health care data – InfoHive

Regulatory TREND. Anatomy of an Attorney General Investigation into a Healthcare Data Breach.

What type of healthcare data breach? electronic health information was exposed online

How did it happen? a misconfigured web setting

What went wrong with notification that caught the Michigan Attorney General’s attention? Patients were receiving notifications addressed to other patients and contacted the Attorney General

Health IT Security | Michigan Attorney General Looking into Inmediata Breach, Mailing Error

Regulatory TREND Medical Equipment and Data Breaches

The latest medical equipment suseptible to hackers are CT scans that would allow hackers access to alter images raising regulatory concerns about data security of medical equipment.

Washington Post | Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists

Lege TREND. + 1 Expansion of what triggers notification on a data breach

D.C. Attorney General new proposal would add the following to the list of information that would trigger notification in a data breach:

passport numbers
military IDs
biometric data
health information
taxpayer identification numbers
health insurance info
genetic information
DNA profiles

Security Week | D.C. Attorney General Introduces New Data Security Bill

Regulatory TREND. Security Gaps in Medical Equipment

New data breach lingo: The Internet of Medical Things (IoMT)

Why does this matter? Health care data breaches are thepriciest at $08 per record

What’s the latest breach of medical devices? ultasound equipment that can be hacked and have images swppaed by hackers

Dark Reading | Ultrasound Machine Diagnosed with Major Security Gaps

Politico | Why 2020 contenders need to worry about hackers now

Anatomy of a Bill. State Data Analytics Center. From XRays to Blood Specimens to help Legislators & Universities

Georgia’s House Bill 197 (GA | 2019) would create:

a statewide data analytics center — the Georgia Data Analytic Center — under the Governor’s Office of Planning and Budget
is in repsonse to Experian data breach
aggregate data from all constituent services would be available to lawmakers, state agencies, academic institutions and public and private researchers.

Rome News Tribune | Legislation creating Georgia Data Analytics Center clears Crossover Day hurdle

Lege TREND. State bill redefining Health Data Privacy

Oregon’s Senate Bill 703 will:

label health data as the patient’s property
require health care companies to obtain signed authorization from individual consumers before de-identifying their data for sale to a third party

Health Tech | What Oregon’s Move to Redefine Data Privacy Means for PHI

Legal TREND. Health Care Data Breach Leads to All Employers have Duty to Protect Employee Data

Pennsylvania Supreme Court rules that all employers must exercise reasonable care to protect worker data.

How did they get there? A health care provider employee data breach led to a lawsuit. Lower courts sided with the employer that there was no data security requirements for employee records. The PA Supreme Court disagreed.

Pittsburg Post Gazette | PA Supreme Court rules UPMC — and all employers — must protect workers’ data. Doing so is harder

Lege Trend. Anatomy of a Strict Data Breach Notification State Bill.

30 days to provide notification to consumers
Greater disclosures to consumers about data collected and where it is stored
Free credit freezes and unfreezes for a year
4 years of credit monitoring- free
Applies Deceptive Trade Practices Act penalties to Businesses (these accrue daily and per incident)

Who is backing this bill: North Carolina State Attorney General

What impact does this have to businesses?

healthcare comapnies would see their notifcation timeline cut from 60 days to 30…

3 Ways States Benefit from a State Data Officer.

data helps create more efficient permitting processes
- CT allows local governments to get occupational licensing data directly form the state
overdose data helps first responders and hospitals prepare for epidemics
Prevent fraud
- IN adopted its Indiana’s Management and Performance Hub to “integrate” data from several agencies to build custom analytics solutions.” Its addressing issues from car crashes and infant mortality to Medicaid optimization.
- TX shared data across agencies…

Lege TREND. Top Data Security State Legislation in 2019.

California Privacy Act. Will other states replicate it? Is it the US solution for GDPR?
Federal Preemption. Will Congress pass federal data breach notification standards?
Data Privacy Requirements for Internet of Things. Privacy standards for your home thermostat, etc… See California’s SB 327 (2018)
Will small businesses get a carve out bill? See S770 (115th Congress)
Federal Preemption of Data Encryption Standards for Business

Sc Media | Top cybersecurity legislation of 2019