We know by now that protected health information (PHI) and other personal information is vulnerable to hackers.  Last week, the Washington Times reported that the Department of Health and Human Services (HHS), the agency responsible for HIPAA enforcement, had suffered security breaches at the hands of hackers in at least five separate divisions over the

As if compliance with the various federal privacy and data security standards weren’t complicated enough, we may see state courts begin to import these standards into determinations of privacy actions brought under state laws. Figuring out which federal privacy and data security standards apply, particularly if the standards conflict or obliquely overlap, becomes a veritable

As a regulatory lawyer, I frequently find myself parsing words and phrases crafted by legislators and agencies that, all too often, are frustratingly vague or contradictory when applied to a particular real-world and perhaps unanticipated (at the time of drafting) scenario.  So when an agency crafting guidance for a regulated industry has advisors on hand

Hartford Business Journal recently reported that privacy groups are sounding alarms as the nation’s largest insurance companies finalize plans to allow millions more customers to post their health records on the Internet.  Insurers like Hartford-based Aetna Inc. say Web-based tools help patients and physicians keep track of medical information while potentially holding down spiraling medical costs.  The articles stated that about 100 million insurance customers in the U.S. have access to Web-based tools, but companies don’t have an estimate of how widely they are used. Insurers hope to at least double the technology’s reach by the end of next year . . .


Continue Reading