Compliance and Regulations

A $3.45 million settlement was proposed to resolve a combined class action lawsuit associated with a data breach at USV Optical, a U.S. Vision subsidiary. The 2021 data breach impacted over 710,000 people, which included … Read more

Texas Retina Associates (“Texas Retina”) encountered a cyberattack that impacted over 312,000 patients. This company is the biggest ophthalmology practice with 15 practices established in Dallas, Texas. The attack involved unauthorized access to its network … Read more

It is not a violation of HIPAA to email medical records as long as the reason for emailing PHI is a required, permissible, or excepted reason under the Privacy Rule, as long as the disclosure … Read more

The digital mental health solutions company Aptihealth based in Saratoga Springs, NY has reported the exposure or theft of the protected health information (PHI) of 19,805 patients. It uses its digital platform to provide mental … Read more

Consulting Radiologists is a radiology services firm based in Edina, Minnesota. The companybegan sending personal notifications to approximately 512,000 patients impacted by a cyberattack in February 2024. Consulting Radiologists provides 22 hospitals and clinics with … Read more

Columbia University Irving Medical Center (CUIMC) submitted a data breach report to the HHS’ Office for Civil Rights on May 6, 2024 indicating that 29,629 individuals were affected. New York-Presbyterian (NYP) and CUIMC were informed … Read more

Ascension has reported the theft of files from a few servers during its latest ransomware attack. Some files included personally identifiable information (PII) and protected health information (PHI). The attackers accessed servers that were employed … Read more

The MicroDicom DICOM Viewer medical image viewer was found to have two high-severity vulnerabilities. One vulnerability can result in arbitrary code execution. The other vulnerability could enable an attacker to get sensitive data, put new … Read more

The monitoring of employees has become an indispensable practice for organizations to guarantee security, productivity, and compliance with regulations. Sensitive patient data is handled in the healthcare sector every day, making the stakes even higher. … Read more

Senate Finance Committee chair, Senator Ron Wyden sent a letter to the Department of Health and Human Services (HHS) through Secretary Xavier Becerra asking big healthcare organizations to improve their cybersecurity protocols. One factor in … Read more

Revenue cycle management company, Designed Receivable Solutions based in Cypress, CA, is facing a class action lawsuit associated with a data breach that impacted more or less half a million people. The company detected an … Read more

Certified Community Behavioral Health Clinic, Texas Panhandle Centers (TPC) based in Amarillo, TX uncovered unauthorized access to its computer network and the compromise of 16,394 patients’ personal data and protected health information (PHI). TPC, which … Read more

The Final Rule ensures the privacy protection of the health records of women, their members of the family, and physicians who are seeking, getting, offering, or assisting legal reproductive health care. The Biden-Harris Administration and … Read more

The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) is warning the healthcare and public health (HPH) sector concerning business email compromise (BEC) attacks. BEC attacks refer to a type … Read more

What is a class action? Since the 1820 case of West v. Randall, the class action lawsuit has been firmlyestablished as a powerful tool in the federal judicial system of the USA. A class actionenables … Read more

11 Vulnerabilities Discovered in GE HealthCare Ultrasound Products About 12 vulnerabilities were discovered in GE HealthCare Vivid Ultrasound devices that threat actors can exploit to access and modify patient information, and possibly install ransomware to … Read more

The way to make ChatGPT HIPAA compliant is to deploy anonymizing software between users and the ChatGPT program in order that no Protected Health Information is disclosed to ChatGPT. However, when using this solution, it … Read more

Settlement Offered to Settle Gifted Healthcare Data Breach Lawsuit Gifted Healthcare has offered to settle a class action lawsuit that claimed negligence for not implementing appropriate cybersecurity steps that resulted in a data breach. The … Read more

BianLian Threat Group Attacks Tennessee Eye Clinic Network Politzer and Durocher, PLC, also called Optometric Physicians of Middle Tennessee (OPMT), submitted a hacking incident report to the HHS Office for Civil Rights that impacted the … Read more

Orrick, Herrington & Sutcliffe Pay $8 Million to Settle Class Action Data Breach Lawsuit The law agency Orrick, Herrington & Sutcliffe based in San Francisco, CA is paying $8 million to settle a class action … Read more

Planned Parenthood Los Angeles Settles Class Action Data Breach Lawsuit for $6 Million Reproductive healthcare services provider Planned Parenthood Los Angeles located in Los Angeles County proposed a $6 million settlement to take care of … Read more

The challenge with social media and HIPAA compliance is that covered entities and business associates cannot disclose Protected Health Information unless the disclosure is permitted by the Privacy Rule. This restriction should apply to members … Read more

The way to make Microsoft 365 HIPAA compliant so it can be used to create, receive, store, or transmit Protected Health Information is to subscribe to a plan that supports HIPAA compliance and configure each … Read more

The way to make Google Workspace HIPAA compliant is to subscribe to a Workspace Plan that supports HIPAA compliance, agree to the terms of Google’s Business Associate Addendum, and configure the core services included in … Read more

HHS Offers Guidance on Credential Harvesting Mitigations The Health Sector Cybersecurity Coordination Center (HC3) has given a healthcare and public health (HPH) sector advisory regarding credential harvesting, a frequent tactic employed in cyberattacks on the … Read more

Zelle does not need to be HIPAA compliant before covered entities can use the fund transfer service to collect payments from patients and plan members because of an exemption in HIPAA for payment processors. However, … Read more

It is necessary for Ivy Pay to be HIPAA compliant if a healthcare provider who qualifies as a HIPAA covered or hybrid entity wants to use the payment processing software for functions that involve uses … Read more

50,000-Record Data Breach at Valley Oaks Health, Indiana Valley Oaks Health based in Niles, IL recently informed 50,352 persons concerning a breach of its system environment. Unauthorized persons acquired access to sections of its system … Read more

The HIPAA security audit requirements are that covered entities and business associates conduct a thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of PHI and implement security measures sufficient … Read more

PayPal does not need to be HIPAA compliant to accept payments for healthcare due to an exemption in HIPAA that applies to all banks and financial institutions for payment processing. However, banks and financial institutions … Read more

The Department of Health and Human Services (HHS), through its Office of the National Coordinator for Health Information Technology (ONC), recently announced the expansion of the Trusted Exchange Framework and Common Agreement (TEFCA) with two … Read more

OpenAI’s ChatGPT Faces Data Protection Challenges in Italy. In a press release published on Monday January 29, the italian data protection authority, Garante, has taken a firm stance against OpenAI, the company behind ChatGPT, for potential … Read more