Attorney discusses privacy of local Autism and Special Needs Registry
While some in the community asked whether the Raleigh County Sheriff's Office officials could possibly be forced to share the information with federal officials, Beckley attorney Robert Dunlap said the answer was 'no.'
Dunlap addressed the concerns on Wednesday, April 30, 2025, by explaining that federal health privacy laws protect those in the registry.
Beckley VFW to hold bag drive for children in the foster system
'We have HIPAA (Health Information Portability and Accountability Act) protections. We have federal law protections,' said Dunlap. 'There must be a court order, some sort of administrative request that meets the court order's requirement, or there must be mandatory reporting laws or explicit consent from the individual.'
Raleigh County Sheriff's Office offers voluntary Special Needs Registry
Dunlap added that other exceptions include a public health emergency, legal court proceedings such as subpoenas, when an agency receives federal funding and when there is a shared data agreement between agencies.
Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Wire
14 hours ago
- Business Wire
CORL Technologies and RiskRecon by Mastercard Partner to Deliver Continuous, Actionable Third-Party Risk Intelligence for Healthcare
ATLANTA--(BUSINESS WIRE)--Healthcare remains the most targeted industry for cyberattacks, with third-party suppliers implicated in the majority of major breaches. In fact, supplier-related incidents accounted for over 55% of healthcare breaches in 2024, and the average cost of a healthcare data breach exceeded $10 million. For organizations entrusted with protected health information (PHI) and critical patient services, continuous supplier oversight is no longer optional — it's essential. CORL Technologies, the healthcare industry's leading managed third-party risk management (TPRM) solution, today announced a strategic partnership with RiskRecon by Mastercard. This collaboration brings continuous, AI-powered cybersecurity insights directly into CORL's end-to-end TPRM platform — purpose-built for healthcare. The CORL + RiskRecon integration transforms supplier oversight from point-in-time snapshots into continuous, expert-vetted intelligence — without requiring clients to juggle multiple platforms or licenses. 'Our clients don't need more raw data — they need the right insights at the right time,' said Jay Stewart, CRO of CORL Technologies. 'This partnership with RiskRecon elevates our ability to provide healthcare-specific, human-interpreted risk intelligence that helps organizations act faster, with greater confidence.' Why This Matters in Healthcare Healthcare supplier ecosystems are vast, complex, and often under-monitored—spanning thousands of partners that handle PHI, sensitive systems, or regulated data. A single supplier weakness can cascade into HIPAA violations, operational disruption, and reputational damage. Boards, regulators, and compliance leaders now demand proof of continuous oversight, not just annual check-ins. The CORL + RiskRecon integration addresses this by delivering real-time, healthcare-specific cyber risk intelligence — powered by AI and interpreted by risk advisors — so security teams can detect, prioritize, and act on emerging threats faster than ever before. About CORL TPRM CORL's Third-Party Risk Management (TPRM) program is built on flexibility, trust, and healthcare-specific expertise. We meet organizations wherever they are in their supplier risk journey — whether building a program from scratch, optimizing existing processes, or scaling oversight to hundreds of suppliers. Our model blends advanced technology with strategic advisory services from seasoned healthcare security and compliance professionals. We flex with your program's needs — delivering everything from rapid assessments to continuous monitoring — while providing trusted guidance to strengthen governance, streamline supplier relationships, and ensure regulatory alignment. Powered by RiskRecon's market-leading cybersecurity ratings platform, CORL clients benefit from the same trusted intelligence used by some of the world's most security-conscious enterprises. Recognized globally for its accuracy, objectivity, and depth of insights, RiskRecon sets the standard for vendor cyber risk measurement, making it the ideal technology backbone for CORL's managed service model. With CORL, supplier risk management becomes a living, strategic function — designed to protect patients, safeguard sensitive data, and support organizational goals. What the CORL + RiskRecon Partnership Delivers Integrated RiskRecon Scores — Baseline and trending supplier risk scores built directly into CORL Impact Reports. On-Demand Snapshot Reports — Immediate supplier summaries to support fast, informed decisions. Continuous Monitoring — Automated alerts for score changes and emerging risks, interpreted by CORL's healthcare security advisors. Healthcare-Specific Context — RiskRecon's AI-driven intelligence layered with CORL's human-in-the-loop expertise. Why It Matters for Healthcare Organizations Faster Decisions — Supplier assessments and monitoring that once took weeks now deliver actionable insight in near real-time. Reduced Manual Overhead — CORL handles monitoring, interpretation, and reporting—no extra platforms to manage. Stronger Oversight — Continuous monitoring helps clients catch emerging risks early and demonstrate due diligence to boards, regulators, and audit committees. How It Works Clients add suppliers to their CORL inventory. CORL continuously monitors RiskRecon scores for changes. Significant shifts trigger immediate review and client notification. Clients access the latest insights anytime, all within CORL's managed service model. About CORL Technologies CORL delivers smarter, faster supplier risk management for healthcare — combining a healthcare-focused supplier risk data clearinghouse, expert-led managed services, and continuous monitoring capabilities. CORL empowers payors, providers, and healthcare suppliers to manage risk with velocity and confidence — without overwhelming internal teams. For more information, visit: About RiskRecon by Mastercard RiskRecon, a Mastercard company, provides AI-powered cybersecurity ratings and continuous monitoring that help organizations objectively assess and manage third- and fourth-party risks — delivering data-driven insights to drive proactive security postures. For more information, visit:
Business Wire
a day ago
- Business Wire
Small Medical Practices Are Sitting Ducks for Healthcare Cybercrime
SAN FRANCISCO--(BUSINESS WIRE)--Over 90% of U.S. healthcare providers operate as small organizations, yet a new Paubox report titled "What small healthcare practices get wrong about HIPAA and email security" reveals these practices are unknowingly exposing themselves to cyber attacks and federal compliance violations. 98% of small healthcare organizations falsely believe they're HIPAA compliant Share The study of 214 healthcare IT leaders and practice managers at organizations with fewer than 250 employees found that nearly all small practices (98%) claim their platforms "encrypt emails by default"—but most are using common tools like Microsoft 365 or Google Workspace that often fail to provide actual protection. "Nearly half of healthcare email breaches stem from Microsoft 365 alone," the survey found. The problem is that encryption may drop if a recipient's server doesn't support modern protocols, often without any alert to the sender—leaving protected health information completely exposed. The confidence crisis More than 80% of small practices expressed confidence in their current HIPAA compliance posture, but the reality is far different. The survey found widespread misconceptions that are creating massive compliance gaps: 83% believe patient consent removes the need for encryption—a costly misunderstanding. Federal regulations still require "appropriate safeguards" under the HIPAA Security Rule, even when patients agree to electronic communication. Getting a patient's okay to email doesn't eliminate the legal requirement for encryption and other protective measures. 64% believe patient portals are required for HIPAA compliance—yet the regulations say the opposite. HIPAA explicitly gives patients the right to request communication "by alternative means or at alternative locations, if reasonable." Portals are just one option among many, including secure direct email when proper safeguards are in place. 20% don't utilize any form of email archiving or audit trail—leaving one in five practices unable to investigate incidents after they happen or prove compliance during federal audits. These misconceptions create compliance violations that practices don't even realize exist, with healthcare providers unknowingly breaking federal law while genuinely believing they're following the rules. Cybercriminals target the vulnerable Phishing attacks—the leading cause of healthcare breaches—now account for over 70% of healthcare data breaches as of 2024. Small practices are prime targets because they typically lack dedicated security staff, formal training programs, or technical defenses. The survey found that 43% of small healthcare organizations reported experiencing a phishing or spoofing incident in the past year. Meanwhile, about 50% of these organizations lack anti-phishing controls beyond default spam filters, and nearly 99% have not implemented secure email transfer protocols. "Phishing attacks have evolved—they're faster, smarter, and relentless," noted Paubox CEO, Hoala Greevy. "It's not about one-off scams anymore; it's deception at scale." Beyond the breach When breaches occur, small practices face the same serious consequences as large health systems. Recent examples from the past year include: Solara Medical : $9.76 million class-action settlement following a phishing attack : $9.76 million class-action settlement following a phishing attack Sunrise Community Health : Email compromise affecting 54,000+ patients : Email compromise affecting 54,000+ patients Salud Family Health: Phishing attack exposing 80,000+ records Even smaller penalties come with major operational costs. Agape Health, a North Carolina clinic, paid $25,000 for emailing protected health information unencrypted to the wrong recipient, while Vision Upright MRI faced a $5,000 fine plus two years of federal monitoring after a server breach exposed over 21,000 individuals' medical imaging records. In 2025, healthcare breaches took an average of 224 days to detect and another 84 days to contain—over 10 months total. Without proper audit trails, many small organizations lack the systems to spot breaches until it's too late. Stretched thin and vulnerable The survey found that small healthcare practices are operating under dangerous constraints that create the perfect storm for security failures: One-third report not having enough time for compliance tasks—meaning critical security measures get pushed aside during busy patient care schedules. The same number have no clear policies or procedures in place, leaving staff to make up security protocols on the fly. Only half have phishing or spoofing protection enabled, despite facing the same sophisticated attacks that target major health systems. Meanwhile, the average small healthcare employee has access to more than 5,500 sensitive files—creating massive exposure when those unprotected phishing emails inevitably get through. This combination of time pressure, unclear guidance, and broad data access means a single clicked link can expose thousands of patient records. It's a vulnerability that cybercriminals are increasingly exploiting. What HIPAA investigators look for When HHS investigators arrive after a breach, they look for specific documentation that most small practices can't provide: Proof that protected health information was encrypted in transit—not just that platforms "support" encryption Audit logs showing who sent what to whom and whether it was properly protected Evidence of risk assessments documenting understood vulnerabilities Incident response procedures for when things go wrong "Every organization, no matter the size, is required to comply with the HIPAA Security Rule," emphasized Melanie Fontes Rainer, Director of the HHS Office for Civil Rights. "Risk assessments are not optional—they're foundational." The path forward With federal enforcement ramping up and cybercriminals increasingly targeting small practices, the window for voluntary compliance is closing fast. The practices that are getting ahead of this crisis share a common strategy: they've stopped relying on overworked staff to make perfect security decisions every time. Instead, they're implementing systems that encrypt every message automatically, maintain detailed audit trails without extra effort, and block phishing attacks before employees ever see them. "The cost of compliance is far less than the cost of a breach," the survey noted—and recent settlements prove it. At $25,000 to $9.76 million per incident, even "small" violations can devastate a practice's finances and reputation. For the 90% of healthcare providers operating as small organizations, the math is simple: invest in automated protection now, or face the much higher costs of breach response, federal penalties, and lost patient trust later. The choice is becoming less optional every day. The complete report, "What small healthcare practices get wrong about HIPAA and email security," is available for download at About Paubox Paubox is a leader in HIPAA compliant communication and marketing solutions for healthcare organizations. According to G2 rankings, Paubox leads the industry for Best Secure Email Gateway, Email Security, HIPAA Compliant Messaging Software, and Email Encryption solution, and is the only HIPAA compliant email company listed on G2's 2025 Best Healthcare Software Products. Paubox solutions include Paubox Email Suite, Paubox Marketing, Paubox Email API, Paubox Forms, and Paubox Texting. Launched in 2015, Paubox is trusted by over 7,000 healthcare organizations, including Cost Plus Drugs, Covenant Health, Devry University, and SimonMed Imaging.
Yahoo
2 days ago
- Yahoo
HoneyNaps Launches Cloud Version of AI Sleep Diagnostic Software "SOMNUM™" at SLEEP 2025
HIPAA-compliant cloud-based service provides diagnostic reports via the web with no installation required AI-powered trial service offered, highlighting potential for hospital-specific integration Presented performance of heart rate-based sleep stage estimation algorithm through oral and poster presentations BOSTON, Aug. 19, 2025 /PRNewswire/ -- HoneyNaps, a medical AI diagnostics company, showcased both its technological capabilities and research achievements at SLEEP 2025, the world's largest sleep medicine conference held in Seattle, USA, from June 8 to 11. SLEEP 2025 is a prestigious international conference co-hosted by the American Academy of Sleep Medicine (AASM) and the Sleep Research Society (SRS), drawing approximately 5,000 sleep professionals and featuring over 1,000 of the latest research presentations. HoneyNaps has been the only Korean company to participate in the conference for four consecutive years since 2022. At this year's conference, the company further reinforced its academic credibility through both oral and poster presentations. Notably, in an oral presentation titled "Development and Evaluation of an Exclusively ECG-based Deep Learning Model for Sleep Staging," the company introduced a deep learning model that reliably classifies sleep stages using single-lead ECG signals, demonstrating significantly improved accuracy over conventional methods. At its exhibition booth, HoneyNaps drew attention by unveiling SOMNUM™ Cloud, an AI solution for automated analysis of polysomnography (PSG) data. Users can upload EDF files extracted from PSG devices to the cloud, where the AI engine automatically analyzes the data and generates a comprehensive report — easily downloadable online with no software installation required. During the conference, HoneyNaps offered a free trial consisting of three AI analyses, enabling visitors to experience SOMNUM Cloud in a clinical-like setting. The hands-on program was met with enthusiastic feedback from U.S. sleep physicians and RPSGTs (Registered Polysomnographic Technologists). Taekyoung (Sean) Ha, PhD, President of HoneyNaps USA, stated, "With its cloud-based architecture, streamlined implementation process, and HIPAA compliance, more than 100 U.S. medical institutions expressed interest in potential adoption. We also held individual meetings with leading global sleep companies to discuss potential strategic collaborations". For further information, please contact:HoneyNaps USA, Kwon / Managing DirectorEmail: sleep@ #517, SPACES, 361 Newbury Street, Boston, MA, 02115Website: View original content to download multimedia: SOURCE HoneyNaps Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
