Voluntary national standards, including privacy and security guidelines, for health information exchanges are inching forward. Federal authorities soon will seek comments on plans for a Nationwide Health Information Network Governance Rule.
Susan McAndrew of the HHS Office for Civil Rights provides insights about an omnibus package of regulations - including a revised version of the HIPAA breach notification rule - that's now in the final stages of review.
The UK has announced the first fine against a National Health Service unit for a breach in violation of the Data Protection Act. The Aneurin Bevan Health Board in Wales was fined Â£70,000 by the Information Commissioner's Office for sending sensitive patient information to the wrong person.
Accretive Health Inc., a Chicago-based medical debt collection agency, has filed a motion to dismiss the Minnesota attorney general's lawsuit against the company that stems, in part, from a data breach incident involving a stolen unencrypted laptop.
New federal privacy and security guidance for health information exchanges
provides a good framework, but the recommendations will need to be phased in over time, says the director of a statewide HIE initiative in Indiana.
Among the provisions of the Federal Information Security Amendments Act, approved by a voice vote, is a requirement that agencies implement continuous monitoring of their IT systems to identify vulnerabilities before a cyber incident occurs.