PHI


$2.2 Million OCR Settlement for Egregious Disclosure of PHI

By Bob Grant – The HHS Office for Civil Rights announced that NY Presbyterian Hospital would be required to pay a $2.2M settlement after the “egregious disclosure” of two patients’ protected health information. NYP allowed an ABC film crew and staff from the show “NY Med” to film two patients, one of whom was dying, and another experiencing serious distress.



As Health IT Matures, Security Approaches Must Mature With It

By Irv H. Lichtenwald – Not that long ago, healthcare worried mostly about the physical loss of personal health information (PHI) by way of a lost thumb drive, a stolen laptop, some misplaced paper files. These were the primary concerns in HIMSS initial 2008 security survey.
Five years later, the largest healthcare security breaches came from cyber attacks not lost or stolen devices.


Privacy in Healthcare: A State of Confusion

By Matt Fisher – With the start of a new year, it seems like a good time to take stock of privacy of healthcare information, which is currently a very hot topic. As was discussed in great detail, 2015 saw a continuing explosion of breaches concerning healthcare information, which put both privacy and security in the limelight.


8 Questions about Vendors Auditors Ask

By Steve Spearman – Once upon a time, all a healthcare organization needed to do to ensure that its vendors and subcontractors would keep data secure was to require it in their contractual agreement. However OCR’s recent efforts to strengthen what it believes could be the weakest link in HIPAA compliance and PHI security: vendors and subcontractors.


Colorado Medicaid Mails PHI to Wrong Addresses

By Steve Spearman – This past summer, the state of Colorado’s Medicaid program, the Colorado Department of Health Care Policy and Financing (HCPF), accidentally sent letters containing PHI to the wrong addresses, affecting individuals from 1,069 households.