PHI Security Breach Notification

On February 24, 2012, HHS posted number 400 on its ever-lengthening list of breaches of unsecured PHI affecting 500 or more individuals. Theft of laptops is a recurrent source of such breaches, and the 400th breach was such an incident affecting Triumph, LLC in North Carolina.
Continue Reading The Parade of Major Reported PHI Breaches Hits 400 – A Closer Look at Victim 400 and its Actions in Response to the Breach – Part 2

UCLA has developed a mixed record of disclosure with respect to its most recent security breach of PHI that was reported as a theft of an other portable electronic device on September 7, 2011.
Continue Reading The Parade of PHI Security Breaches: UCLA Rejoins the March and Merits Mixed Reviews for the Quality of its Public Disclosures

A recent Federal District Court case in Florida reminds us of the mandatory attention that must be paid to the interaction and potential conflicts or dual applicability of state law with HIPAA compliance, especially in the case of data security breaches.
Continue Reading A New Year’s Resolution: Review and Analyze Potentially Applicable State Laws Whenever Examining HIPAA Compliance Issues

The recent MedPage Today survey results as to “third party errors” mirrors to some extent the proportion of business associate involvement reported for incidents that involved higher numbers of individuals on the HHS list of large PHI breaches as of December 2, 2011.
Continue Reading The Silent Brigade in the Parade of Major Reported PHI Breaches of Security and Privacy: Business Associates – An Update

Spectators of the Protected Health Information Breach Parade (and of the “silent brigade” of Business Associate breaches) will be awed by the sight of the recent, somewhat bizarre, Business Associate breach involving Stanford Hospital’s emergency room data.
Continue Reading Stanford Hospital Emergency Room Data Breach: the Snoopy® Float Materializes in the Parade of PHI Breaches

Ohio Health Plans, the public health care program overseen by the Ohio Department of Jobs and Family Services, reported that a PHI security breach had occurred on June 3, 2011 affecting 78,042 individuals, which had resulted from the theft of a laptop involving a business associate, Area Agency on Aging, Ohio District 5.
Continue Reading Ohio District 5 Area Agency on Aging, Inc.: a Business Associate Marcher in the Parade of Major PHI Security and Privacy Breaches

One area that has received relatively little attention from postings of the HHS list of large breaches of unsecured PHI is the extent to which such PHI breaches are reported as attributable to events involving business associates of covered entities.
Continue Reading The Silent Brigade in the Parade of Major Reported PHI Breaches of Security and Privacy: Business Associates