Compliance and Regulations

Stay up-to-date of data protection regulations updates and industry compliance standards evolution. Learn about HIPAA, GDPR and data protection laws, compliance requirements specific to your industry, and stay up-to-date on legal developments affecting security practices. Stay inform on notable data breaches and security incidents related.

Contact Tracing Survey Data of 750,000 Hoosiers Disclosed On the Web

The personal information of 750,000 Hoosiers compiled during a COVID-19 contact tracing survey done by the Indiana Department of Health was compromised on the web and downloaded by a firm not approved to gain access … Read more

Insider Breach Affects Long Island Jewish Forest Hills Hospital Patients

Long Island Jewish Forest Hills Hospital (LIJFH) has begun informing a number of patients regarding an insider data breach that affected their health records. LIJFH mentioned in its breach notification letters that it discovered an … Read more

Record GDPR Penalty of $886 Million Issued to Amazon

The Data Protection Authority of Luxembourg, Commission Nationale pour la Protection des Données (CNPD), has penalized Amazon.com with €746 million ($886 million) to settle its EU General Data Protection Regulation (GDPR) violations. Since May 25, … Read more

CaptureRx Confronting Multiple Class Action Lawsuits Due to the Ransomware Attack Impacting 2.4 Million Patients

CaptureRx, the healthcare administrative services provider is dealing with multiple class-action lawsuits for its failure to safeguard patient records, which was gotten by unauthorized people in a February 2021 ransomware attack. NEC Networks, also known … Read more

Healthcare Employees Took Legal Action Against Amazon Alleging Alexa Devices Violated HIPAA

Four healthcare employees filed a lawsuit against Amazon because allegedly their Amazon Alexa devices possibly captured conversations without their intention or permission and might have caught health data protected by HIPAA. Amazon Alexa devices listen … Read more

Bill Requiring the Texas State AG to Publish Data Breach ‘Wall of Shame’ Gets Approval

The Texas Legislature followed what California and Maine had done in approving a bill requiring the Texas Attorney General to publish notices regarding personal data breaches that affect state residents on the public-facing web portal … Read more

Bipartisan Group of Senators Present Federal Data Breach Notification Bill

A bipartisan group of senators has presented a federal data breach notification law- the Cyber Incident Notification Act of 2021 – that calls for all federal institutions, contractors, and companies that have command over critical … Read more

HSCC Requests Biden to Give Financing to Strengthen Cybersecurity Posture of the Medical Industry

The Healthcare and Public Health Sector Coordinating Council (HSCC) has prompted President Biden to give more funds and support to strengthen the cybersecurity posture of the medical care industry to boost toughness against cyberattacks. In … Read more

Is it a HIPAA Violation to Require Confirmation of Vaccine Status?

There is a lot of misunderstandings concerning the case of questioning a person if they had a COVID-19 vaccine. Is it considered a HIPAA violation, especially pertaining to employers questioning their personnel to give evidence … Read more

NIST Wants Feedback on Designed Updates to HIPAA Security Rule Implementation Guidance

The National Institute of Standards and Technology (NIST) is preparing to modify and make updates to its guidance on carrying out the HIPAA Security Regulation and is looking for ideas from stakeholders on facets of … Read more

HHS Information Blocking Regulations are Now Enforceable

Devised by the Department of Health and Human Services as part of the 21st Century Cures Act, the information blocking and interoperability regulations became enforceable on April 5, 2021. These new regulations set out what … Read more

Montefiore Medical Center Staff Laid Off and Belden Class Action Lawsuit

Montefiore Medical Center has found out that another employee accessed patient records without having any valid work reason. The report of New York hospital in February 2020 stated that an employee was identified to have … Read more

What is Texas HB 300?

What is Texas HB 300, who needs to follow the legislation, and what are the fees and penalties for failing to comply? This post talks about these and other vital questions regarding Texas HB 300. … Read more

Brandywine Urology Consultants Data Breach Lawsuit Dismissed Because of Lacking Evidence of Harm

The Delaware Superior Court dismissed a legal action filed on behalf of affected individuals of a Brandywine Urology Consultants data breach because the plaintiffs failed to present proof showing they had experienced harm because of … Read more

Twitter Paid $544,000 Penalty for its GDPR Data Breach Violations

Twitter paid a penalty of €450,000 ($544,600) for its General Data Protection Regulation (GDPR) violation. Ireland’s Data Protection Commission (DPC) issued a penalty that is related to the privacy breach report submitted by Twitter last … Read more

OCR to Have Enforcement Discretion in Relation to the Use of Internet or Cloud-based Scheduling Software for COVID-19 Vaccination Sessions

The Department of Health and Human Services’ Office for Civil Rights has stated that it is going to implement enforcement discretion and will not issue financial penalties on HIPAA-covered entities or business associates in the … Read more

M.D. Anderson Cancer Center’s $4.3 Million HIPAA Penalty Revoked on Appeal

The U.S. Court of Appeals for the Fifth Circuit has reversed the $4,348,000 HIPAA violation charges enforced by the Department of Health and Human Services’ Office for Civil Rights on the University of Texas M.D. … Read more

NCCoE Issues Guidance for Corporate-Owned Personally Enabled Devices

The National Cybersecurity Center of Excellence (NCCoE) has issued new draft NIST mobile device security guidance to help organizations mitigate the risks introduced by corporate-owned personally enabled (COPE) devices. Mobile devices are now ubiquitous in … Read more

Hurricane Dorian Triggers Limited HIPAA Waiver in Puerto Rico, Florida, Georgia and the Carolinas

The Secretary of the Department of Health and Human Services (HHS), has declared a public health emergency in Puerto Rico and the states of Florida, Georgia, and South Carolina due to Hurricane Dorian. On September … Read more

Swedish High School Issued GDPR Fine

A high school in Sweden has become the first organization to be issued a General Data Protection Regulation fine by Sweden’s Data Protection Authority (DPA). The school in Skellefteå, in the north-east of Sweden, was … Read more

Irish DPC Releases GDPR Breach Notification Guidance

The supervisory authority for the General Data Protection Regulations (GDPR) in Ireland has released a set of guidelines on issuing GDPR breach notifications.  The Irish Data Protection Commission (DPC) has stated that the guidelines aim … Read more

Kaspersky Lab Report Reveals Deficiencies in Healthcare Employee Cybersecurity Training

Kaspersky Labs has released a report revealing significant deficiencies in the cybersecurity training provided to healthcare employees.  The study was conducted by surveying 1,758 healthcare employees in the United States and Canada. Kaspersky Lab, a … Read more

Department of Veteran Affairs Office of Inspector General Uncovers Security Failings at Californian VA Center

The Department of Veteran Affairs Office of Inspector General (VA OIG) has discovered severe security failings at the Tibor Rubin VA Medical Center in Long Beach, California.  A recent inspection by the VA OIG uncovered security … Read more

HHS Issues Limited Waiver of HIPAA Sanctions and Penalties in Louisiana

In response to the Tropical Storm Barry that made landfall in Louisiana on July 13, the Secretary of the US Department of Health and Human Services has issued a limited waiver of HIPAA sanctions and … Read more

UChicago Faces Lawsuit for Sharing Patient Data with Google

UChicago Medicine faces a potential class-action lawsuit for allegedly sharing patient information with Google with having the correct authorization to do so. The lawsuit names UChicago Medicine, UChicago Medical Center, and Google, and was filed … Read more

Kingman Regional Medical Center Notifies Patients Following Website Data Breach

Kingman Regional Medical Center (KRMC) is in the process of notifying patients that their sensitive data may have been compromised following the discovery of a flaw on its website which may have allowed unauthorized users … Read more

Boxes of Patient Medical Records found Abandoned in Chicago

Boxes of patient medical records have been found abandoned in a former medical centre in the Chatham area of Chicago, Illinois. Clean-up crews have been brought in to assist in the clean-up operation which started … Read more

What is a GDPR DPO?

The appointment of a data protection officer (DPO) is an essential part of complying with the EU’s General Data Protection Regulations. However, what exactly is the role of a DPO? Moreover, who needs to hire … Read more

Union Labor Life Insurance Phishing Attack Affects 87,000 Individuals

A phishing attack at Union Labor Life Insurance (ULLI) has compromised the protected health information (PHI) of more than 87,000 individuals. ULLI, a subsidiary The Ullico Inc., discovered the attack shortly after it commenced on … Read more

Alabama Woman Awarded $300,000 for Privacy Breach at Medical Center Enterprise

A jury has awarded a woman $300,000 in damages following a privacy breach at Medical Center Enterprise (MCE), Alabama. Amy Pertuit’s patient rights were violated when a physician at MCE accessed and disclosed her protected … Read more

THH Paediatrics Fires Nurse for Accessing Data of 16,500 Patients without Authorization

Takai, Hoover & Hsu has terminated a nurse for accessing the protected health information (PHI) of 16,542 without the correct authorization to do so. The healthcare provider, owned by Takai, Hoover & Hsu and based … Read more

HHS Issues Clarification On Business Associates Liability

On May 24, 2019, the Department of Health and Human Services issued a clarification on business associates liability for violations of the Health Insurance Portability and Accountability Act. HHS Office for Civil Rights released information … Read more

Maximum Penalties for HIPAA Violations Changed by HHS

The Department of Health and Humans Services has issued a notification of enforcement discretion in which they have reduced the maximum financial penalty for three of the four HIPAA violation tiers. The notification, entitled ‘Notification … Read more

Brookside ENT and Hearing Center Announces Closure Following Ransomware Attack

Michigan-based Brookside ENT and Hearing Center has announced its closure following a ransomware attack on their facility resulted in all of their patient files being permanently destroyed. The practice-run by just two doctors-lost access to … Read more

Report Released on Issues of Healthcare Data Collected by Non-HIPAA Covered Entities

The healthcare and fitness tech industry is booming, with millions of users across the US using these devices and apps to track everything from their weight, sleeping habits, heart rate, and food consumption. Some of … Read more

Microsoft CEO calls for Global GDPR-like Data Privacy Rights

The CEO of Microsoft has called for the implementation of GDPR-legislation worldwide to enhance global attitudes to data privacy rights. Microsoft CEO Satya Nadella made the statement during a live interview at the World Economic … Read more

IRS Launches 2019 Dirty Dozen Campaign

The Internal Revenue Service has launched a tax-related phishing awareness campaign. The campaign is designed to inform taxpayers fo the twelve most common tax scams, known as the ‘Dirty Dozen”. Each tax season, the IRS raises … Read more

HIPAA Training

HIPAA Overview The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was an important piece of legislation for the healthcare and healthcare insurance industries as it became the foundation for the Department of Health … Read more

What is Ransomware?

Ransomware attacks against healthcare organisations are becoming increasingly common. However, many individuals are still uncertain as to what constitutes a ransomware attack, and the potential consequences it has on an organisation. This article provides some … Read more

Cottage Health Pays $3,000,000 to OCR for HIPAA Violations

Cottage Health has agreed to pay a $3,000,000 settlement to the Department of Health and Human Services’ Office for Civil Rights (OCR) for two data breaches resulting from HIPAA violations. Cottage Health is a non-profit … Read more

HITRUST Incorporates GDPR into the CSF

The Health Information Trust Alliance (HITRUST) has incorporated the European Union’s General Data Protection Regulation (GDPR) into the HITRUST Cybersecurity Framework (HITRUST CSF). HITRUST is a US-based organisation which, in collaboration with the healthcare, technology … Read more

HHS Guidelines on Cybersecurity Best Practices for Healthcare Organisations Released

The U.S. Department of Health and Human Services has issued a four-volume publication on voluntary cybersecurity best practices for healthcare organisations. The publication includes guidelines for managing cyber threats and protecting patients. It is hoped … Read more

ICS-CERT Discovers Vulnerability in Philips Health App

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about a vulnerability that has been identified in the Philips HealthSuite Health Android App which would only … Read more

GDPR Violation Penalty Levied Against Hospital for First Time

The Centro Hospitalar Barreiro Montijo, near Lisbon, Portugal, has become the first hospital to be issued a penalty for violating the EU’s new General Data Protection Regulation (GDPR). The Comissão Nacional de Protecção de Dados … Read more

President Trump Signs Opioid Bill into Law

On October 26, 2017, President Donald Trump declared the opioid crisis a national public health emergency. According to the National Institute on Drug Abuse, over 100 people die every day in the United States from … Read more

Anthem Settles for Record $16 Million with OCR

Anthem, Inc., a health insurance company and the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, has been levied the largest ever fine for a HIPAA violation for the … Read more

New York Hospital Fires Employees Following Security Breach

A hospital in New York has fired several employees following a security breach. Claxton-Hepburn Medical Center, a not-for-profit 115-bed community hospital in Ogdensburg, NY, announced that several employees accessed patient protected health information (PHI) without … Read more

Patient Data Stolen in Legacy Health Phishing Attack

Legacy Health has announced that the PHI of 38,000 patients was stolen during a phishing attack on their facility. Legacy Health is a non-profit hospital system based in Portland, Oregon. The organisation consists of six … Read more

Press America Inc Faces Lawsuit Over HIPAA Breach

Press America, Inc, a mail service used by a pharmacy benefit manager CVS Pharmacy, is being sued for the occurrence of an accidental disclosure of 41 people’ protected health information. As a subcontractor to supply a … Read more

HIPAA Alliance Market Equals Healthcare Companies With HIPAA-Compliant Trade

A new platform which simplifies the procedure of searching for HIPAA-compliant business associates has been launched this week. The HIPAA Alliance Market has been developed to match up HIPAA covered objects with reliable dealers that … Read more