The Arc Erie County New York will pay a $200,000 fine to the state after it was discovered earlier this year that client data was exposed on its website for nearly three years.
Q: My primary care provider was running late for an appointment. When he finally came in the exam room, he told me he was late because his previous patient was very emotional. Is it a violation of HIPAA for a provider to share details about one patient with another?
In the digital age of healthcare delivery, the need for appropriate medical device cybersecurity is pervasive. Unenforced password protocols, outdated data storage, unencrypted data, unsecured access to networks—these are just a few examples of distinct vulnerabilities medical devices can have.
The Augusta University Health system recently released a notice informing patients of an email breach. On July 31, 2018, investigators determined an unauthorized user may have had access to the personal and protected health information of approximately 417,000 individuals.
Q: While at an appointment, I noticed a receipt sticking out of a patient folder at the registration desk, and I could read the patient's name, last four digits of his or her Social Security number, and diagnosis/billing codes. Is this a HIPAA violation, since anyone walking by could read this information?
In its May newsletter on workstation security and the HIPAA Security Rule, OCR cited a 2015 settlement with Lahey Hospital and Medical Center in Burlington, Massachusetts, over a breach of PHI involving a laptop used in connection with a CT scanner.
