PRIVACY + SECURITY BLOG

News, Developments, and Insights

Is HIPAA Enforcement Too Lax?

By Daniel J. Solove ProPublica has been running a series of lengthy articles about HHS Office for Civil Rights (OCR) enforcement that are worth reading. A Sustained and Vigorous Critique of OCR HIPAA Enforcement A ProPublica article from early in 2015 noted that HIPAA fines were quite rare. The article noted that from 2009 through […]

Read More…

Lessons from the Latest HIPAA Enforcement Action

by Daniel J. Solove Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) publicized its resolution agreement in its HIPAA enforcement action against St. Elizabeth’s Medical Center (SEMC).  SEMC agreed to pay $218,000. The case began with a complaint filed with OCR back in 2012 that employees […]

Read More…

The Health Data Breach and ID Theft Epidemic

By Daniel J. Solove When you go to the hospital, you might worry about catching a staph infection or pneumonia, but you should also worry about contracting a nasty case of medical identity theft. Most people suffer significant harm from medical ID theft, and few are completely cured. This ailment is spreading dramatically as data […]

Read More…

Why the Anthem Data Breach Is Needlessly Harmful

By Daniel J. Solove Recently, Anthem, one of the largest health insurance providers, suffered a massive data breach involving personal data on up to 80 million people. According to Anthem, the data breached includes “names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.” […]

Read More…

Privacy and Security Developments 2014 Issue 1

by Daniel J. Solove Issue 2014 No. 1 This post is co-authored with Professor Paul M. Schwartz. We spend a lot of time staying up to date so we can update our casebooks and reference books, so we thought we would share with you some of the interesting news and resources we’re finding. We plan […]

Read More…