In a perspective piece for the Journal of the American Medical Informatics Association, Jingquan Li of Texas A&M University writes that health-related social networking websites should have privacy frameworks in place to let users monitor and control how their personal health data are shared. FierceHealthIT.
A former patient is suing Adventist Health System over allegations that the organization failed to protect the electronic health information of 763,000 patients affected by a data breach. The lawsuit is seeking class action status, injunctive relief and damages. HealthITSecurity et al.
New guidance from the Health Information Trust Alliance aims to help health care organizations use HITRUST's Common Security Framework to assess their cybersecurity preparedness. HITRUST is accepting public input on the guidance. Clinical Innovation & Technology et al.
After Myriad Genetics stopped providing access to its massive database of gene mutations, a team of researchers launched a grassroots project to gather the information by asking geneticists and clinics to share de-identified data from Myriad's gene test reports. New York Times.
The American Medical Student Association says that the American Medical Association's Physician Masterfile -- which contains doctors' personal and prescribing information -- should be used only for research and should not be sold for commercial uses. Modern Physician.
Data breaches at a University of Florida clinic could have exposed the personal data of 14,339 patients. Law enforcement officials have arrested two individuals who allegedly stole patient data and had ties to an identity theft ring. Gainesville Sun, Health Data Management.
The new Privacy Trust Framework published by Patient Privacy Rights describes 75 auditable criteria based on 15 core privacy principles. The framework aims to help health care organizations measure how well they protect patient data. HealthITSecurity, Health Data Management.
Today is the effective date for multiple new rules that expand and update HIPAA provisions to implement tougher privacy and security protections. However, compliance for the majority of the new rules' provisions will not be required for another six months. Modern Healthcare.
Michigan lawmakers say that efforts to store data on people who undergo HIV tests are improper under state privacy rules. However, state officials say their system encodes and encrypts names so personal identifying information is not accessible. The American Independent.
According to experts, hackers from China increasingly are targeting health care providers, insurers and other medical organizations. Experts say the hackers are obtaining data about drug or technology breakthroughs, as well as the business practices of health care firms. Dark Reading.
HHS' Office for Civil Rights recently issued a Federal Register notice seeking feedback on its plans to survey health care organizations that participated in a HIPAA audit pilot program last year. Clinical Innovation & Technology, Health Data Management.
Next month, Genetic Alliance will launch a new disease registry that allows patients to determine how their data are used for medical research. Proponents of the venture say giving patients more control over their data could boost participation in medical studies. MIT Technology Review.
An unnamed HIPAA-covered entity in California has filed a class-action lawsuit against the Internal Revenue Service, claiming that IRS agents improperly accessed about 60 million health records belonging to about 10 million U.S. residents. The lawsuit seeks punitive damages for constitutional violations, as well as $25,000 per violation per affected individual. Healthcare IT News et al.
Google has agreed to pay a $7 million fine as part of a multistate settlement acknowledging that the company violated individuals' privacy by collecting electronic medical data and other information during its Street View mapping project. Google collected the data from unencrypted wireless networks as the Street View vehicle passed by houses and businesses. New York Times, Bloomberg.
A report by the Department of Veterans Affairs' Office of Inspector General finds that VA has transmitted veterans' private information -- including electronic health record data, birth dates and Social Security numbers -- over an unencrypted telecommunications carrier network. According to the report, use of the network makes the data vulnerable to hackers. FierceGovernmentIT et al.