Facebook
Twitter
LinkedIn
RSS
Posts Tagged ‘HIPAA’
Tuesday, February 2nd, 2010
The deadline has been a moving target but come March 1, Massachusetts’ new data protection law is finally slated to take effect. 201 CMR 17.00, along with Nevada’s 603A, which took effect in January, represent a new class of state regulations that require organizations to deploy specific controls to protect personal identifying information from unauthorized access. Massachusetts and Nevada have established a new standard for personal data protection and appear to have set the stage for more prescriptive laws at the federal level.
Monday, February 1st, 2010
The insurer becomes the first plan sued under a new law allowing attorneys general to enforce HIPAA privacy laws.
Connecticut Attorney General Richard Blumenthal has filed a lawsuit against California-based Health Net, alleging the company violated federal laws protecting medical records when a portable data drive disappeared.
According to Blumenthal’s office, the Jan. 13 lawsuit is the first action by an attorney general acting under the Health Information Technology for Economic and Clinical Health, or HITECH Act (part of the 2009 federal stimulus package) to enforce privacy laws under the Health Insurance Portability and Accountability Act.
The lawsuit says the drive contained 27.7 million pages of scanned documents containing information about 446,000 enrollees and their physicians. The data was not encrypted, the lawsuit said, as required by HIPAA and by Health Net’s own corporate policy.
Thursday, November 19th, 2009
Health insurers may want to think twice before trusting hospitals with any sensitive data. According to new research released this week by HIMSS Analytics, business associates of health care organizations are largely unprepared to meet the new data breach-related obligations included in the HITECH Act.
Results of a national survey of hospitals and business associates to check the state of health care vulnerability to data breach revealed that 33% of business associates surveyed were not aware that they need to adhere to federal HIPAA privacy and security requirements, compared to 87% of health providers. Business associates are defined as groups that handle private patient information for health care organizations, including billing and credit bureaus, benefits management, legal services, claims processing, insurance brokers, data processing firms, pharmacy chains, accounting firms, temporary office personnel and offshore transcription vendors.
Friday, November 13th, 2009
Connecticut’s attorney general is investigating a data breach affecting providers for Anthem Blue Cross Blue Shield and a subsequent delay in reporting the matter he deemed “alarming and potentially illegal.”
Richard Blumenthal said he is investigating the loss of confidential information, including tax identification and some Social Security numbers, for all 18,817 individual health care providers doing business with Anthem.
The information was lost when a laptop was stolen from an employee with the Blue Cross and Blue Shield Association Aug. 25, according to Blumenthal’s office, containing information on company providers nationwide. He added that Anthem and its affiliates may have violated Connecticut law by allowing the information to be lost and then failing to notify providers in a timely manner. His office said Anthem and Empire, an affiliate, failed to notify providers until late October.
Monday, September 21st, 2009
Effective September 23, providers of group health plans MUST notify employees of potential HIPAA privacy breaches.
As part of the February 2009 Stimulus Package, new notification rules were added under the Health Insurance Portability and Accountability Act, requiring health plan providers to notify employees, the Department of Health and Human Services, and possibly the media of certain “breaches” of “unsecured protected health information”.