PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Is HIPAA Enforcement Too Lax?

By Daniel J. Solove ProPublica has been running a series of lengthy articles about HHS Office for Civil Rights (OCR) enforcement that are worth reading. A Sustained and Vigorous Critique of OCR HIPAA Enforcement A ProPublica article from early in 2015 noted that HIPAA fines were quite rare. The article noted that from 2009 through […]

Read More…

Blogging Highlights 2015: Health Privacy+Security Issues

HIPAA Training

I’ve been going through my blog posts from 2015 to find the ones I most want to highlight.  Here are some selected posts about health privacy and security: Why HIPAA Matters: Medical ID Theft and the Human Cost of Health Privacy and Security Incidents […]

Read More…

Why HIPAA Matters: Medical ID Theft and the Human Cost of Health Privacy and Security Incidents

By Daniel J. Solove Whenever I go to a doctor and am asked what I do for a living, I say that I focus on information privacy law. “HIPAA?” the doctors will ask. “Yes, HIPAA,” I confess. And then the doctor’s face turns grim.  At first, it looks like the face of a doctor about […]

Read More…

Patient Access to Medical Records Under HIPAA: Significant Reform Needed

by Daniel J. Solove Recently, I wrote about the challenges in accessing health information about family members.  In this post, I will explore patients’ access to their own medical records. HIPAA doesn’t handle patient access to medical records very well. There are many misunderstandings about patient access under HIPAA that make it quite difficult for […]

Read More…

HIPAA’s Friends and Family Network: Access to Health Information

by Daniel J. Solove Suppose your elderly mother is being treated at the hospital for a heart condition. Your mother tells her doctor that you can have access to her health information. The doctor, however, doesn’t disclose the information to you. The doctor thinks that you can only have the information with a signed written […]

Read More…

New Resource Page: Text of HIPAA’s Training Requirements

by Daniel J. Solove I recently created a new resource page for the TeachPrivacy website: Text of HIPAA’s Training Requirements.  This page provides excerpts of the training provisions in the HIPAA Privacy Rule and the HIPAA Security Rule. This page is designed to be a useful companion page to our resource page, HIPAA Training Requirements: […]

Read More…

Health Data Security in Crisis, Phase 2 Audits, and Other HIPAA Privacy + Security Updates

By Daniel J. Solove Co-authored with Professor Paul Schwartz This post is part of a post series where we round up some of the interesting news and resources we’re finding. We have split the health/HIPAA material from our updates on other topics. To see our updates for other topics, click here. For a PDF version […]

Read More…

Privacy Law: From a National Dish to a Global Stew

By Daniel J. Solove This post is co-authored by Professor Neil Richards The recent case of Google v. Vidal-Hall in the UK has generated quite a buzz, with Omer Tene calling it the “European privacy judicial decision of a decade.” The case illustrates several fascinating aspects of the developing global law of privacy, with big […]

Read More…

The Health Data Breach and ID Theft Epidemic

By Daniel J. Solove When you go to the hospital, you might worry about catching a staph infection or pneumonia, but you should also worry about contracting a nasty case of medical identity theft. Most people suffer significant harm from medical ID theft, and few are completely cured. This ailment is spreading dramatically as data […]

Read More…

Why the Anthem Data Breach Is Needlessly Harmful

By Daniel J. Solove Recently, Anthem, one of the largest health insurance providers, suffered a massive data breach involving personal data on up to 80 million people. According to Anthem, the data breached includes “names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.” […]

Read More…