On the heels of the Cignet Health CMP, the OCR has just announced a Resolution Agreement with Massachusetts General that includes a $1 million “resolution amount”.  Under this Resolution Agreement, Mass General is also required to develop and implement “a comprehensive set of policies and procedures to safeguard the privacy of its patients.” According to [...]

As shown by yesterday’s press release and this morning’s email blast, OCR is certainly eager to let the world know that it just issued a Notice of Final Determination and Notice of Proposed Determination finding that Cignet Health violated the HIPAA Privacy Rule to the tune of $4.3 million dollars. According to yesterday’s Associated Press [...]

The new year appears to be continuing a trend begun in 2008 — ever increasing hype concerning the level of data security threats faced by public and private entities.  This hype is not just about increasing public breach disclosures (which have primarily been driven by the increase in breach notification laws) given it also manifests [...]

Although they have been out now for a few years, it is only recently that manufacturers have decided to mass market self-encrypting hard drives, i.e., drives that have integrated keys within their chip set.  According to standards experts quoted in a recent PC World article, in a few years, companies will be relying on self-encrypting drives “and you won’t [...]

The Ponemon Institute’s latest report, “The Billion Dollar Laptop Study,” shows that 329 organizations surveyed lost more than 86,000 laptops over the course of a year.  Based on these findings and an earlier survey that put the average cost of lost laptop data at $49,246, the total cost amounts to more than $2.1 billion or $6.4 million per organization. [...]

As recently reported by InformationWeek, a study conducted by market researcher Ovum and the European Association for e-Identity and Security found that eight out of 10 CIOs believe using smartphones in the workplace increases their firm’s vulnerability to attack.  Although these CIOs rank data breaches as their top related security concern, half of the organizations acknowledge that they [...]

Lucile Packard Children’s Hospital (LPCH) at Stanford is appealing a California Department of Public Health (CDPH) penalty issued on April 23, 2010.  The fine of $250,000 was levied as a result of a late reporting of a security incident.  According to a September 9, 2010 press release issued by the hospital, the incident was related [...]

Last month, the Health Information Trust Alliance published an analysis of the 108 breaches reported to HHS from Sept. 23, 2009 (when reporting first started under the HITECH Act) to mid-July.  This review illustrates the major impact of theft on healthcare providers.   Of 108 total reported breaches, 68 were the result of theft.  Indeed, the only [...]

According to a story published today in the News Journal, Aon Consulting is mailing letters to approximately 22,000 State of Delaware retirees after it inadvertently posted social security numbers, gender information and dates of birth in a Request for Proposal (RFP) the company prepared for the State.  The RFP information was posted by AON to the procurement [...]

According to the ID Theft Resource Center, 97 of the 341 organizations that sustained a significant data breach in the first half of 2010 were in the healthcare industry.  By comparison, only 38 breaches were reported at banking and other financial institutions.   As shown by the breach sustained by BCBS Tennessee, the direct costs for breaches can exceed [...]