Nearly 20 years to the day after the first HIPAA privacy regulations were announced, HHS has posted proposed revisions to HIPAA, evidence that even after twenty years, HIPAA privacy remains a work in progress. These proposed revisions are styled by HHS OCR as an attempt “to support individuals’ engagement in their care, remove barriers to coordinated care, and reduce regulatory burdens on the health care industry.”… More
Tag Archives: Privacy Rule
On November 26, HHS OCR released guidance regarding methods for de-identification of protected health information in accordance with the HIPAA Privacy Rule. This guidance fulfills the American Recovery and Reinvestment Act of 2009 (ARRA) mandate that HHS issue such guidance.
Following the passage of ARRA, OCR collected research and views regarding de-identification approaches, best practices for implementation and management of the current de-identification standard and potential changes to address policy concerns.… More
Cracking Down: FTC Settles Claims Against Mortgage Company For Violations of FTC Safeguards Rule – Requires Information Security Program and 10 Years of Security Audits
On Tuesday, May 5, 2009, in a press release devoted largely to the FTC’s congressional testimony on peer-to-peer file sharing, the FTC announced that it had reached a settlement of its claims against James B. Nutter & Company, a mortgage company that did not implement information security measures to meet federal minimums. According to the FTC, the result of this alleged failure was that an intruder in the company’s systems sent "millions of outgoing spam emails"… More