By Matt Fisher – When the likely inevitable data breach occurs, who is responsible for sending the notice? Does the answer change when a breach is bigger? Does the answer change because a business associate is involved? Understanding ahead of time is informative, especially since the issue has been thrown into the spotlight by the big breach at Change Healthcare.
Read More
By Matthew Fisher – On the heels of recent settlements concerning the use of personal and health information, the Federal Trade Commission is continuing its push on the healthcare front. The latest action is the finalization of changes to the Health Breach Notification Rule.
By Art Gross – “You’ve been breached”: three words that no business owner ever wants to hear, but for which they should be prepared. Data breaches have become an unfortunate reality for many organizations, especially those in the healthcare industry. Protecting sensitive patient information is not just a matter of compliance; it’s a crucial component of maintaining trust and reputation.
By Art Gross – In 2007 the Guide to Medical Privacy Law was published. It indicated that on multiple occasions hospitals, EMT services, schools, and other public agencies were incorrectly withholding news out of a fear of violating HIPAA policy. Often, there isn’t a clear understanding as to what constitutes exceptions to HIPAA and who can say what.
By Susan Walberg JD MPA CHC – As I have written in previous articles about HIPAA and health-tech, many apps in the marketplace have been largely unregulated with respect to the privacy and security of healthcare data. In order for healthcare-related apps to be regulated, for the most part, they needed to be covered under HIPAA.
The Federal Trade Commission issued a policy statement affirming that health apps and connected devices that collect or use consumers’ health information must comply with the Health Breach Notification Rule, which requires that they notify consumers and others when their health data is breached.
WEDI issued a statement on behalf of its Board Chair, Jay Eisenstock in response to the FTC’s regulatory review and request for public comment concerning the 2009 Health Breach Notification (HBN) Rule (85 Fed. Reg. 31085).
Next on the FTC’s regulatory review calendar: the Health Breach Notification Rule. In place since 2009, the Rule requires vendors of personal health records and related entities that aren’t covered by HIPAA to notify individuals, the FTC, and, in some cases…