HIPAA Enforcement: CVS Case Example

While understanding privacy law and how it should be implemented is important, it is equally important to know how such laws are enforced and investigated by the U.S. Government. The following case explains the corrective action the Office of Civil Rights under the Department of Health and Human Services was forced to take ensure compliance of a covered entity that had significantly and repeatedly violated the Privacy Rule of HIPAA.

Following reports of improper disposal of personal health information (PHI) the OCR launched an investigation into the information practices of CVS Entities in September 2007. Their review found the following:

Between [...]

Share
June 15th, 2010 | Tags: , , , , , , , , , , , | Category: CIPP, Compliance & Regulations | Leave a comment

Common Risks Impeding the Adequate Protection of Government Information

In 2007, the Department of Homeland Security an Office of Management and Budget, along with the Presidential Identity Theft Task Force, investigated information privacy and security practices in the United States Government. They developed a report called the Common Risks Impeding the Adequate Protection of Government Information (pdf)which included a list of ten common mistakes made by U.S. departments and agencies and provided recommendations for new practices to be implement to eliminate and reduce security [...]

Share
March 22nd, 2010 | Tags: , , , , , , , , , , , , , , , , , , , , | Category: CIPP, Compliance & Regulations, Privacy | Leave a comment

Data Destruction and Privacy

If asked to identify the point in the information lifecycle in which data is often most vulnerable, most people would not say “Destruction.” Destruction itself is a simple concept. After personal data or technology storing personal data is no longer useful it is discarded. However, completely erasing data from existence is not that easy. Computer files are particularly difficult to destroy. Furthermore, with the increasing use of cloud computing services, more and more personal data is being stored on third party servers, where the information controller has to trust their provider to remove the information when requested. Control over the deletion and destruction of data is taken out of the data controller and the data subject’s hands. The problems associated with proper disposal, make it so that the destruction of data is one of the times personal information is most likely to be at risk for unauthorized access. Because of this, data destruction remains an important privacy issue discussed among professionals in the industry [...]

Share
November 23rd, 2009 | Tags: , , , , , , , , , , | Category: CIPP, Compliance & Regulations, Privacy | Leave a comment