On July 27th, the Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) announced settlements with Rite Aid Corporation for the improper disposal of personal information — including prescriptions and labeled pill bottles containing identifiable information about Rite Aid customers, and employment applications — in publicly accessible dumpsters in a variety of cities across the country.
This summer New Hampshire enacted two laws that increase protection for health information. The first, H.B. 619, restricts the use of health data for marketing and fundraising purposes, and imposes new state data breach notification requirements on health care providers, including pharmacists. The second, H.B. 542, establishes a framework for health information exchange entities (HIEs) and requires that individuals be permitted to [...]
With the compliance date for the federal health data breach notifications in the HITECH Act looming, more states are amending their data breach notification statutes to cover health information. The possible trend is evident in the newly-enacted laws of three states – Missouri, New Hampshire and Texas – all of which have been enacted since June 2009. [...]