Compliance and Regulations

Does HIPAA apply after Death?

HIPAA continues to apply after a person’s death, ensuring the ongoing protection of sensitive health information, preserving the privacy and security of protected health information (PHI) beyond an individual’s lifetime, and establishing guidelines that govern the proper handling, disclosure, and retention of such information, thereby emphasizing the significance of maintaining confidentiality and integrity even in the post-mortem phase of an individual’s healthcare journey.

Revised Pennsylvania Breach of Personal Information Notification Act and New StopRansomware Guide

The 2022 change to the Pennsylvania Breach of Personal Information Notification Act (BPINA) is currently in force. The revision extended the definition of personal data adding medical data, medical insurance details, and usernames along with a security question/answer or a … Read more

SuperCare’s Proposed Data Breach Settlement and the Lawsuit Against University of Iowa Hospitals and Clinics

SuperCare Offers to Pay $2.25 Million to Resolve Data Breach Lawsuit SuperCare, a home care service provider in California, has offered to pay $2.25 million to settle a class action lawsuit associated with a 2021 hacking incident wherein the protected … Read more

Lawsuits Against One Brooklyn Health, 90 Degree Benefits, and Lehigh Valley Health Network

One Brooklyn Health Faces Lawsuit Over 235K-Record Data Breach One Brooklyn Health based in New York City manages three acute care hospitals, namely Interfaith Medical Center, Brookdale Hospital Medical Center, and Kingsbrook Jewish Medical Center. A class-action lawsuit has been … Read more

Why is HIPAA training important?

HIPAA training is important because it ensures compliance with the Health Insurance Portability and Accountability Act (HIPAA), protects patient privacy and confidentiality, promotes data security and breach prevention, and fosters a culture of legal and ethical compliance in healthcare organizations. … Read more

Proposed HIPAA Privacy Rule Update and CISA’s Updated Zero Trust Maturity Model

The HHS’ Office for Civil Rights has issued a Notice of Proposed Rulemaking (NPRM) concerning a  HIPAA Privacy Rule update to reinforce the protection of privacy for reproductive health information. The proposed revision is in response to the decision of the Supreme … Read more

Health-ISAC Report on Present and Upcoming Cyber Threats to the Healthcare Industry

Ransomware and phishing are still the biggest concerns in terms of cybersecurity for healthcare providers based on Health-ISAC’s Current and Emerging Healthcare Cyber Threat Landscape report for February 2023. The joint report by Booz Allen Hamilton Cyber Threat Intelligence (CTI) … Read more

HIPAA Privacy Rules

The HIPAA Privacy Rule is a set of federal regulations that protect patients’ medical records and other personal health information maintained by covered entities, including health insurers, healthcare providers, and healthcare clearinghouses, requiring these entities to implement safeguards to protect … Read more

Lehigh Valley Health Network and Maternal & Family Health Services Face Lawsuit Over Ransomware Attack

Lehigh Valley Health Network (LVHN) is facing a lawsuit om association with its latest BlackCat ransomware attack. The attack resulted in the encryption of files after exfiltrating data as is common in ransomware attacks; nevertheless, the attack was distinct because … Read more

DoppelPaymer Ransomware Core Members and Medicare Beneficiary Identifier Theft Conspirator Arrested

DoppelPaymer Ransomware Core Members Arrested in Europol-Driven Operation Two persons alleged of being key DoppelPaymer ransomware group members were detained — one by the police in Germany and another by the Ukrainian Police officers and Ukraine German Regional Police. It … Read more

Why is HIPAA important to patients?

HIPAA is important for patients because it protects their sensitive health information, protects their privacy rights, fosters trust in healthcare providers, and gives them more control over their personal data, ultimately improving the quality of care and promoting patient-centricity in … Read more

Why does HIPAA benefit patients?

HIPAA benefits patients by safeguarding their privacy and security, empowering them with control over their health information, fostering trust in healthcare providers, promoting patient-centered care, and preserving the ethical principles of confidentiality and autonomy within the healthcare system. HIPAA plays … Read more

What are the benefits of HIPAA training?

The benefits of HIPAA training include improved understanding and compliance with privacy and security regulations, reduced risk of data breaches and costly penalties, enhanced protection of sensitive patient information, increased trust from patients and stakeholders, and the establishment of a … Read more

Ransomware Income Decrease as Victims Decline to Pay Ransoms

Ransomware groups are profiting less from their attacks as fewer victims give ransom payments to get the decryption keys and keep the stolen data from being exposed, according to two newly revealed reports from the ransomware remediation company, Coveware, and … Read more

Ethics, the Challenge of Using AI in Healthcare

Based on a survey performed by Dataiku in 2020, the main organizational challenge that delays the use of AI in healthcare settings is ethics. Even though particular concerns vary by company, the concerns could typically be classified as informed permission … Read more

Why is HIPAA important for billing and coding?

HIPAA is important for billing and coding because it establishes strict regulations and safeguards to protect the privacy and security of patients’ health information, ensuring that medical billing and coding professionals keep sensitive data confidential and secure throughout the healthcare … Read more

Diagnostic Lab Resolves Medical Record Access Case for $16,500

The HHS’ Office for Civil Rights (OCR) made an announcement of its first HIPAA enforcement action for 2023. The OCR is reminding HIPAA-covered entities of their responsibility to provide people and their personal representatives with prompt access to their health … Read more

2023 Version of HITRUST Cybersecurity Framework Released

The information risk management, standards, and certification agency, HITRUST, made an announcement that it is going to release a new version of its well-known cybersecurity framework this January. HITRUST CSF Version 11 includes a number of enhancements to make sure … Read more

What is HIPAA and why is it important?

HIPAA is a federal law that safeguards patients’ protected health information, promotes efficient healthcare transactions, ensures data security and privacy, fosters patient trust, and upholds ethical standards in the healthcare industry. HIPAA is a complete set of laws and standards … Read more

New Proposed Rule by HHS to Enforce HIPAA Standard for Healthcare Attachments and Electronic Signatures

The Secretary of the Department of Health and Human Services (HHS) has a new proposed rule that will call for the use of criteria for healthcare transactions and electronic signatures utilized together with those transactions to support healthcare cases and … Read more

Guide Published for Evaluating and Enhancing Connected Medical Device Security

One of the major cybersecurity issues in healthcare is the safety of medical devices. Hospitals still use a lot of connected healthcare devices and in so doing they considerably expand the attack surface. A new survey identified a connection between … Read more

Forefront Dermatology Negotiates $3.75 Million Settlement to Take Care of Ransomware Lawsuit

The dermatology practice, Forefront Dermatology, based in Wisconsin has decided to settle a class action lawsuit filed on behalf of patients who had their protected health information (PHI) compromised in a ransomware attack in late May 2021. Forefront Dermatology has … Read more

Up to 1.5 Million Patients Affected by Adding a Tracking Code to the Community Health Network Website

Community Health Network in Indiana is the most recent healthcare company to announce the impermissible disclosure of protected health information (PHI) of patients to Google and Meta/Facebook as a result of adding their tracking code on its web pages. Based … Read more

EyeMed to Pay $4.5 Million Penalty for Phishing Attack and Data Breach of 2.1M-Record

The New York State Department of Financial Services (DFS) has decided to resolve an investigation of EyeMed Vision Care (EyeMed) into possible violations of the DFS Cybersecurity Regulation for $4.5 million. EyeMed based in Ohio is a licensed medical insurance … Read more

What Happens In Case a HIPAA Complaint is Filed?

When a HIPAA complaint is submitted, what happens next depends on who it is filed with, the nature of the complaint, and whether the complaint is valid. After registering with a healthcare company or becoming a group health plan member, … Read more

Health-ISAC Releases Guidance to help CISOs Implement Zero Trust Security Architectures

Health-ISAC has publicized a white paper to help guide healthcare CISOs planning to employ zero trust security architectures. The standard security approach is to set up border defenses in order to keep unauthorized persons out. Although this security strategy has … Read more

Florida Orthopaedic Institute to Pay $4 Million to Settle Class Action Data Breach Lawsuit

Florida Orthopaedic Institute has offered to pay $4 million to settle claims from patients impacted by a data breach in 2020. In April 2020, Musculoskeletal Institute, doing business as Florida Orthopaedic Institute, found that an unauthorized third party had acquired … Read more

55% of Healthcare Providers Encountered a Third-Party Data Breach in the Past Year

Cyberattacks on firms are growing year over year throughout all industry segments. Cyberattacks involving third parties also increased. From the perspective of a cyber threat actor, it is more practical to attack a vendor for instance a managed service provider, … Read more

Senators Ask Mental Health App Companies Concerning Privacy and Data Sharing Practices

Senators Ron Wyden (D-OR), Cory Booker (D-NJ), and Elizabeth Warren (D-MA) wrote to two major mental health app vendors and required replies regarding their practices regarding information collection and disclosure. There were a number of allegations that the mental health … Read more

Patient Data Compromised Due to Data Breaches in 3 HIPAA-Covered Entities

Texas Tech University Health Sciences Center has reported the compromise of the protected health information (PHI) of 1,290,104 individuals due to a data breach that happened at Eye Care Leaders, its electronic medical record provider. Eye Care Leaders stated it … Read more

ONC and OCR Launch Modified Security Risk Assessment Tool

The latest version of the HHS Security Risk Assessment (SRA) Tool has been released by the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC). … Read more

OCR to Create Video on Recognized Security Practices in the HITECH Act

The HHS’ Office for Civil Rights (OCR) is creating a video to support HIPAA-regulated entities in carrying out “Recognized Security Practices.” The Health Information Technology for Economic and Clinical Health (HITECH) Act was lately modified (Public Law 116-321) to necessitate … Read more

Injured Workers Pharmacy Faces Legal Action Due to Email Account Breach

The law agency Morgan & Morgan filed a class-action lawsuit in the U.S. District Court for the District of Massachusetts against Injured Workers Pharmacy (IWP) in relation to a breach of the personal records of 75,771 consumers. IWP is a … Read more

Solara Medical Supplies will Pay $9.76 Million to Resolve Data Breach

Solara Medical Supplies offered to pay $9.76 million to resolve a class-action lawsuit in connection with a 2019 data breach. This offer has gotten initial approval from the court. Solara Medical Supplies, which supplies products and services to help people … Read more

New Framework for Examining the Privacy, Security, and Safety of Electronic Health Technologies

The American Telemedicine Association (ATA), American College of Physicians (ACP), and the Organization for the Review of Care and Health Applications (ORCHA) have worked together to make a new system for examining digital health technologies employed by healthcare specialists and … Read more

SuperCare Health Faces Lawsuit Concerning 318,000-Record Data Breach

A lawsuit has been filed against the in-home respiratory care provider, SuperCare Health, as a result of a cyberattack and data security breach report submitted to the Department of Health and Human Services on March 28, 2022. The incident involved … Read more

Dental Practices Penalized for Breach of HIPAA Rules

$50,000 Civil Monetary Penalty Issued to Dental Practice for Social Media HIPAA Violation OCR investigated Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A., (UPI), a dental practice operating offices in Charlotte and Monroe, NC because a patient sent a complaint … Read more

Security Breaches Reported by Chelan Douglas Health District, Liberty of Oklahoma Corporation, and East Tennessee Children’s Hospital

Chelan Douglas Health District located in East Wenatchee, WA, has reported that it encountered a cyberattack last July 2021 wherein the personal data and protected health information (PHI) of patients was stolen from its network. The breach notice posted on … Read more

OCR: HIPAA Security Rule Compliance Could Avert and Mitigate the Majority of Cyberattacks

Healthcare hacking incidents are continuously growing for a few years. Hacking/IT incidents increased by 45% between 2019 and 2020. In 2021, 66% of breaches involving unsecured electronic protected health information (ePHI) were due to hacking and also other IT incidents. … Read more

HIPAA Policies and Procedures

The development, observance, and enforcement of HIPAA guidelines and procedures is the foundation of HIPAA compliance. If there are no policies and procedures to give instructions, employees of Covered Entities and Business Associates are going to be uninformed of how … Read more

PHI of 10,000 Persons Compromised Caused by Houston Health Department Portal Glitch

The Houston Health Department has recently reported the compromise of personal data and COVID-19 test results of 10,291 people on the internet because of a technical problem with its webpage. The issue made it possible for roughly 3,500 website users … Read more

Sea Mar Community Health Centers Confronting Class Action Lawsuit Because of 688,000-Record Data Breach

Sea Mar Community Health Centers located in Seattle, WA is confronted with a class-action lawsuit because of a cyberattack that led to the exposure of the protected health information (PHI) of 688,000 persons. The breach was uncovered in June 2021 … Read more

Deadline for Reporting 2021 PHI Breaches Affecting Fewer Than 500 People

The Health Insurance Portability and Accountability Act’s (HIPAA) Breach Notification Rule puts a rigid time frame on sending notifications to people whose protected health information (PHI) was breached or impermissibly disclosed. The max time limit is 60 days since the … Read more

Due date for Giving GAO the Comments on HHS Data Breach Reporting Prerequisites is on February 4, 2022

The Government Accountability Office (GAO) has started a quick response survey of healthcare companies and business associates under the Health Insurance Portability and Accountability Act (HIPAA) to obtain comments on their experiences sending data breach reports to the Secretary of … Read more

Class Action Lawsuit Filed Versus Memorial Health System Because of August 2021 Cyberattack

Marietta Area Health Care Inc., dba Memorial Health System, is dealing with a class-action lawsuit with regards to a cyberattack and data breach that Memorial Health System discovered on August 14, 2021. As per the investigation, it was established the … Read more

Accellion Offers $8.1 Million Settlement for Class Action FTA Data Breach Case

The technology company Accellion based in Palo Alto, CA offered an $8.1 million settlement to handle a class action data breach legal action that was submitted on behalf of affected individuals of the attack on the Accellion File Transfer Appliance … Read more

What are the Penalties for HIPAA Violations?

The Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general are authorized to issue penalties for HIPAA violations. Besides paying financial penalties, covered entities must follow a corrective action plan to have policies and … Read more

State Attorney General to Scrutinize Rhode Island Public Transit Authority Data Breach

The Rhode Island Public Transit Authority (RIPTA) lately informed the Department of Health and Human Services’ Office for Civil Rights concerning a data breach that impacted the protected health information (PHI) of 5,015 customers of its group health plan. RIPTA … Read more

HIPAA Changes in 2020/2021 as a Result of the COVID-19 Pandemic Continue to be in Effect

The COVID-19 pandemic has not led to any long-term modifications to HIPAA, however, it has seen unmatched flexibilities announced on a non-permanent basis to make it less complicated for healthcare companies and business associates that are battling against COVID-19. In … Read more

OCR Publishes Guidance Regarding HIPAA and Disclosures of PHI for Extreme Risk Protection Orders

The Department of Health and Human Services’ Office for Civil Rights (OCR) has released new guidance to make clear how the HIPAA Privacy Law can be applied to disclosures of protected health information (PHI) to aid applications for extreme risk … Read more