As Hurricane Florence makes landfall, the HHS Office for Civil Rights (OCR) and its federal partners remain in close coordination to help ensure that emergency officials effectively address the needs of at-risk populations as part of disaster response. If you believe that a person or organization covered by the Privacy and Security Rules (a "covered entity") violated your health information privacy rights or otherwise violated the Privacy or Security Rules, you may file a complaint with OCR. For additional information about how to file a complaint, visit OCR's web page on filing complaints at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.

This newly published web guide from ONC titled, "The Guide to Getting & Using Your Health Records: The steps, tips, and tools you’ll need to get, check, and use your health record" helps to instruct consumers on how to get their health record from healthcare providers, their rights to those records, and some specific ways in which to get a hold of that information.

From the Troy Hunt article:

"The indictment also suggest that the hackers, in most cases, did not employ particularly sophisticated methods to gain initial entry into the corporate networks. The papers show that in most cases, the breach was made via SQL injection flaws -- a threat that has been thoroughly documented and understood for well over than a decade."

From the OCR website: 

We are experiencing an explosion of technology using data about the health of individuals in innovative ways to improve health outcomes. Building privacy and security protections into technology products enhances their value by providing some assurance to users that the information is safe and secure and will be used and disclosed only as approved or expected. Such protections are sometimes required by federal and state laws, including the HIPAA Privacy, Security and Breach Notification Rules.

From the Federal Trade Commission website: 

Does your mobile app collect, create, or share consumer information? Does it diagnose or treat a disease or health condition? Then this tool will help you figure out which – and it may be more than one – federal laws apply. It’s not meant to be legal advice about all of your compliance obligations, but it will give you a snapshot of a few important laws and regulations from three federal agencies.

The Health Insurance Portability and Accountability Act (HIPAA) Rules provide federal protections for patient health information held by Covered Entities (CEs) and Business Associates (BAs) and give patients an array of rights with respect to that information. Regulations includes the Privacy Rule, which protects the privacy of individually identifiable health information; the Security Rule, which sets national standards for the security of electronic Protected Health Information (ePHI); and the Breach Notification Rule, which requires CEs and BAs to provide notification following a breach of unsecured Protected Health Information (PHI). CEs must comply with the HIPAA Privacy,10 Security,11 and Breach Notification12 Rules. BAs must comply with the HIPAA Security Rule and Breach Notification Rule as well as certain provisions of the HIPAA Privacy Rule.