The Connecticut attorney general, using new authority granted under the HITECH Act, is suing a managed health care provider over a data breach that potentially exposed the personal data of 446,000 state residents.

Despite regulations mandating protection of health care records, more than half of American hospitals fail to take appropriate steps to safeguard the privacy of patients, according to a new survey of health care IT security professionals.

An unencrypted personal laptop, carrying the personal information of hundreds of thousands of doctors nationwide, was stolen over the weekend.

Privacy advocates are questioning a provision of the new health care breach notification rule, which states that organizations only need to alert victims if they believe disclosure of the information "poses some harm."

New breach notification mandates for health care organizations were promulgated this week, just as $1.2 billion became available to facilitate the move to digital medical records.

In 2009, virtually all health care providers take credit cards - and virtually none of them are PCI compliant.

Now that that the stimulus package has passed, health care information security moves from an objection to a requirement. There is growing acceptance that, like it or not, electronic medical records will play a more important role in health-care service delivery.

Some employees are taking advantage of access policy gaps without realizing they are breaking privacy laws.

A pharmacist wholesaler in Austria modernized its distribution systems and found protection for its network.