Proofpoint: Security, Compliance and the Cloud

February 25, 2010

HIPAA Breach Notifications Begin: US Department of Health and Human Services, Office for Civil Rights, Publicly Posts Breach Info Online

Earlier this week, the US Department of Health and Human Services (HHS), which is now charged with enforcing the US healthcare privacy laws known as HIPAA and HITECH, began posting a list of organizations that have notified the HHS about breaches of unsecured health information that affected more than 500 individuals (as required by section 13402(e)(4) of the HITECH Act, which requires the Secretary of the HHS to "post a list of breaches of unsecured protected health information affecting 500 or more individuals.")

The editors of HealthcareInfoSecurity.com (which is an awesome resource, BTW) have a good summary in their article, "Breach Reports: We've Only Just Begun."

You can find the HHS's list of reported breaches here:

HHS: Healthcare Information Breaches Affecting 500 or More Individuals

Causes for these breaches run the gamut from thefts of paper printouts, hacks and misdirected email messages to losses or thefts of laptops and mobile devices (which would seem to be the most common problem from my cursory scan of the list).

If you're interested in HIPAA/HITECH compliance issues and how they impact email security, you should check out the replay of Proofpoint's recent web seminar, "HIPAA and Beyond: Meeting New Healthcare Security Requirements for Email" at:

http://www.proofpoint.com/id/beyondhipaa/index.php.

Some of that same information is covered in whitepaper form in our paper of the same name. You can download that whitepaper here:

Whitepaper: HIPAA and Beyond - An Update on Healthcare Security
Regulations for Email, 2009

Posted by Keith R. Crosley at 10:41 AM
Data Loss Prevention, Email Security, Encryption, HIPAA

Technorati Tags: , , , , , , , , , , , ,

Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010535f33a5b970c01310f3a7ff5970c

Listed below are links to weblogs that reference HIPAA Breach Notifications Begin: US Department of Health and Human Services, Office for Civil Rights, Publicly Posts Breach Info Online:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Something really has to be done legally to stop this kind of thing from happening

Posted by: Nelson from Detox Cleanse | November 08, 2010 at 10:57 PM

Thanks for the resource. I'll have to post this on my blog. After viewing the list it looks like we need to do something about thieves! I thought there would have been more reports, however, no telling how many covered-entities never report a breach or even follow HIPAA requirements for that matter.

Posted by: HIPAA Compliance | January 17, 2011 at 11:07 PM

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Archives

Blog Search

Email Security Gateways, 2011

Magic Quadrant

Recent Posts

Blogroll

Tweets

Follow us @Proofpoint_Inc »

What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption