PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The Most Alarming Fact of the HIPAA Audits

by Daniel J. Solove Are privacy and security laws being enforced effectively? This post is post #5 of a series called Enforcing Privacy and Security Laws. Under the Health Insurance Portability and Accountability Act (HIPAA), various organizations can be randomly selected to be audited – even if no complaint has been issued against them and […]

The Brave New World of HIPAA Enforcement

by Daniel J. Solove Are privacy and security laws being enforced effectively? This post is post #4 of a series called Enforcing Privacy and Security Laws. The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from […]

The Best Preventative Medicine for Health Data Breaches

by Daniel J. Solove Last week, I gave a keynote address at a conference called Safeguarding Health Information: Building Assurance through HIPAA Security, sponsored by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). I’d like to summarize my remarks here for […]

Follow Professor Solove on Social Media

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed: Professor Solove’s LinkedIn Influencer blog You can follow Professor Solove on his blog at LinkedIn, where he is an “LinkedIn Influencer.”  He blogs about various privacy and data security issues. His blog has […]

6 Lessons from the Costliest HIPAA Settlement to Date

by Daniel J. Solove The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced the costliest HIPAA settlement to date — a $4.8 million settlement with New York and Presbyterian Hospital (NYP) and Columbia University (CU). The case involved the disclosure of protected health information on the Internet. Here […]

The HIPAA-HITECH Regulation, the Cloud, and Beyond

by Daniel J. Solove The new HIPAA-HITECH regulation is here. Officially titled “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules,” this new regulation modifies HIPAA in accordance with the changes mandated by the HITECH Act of 2009. After years of waiting and many false alarms that the regulation was going to be […]