Month: July 2016

HHS Report on Unprotected Health Information

HHS has been busy responding to new and emerging threats to protected health information. Last week, we reported on their ransomware guidance. This week, we can share a new report on the threats to privacy created by health information technologies (such as fitness trackers, social media platforms, and apps designed to collect health information). This is a topic we’ve written about before: In an earlier post, we pointed out that these technologies and the health information they collect are not covered by HIPAA. HHS is now acknowledging this gap in HIPAA’s coverage and the potential problems it creates. In...

Read More

HIPAA Guidance on Ransomware

Earlier this year we wrote about ransomware (a type of malicious software that takes data hostage), and its alarming rise in the health care sector (you can read the article here). In response to this growing threat (a recent government report found an average of 4,000 ransomware attacks every day this year), the U.S. Department of Health and Human Services’ Office for Civil Rights has issued new HIPAA guidance. The guidance discusses how covered entities and business associates should protect against and respond to ransomware. Most of OCR’s advice isn’t new. The HIPAA Security Rule already requires security measures...

Read More

News Brief: A Win for Tobacco Control

Last fall we explained investor-state dispute settlement (or ISDS) and why it’s important for health (you can read the article here). We mentioned in that blog that Philip Morris had sued the government of Uruguay over its anti-smoking regulations, including plain packaging for cigarettes. Earlier this month, the arbitrator finally reached its decision in the case, and it’s a big win for tobacco control. The World Bank’s arbitration body, the International Center for Settlement of Investment Disputes, issued a binding decision that Uruguay’s tobacco regulations were not a violation of the investment treaty between Switzerland and Uruguay and the regulations...

Read More

News Brief: The Cost of a Lost iPhone

If you thought losing your iPhone was an expensive mistake, you’re about to feel much better about being out just a few hundred dollars. A lost iPhone recently cost Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) a whopping $650,000. This was no ordinary iPhone. The CHCS-issued iPhone was unencrypted, un-password-protected, and apparently not well guarded, because it was stolen. It also contained the protected health information of more than 400 patients. The subsequent investigation by the Department of Health and Human Services Office for Civil Rights (OCR) found that CHCS did not have policies addressing the...

Read More