Jackson Health System was fined $2.15 million for HIPAA violations that included an employee selling patient information for years, an incident in which an NFL player's PHI was shared with an ESPN reporter, and more.
Q: Can a cloud provider like Amazon Web Services or Microsoft Azure, when considered a business associate (BA), be held liable for breach notification requirements?
New York Gov. Andrew Cuomo signed legislation on October 7 that prohibits ambulance and first response service providers from selling patient information to third parties for marketing purposes.
Q: We’ve had a breach of unsecured PHI regarding an out-of-state patient. What is your recommended first step in terms of which breach notification laws—state vs. federal—we need to comply with?
In an interview with Briefings on HIPAA, Tim Noonan, deputy director for the Division of Health Information Privacy at OCR, discussed cybersecurity and trends in reports of unsecured PHI to OCR. This article includes the highlights.
