Category:HIPAA & Health Information
Rush University Medical Center’s 2019 Privacy Breach Incident
In March 2019, Rush University Medical Center (“Rush University”) sent out breach notification letters to approximately 45,000 patients. The letter advises patients that a privacy incident occurred that may have involved the patients’ personal information. The privacy incident was caused by an employee of a third-party financial services vendor. The employee released a file that contained patient information to an unauthorized person. According to the breach notification letter, law enforcement and regulatory officials were involved in the investigation of the privacy incident. Rush University sent the breach notification letter in compliance with the Health Insurance Portability and Accountability Act’s privacy and security rules.
HIPAA Simplification Compliance Review Now Underway
The Health Insurance Portability and Accountability Act (HIPAA) and the Patient Protection and Affordable Care Act (ACA) jointly create national standards for electronic transactions, code sets, and unique identifiers. The ACA introduced Administrative Simplification provisions in 2010 and now the Centers for Medicaid and Medicare Services (CMS) has launched a Compliance Review Program to ensure that HIPAA covered entities are abiding by the Administrative Simplification rules.
Unsecured Laptops Still Causing Major Healthcare Security Threats
Despite all preventive measures that hospitals and health care systems put in place to stop data breaches from occurring, employees at these entities still have unsecured and un-encrypted laptops, which are susceptible to cybersecurity attacks. A report from a cybersecurity protection organization stated that a majority of high-risk scenarios that occur in health care entities were due to unsecure laptops. These unsecured laptops can lead to massive data breaches and can result in hefty fines imposed by the Office of Civil Rights. Proper encryption, tracking software, and rarely leaving laptops unattended are a few ways that employees and organizations can help safeguard protected health information and prevent data breaches.
Cook County, Illinois Revised HIPAA Qualified Protective Order Signals New Responsibility for Injury Attorneys
Cook County General Administrative Order 18-1 pertains to the Standard HIPAA Qualified Protective Orders (QPO) that will be permitted in Cook County. These orders will only be allowed for cases that are in litigation where the Plaintiff and Plaintiff’s counsel authorize disclosure of a litigants’ protected health information (PHI). It also requires all entities who received PHI to either return the documents to the Plaintiff or destroy them at the end of the case. These changes mean that Plaintiff’s attorneys will see a change in the handling of Plaintiff’s medical records and other documents covered under the QPO containing PHI.
“On Demand” Abortions: Protection for Women’s Rights or Expansion of Late-Term Abortions?
With the recent change of New York’s abortion law, legislators granted women the affirmative right to abortions under the state’s public-health law. Under the Reproductive Health Act, restrictions on abortion past twenty-four weeks are removed legalizing abortion up until the day of birth. This bill was passed on the 46th anniversary of the Roe v. Wade decision. The new bill comes as a reaction to the confirmation of conservative Supreme Court Justice Brett Kavanaugh, giving protection to women’s access to abortion if Roe v. Wade is overturned. Proving to be very controversial, the change has advocates and critics at odds with its potential future effects.