The Boston Police Patrolmen's Association argues that the Boston Public Health Commission violated the HIPAA Privacy Rule when it requested that hospitals provide medical data without patient consent on victims of last month's marathon bombings. Health Info Security.
Concerns are being raised about the trend of pharmaceutical companies using databases of doctor and patient information to improve drug marketing strategies. Drug companies say they use the data to provide doctors with information tailored to their needs. New York Times.
The House Energy and Commerce Committee approved a bill that calls on FDA to propose rules to track prescription drug distribution. The committee rejected an amendment to create an electronic unit-level tracking system. The Hill's "RegWatch," Cleveland Plain Dealer.
Several data breaches have occurred across the U.S. in recent months. Facilities that have reported such breaches include Indiana University Health Arnett, Regional Medical Center in Memphis and the University of Rochester Medical Center in New York. HealthITSecurity et al.
CVS Caremark and five health insurers will begin to require their business associates to assess their information security by participating in an independent security-assessment program developed by the Health Information Trust Alliance. Modern Healthcare, HITRUST release.
CVS has cited the new HIPAA omnibus rule's restrictions on the use of personal health information as the motivation for its decision to no longer use data from prescription drug records to send refill notices to patients on behalf of pharmaceutical companies. Modern Healthcare.
Two veterans are seeking class-action status for a lawsuit stemming from a data breach at a Department of Veterans Affairs medical center in South Carolina. The suit alleges that VA officials violated federal law by failing to protect veterans' data. The State, Government Health IT.
Many health care providers are expected to face challenges complying with expanded HIPAA privacy and security protections. Providers say that a new data segmentation requirement will pose significant obstacles because of technology limitations. Wall Street Journal.
Many hospitals are implementing iris scanners, facial recognition tools and other biometric technologies to help curb health data breaches. However, experts note that such tools likely would not prevent a hospital employee from stealing patient data. Bloomberg Businessweek.
A new report finds that U.S. residents who received a health data breach notification in 2012 had a 25% chance of being affected by fraud. The report also includes a case study of a 2012 data breach at the Utah Department of Health. Clinical Innovation & Technology et al.
According to two reports looking at security breaches in several industries, many health care organizations lack sufficient procedures to prevent data breaches. Experts recommend that all physician practices have a data breach response plan in place. American Medical News.
During a House Energy and Commerce subcommittee hearing last week, witnesses expressed concern that misunderstandings about HIPAA might lead health care providers to withhold critical medical information from family, caregivers or law enforcement officials. Experts urged HHS to bolster its efforts to educate health care providers about HIPAA provisions. MedPage Today et al.
To demonstrate the risks of making personal data available online, a Harvard University professor has re-identified several individuals in the Personal Genome Project's database. The professor suggested that individuals provide less personal data for such research. Forbes.
According to an analysis by HHS contractor KPMG, many of the problems identified during HIPAA privacy and security compliance audits happened because health care organizations were unaware of the data privacy and security regulations that applied to them. Modern Healthcare.
A new proposal from HHS seeks to address legal barriers under HIPAA that prevent states from reporting certain medical data to a federal gun-purchase background check database. The proposal states that HHS is considering "an express permission in the HIPAA rules" for reporting relevant data. The Hill's "RegWatch" et al.