Top Stories
Advisories - HITRUST Alliance: HAA 2022-001: Retirement of Legacy Assessment Workflows
In February we introduced significant enhancements to the MyCSF platform centered around providing additional functionality and transparency to our users. The feedback we have received over the past several months has been overwhelmingly positive. We are bringing these enhancements to remaining users, as outlined in the Advisory below, so that you can benefit from these new features.
Eleven Enforcement Actions Uphold Patients’ Rights Under HIPAA | HHS.gov
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced the resolution of eleven investigations in its Health Insurance Portability and Accountability Act (HIPAA) Right of Access Initiative, bringing the total number of these enforcement actions to thirty-eight since the initiative began.
Breaches
HHS agrees to improve feedback for healthcare data breach reporting
The Department of Health and Human Services' Office of Civil Rights (OCR) has agreed to implement a feedback mechanism by adding language and contact information to the confirmation email that healthcare entities receive.
Highmark Health, WellDyneRx, Others Report Healthcare Data Breaches
Healthcare data breaches continue to overwhelm the sector in the latter half of the year, with organizations reporting ransomware attacks, third and fourth-party breaches, and unauthorized network access.
1.9M patients, 657 providers face data breach after debt collections firm attack
The data of 1.9 million patients tied to 657 healthcare providers was accessed during a “sophisticated” ransomware attack on debt collections firm Professional Finance Company in February.
Despite the major impact, it’s still just the third biggest healthcare data breach reported in 2022.
Tenet Healthcare faces lawsuit after data breach affects 1.2 million patients
A Texas man has filed a class-action lawsuit against Dallas-based Tenet Healthcare and its affiliate Baptist Health System after the companies experienced a data breach this year that affected more than a million patients.
Security
Experian, You Have Some Explaining to Do – Krebs on Security
Twice in the past month KrebsOnSecurity has heard from readers who had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email address.
Privacy
Executive Order on Protecting Access to Reproductive Healthcare Services | The White House
President Biden released an “Executive Order on Protecting Access to Reproductive Healthcare Services,” which addressed patient privacy protections.
HHS Issues Guidance to the Nation’s Retail Pharmacies Clarifying Their Obligations to Ensure Access to Comprehensive Reproductive Health Care Services
Following President Biden’s Executive Order on ensuring access to reproductive health care, the U.S. Department of Health and Human Services (HHS) is issuing guidance to roughly 60,000 U.S. retail pharmacies, reminding them of their obligations under federal civil rights laws.
Location, health, and other sensitive information: FTC committed to fully enforcing the law against illegal use and sharing of highly sensitive data | Federal Trade Commission
The Federal Trade Commission said it will watch for how businesses and other entities use location and health data.
New Connecticut law takes its place in the U.S. data privacy framework | Reuters
In May, the State of Connecticut enacted the Personal Data Privacy and Online Monitoring Act (the "CTDPA") which includes a broad array of privacy regulations that will go into effect on July 1, 2023.
Russia fines Apple for violating data storage law | AP News
A Moscow court on Tuesday fined Apple 2 million rubles (about $34,000) for refusing to store the personal data of Russian users on servers in Russia, part of government efforts to control online activity.
New SF DA Brooke Jenkins Backs Proposal to Expand Police Surveillance
In her first substantive policy position as San Francisco’s top cop, newly appointed District Attorney Brooke Jenkins came out in support of a proposal to expand the use of live camera surveillance by police. The proposal would broaden the range of circumstances in which San Francisco police are allowed to tap into privately owned camera feeds in real time.