By Tony Edwards

Healthcare data breaches often bring to mind large institutions — hospitals, insurers, HMOs — but small practices are becoming a growing target for hackers.

Hacking/IT incidents topped the 2018 list of causes of healthcare facility breaches in 2018, according to HIPPA Journal, with email being the method of choice for accessing information.

Nearly 600 breaches from the last two years affecting 500 or more individuals are under investigation by the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services.

Federal HIPAA regulations require practices to report breaches to the OCR, though many such fail to do so, experts tell Digital Privacy News.

“For incidents involving between 1 and 499 patients, the facility-practice is required to ‘log’ the breach and submit the logs within the first 60 days of the new year,” said Debi Carr of DK Carr & Associates, a Florida consultancy.

“For incidents involving 500 or more, it becomes immediately reportable unless [the practice] can prove that patient information was not viewed, acquired, or misused.”

By Joanne Cleaver

Natural disasters inflict chaos on personal finances and credit, whether the disaster is a tiny and devastating virus or a huge and calamitous hurricane.

The repercussions on credit scores, credit histories and the effort to control your financial information can last for months, if not years.

The privacy fallout from the economic impact of COVID-19 will very likely replicate on a national scale the headaches that trailed in the wake of Hurricane Katrina, expects Jude Boudreaux.

Boudreaux, a senior financial planner and partner with the Planning Center, a personal financial-planning firm in Moline, IL, has lived and worked his entire life in Louisiana.

Now, as in the wake of the hurricane, financial institutions “recognized that this was a major situation outside our control,” he said of the widespread effects on consumer financial data of the upheaval. “There’s a precedent for it.”

By Michael Datcher

About three years ago, Peter Lorca (not his real name) figured his old misdemeanor criminal conviction was hurting his job prospects. He then went to a Texas courthouse and paid fees to have his record expunged.

But the old conviction remained tied to Lorca because PeopleFinders.com and other online data brokers published the expunged information.

Lorca now is the lead plaintiff in a federal class-action lawsuit against PeopleFinders and other websites owned by Confi-Chek Inc., a data-broker holding company in Sacramento, Calif.

By Samantha Cleaver

All students in Seminole County, in central Florida, will check in to school Monday from home.

They will log in, many on their own computers and devices, to the district’s portal and participate in lessons, complete assignments and practice skills.

Students will do regular learning activities, Tim Harper, the district’s chief technology officer, told Digital Privacy News.

But, he said, “It’s a big shift for a lot of people who have never experienced online learning.”

Across the country, more than 55.1 million students now are learning from home because of COVID-19 closings. At the start of school each day, students log into online platforms and access software.

As school, and its technology, come home, concerns about the type of data that will be collected and how it will be used for accountability are being debated.

Many states already have canceled high-stakes tests for the school year. These drills often are connected to grade advancement and school-accountability decisions.

Without those measurements, however, the question is whether schools will be collecting online learning data to hold students accountable during the coronavirus closings.

By DPN Staff

The American Civil Liberties Union and its New York branch have sued the Department of Homeland Security and three federal agencies in the organization’s ongoing battle for the ethical development and use of facial recognition technology.

Also named in the March legal action were three DHS agencies: U.S. Customs and Border Protection, Transportation Security Administration and Immigration and Customs Enforcement. 

The lawsuit followed a U.S. Freedom of Information Act (FOIA) request for data on the use of facial recognition technology at airports nationwide.