Data Security Archive

President Signs Identity Theft Enforcement and Restitution Act

Earlier today, the President signed the Identity Theft Enforcement and Restitution Act, which strengthens federal law regulating the inappropriate access and use of certain data. As explained by the House of Representatives (and quoted below), Identity Theft Enforcement and Restitution Act amends the federal criminal code to: Authorize criminal restitution orders in identity theft cases

HHS to Host Medical Identity Theft Town Hall

As readers of this blog may recall, earlier this year, the U.S. Department of Health and Human Services, Office of the National Coordinator for Health Information Technology, asked the consulting group of Booz Allen Hamilton to perform an assessment and evaluation of United States’ medical identity theft problem. As part of this assessment and evaluation,

Oklahoma DHS Acknowledges Inappropriate Disclosure of Files

While Oklahoma may be a world away from New Jersey, the headline I read during my recent visit to Oklahoma reminded me that agencies and practices in every state struggle with safeguarding confidential patient health information. As reported by the Oklahoman, a used furniture store in Oklahoma City recently sold a surplus file cabinet to

Broad-based Coalition Demands Immediate Passage of Healthcare IT Legislation

Earlier today, Health IT Now!, a coalition of more than 175 businesses, non-profit and patient groups, urged Congress to “pass federal legislation that promotes the widespread adoption of health information technology in the remaining weeks before Congress adjourns.” In particular, Health IT Now!’s September 9th letter to Congress asks Congress to adopt legislation that includes

New California Law Subjects Providers to Steep Fines for Privacy Breaches

Under a bill recently approved by the Assembly and expected to be signed into law, California Healthcare providers could soon be subject to hefty fines and costly civil litigation if they fail to adopt and implement “appropriate administrative, technical, and physical safeguards to protect the privacy of a patient’s medical information.” While A.B. 211 appears

Insurer Erroneously Discloses Confidential Patient Information

According to news accounts, Blue Cross Blue Shield of Georgia (“BCBS of Georgia”) recently sent more than 200,000 benefits letters (e.g., EOBs) to incorrect recipients, causing widespread concern among BCBS of Georgia’s patients and forcing the insurer to quickly rollout a mitigation plan. The Atlanta Journal-Constitution reports that most of the erroneous mailings were EOBs.

How to Avoid Paying One Million Dollars for Your Practice’s Laptop

New Jersey Blue Cross Blue Shield (BCBSNJ) recently made news as word of one lost employee laptop spread like wildfire through the health care community and press, adding BCBS to a long list of payers and physicians who have been forced to disclose the loss of computer hardware containing patients’ personal information. Legal Duty of

Court Decision Supports Data Mining of Provider-Patient Encounter Details

In a decision that could have broad implications for physicians and patients alike, the United States District Court for the District of Columbia has recently ordered the Centers for Medicaid and Medicare Services (“CMS”) to disclose claim information regarding hundreds of thousands of patient encounters. The Lawsuit In March 2006, Consumers’ Checkbook, a consumer group