HIPAA Blog Posts: Health Information Privacy

$1 Billion Class Action Suite in Sutter HIPAA HITECH Data Breach

$1B suit filed against Sutter Health over data breach
The theft of a stolen computer during a break-in in October has spurred a $1B class action lawsuit against Sutter Health, according to a report published today by the Sacramento Bee. The computer contained data on more than 4 million patients.

Continue reading…

HIPAA HITECH Webinar featuring Rebecca Herold

The Intensive Care Approach to Data and Compliance: The featued speaker, Rebecca Herold, CIPP, CISSP, CISM, CISA, FLMI was recently voted the 3rd best privacy advisor in the world by Computer World

Thursday, Oct. 27 1pm CT        REGISTER NOW

Continue reading…

HIPAA HITECH Compliance: We Have Seen The Enemy and He is Us.

"Early results from the Healthcare Information Security Today survey show that insider threats, such as records snooping and ID theft, are perceived to be the most significant security threats to healthcare organizations."  Howard Anderson, Healthcareinfosecurity

Continue reading…

New NIST Emphasis on Privacy Changes HIPAA HITECH Compliance

Healthcare Information Security Articles: NIST Guidance: More Emphasis on Privacy,

Interview with NIST's Risk Management Leader Ron RossJuly 29, 2011 - Jeffrey Roman, Associate Editor

The NIST standards are the framework for HIPAA HITECH and other privacy and security standards.  In this interview Ron Ross explains why NIST is expanding the privacy rules and how that will effect healthcare organizations.  http://www.govinfosecurity.com/podcasts.php?podcastID=1196

Continue reading…

Health Net has 1.9 Million HIPAA Data Breach in California

According to news reports up to 9 servers are missing from an IBM facility with over 1.9 million patient files belonging to Health Net.  This breaks Health Net's old record of 1.4 million lost in Connecticut. 

Continue reading…

HIPAA Security Rule and HITECH Breach Notification: Trends in Enforcement


 Nineteenth HIPAA Summitt, March 9, 2011, David S. Holtzmann JD, Office of Civil Rights, Health Information Privacy Division


Continue reading…

Some Compliance Budgets Increasing for 2010, Most Not

Compliance budgets continued to lean toward the positive side in 2010, with more compliance professionals reporting an increase over 2009 than a decrease.


An increase was reported by 32% or survey respondents, compared to just 14% reporting a decrease. At the same time, though, it’s worth noting that this left 54% reporting no change in their budget at a time of increased regulation.  A survey by the Society of Corporate Compliance and Ethics and the Health Care Compliance Association

Continue reading…

80% of Doctors and Patients Want EMR and Privacy Protection: Markle Study

"Roughly 80 percent majorities of both the public and doctors agree it is important to require participating hospitals and doctors to share information to better coordinate care, cut unnecessary costs, and reduce medical errors.

  • Roughly 4 in 5 of both groups express the importance of privacy protections as a requirement to ensure that public investment in health IT will be well spent."

Continue reading…

“Survey: The best privacy advisers of 2010” : Rebecca Herold #3

Based on the votes Rebecca Herold came in #3 best privacy adviser - individual, and came in #12 with Rebecca Herold & Assoc, LLC in best privacy firms.  Considering she is a fraction of the size of the others ahead of her, and that she spends basically $0 on marketing, this is quite an honor!   

Continue reading…

HIPAA Penalty: Vermont Attorney General Takes Another Bite Out of Health Net's Apple

Attorney General William Sorrell filed a complaint and proposed settlement Friday with Health Net, Inc., and Health Net of the Northeast, Inc., regarding the health insurance company’s loss of an unencrypted portable hard drive containing protected health information. The complaint alleges violations of HIPAA (the Health Insurance Portability and Accountability Act), Vermont’s Security Breach Notice Act, and Consumer Fraud Act. The settlement requires the defendants to pay $55,000 to the State, submit to a data-security audit, and file reports with the State regarding the company’s information security programs for the next two years.

Continue reading…