Compliance and Regulations

HHS Guidelines on Cybersecurity Best Practices for Healthcare Organisations Released

The U.S. Department of Health and Human Services has issued a four-volume publication on voluntary cybersecurity best practices for healthcare organisations. The publication includes guidelines for managing cyber threats and protecting patients. It is hoped that the guidelines will help … Read more

ICS-CERT Discovers Vulnerability in Philips Health App

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about a vulnerability that has been identified in the Philips HealthSuite Health Android App which would only take a “low level” of … Read more

GDPR Violation Penalty Levied Against Hospital for First Time

The Centro Hospitalar Barreiro Montijo, near Lisbon, Portugal, has become the first hospital to be issued a penalty for violating the EU’s new General Data Protection Regulation (GDPR). The Comissão Nacional de Protecção de Dados (CNPD), the body which oversees … Read more

President Trump Signs Opioid Bill into Law

On October 26, 2017, President Donald Trump declared the opioid crisis a national public health emergency. According to the National Institute on Drug Abuse, over 100 people die every day in the United States from overdosing on opioids. Hundreds more … Read more

Anthem Settles for Record $16 Million with OCR

Anthem, Inc., a health insurance company and the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, has been levied the largest ever fine for a HIPAA violation for the February 2015 attack on their … Read more

New York Hospital Fires Employees Following Security Breach

A hospital in New York has fired several employees following a security breach. Claxton-Hepburn Medical Center, a not-for-profit 115-bed community hospital in Ogdensburg, NY, announced that several employees accessed patient protected health information (PHI) without proper authorisation to do so. … Read more

Patient Data Stolen in Legacy Health Phishing Attack

Legacy Health has announced that the PHI of 38,000 patients was stolen during a phishing attack on their facility. Legacy Health is a non-profit hospital system based in Portland, Oregon. The organisation consists of six hospitals and employs upwards of … Read more

HIPAA Encryption

The requirements HIPAA has for encryption are, at best, vague. Defined as “addressable” requirements, encryption of Protected Health Information (PHI) must be carried out by “covered entities” (CEs) whenever it is appropriate. “Addressable” is not equivalent to “optional”; instead, it … Read more

Press America Inc Faces Lawsuit Over HIPAA Breach

Press America, Inc, a mail service used by a pharmacy benefit manager CVS Pharmacy, is being sued for the occurrence of an accidental disclosure of 41 people’ protected health information. As a subcontractor to supply a mail-order pharmacy service for the … Read more

Iliana Peters Now Acting Deputy at the OCR

OCR’s Iliana Peters has stepped in to replace Deven McGraw, Deputy Director for Health Information Privacy at the Department of Health and Human Services’ Office for Civil Rights (OCR), in an interim role. Peters will serve as Acting Deputy Director … Read more

HIPAA Laws

The HIPAA laws – sometimes known as the HIPAA Rules or the HIPAA regulations – are the standards contained within the Administrative Simplification provisions of the Healthcare Insurance Portability and Accountability Act 1996. These standards govern the way in which … Read more

HIPAA Alliance Marketplace Matches Healthcare Organizations With HIPAA-Compliant Business

This week has seen the launch of a new platform that streamlines the process of searching for HIPAA-compliant business associates. The HIPAA Alliance Marketplace has been developed to match HIPAA covered entities with trusted vendors that have been independently verified … Read more

HIPAA Compliant Business Associates Easier to Locate with New Tool

The challenge of finding HIPAA compliant business associates has been addressed with the introduction of a new tool to simplify this task. Healthcare organizations are only allowed to use business associates that comply with HIPAA Rules and sign a business associate … Read more

Improperly Configured Cloud Services in Over Half of Businesses

The healthcare sector has made great waves recently in embracing cloud based technology. Most healthcare groups now implementing secure cloud storage services to host web applications or store data which contains electronic protected health information (ePHI) pertaining to subscribers. However, … Read more

Almost 500K Records Exposed in September Healthcare Data Breaches

The Breach Barometer report from for September has been released and shows there was a significant increase in healthcare data breaches during that month. The report collates healthcare data violations reported to the Department of Health and Human Services’ Office … Read more

HIPAA Compliance and Skype: What You Need to Know

Skype and other text messaging platforms are a useful way of broadcasting information, but there are some questions to be answered in relation to HIPAA compliance of the service. There has recently been a lot of discussions and debate regarding … Read more

Proposed Rule for Certification of Compliance for Health Plans Withdrawn by HHS

The Department of Health and Human Services, at the start of 2014, completed a proposal for introducing a new rule to bring in an official certification of compliance for health plans. The proposed rule would have obligated all controlling health … Read more

Redlock Report: Cloud Storage Services are Misconfigured in over Half of Businesses

According to a recent study by cloud threat defense firm RedLock, more than half of businesses have made mistakes that have exposed sensitive data in the cloud. The report reveals that as muc as 53% of organizations are not following established security … Read more

Should Identity Theft Protection Services Be Offered to Data Breach Victims Under HIPAA?

The HIPAA Breach Notification Rule stated that covered bodies must advise people once their ePHI has been compromised. It is less clear if it is a requirement that credit monitoring and identity theft protection services should be be offered to those affected. … Read more

GDPR Leads Lloyds to Alter Marketing Campaigns

Lloyds Banking Group has taken steps to introduce new marketing campaigns due to the coming introduction of the European Union’s GDPR legislation, a new set of guidelines on data privacy and security. Lloyds is moving from product-focused campaigns to the content-focused … Read more

OCR Issue Clarification on HIPAA Disclosure Rules

The Department of Health and Human Services’ Office for Civil Rights OCR, has, following the recent attacks in Las Vegas, moved to issue a clarification on HIPAA Rules regarding disclosures to family, friends and other people. In the aftermath of … Read more

Data Breach at Med Center Health affects almost 160,000 of its Patients

The FBI has been investigating a large Med Center Health data breach that affects many affiliates and approximately 160,000 patients. Hackers are not believed to be responsible for the Med Center Health data breach, in fact it is thought that … Read more

February Sees Dramatic Rise in Insider Healthcare Data Breaches

In its most recent healthcare data breach report. Protenus has indicated that the month of February witness a significant increase in insider healthcare data breaches. The February Breach Barometer report shows that there were 31 reported healthcare data breaches during … Read more

Highmark BCBS of Delaware Probes Data Break Impacting 19K People

Highmark BlueCross BlueShield of Delaware is probing a data break which has affected 19,000 payees of employer-paid health policies. The data break affects 2 contractors of Highmark BCBS – BCS Financial Corporation and Summit Reinsurance Services. Highmark BSBC director of … Read more

$475K Settlement for Late HIPAA Break Notice

The Division of Health and Human Services’ OCR has publicized the 1st HIPAA payment of current year. This is additionally the 1st settlement so far exclusively based on a needless delay to break notice after the revelation of patients’ safeguarded … Read more

UMass to Pay the Office for Civil Rights $650K to Settle HIPAA Breaches

The Division of Health and Human Services’ OCR has consented to a $650K agreement with University of Massachusetts Amherst (UMass). The agreement solves HIPAA breaches that caused the UMass undergoing a malware contagion in 2013. In early 2013, a malevolent … Read more

St. Joseph Health to make Payment of OCR $2.14 Million to Resolve HIPAA Case

The Division of Health and Human Services’ OCR has declared it has decided to resolve possible breaches of the HIPAA Security and Privacy Laws with St. Joseph Health (SJH). St. Joseph Health has to pay $2,140.50 to OCR and implement … Read more

Assistance on HIPAA as well as Cloud Computing Released by HHS

The Division of Health and Human Services has issued revised advice on cloud computing and HIPAA to assist protected bodies to take benefit of the cloud devoid of endangering a HIPAA breach. The key emphasis of the help is the … Read more

$400K HIPAA Payment for BAA Failures

The Section of Human and Health Services’ OCR has stated it has concluded an agreement with Care New England Health System (CNE) to settle suspected breaches of the HIPAA. CNE should reimburse a financial fine of $400K and should implement … Read more

Revised Safety Risk Evaluation Device Announced by ONC

OCR has a preference to resolve HIPAA conformity problems through voluntary conformity as well as non-punitive ways, even though financial fines are these days becoming more usual. If OCR detectives discover HIPAA breaches, financial fines might be imposed. Penalties of … Read more

Biggest Ever HIPAA Agreement: Advocate Health to Reimburse OCR $5.5 Million

Previous month, the Department of Health and Human Services’ OCR publicized 2 huge agreements with protected entities to settle suspected HIPAA breaches. Nevertheless, even the $2.7 million, as well as, $2.75 million settlements at UMMC and  OHSU  were not big as … Read more

2.75 Million Dollar HIPAA Agreement Achieved with UMMC

Immediately after the 2.7 million HIPAA break agreement with OHSU comes news of one more multi-million-dollar agreement with one more university. The Division of Health and Human Services’ OCR declared four days ago that University of Mississippi Medical Center (UMMC) … Read more

Oregon Health & Science Varsity to Pay The Office for Civil Rights $2.7 Million for 2013 Data Breaks

Oregon Health & Science University (OHSU) has consented to resolve a lawsuit with the Division of Health and Human Services’ OCR originating from 2 data breaks suffered in 2013. A fine of $2.7 million will be funded by OHSU to … Read more

Philadelphia BA Agrees to $650K OCR Payment

The Division of Health and Human Services’ OCR issued particulars of a settlement which was concluded with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) on June 24, 2016.  CHCS has approved to settle down suspected HIPAA breaches … Read more

$1.55 Million HIPAA Agreement for Want of BAA as well as Risk Study Failures

The Division of Health and Human Services’ OCR has declared it has achieved an agreement with North Memorial Health Care of Minnesota on suspected HIPAA breaches from a 2011 data break. North Memorial has consented to pay $1,550,000 to OCR to … Read more

HIPAA Business Associate Informs 31K Record Data Violation

Omaha-based Seim Johnson, a commercial partner of several healthcare providers in Nebraska and outside, has declared that one of its laptops was thieved in Nashville, Tennessee, revealing almost 31,000 healthcare patient files. The laptop had the protected health information of … Read more

Apple Health HIPAA Violation Affects 91K Medicaid Receivers

As per a statement released by Steve Dotson, HCA risk manager, a Washington State Health Care Authority (HCA) worker has breached the safeguarded health info of 91,000 Apple Health Medicaid package customers over a duration of nearly 3 years. All … Read more

Two Employees Sacked for Jason Pierre-Paul HIPAA Violation

Earlier in July 2015, Jason Pierre-Paul, New York Giant football team member paid a visit to Jackson Memorial Hospital of Miami for medication following a fireworks mishap. News reports appeared soon after verifying Pierre-Paul had undergone a major hand damage. … Read more

Borgess Rheumatology Notifies 700 Patients of Mailing Mistake

Borgess Rheumatology has notified that 700 of its patients have been affected by a mailing mistake which happened on December 9, 2015. That revealed their PHI. Although no Social Security numbers or other extremely confidential data have been revealed, concerned … Read more

Lincare Inc to Disburse $239,800 CMP for HIPAA Infringement

For just the second time in its past, OCR has instructed a HIPAA-covered body to disburse civil fiscal fines for HIPAA infringements. Lincare Inc. is needed to pay $239,800 for breaches of the HIPAA Secrecy Law which were found during … Read more

Survey Shows Law Companies are not Complying with HIPAA Regulations

The Health Insurance Portability and Accountability Act (HIPAA) deals with health insurers, healthcare providers, and healthcare clearinghouses, and all covered entities are required to comply with HIPAA Privacy, Security, and Infringement Announcement Laws. HIPAA additionally applies to vendors as well … Read more

Snapchat Video Post Results Nursing Assistant Sacking

A nursing helper from the Parkside Manor assisted-living service in Kenosha, WI. has been sacked for showing a video of a nearly nude 93-year-old Alzheimer’s patient as well as distributing the file on Snapchat. In recent months an unpleasant tendency … Read more

ONC Publicizes Final 10-Year Interoperability Program

On Tuesday, the Office of the National Coordinator for Health IT announced the long-anticipated final 10-Year Interoperability Program. After the announcement of the draft form of the program in January 2015, the Office of the National Coordinator wanted remarks from … Read more

Existing Risk of Scam from 2012 Philadelphia Ambulance HIPAA Break

This week the Philadelphia Fire Department informed a data break involving 750 people who had utilized the ambulance facility in 2012. Three years before a worker of Intermedix, the company accustomed to managing the Fire Department’s data requirements, had been … Read more

Indiana Attorney General Announces $12,000 HIPAA Penalty for Discarded PHI

The Indiana Attorney General’s Office has announced its first penalty for Health Insurance Portability and Accountability Act violations pursuant to part 13410(e) of the HITECH Act. The penalty of $12,000 was imposed on ex Kokomo dentist, Joseph Beck, for unlawfully … Read more

Business Associates Constitute 40 Percent of HIPAA Breaks

In the 1st quarter of 2013, 40 percent of all HIPAA breaks involving the revelation of PHI that affected over 500 people were the consequence of the acts of BAs of HIPAA–protected entities. The problem seems to be increasing because … Read more

Highmark Branch Visionworks Struck by 75K HIPAA Break

Highmark Inc., the Pennsylvania-based health Insurance business, has declared today that Visionworks, one of its branches, has misplaced a computer server having the medical files of roughly 75,000 patients. The medicinal information saved on the server contained particulars of patients’ … Read more

Boston Business Associate Sacked Over 15K HIPAA Violation

MDF Transcription Services, a Business Partner of Boston Medical Center, has been sacked after a HIPAA breach that revealed the secret data of roughly 15,000 people when their information was publicized on an unsafe transcription website. The HIPAA breach wasn’t … Read more

HIPAA Violations Cost Healthcare Industry $5.6 Billion a Year

A latest statement from the Ponemon Institute has emphasized the gravity of the danger from cyber-attacks and must serve as a notice to healthcare providers that they should improve data safety. The cost to the industry is substantial. Data violations are projected … Read more

Idaho State University Instructed to Pay $400K Settlement for HIPAA Violation

Disobeying HIPAA rules can incur severe fines, as found by Idaho State University this month. The organization has lately been compelled to settle down with the Division of Health and Human Services’ Office of Civil Rights for suspected breaches of … Read more