In the past couple of weeks, the media reported that New York, and more recently California, have floated a bill aimed at crippling smartphone encryption. The criticism is not so far off the mark, despite protests to the contrary. What the bills forbid are the sale of smartphones and tablets that cannot be decrypted by […] read more
Last week, a Indiana medical firm saw a massive medical data breach that extended throughout the entire U.S. Per online reports, possibly 4 million people in more than 230 hospitals and other healthcare organizations were affected by the breach, which occurred in May of this year. Hackers stole protected health information that included: “patients’ names, […] read more
I’ve just run across a data breach notification that is a first of its kind: a data breach where the affected organization tells its clients (technically, patients) that nothing happened. It’s like the Seinfeld show of data breaches. The breach notification letter is about nothing. Absolutely nothing. Yet, there is something there. All kidding aside, […] read more
Is the use of encryption a silver-bullet for HIPAA covered entities that are looking to gain safe harbor from the notification policies found under the HITECH Breach Notification Rule? Generally, yes. There is a caveat, however, as Amedisys’s recent breach notification shows: you must be able to prove that the encrypted data remains secure after […] read more
One of the worst US states in which to have a data breach, especially a medical data breach, is probably California: in addition to federal HIPAA regulations, California has shown itself to be quite aggressive when dealing with medical entities that experience a data breach. Indeed, there’s some (valid) criticism that the CA Dept. of […] read more
The Anthem data breach is turning out to be big not only in terms of number of people affected. According to pymnts.com, quoting ft.com, Lloyd’s of London has stated that cyber attacks are “now too big for private insurance companies to handle” after details of Anthem’s hack were revealed. This is another development that should […] read more
The wsj.com points out in an article that Anthem Inc, the health insurer that recently announced a massive data breach potentially affecting 80 million people, did not use health data encryption to secure the data that was stolen. It also points out that applying encryption can be a “balancing act between protecting the information and […] read more
HIPAA Disk Encryption: Why Would You Authorize Employees To Work From Home Without Encrypting Patient Data?.
According to wreg.com, patients at the Boston Baskin Cancer Foundation recently learned they were potential victims of a data breach. This is one of those cases where one is left wondering if administrators thought things through: HIPAA encryption software was not used on a data storage device that comprised six years worth of patient data; […] read more
Riverside County Regional Medical Center, in California, has reported the loss of another laptop computer from hospital grounds. It is the second such incident for 2014 – the first occurring in June and the latest one in December – and yet another episode that could have been prevented with the use of HIPAA-compliant security tools […] read more
HIPAA Breach Notification: About 30 Days Left To Notify HHS/OCR On Breaches Affecting Less Than 500.
One of the advantages of using encryption software, if you’re in the healthcare field, is that the loss of cryptographically secured sensitive data is given protection from HIPAA/HITECH’s Breach Notification Rules. If not encrypted, you must notify the HHS’s Office for Civil Rights within 60 business days of discovering the data breach. However, there is […] read more