Category: HITECH Act

UCLA Health Announces It Was A Victim of a Cybersecurity Attack

UCLA Health announced today that it was the victim of a cybersecurity attack.  The press report  disseminated by UCLA Health noted there is evidence that computer systems containing sensitive personal data and health data was accessed; however, at this time UCLA Health maintains that no personal or health data itself was accessed […]

States Strengthen Laws Addressing Health Information Handling and Breach Response

Connecticut and Oregon were recently added to the increasing list of states  adopting stricter laws addressing the handling of health information and penalties in connection with breaches of health information.  Both states amended their respective data security and breach notification laws and they will now levy stricter requirements on entities that store or […]

CareFirst Discloses Data Breach

CareFirst, a Blue Cross Blue Shield plan serving the Washington D.C. metro area, became another in a line of health insurers to suffer a data breach as a result of hackers.  CareFirst and the FBI are examining the breach which potentially compromised 1.1 million customers.  The company reports that although […]

Updated Guide to Privacy and Security of Electronic Information Released by ONC and OCR

The Office of the National Coordinator for Health Information Technology (ONC) in collaboration with the Office for Civil Rights (OCR) recently released its new updated guidance for the privacy and security of electronic information.  The Guide to Privacy and Security of Electronic Health Information (the Guide), last published in 2011, is […]

Another Large Scale Data Breach Announced by Premera Blue Cross

Premera Blue Cross revealed Tuesday it was hit by a sophisticated cyber attack potentially exposing personal data for approximately 11 million of its members including members, employees and others with whom it does business, dating back to as early as 2002.  The insurer said its investigation revealed the initial malware attack occurred on May […]

Deadline Approaching for Reporting 2014 HIPAA Breaches

All covered entities that discovered security breaches under the Health Insurance Portability and Accountability Act (“HIPAA”) in 2014 should be aware of an upcoming reporting deadline.  Specifically, breaches that affected fewer than 500 individuals and were discovered in 2014 must be reported to the U.S. Department of Health and Human […]

Obama Advocates Federal Breach Reporting Law

On January 12, 2015, President Obama delivered a speech at the Federal Trade Commission during which he set forth several proposals, including the Personal Data Notification and Protection Act (the “Act”).  The Act would institute a federal data breach reporting framework by requiring businesses that hold consumer data to issue […]