interpreting the Patient Protection and Affordable Care Act is rife with memorable expressions, but this is my favorite. The Merriam Webster definition of jiggery-pokery is:… Continue Reading

Even the Federal Government Can’t Hide: How a High-End Cyberattack Breached One of the Most “Protected” Systems

Posted in Privacy & Security, Uncategorized

Guest Blogger: Violetta Abinaked, Summer Associate (originally posted by Mark McCreary’s on Privacy Compliance & Data Security) With data breaches being the quickly trending “flavor of the month” criminal activity, it’s no shock that on June 4, 2015 yet another system was hit. This time though, it may be one of the largest cyberattacks in U.S.… Continue Reading

When Privacy Policies Should NOT Be Published – Two Easy Lessons From the FTC’s Nomi Technologies Case

Posted in Privacy & Security

This case has nothing to do with HIPAA, but should be a warning to zealous covered entities and other types of business entities trying to give patients or consumers more information about data privacy than is required under applicable law.  In short, giving individuals more information is not better, especially where the information might be… Continue Reading

Phishing for PHI

Posted in Privacy & Security

Two recently reported breaches of hospital data affecting thousands of patients highlight the prevalence, and apparent success, of phishing attacks.  Boston-based Partners HealthCare notified approximately 3,300 patients after a group of staff members were tricked by a phishing scam, and Indiana-based St. Vincent Medical Group, a 20-hospital system that is part of Ascension Health, reported… Continue Reading

Providers: Beware of HIPAA and Patient Privacy Rules During Employment Disputes

Posted in Privacy & Security

Our partner Elizabeth Litten and I were once again quoted by our good friend Marla Durben Hirsch in her recent article in Medical Practice Compliance Alert entitled “Beware of HIPAA, Patient Privacy During Practice Employment Disputes.”  The full text can be found in the March 30, 2015 issue of Medical Practice Compliance Alert, but a… Continue Reading

Doctor is Arrested for Allegedly Stealing Thousands of Patient Records

Posted in Privacy & Security

Our partner Elizabeth Litten and I were quoted by our good friend Marla Durben Hirsch in her recent article in Medical Practice Compliance Alert entitled “Doctor is Arrested for Stealing Thousands of Patient Records.”  While the full text can be found in the February 16, 2015 issue of Medical Practice Compliance Alert, the following considerations… Continue Reading

When HIPAA Applies to Patient Assistance Programs (and When it Doesn’t), Part 2

Posted in Privacy & Security

I posed a question in Part 1 of this post which I will summarize here:  is personal health information provided to a Patient Assistance Program (PAP) in order to help with covering the cost of prescription drugs protected as “protected health information” (PHI) under HIPAA? Let’s use two examples.  Say Patient A, who knows he… Continue Reading

Hacked Health Records Prized for their Black Market Value

Posted in Articles, Health IT, Medical Identity Theft, Privacy & Security, Sensitive Health Information

I received a disturbing robo-call over the weekend informing me that someone had attempted to use my credit card number fraudulently in a retail store in the next county. When I called back and verified these were not legitimate charges, my card issuer assured me that I would not be financially responsible, canceled my card… Continue Reading

When HIPAA Applies to Patient Assistance Programs (and When It Doesn’t)

Posted in Privacy & Security

Patient Assistance Programs (PAPs) have proliferated in recent years, despite the fact that many commonly-prescribed medications have lost patent protection and the Affordable Care Act (ACA) has attempted to eliminate pre-existing condition discrimination by insurance companies.  Still, drug costs remain unaffordable to many patients, particularly those with high-cost, chronic conditions, even when patients have insurance… Continue Reading

Protecting Health Information in the Context of Divorce Proceedings and Domestic Relations – Part III

Posted in Privacy & Security, Sensitive Health Information

(Part III continues Part I and Part II of this series on privacy of health information in the domestic relations context, which may be found here and here. Capitalized words not defined in this Part III shall have the meanings assigned in Part I or Part II.) 6. The situation can be further complicated by… Continue Reading

Protecting Health Information in the Context of Divorce Proceedings and Domestic Relations – Part II

Posted in Privacy & Security, Sensitive Health Information

(Part I of this series on privacy of health information in the domestic relations context may be found here. Capitalized words not defined in this Part II shall have the meanings assigned in Part I.) Tips on dealing with IHI Issues in the Domestic Relations Context 1. Whether an individual is in a stable domestic relations… Continue Reading

Protecting Health Information in the Context of Divorce Proceedings and Domestic Relations – Part I

Posted in Privacy & Security, Sensitive Health Information

The November 2014 ruling in the Connecticut Supreme Court in the case of Byrne v. Avery Center for Obstetrics and Gynecology, P.C., — A.3d —-, 2014, WL 5507439 (2014) (the “Byrne case”) has been discussed in a number of posts on this blog, including those here and here. The main focus of such posts has… Continue Reading

“Digital Quarantine” or Vaccination? What Cybersecurity Experts Can Learn from Health Care

Posted in Health IT, Privacy & Security

Perhaps the health care industry has a cybersecurity solution staring us in the face:  vaccines.  Perhaps we should be trying to vaccinate our data storage systems rather than relying on firewalls to quarantine them.  In an article posted on www.philly.com, Associated Press author Youkyung Lee says cybersecurity defense has traditionally been based “on the idea… Continue Reading

Welcome to “Fraud Fridays”

Posted in Health IT, New Jersey, Privacy & Security, Security Breach Notification, Sensitive Health Information

This post, written by my colleague Elizabeth Hampton, originally appeared on Garden State Gavel, a new blog focusing on New Jersey litigation topics. Fraud is on the rise in every industry and the lengths that some people will go to make money by “gaming” the system is both fascinating and alarming.  Look for some of these… Continue Reading

Basic HIPAA Question for Mobile Health Application Developers: What Are You?

Posted in Health IT, Privacy & Security

Health-related technology has developed light-years faster than health information privacy and security protection laws and policies, and consumers can find new mobile health applications for a wide range of purposes ranging from diabetes management to mole or rash evaluation to fitness tracking.  Smart mobile app developers wondering when and how HIPAA privacy and security requirements… Continue Reading

Medicare ACO Claims Data Sharing and Opt-Out, Take 2

Posted in Privacy & Security

I had an interesting conversation with Mike Barrett, Chairman of the National Association of ACOs, as a result of my January 7th post on the Medicare beneficiary opt-out process described in Medicare Shared Savings Program (“MSSP”) regulations proposed by the Centers for Medicare & Medicaid Services (“CMS”).  My blog post meant to highlight a proposed… Continue Reading

“No” to ACO Data Sharing? Proposed Rules Tweak Medicare Beneficiary Opt-Out Notice Procedure

Posted in HIPAA Enforcement, Privacy & Security

Medicare beneficiaries whose healthcare providers participate in an Accountable Care Organization (ACO) under the Medicare Shared Savings Program (MSSP) may want to add the Centers for Medicare & Medicaid Services (CMS) website, “Medicare & You”, to their lists of favorite internet links if they don’t want their Medicare claims data shared.  Proposed rules published by… Continue Reading

HIPAA Hurdles in 2015

Posted in HIPAA Business Associates, HIPAA Enforcement, Privacy & Security

Nearly a year ago, as described in an earlier blog post, one of my favorite health industry journalists, Marla Durben Hirsh, published an article in Medical Practice Compliance Alert predicting physician practice compliance trends for 2014.  Marla quoted Michael Kline’s prescient prediction that HIPAA would increasingly be used as “best practice” in actions brought in… Continue Reading

Connecticut “Opens Floodgates” for HIPAA Litigation

Posted in Lawsuits, Privacy & Security

My partner Elizabeth Litten and I were recently interviewed for an article entitled “Connecticut ‘opens floodgates’ for HIPAA litigation” published in “Privacy this Week” by DataGuidance. The full text of the article can be found in the November 13, 2014 issue of “Privacy this Week,” but a discussion of the article is set forth below.… Continue Reading