Posts Tagged ‘patient information’
Saturday, January 3rd, 2015
Yesterday I read a news story about how a woman, Mrs. Anita Chanko, saw an episode of the Dr. Oz show “NY Med” that included video of her husband, who had died 16 months earlier, in the hospital receiving care after being hit by a truck while crossing the street. She did not know that such a video even existed.
The picture was blurred, but the woman knew it was her recently deceased husband because she recognized his voice when he spoke, the conversation topic, the hospital where the care was occurring, along with other visual indicators. She heard her husband ask about his wife; her. She then watched his last moments of life, and then his death on television. (more…)
Tags:ABC, Chanko, Dr. Oz., HIPAA, HITECH, Information Security, infosec, medical devices, NewYork-Presbyterian Hospital, NY Med, patient information, personal information, PHI, privacy, privacy professor, privacy risks, privacy rule, privacyprof, protected health information, Rebecca Herold, security rule
Posted in HIPAA, PHI, Privacy and Compliance | No Comments »
Thursday, December 18th, 2014
Once or twice a week I get a question from an organization that is considered to be a healthcare covered entity (CE) or business associate (BA) under HIPAA (a U.S. regulation) asking about the types of information that is considered to be protected health information (PHI). Last week a medical devices manufacturer, that is also a BA, asked about this. I think it is a good time to post about this topic again.
If information can be (more…)
Tags:HIPAA, HITECH, Information Security, infosec, medical devices, patient information, personal information, PHI, privacy, privacy professor, privacy risks, privacy rule, privacyprof, protected health information, Rebecca Herold, security rule
Posted in HIPAA, PHI | No Comments »
Sunday, June 19th, 2011
I’m giving a free webinar sponsored by Sophos this coming Wednesday, June 22: “10 Risk-Reducing Actions for Mobile HIPAA/HITECH Compliance.” Here is more information about it: (more…)
Tags:awareness, business associates, compliance, covered entities, HIPAA, HITECH, Information Security, patient information, PHI, privacy, protected health information, Rebecca Herold, risk managements, Sophos, training, wireless security
Posted in BA, CE, healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, mobile computing, privacy, Privacy and Compliance | 1 Comment »
Tuesday, April 19th, 2011
News broke yesterday about a physician in Rhode Island, at the Westerly Hospital, who was sanctioned for posting protected health information (PHI) on her Facebook page: (more…)
Tags:awareness, facebook, HIPAA, HITECH, patient information, PHI, policies, privacy, procedures, Rebecca Herold, Rhode Island, security, social media, Than, training, Westerly Hospital
Posted in BA, CE, healthcare, HIPAA, privacy, Privacy and Compliance, Social Media | 1 Comment »
Wednesday, April 6th, 2011
Yesterday I provided some thoughts to Howard Anderson at HealthinfoSecurity.com about the recent Health Net incident for his article. Here are some expanded thoughts for his questions…
(more…)
Tags:breach, Compliance Helper, encryption, Health Net, healthcare, HIPAA, HITECH, IBM, ID theft, Information Security, patient information, privacy, Rebecca Herold, security
Posted in HIPAA, HITECH | No Comments »
Thursday, February 26th, 2009
Okay, here’s a perfect real incident to use for a case study to argue discuss whether or not this is a HIPAA violation!
(more…)
Tags:awareness and training, HIPAA, HITECH Act, Information Security, IT compliance, IT training, patient information, PHI, policies and procedures, privacy training, risk management, security training
Posted in Privacy and Compliance, Privacy Incidents | 5 Comments »
