Wyatt HITECH Law

A Blog About Health Information Technology, Privacy & Security Developments

Leave a comment

Federal Government Report on Data Breaches in Health Care

government buildingThe U.S. Department of Health and Human Services, Office for Civil Rights (OCR) has issued two reports to Congress required by Section 13402(i) of the Health Information Technology for Economic and Clinical Health (HITECH) Act:

• “Annual Report to Congress on Breaches of Unsecured Protected Health Information For Calendar Years 2011 and 2012” (the Breach Report), and
• “Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance For Calendar Years 2011 and 2012” (the Compliance Report).

Both reports (as well as previous annual reports) may be accessed here.  This post discusses the Breach Report, and a separate article will be posted later addressing the Compliance Report.

The Breach Report offers valuable insight into OCR’s priorities with respect to healthcare data breaches and gives an excellent summary of many recent settlements. OCR (the office responsible for administering and enforcing the HIPAA Privacy, Security, and Breach Notification Rules) has prepared this Breach Report describing the numbers and types of healthcare data breaches occurring for calendar years 2011 and 2012.  The Breach Report is compiled from breach reports that HIPAA requires be provided to OCR by covered healthcare providers, health plans, healthcare clearinghouses and their business associates.  The raw data upon which these reports is based is available here. OCR also provides some cumulative data on breaches reported since the breach notification law went into effect on September 23, 2009. OCR then slices and dices this data in a variety of different and useful ways, sorting it by: cause, location of affected protected health information (PHI), types of entities involved, number of individuals affected, remediation steps taken, etc. Continue reading

Leave a comment

New Kentucky Data Breach Rules Go into Effect

Kentucky imposes new security and data breach notification requirements.

Kentucky imposes new security and data breach notification requirements.

In its most recent legislative session, the Kentucky General Assembly enacted two new data breach laws, HB 5 and HB 232, which go into effect July 15, 2014. Kentucky governmental agencies, those doing business with governmental agencies, and persons simply doing business in Kentucky should be aware of these added data security and breach notification requirements. Some level of comfort may be taken by health care providers, health insurance companies, banks, or others who are subject to either the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) or Title V of the Gramm-Leach-Bliley Act of 1999, as at least HB 232 appears to exempt them.  However, questions remain as to whether HIPAA-covered entities and banks are exempt under HB 5 when they have a contract with a state agency and receive personal information from the agency.  Hopefully this issue will be sorted out in the rule-making to come, before additional requirements of HB 5 kick in on January 1, 2015.

Continue reading

Leave a comment

KHIE issues June Newsletter

HCP with stethoscope using phone while on laptopThe Kentucky Health Information Exchange (KHIE) has issued its June 2014 Newsletter, The KHIE Connection.  This month’s issue includes a summary of the Centers for Medicare and Medicaid Services (CMS) Notice of Proposed Rule Making (NPRM) that, if finalized, would allow providers to meet Stage 1 or Stage 2 Meaningful Use with electronic health records (EHRs) that are certified to HHS ONC’s 2011 or 2014 Edition criteria or a combination of both Editions.  Comments to the NPRM must be received by July 21, 2014.  The newsletter also addresses Medicare’s scheduled payment adjustments for 2015 that will impact eligible hospitals and providers who do not timelyattest to Meaningful Use of certified EHRs.  Guidance on attesting to Meaningful Use also is included.


Get every new post delivered to your Inbox.

Join 1,064 other followers