DataBreaches.net recently reported on three patient data breach disclosures that all exceeded the 60-day notification deadline set by HIPAA for informing both the U.S. Department of Health and Human Services (HHS) and the patients affected. Entities frequently fail to really comply with the notification deadline, but HHS OCR does not appear to have done much…
ENFORCEMENT: So many data breaches, so little enforcement?
This article introduces an upcoming series of posts scrutinizing federal and state regulators’ enforcement of data security and breach notification laws. The inaugural post will consider how the U.S. Department of Health and Human Services (HHS) enforces the 60-day notification requirement when covered entities do not notify everyone by 60 days, misrepresent when they actually…
Welcome!
Welcome. After almost 18 years of blogging about privacy and data security breaches on PogoWasRight.org, the now-defunct PHIprivacy.net, and DataBreaches.net, I’ve decided to create a site to emphasize some concerns about insufficient enforcement of laws that are supposed to promote data security, incomplete or misleading breach notification letters, and the general lack of transparency about…