A new guide from federal regulators on key privacy and security issues to address when adopting electronic health records is valuable. But additional guidance on risk assessments and other issues is needed.
Post-breach, organizations must have a full grasp on what happened - and convey that message consistently. Too often, that's not the case, says attorney Ronald Raether. What steps must organizations take?
The UK has announced the first fine against a National Health Service unit for a breach in violation of the Data Protection Act. The Aneurin Bevan Health Board in Wales was fined Â£70,000 by the Information Commissioner's Office for sending sensitive patient information to the wrong person.
Accretive Health Inc., a Chicago-based medical debt collection agency, has filed a motion to dismiss the Minnesota attorney general's lawsuit against the company that stems, in part, from a data breach incident involving a stolen unencrypted laptop.