Compliance and Regulations

The enforcement of the HIPAA is carried out by the Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services (HHS), with the OCR responsible for investigating HIPAA complaints, conducting compliance … Read more

Blackbaud Had No Common Law Duty to Protect the Confidentiality of Trinity Health’s Records An Indiana district court judge has decided in support of the plaintiff in a lawsuit that alleged negligence for not preventing … Read more

The acronym HITECH stands for the Health Information Technology for Economic and Clinical Health Act, a comprehensive legislation passed in 2009 as part of the American Recovery and Reinvestment Act (ARRA), which aimed to promote … Read more

In non-criminal cases, the enforcement of HIPAA is primarily handled by the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS). The OCR plays a vital role in ensuring … Read more

HIPAA continues to apply after a person’s death, ensuring the ongoing protection of sensitive health information, preserving the privacy and security of protected health information (PHI) beyond an individual’s lifetime, and establishing guidelines that govern the proper handling, disclosure, and retention of such information, thereby emphasizing the significance of maintaining confidentiality and integrity even in the post-mortem phase of an individual’s healthcare journey.

The 2022 change to the Pennsylvania Breach of Personal Information Notification Act (BPINA) is currently in force. The revision extended the definition of personal data adding medical data, medical insurance details, and usernames along with … Read more

SuperCare Offers to Pay $2.25 Million to Resolve Data Breach Lawsuit SuperCare, a home care service provider in California, has offered to pay $2.25 million to settle a class action lawsuit associated with a 2021 … Read more

One Brooklyn Health Faces Lawsuit Over 235K-Record Data Breach One Brooklyn Health based in New York City manages three acute care hospitals, namely Interfaith Medical Center, Brookdale Hospital Medical Center, and Kingsbrook Jewish Medical Center. … Read more

HIPAA training is important because it ensures compliance with the Health Insurance Portability and Accountability Act (HIPAA), protects patient privacy and confidentiality, promotes data security and breach prevention, and fosters a culture of legal and … Read more

The HHS’ Office for Civil Rights has issued a Notice of Proposed Rulemaking (NPRM) concerning a  HIPAA Privacy Rule update to reinforce the protection of privacy for reproductive health information. The proposed revision is in response to … Read more

Ransomware and phishing are still the biggest concerns in terms of cybersecurity for healthcare providers based on Health-ISAC’s Current and Emerging Healthcare Cyber Threat Landscape report for February 2023. The joint report by Booz Allen … Read more

The HIPAA Privacy Rule is a set of federal regulations that protect patients’ medical records and other personal health information maintained by covered entities, including health insurers, healthcare providers, and healthcare clearinghouses, requiring these entities … Read more

Lehigh Valley Health Network (LVHN) is facing a lawsuit om association with its latest BlackCat ransomware attack. The attack resulted in the encryption of files after exfiltrating data as is common in ransomware attacks; nevertheless, … Read more

DoppelPaymer Ransomware Core Members Arrested in Europol-Driven Operation Two persons alleged of being key DoppelPaymer ransomware group members were detained — one by the police in Germany and another by the Ukrainian Police officers and … Read more

HIPAA is important for patients because it protects their sensitive health information, protects their privacy rights, fosters trust in healthcare providers, and gives them more control over their personal data, ultimately improving the quality of … Read more

HIPAA benefits patients by safeguarding their privacy and security, empowering them with control over their health information, fostering trust in healthcare providers, promoting patient-centered care, and preserving the ethical principles of confidentiality and autonomy within … Read more

The benefits of HIPAA training include improved understanding and compliance with privacy and security regulations, reduced risk of data breaches and costly penalties, enhanced protection of sensitive patient information, increased trust from patients and stakeholders, … Read more

Ransomware groups are profiting less from their attacks as fewer victims give ransom payments to get the decryption keys and keep the stolen data from being exposed, according to two newly revealed reports from the … Read more

Based on a survey performed by Dataiku in 2020, the main organizational challenge that delays the use of AI in healthcare settings is ethics. Even though particular concerns vary by company, the concerns could typically … Read more

HIPAA is important for billing and coding because it establishes strict regulations and safeguards to protect the privacy and security of patients’ health information, ensuring that medical billing and coding professionals keep sensitive data confidential … Read more

The HHS’ Office for Civil Rights (OCR) made an announcement of its first HIPAA enforcement action for 2023. The OCR is reminding HIPAA-covered entities of their responsibility to provide people and their personal representatives with … Read more

The information risk management, standards, and certification agency, HITRUST, made an announcement that it is going to release a new version of its well-known cybersecurity framework this January. HITRUST CSF Version 11 includes a number … Read more

HIPAA is a federal law that safeguards patients’ protected health information, promotes efficient healthcare transactions, ensures data security and privacy, fosters patient trust, and upholds ethical standards in the healthcare industry. HIPAA is a complete … Read more

The Secretary of the Department of Health and Human Services (HHS) has a new proposed rule that will call for the use of criteria for healthcare transactions and electronic signatures utilized together with those transactions … Read more

One of the major cybersecurity issues in healthcare is the safety of medical devices. Hospitals still use a lot of connected healthcare devices and in so doing they considerably expand the attack surface. A new … Read more

The dermatology practice, Forefront Dermatology, based in Wisconsin has decided to settle a class action lawsuit filed on behalf of patients who had their protected health information (PHI) compromised in a ransomware attack in late … Read more

Community Health Network in Indiana is the most recent healthcare company to announce the impermissible disclosure of protected health information (PHI) of patients to Google and Meta/Facebook as a result of adding their tracking code … Read more

The New York State Department of Financial Services (DFS) has decided to resolve an investigation of EyeMed Vision Care (EyeMed) into possible violations of the DFS Cybersecurity Regulation for $4.5 million. EyeMed based in Ohio … Read more

When a HIPAA complaint is submitted, what happens next depends on who it is filed with, the nature of the complaint, and whether the complaint is valid. After registering with a healthcare company or becoming … Read more

Health-ISAC has publicized a white paper to help guide healthcare CISOs planning to employ zero trust security architectures. The standard security approach is to set up border defenses in order to keep unauthorized persons out. … Read more

Florida Orthopaedic Institute has offered to pay $4 million to settle claims from patients impacted by a data breach in 2020. In April 2020, Musculoskeletal Institute, doing business as Florida Orthopaedic Institute, found that an … Read more

Cyberattacks on firms are growing year over year throughout all industry segments. Cyberattacks involving third parties also increased. From the perspective of a cyber threat actor, it is more practical to attack a vendor for … Read more

Senators Ron Wyden (D-OR), Cory Booker (D-NJ), and Elizabeth Warren (D-MA) wrote to two major mental health app vendors and required replies regarding their practices regarding information collection and disclosure. There were a number of … Read more

Texas Tech University Health Sciences Center has reported the compromise of the protected health information (PHI) of 1,290,104 individuals due to a data breach that happened at Eye Care Leaders, its electronic medical record provider. … Read more

The latest version of the HHS Security Risk Assessment (SRA) Tool has been released by the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS)’ Office of the National Coordinator … Read more

The HHS’ Office for Civil Rights (OCR) is creating a video to support HIPAA-regulated entities in carrying out “Recognized Security Practices.” The Health Information Technology for Economic and Clinical Health (HITECH) Act was lately modified … Read more

The law agency Morgan & Morgan filed a class-action lawsuit in the U.S. District Court for the District of Massachusetts against Injured Workers Pharmacy (IWP) in relation to a breach of the personal records of … Read more

Solara Medical Supplies offered to pay $9.76 million to resolve a class-action lawsuit in connection with a 2019 data breach. This offer has gotten initial approval from the court. Solara Medical Supplies, which supplies products … Read more

The American Telemedicine Association (ATA), American College of Physicians (ACP), and the Organization for the Review of Care and Health Applications (ORCHA) have worked together to make a new system for examining digital health technologies … Read more

A lawsuit has been filed against the in-home respiratory care provider, SuperCare Health, as a result of a cyberattack and data security breach report submitted to the Department of Health and Human Services on March … Read more

$50,000 Civil Monetary Penalty Issued to Dental Practice for Social Media HIPAA Violation OCR investigated Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A., (UPI), a dental practice operating offices in Charlotte and Monroe, NC because … Read more

Chelan Douglas Health District located in East Wenatchee, WA, has reported that it encountered a cyberattack last July 2021 wherein the personal data and protected health information (PHI) of patients was stolen from its network. … Read more

Healthcare hacking incidents are continuously growing for a few years. Hacking/IT incidents increased by 45% between 2019 and 2020. In 2021, 66% of breaches involving unsecured electronic protected health information (ePHI) were due to hacking … Read more

The development, observance, and enforcement of HIPAA guidelines and procedures is the foundation of HIPAA compliance. If there are no policies and procedures to give instructions, employees of Covered Entities and Business Associates are going … Read more

The Houston Health Department has recently reported the compromise of personal data and COVID-19 test results of 10,291 people on the internet because of a technical problem with its webpage. The issue made it possible … Read more

The Health Insurance Portability and Accountability Act’s (HIPAA) Breach Notification Rule puts a rigid time frame on sending notifications to people whose protected health information (PHI) was breached or impermissibly disclosed. The max time limit … Read more

The Government Accountability Office (GAO) has started a quick response survey of healthcare companies and business associates under the Health Insurance Portability and Accountability Act (HIPAA) to obtain comments on their experiences sending data breach … Read more

Marietta Area Health Care Inc., dba Memorial Health System, is dealing with a class-action lawsuit with regards to a cyberattack and data breach that Memorial Health System discovered on August 14, 2021. As per the … Read more

The technology company Accellion based in Palo Alto, CA offered an $8.1 million settlement to handle a class action data breach legal action that was submitted on behalf of affected individuals of the attack on … Read more