Op-ed: Anonymized data sets need to consider privacy rights

(Feb 15, 2019) An op-ed for TechCrunch looks at the use of big data and its analysis by machine learning and artificial intelligence, particularly as it relates to anonymized medical data sets. Tehilla Shwartz Altshuler notes there is an assumption that as long as data sets are anonymized, active consent of individuals is not needed to include their data. “To put it bluntly, anyone who releases a medical database today without obtaining individuals’ consent for the use of their health records, with the excuse ... Read More

CarePartners faces extortion attempt following data breach

(Feb 15, 2019) Hackers have demanded Ontario-based health care provider CarePartners pay $18,000 worth of bitcoin in exchange for stolen patient data, HealthITSecurity reports. CarePartners announced it was hit by a data breach last June when it claimed patient and employee data had been compromised. The hackers contacted DataBreaches.net and provided two large files of data. The first file contained the encrypted medical information of about 80,000 patients, while the second held employee rates and earnings. ... Read More

Audit finds 'opportunities' to safeguard NIH data

(Feb 14, 2019) An audit from the U.S. Department of Health and Human Services’ Office of the Inspector General found that “opportunities exist” for the National Institutes of Health to strengthen and monitor controls to its sensitive information, HealthITSecurity reports. While the NIH did agree with some of the recommendations and findings, it did not agree to all. OIG officials said, “We recognize that NIH reported that it is already taking certain actions, such as the working group that was recently establi... Read More

Employers' embrace of wellness data raises privacy concerns

(Feb 12, 2019) Employers are embracing the use of activity trackers and adopting wellness programs in an effort to monitor employee health in the hope of reducing health care costs, The Wall Street Journal reports. Joy Pritts, who served as the chief privacy officer at the U.S. Department of Health and Human Services until 2014, explained that while wellness programs offered as part of group health plans are covered under the Health Insurance Portability and Accountability Act, others are not. “There’s just to... Read More

Microsoft announces new health care tools

(Feb 12, 2019) FierceBiotech reports on Microsoft’s new suite of capabilities to its cloud network offerings and communication tools aimed at addressing the needs of the health care industry and access to medical records. Through partnerships with interoperability providers, Microsoft announced features of the Teams app, its priority notification feature for users, and an artificial intelligence–powered virtual assistant chatbot at the Healthcare Information and Management Systems Society conference. The compa... Read More

ONC releases proposed rule on patient data access

(Feb 12, 2019) The U.S. Office of the National Coordinator for Health Information Technology proposed a new rule on patient data access, Healthcare IT News reports. The proposed rule would require health care organizations to give patients their data electronically for free in order to prevent any form of information blocking. The ONC rule also seeks to have health care adopt standardized application programming interfaces to help patients examine their records on their smartphones and mobile devices. Meanwhil... Read More

OCR reaches $3M settlement with Cottage Health to conclude record year for HIPAA actions

(Feb 8, 2019) The U.S. Department of Health and Human Services' Office for Civil Rights reached a settlement with Cottage Health for $3 million over violations of the Health Insurance Portability and Accountability Act. Cottage Health suffered two data breaches that impacted more than 62,500 individuals. The first incident involved a server left accessible on the internet, while the second involved a misconfigured server an IT team worked on in response to a troubleshooting ticket. The $3 million settlement a... Read More

British Columbia Supreme Court rules VCH does not need to reveal patient names in E. coli case

(Feb 8, 2019) The Supreme Court of British Columbia ruled Vancouver Coastal Health is not required to reveal the names of individuals who allegedly contracted E. coli at a PNE petting zoo, the Vancouver Sun reports. Three plaintiffs filed a lawsuit where they claim the zoo, Vancouver Coastal Health and local government failed to take the proper steps to stop the transmission of the disease, which ultimately affected 13 people. British Columbia Supreme Court Master Shelagh Scarth wrote in her ruling that secti... Read More

Queensland's ieMR project raises data privacy concerns

(Feb 7, 2019) According to Queensland University of Technology Innovation Law Professor Matthew Rimmer, Queensland Health’s $600 million integrated electronic medical record project has a “whole host of issues,” the Brisbane Times reports. Rimmer notes that one of the most glaring issues of the state’s ieMR project is that clinicians have access to edit the medical data of all patients in public hospitals that have the project installed and operational. “That seems a terrible approach, surely one would want t... Read More

Wyoming introduces bill to clarify patient privacy

(Feb 7, 2019) Wyoming lawmakers introduced a bill to repeal the state’s Hospital Records Act of 1991, which was the state’s effort to safeguard patient privacy before the enactment of the federal Health Insurance Portability and Accountability Act in 1996, HealthITSecurity reports. Wyoming Hospital Association President Eric Boley explained that while the law did a good job at the time it was enacted, complications arose between state and federal requirements after HIPAA. The proposed legislation would remove... Read More