In their first congressional testimony together as a full commission, the Federal Trade Commissioners expressed support for comprehensive federal privacy legislation before the Senate Committee on Commerce, Science, and Transportation Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security on November 27. While the focus of the hearing was primarily on privacy and data security, the Commission’s written testimony provided updates regarding other consumer protection and competition matters.
Category: Privacy
Physician Provided PHI to Media When “No Comment” Would Have Sufficed
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $125,000 no-fault settlement and two-year corrective action plan with Allergy Associates of Hartford, P.C. (Allergy Associates) stemming from an incident involving a physician who impermissibly released protected health information (PHI) to the media.
Continue reading “Physician Provided PHI to Media When “No Comment” Would Have Sufficed”
NIST Seeks Public Comment on Developing a Privacy Framework
The National Institute of Standards and Technology (NIST) published its request for information (RFI) covering a series of questions designed to assist in the development of a voluntary framework meant to improve the management of the privacy risk that could arise from the collection, storage and use of individuals’ information in the Federal Register on November 14, 2018.
Continue reading “NIST Seeks Public Comment on Developing a Privacy Framework”
New Handbook Provides Guidance to Healthcare Delivery Organizations on Preparation and Response to Medical Device Cybersecurity Incidents
Recently, the MITRE Corporation, in collaboration with the U.S. Food and Drug Administration (FDA), announced the release of the Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook. The Playbook was designed to provide “tools, references, and resources” for Healthcare Delivery Organizations (HDOs) to better prepare for and respond to medical device cybersecurity incidents.
First Notice Filed Under GDPR against Canadian Analytics Firm
The UK Information Commissioner’s Office (ICO) has issued an Enforcement Notice against a Canadian data analytics firm, AggregateIQ (AIQ) that allegedly produced targeted advertisements for pro-Brexit campaigns. This action is the first enforcement Notice issued under the GDPR.
Continue reading “First Notice Filed Under GDPR against Canadian Analytics Firm”
Employee’s Illegal Access to Patient Records Results in Data Breach of 15,000 Patients: Hospital System to Pay for Violations
UMass Memorial Medical Center, Inc., and UMass Memorial Medical Group, Inc. (collectively, UMass) has agreed to pay $230,000 to settle claims alleging that that they violated the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), and various other state patient privacy laws.