Compliance and Regulations

MOVEit Hack Impacts 7 Million People from Delta Dental of California Delta Dental of California reported that it suffered from a mass exploitation conducted by the Clop hacking group of a zero-day vulnerability identified in … Read more

New York Presbyterian Hospital has decided to resolve alleged Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule violations by paying the New York Attorney General a $300,000 financial penalty. NYP manages 10 hospitals around … Read more

FDA Releases Guidance on Managing Legacy Medical Device Cybersecurity Risks The U.S. Food and Drug Administration (FDA) has released a report that recommends how to handle the cybersecurity problems of legacy medical gadgets. Legacy medical … Read more

Doctors’ Management Services Resolves OCR HIPAA Case for $100,000 The HHS’ Office for Civil (OCR) has consented to resolve an investigation of a ransomware attack and data breach that revealed several potential HIPAA Security Rule … Read more

Fairfax Oral and Maxillofacial Surgery Ransomware Attack Impacts 236,000 Individuals Fairfax Oral and Maxillofacial Surgery based in Virginia has reported the potential compromise of the protected health information (PHI) of around 235,931 persons in a … Read more

Feds Release Snatch Ransomware Alert After an Attack on Hospital The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint security alert regarding Snatch ransomware. The … Read more

Healthcare administration firms must adhere to HIPAA compliance, ensuring the confidentiality, integrity, and availability of PHI by implementing administrative, physical, and technical safeguards, thus mitigating risks of unauthorized access or disclosure and maintaining trust in … Read more

HIPAA Lawsuit Against Schneck Medical Center Resolved Schneck Medical Center based in Seymour, IN has resolved a lawsuit with Attorney General Todd Rokita of Indiana, regarding a ransomware attack and data breach in 2021 that … Read more

To ensure Clinical Research Organization HIPAA compliance, a Clinical Research Organization must systematically safeguard PHI through robust encryption and access controls, provide regular training to employees on data privacy, implement stringent data security policies and … Read more

In the field of population health management, HIPAA compliance is an important as it mandates the safeguarding of patient data and confidentiality during the collection, analysis, and sharing of health information to improve community health … Read more

A health informatics company can ensure HIPAA compliance by implementing rigorous data protection protocols, conducting regular training sessions for employees on safeguarding patient information, continuously monitoring and updating their systems to prevent breaches, and collaborating … Read more

Digital health interventions HIPAA compliance is important because it ensures that digital platforms, applications, and tools involved in delivering healthcare services adhere to the stringent standards set by HIPAA to safeguard patient data and maintain … Read more

A personal care agency can ensure HIPAA compliance by implementing rigorous data privacy and security measures, including training staff on the importance of protecting patient information, using encrypted communication and storage systems, conducting regular audits … Read more

HIPAA has the advantage of safeguarding individuals’ medical information, ensuring their privacy, and promoting standardized electronic transactions in the healthcare industry, while its drawbacks include administrative burdens, potential barriers to efficient healthcare communication, and the … Read more

Assessing your compliance with HIPAA security requirements involves conducting a comprehensive risk analysis to identify potential vulnerabilities in electronic protected health information (ePHI) handling, implementing necessary security measures to address identified risks, training staff on … Read more

HIPAA security requirements influence healthcare IT policies by mandating the safeguarding of protected health information through the implementation of administrative, physical, and technical safeguards, which leads to the adoption of measures such as regular risk … Read more

The consequences of non-compliance with HIPAA security requirements can include substantial financial penalties, potential criminal charges with imprisonment, reputational damage to the organization, loss of patient trust, potential lawsuits, increased audit scrutiny, and the burden … Read more

Implementing HIPAA security requirements in your IT infrastructure necessitates conducting a comprehensive risk analysis to identify vulnerabilities, adopting robust access controls, ensuring encrypted data storage and transmission, training staff on compliance measures, regularly auditing and … Read more

HIPAA security requirements profoundly impact telehealth by mandating safeguarding patient health information through encrypted communications, secure data storage, and strict access controls, ensuring the confidentiality of medical records during remote consultations and the integrity of … Read more

Encryption plays a major role in the HIPAA Security Requirements as it safeguards Protected Health Information (PHI) during storage and transmission, thus mitigating risks of unauthorized access or breaches and enabling healthcare entities to ensure … Read more

To train your staff on HIPAA security requirements, initiate a program that includes onboarding training for new hires, regular refreshers, providing clear patient data handling protocols, education on security threats like phishing, and fostering an … Read more

Class Action Lawsuit Filed Against Norton Healthcare Over BlackCat Cyberattack Norton Healthcare based in Kentucky operates over 140 clinics and hospitals all across Kentucky and Southern Indiana. It is confronted with a class action lawsuit … Read more

HIPAA security requirements protect patient data by mandating a combination of administrative, physical, and technical safeguards, including risk assessments, access controls, encryption, regular audits, and personnel training, to ensure the confidentiality, integrity, and availability of … Read more

Ensuring that your healthcare practice meets HIPAA security requirements is important, not just from a compliance perspective but also to uphold the trust and confidence of your patients. These requirements involve a combination of administrative, … Read more

The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers to implement administrative, physical, and technical safeguards. Which include conducting risk assessments, ensuring data integrity and confidentiality, controlling access to protected health information (PHI), … Read more

Approved Final Rule for Information Blocking Penalties of Up to $1 Million for Health IT Companies HHS-OIG already approved the civil monetary penalties for health IT companies that are found engaging in information blocking. Penalties … Read more

Under the HIPAA Breach Notification Rule, covered entities must provide notification to affected individuals without unreasonable delay and in no case later than 60 days following the discovery of a breach of unsecured PHI. According … Read more

The HIPAA law, enacted by the United States Congress to modernize the flow of healthcare information, ensure the security and privacy of patient data, and set guidelines for the handling of electronic protected health information, … Read more

When a breach in PHI security has been discovered, you should initially report it internally within your organization, typically to your supervisor or the designated privacy officer, and if the breach occurred at a business … Read more

SEC Postpones Final Rule on Cyber Incident Disclosures The Securities and Exchange Commission (SEC) was scheduled to release a final rule, mandating publicly traded companies to disclose important cyber breaches in their regulatory filings within … Read more

HIPAA awareness should be promoted on an ongoing basis to ensure compliance and foster a culture of privacy and security within organizations that handle Protected Health Information (PHI). HIPAA awareness should be promoted during employee … Read more

HIPAA was created to address several critical objectives in the healthcare sector, including enhancing health insurance portability, safeguarding the privacy and security of protected health information (PHI), improving healthcare administration efficiency, and combating fraud and … Read more

The enforcement of the HIPAA is carried out by the Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services (HHS), with the OCR responsible for investigating HIPAA complaints, conducting compliance … Read more

Blackbaud Had No Common Law Duty to Protect the Confidentiality of Trinity Health’s Records An Indiana district court judge has decided in support of the plaintiff in a lawsuit that alleged negligence for not preventing … Read more

The acronym HITECH stands for the Health Information Technology for Economic and Clinical Health Act, a comprehensive legislation passed in 2009 as part of the American Recovery and Reinvestment Act (ARRA), which aimed to promote … Read more

In non-criminal cases, the enforcement of HIPAA is primarily handled by the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS). The OCR plays a vital role in ensuring … Read more

HIPAA continues to apply after a person’s death, ensuring the ongoing protection of sensitive health information, preserving the privacy and security of protected health information (PHI) beyond an individual’s lifetime, and establishing guidelines that govern the proper handling, disclosure, and retention of such information, thereby emphasizing the significance of maintaining confidentiality and integrity even in the post-mortem phase of an individual’s healthcare journey.

The 2022 change to the Pennsylvania Breach of Personal Information Notification Act (BPINA) is currently in force. The revision extended the definition of personal data adding medical data, medical insurance details, and usernames along with … Read more

SuperCare Offers to Pay $2.25 Million to Resolve Data Breach Lawsuit SuperCare, a home care service provider in California, has offered to pay $2.25 million to settle a class action lawsuit associated with a 2021 … Read more

One Brooklyn Health Faces Lawsuit Over 235K-Record Data Breach One Brooklyn Health based in New York City manages three acute care hospitals, namely Interfaith Medical Center, Brookdale Hospital Medical Center, and Kingsbrook Jewish Medical Center. … Read more

HIPAA training is important because it ensures compliance with the Health Insurance Portability and Accountability Act (HIPAA), protects patient privacy and confidentiality, promotes data security and breach prevention, and fosters a culture of legal and … Read more

The HHS’ Office for Civil Rights has issued a Notice of Proposed Rulemaking (NPRM) concerning a  HIPAA Privacy Rule update to reinforce the protection of privacy for reproductive health information. The proposed revision is in response to … Read more

Ransomware and phishing are still the biggest concerns in terms of cybersecurity for healthcare providers based on Health-ISAC’s Current and Emerging Healthcare Cyber Threat Landscape report for February 2023. The joint report by Booz Allen … Read more

Lehigh Valley Health Network (LVHN) is facing a lawsuit om association with its latest BlackCat ransomware attack. The attack resulted in the encryption of files after exfiltrating data as is common in ransomware attacks; nevertheless, … Read more

DoppelPaymer Ransomware Core Members Arrested in Europol-Driven Operation Two persons alleged of being key DoppelPaymer ransomware group members were detained — one by the police in Germany and another by the Ukrainian Police officers and … Read more

HIPAA is important for patients because it protects their sensitive health information, protects their privacy rights, fosters trust in healthcare providers, and gives them more control over their personal data, ultimately improving the quality of … Read more

HIPAA benefits patients by safeguarding their privacy and security, empowering them with control over their health information, fostering trust in healthcare providers, promoting patient-centered care, and preserving the ethical principles of confidentiality and autonomy within … Read more

The benefits of HIPAA training include improved understanding and compliance with privacy and security regulations, reduced risk of data breaches and costly penalties, enhanced protection of sensitive patient information, increased trust from patients and stakeholders, … Read more

Ransomware groups are profiting less from their attacks as fewer victims give ransom payments to get the decryption keys and keep the stolen data from being exposed, according to two newly revealed reports from the … Read more