Compliance and Regulations
Stay up-to-date of data protection regulations updates and industry compliance standards evolution. Learn about HIPAA, GDPR and data protection laws, compliance requirements specific to your industry, and stay up-to-date on legal developments affecting security practices. Stay inform on notable data breaches and security incidents related.
Contact Tracing Survey Data of 750,000 Hoosiers Disclosed On the Web
The personal information of 750,000 Hoosiers compiled during a COVID-19 contact tracing survey done by the Indiana Department of Health was compromised on the web and downloaded by a firm not approved to gain access … Read more
Insider Breach Affects Long Island Jewish Forest Hills Hospital Patients
Long Island Jewish Forest Hills Hospital (LIJFH) has begun informing a number of patients regarding an insider data breach that affected their health records. LIJFH mentioned in its breach notification letters that it discovered an … Read more
Record GDPR Penalty of $886 Million Issued to Amazon
The Data Protection Authority of Luxembourg, Commission Nationale pour la Protection des Données (CNPD), has penalized Amazon.com with €746 million ($886 million) to settle its EU General Data Protection Regulation (GDPR) violations. Since May 25, … Read more
CaptureRx Confronting Multiple Class Action Lawsuits Due to the Ransomware Attack Impacting 2.4 Million Patients
CaptureRx, the healthcare administrative services provider is dealing with multiple class-action lawsuits for its failure to safeguard patient records, which was gotten by unauthorized people in a February 2021 ransomware attack. NEC Networks, also known … Read more
Healthcare Employees Took Legal Action Against Amazon Alleging Alexa Devices Violated HIPAA
Four healthcare employees filed a lawsuit against Amazon because allegedly their Amazon Alexa devices possibly captured conversations without their intention or permission and might have caught health data protected by HIPAA. Amazon Alexa devices listen … Read more
Bill Requiring the Texas State AG to Publish Data Breach ‘Wall of Shame’ Gets Approval
The Texas Legislature followed what California and Maine had done in approving a bill requiring the Texas Attorney General to publish notices regarding personal data breaches that affect state residents on the public-facing web portal … Read more
Bipartisan Group of Senators Present Federal Data Breach Notification Bill
A bipartisan group of senators has presented a federal data breach notification law- the Cyber Incident Notification Act of 2021 – that calls for all federal institutions, contractors, and companies that have command over critical … Read more
HSCC Requests Biden to Give Financing to Strengthen Cybersecurity Posture of the Medical Industry
The Healthcare and Public Health Sector Coordinating Council (HSCC) has prompted President Biden to give more funds and support to strengthen the cybersecurity posture of the medical care industry to boost toughness against cyberattacks. In … Read more
Is it a HIPAA Violation to Require Confirmation of Vaccine Status?
There is a lot of misunderstandings concerning the case of questioning a person if they had a COVID-19 vaccine. Is it considered a HIPAA violation, especially pertaining to employers questioning their personnel to give evidence … Read more
NIST Wants Feedback on Designed Updates to HIPAA Security Rule Implementation Guidance
The National Institute of Standards and Technology (NIST) is preparing to modify and make updates to its guidance on carrying out the HIPAA Security Regulation and is looking for ideas from stakeholders on facets of … Read more
HHS Information Blocking Regulations are Now Enforceable
Devised by the Department of Health and Human Services as part of the 21st Century Cures Act, the information blocking and interoperability regulations became enforceable on April 5, 2021. These new regulations set out what … Read more
Montefiore Medical Center Staff Laid Off and Belden Class Action Lawsuit
Montefiore Medical Center has found out that another employee accessed patient records without having any valid work reason. The report of New York hospital in February 2020 stated that an employee was identified to have … Read more
What is Texas HB 300?
What is Texas HB 300, who needs to follow the legislation, and what are the fees and penalties for failing to comply? This post talks about these and other vital questions regarding Texas HB 300. … Read more
Brandywine Urology Consultants Data Breach Lawsuit Dismissed Because of Lacking Evidence of Harm
The Delaware Superior Court dismissed a legal action filed on behalf of affected individuals of a Brandywine Urology Consultants data breach because the plaintiffs failed to present proof showing they had experienced harm because of … Read more
Twitter Paid $544,000 Penalty for its GDPR Data Breach Violations
Twitter paid a penalty of €450,000 ($544,600) for its General Data Protection Regulation (GDPR) violation. Ireland’s Data Protection Commission (DPC) issued a penalty that is related to the privacy breach report submitted by Twitter last … Read more
OCR to Have Enforcement Discretion in Relation to the Use of Internet or Cloud-based Scheduling Software for COVID-19 Vaccination Sessions
The Department of Health and Human Services’ Office for Civil Rights has stated that it is going to implement enforcement discretion and will not issue financial penalties on HIPAA-covered entities or business associates in the … Read more
M.D. Anderson Cancer Center’s $4.3 Million HIPAA Penalty Revoked on Appeal
The U.S. Court of Appeals for the Fifth Circuit has reversed the $4,348,000 HIPAA violation charges enforced by the Department of Health and Human Services’ Office for Civil Rights on the University of Texas M.D. … Read more
NCCoE Issues Guidance for Corporate-Owned Personally Enabled Devices
The National Cybersecurity Center of Excellence (NCCoE) has issued new draft NIST mobile device security guidance to help organizations mitigate the risks introduced by corporate-owned personally enabled (COPE) devices. Mobile devices are now ubiquitous in … Read more
Hurricane Dorian Triggers Limited HIPAA Waiver in Puerto Rico, Florida, Georgia and the Carolinas
The Secretary of the Department of Health and Human Services (HHS), has declared a public health emergency in Puerto Rico and the states of Florida, Georgia, and South Carolina due to Hurricane Dorian. On September … Read more
Swedish High School Issued GDPR Fine
A high school in Sweden has become the first organization to be issued a General Data Protection Regulation fine by Sweden’s Data Protection Authority (DPA). The school in Skellefteå, in the north-east of Sweden, was … Read more
Irish DPC Releases GDPR Breach Notification Guidance
The supervisory authority for the General Data Protection Regulations (GDPR) in Ireland has released a set of guidelines on issuing GDPR breach notifications. The Irish Data Protection Commission (DPC) has stated that the guidelines aim … Read more
Kaspersky Lab Report Reveals Deficiencies in Healthcare Employee Cybersecurity Training
Kaspersky Labs has released a report revealing significant deficiencies in the cybersecurity training provided to healthcare employees. The study was conducted by surveying 1,758 healthcare employees in the United States and Canada. Kaspersky Lab, a … Read more
Department of Veteran Affairs Office of Inspector General Uncovers Security Failings at Californian VA Center
The Department of Veteran Affairs Office of Inspector General (VA OIG) has discovered severe security failings at the Tibor Rubin VA Medical Center in Long Beach, California. A recent inspection by the VA OIG uncovered security … Read more
HHS Issues Limited Waiver of HIPAA Sanctions and Penalties in Louisiana
In response to the Tropical Storm Barry that made landfall in Louisiana on July 13, the Secretary of the US Department of Health and Human Services has issued a limited waiver of HIPAA sanctions and … Read more
UChicago Faces Lawsuit for Sharing Patient Data with Google
UChicago Medicine faces a potential class-action lawsuit for allegedly sharing patient information with Google with having the correct authorization to do so. The lawsuit names UChicago Medicine, UChicago Medical Center, and Google, and was filed … Read more
Kingman Regional Medical Center Notifies Patients Following Website Data Breach
Kingman Regional Medical Center (KRMC) is in the process of notifying patients that their sensitive data may have been compromised following the discovery of a flaw on its website which may have allowed unauthorized users … Read more
Boxes of Patient Medical Records found Abandoned in Chicago
Boxes of patient medical records have been found abandoned in a former medical centre in the Chatham area of Chicago, Illinois. Clean-up crews have been brought in to assist in the clean-up operation which started … Read more
What is a GDPR DPO?
The appointment of a data protection officer (DPO) is an essential part of complying with the EU’s General Data Protection Regulations. However, what exactly is the role of a DPO? Moreover, who needs to hire … Read more
Union Labor Life Insurance Phishing Attack Affects 87,000 Individuals
A phishing attack at Union Labor Life Insurance (ULLI) has compromised the protected health information (PHI) of more than 87,000 individuals. ULLI, a subsidiary The Ullico Inc., discovered the attack shortly after it commenced on … Read more
Alabama Woman Awarded $300,000 for Privacy Breach at Medical Center Enterprise
A jury has awarded a woman $300,000 in damages following a privacy breach at Medical Center Enterprise (MCE), Alabama. Amy Pertuit’s patient rights were violated when a physician at MCE accessed and disclosed her protected … Read more
THH Paediatrics Fires Nurse for Accessing Data of 16,500 Patients without Authorization
Takai, Hoover & Hsu has terminated a nurse for accessing the protected health information (PHI) of 16,542 without the correct authorization to do so. The healthcare provider, owned by Takai, Hoover & Hsu and based … Read more
HHS Issues Clarification On Business Associates Liability
On May 24, 2019, the Department of Health and Human Services issued a clarification on business associates liability for violations of the Health Insurance Portability and Accountability Act. HHS Office for Civil Rights released information … Read more
Maximum Penalties for HIPAA Violations Changed by HHS
The Department of Health and Humans Services has issued a notification of enforcement discretion in which they have reduced the maximum financial penalty for three of the four HIPAA violation tiers. The notification, entitled ‘Notification … Read more
Brookside ENT and Hearing Center Announces Closure Following Ransomware Attack
Michigan-based Brookside ENT and Hearing Center has announced its closure following a ransomware attack on their facility resulted in all of their patient files being permanently destroyed. The practice-run by just two doctors-lost access to … Read more
Report Released on Issues of Healthcare Data Collected by Non-HIPAA Covered Entities
The healthcare and fitness tech industry is booming, with millions of users across the US using these devices and apps to track everything from their weight, sleeping habits, heart rate, and food consumption. Some of … Read more
Microsoft CEO calls for Global GDPR-like Data Privacy Rights
The CEO of Microsoft has called for the implementation of GDPR-legislation worldwide to enhance global attitudes to data privacy rights. Microsoft CEO Satya Nadella made the statement during a live interview at the World Economic … Read more
IRS Launches 2019 Dirty Dozen Campaign
The Internal Revenue Service has launched a tax-related phishing awareness campaign. The campaign is designed to inform taxpayers fo the twelve most common tax scams, known as the ‘Dirty Dozen”. Each tax season, the IRS raises … Read more
HIPAA Training
HIPAA Overview The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was an important piece of legislation for the healthcare and healthcare insurance industries as it became the foundation for the Department of Health … Read more
What is Ransomware?
Ransomware attacks against healthcare organisations are becoming increasingly common. However, many individuals are still uncertain as to what constitutes a ransomware attack, and the potential consequences it has on an organisation. This article provides some … Read more
Cottage Health Pays $3,000,000 to OCR for HIPAA Violations
Cottage Health has agreed to pay a $3,000,000 settlement to the Department of Health and Human Services’ Office for Civil Rights (OCR) for two data breaches resulting from HIPAA violations. Cottage Health is a non-profit … Read more
HITRUST Incorporates GDPR into the CSF
The Health Information Trust Alliance (HITRUST) has incorporated the European Union’s General Data Protection Regulation (GDPR) into the HITRUST Cybersecurity Framework (HITRUST CSF). HITRUST is a US-based organisation which, in collaboration with the healthcare, technology … Read more
HHS Guidelines on Cybersecurity Best Practices for Healthcare Organisations Released
The U.S. Department of Health and Human Services has issued a four-volume publication on voluntary cybersecurity best practices for healthcare organisations. The publication includes guidelines for managing cyber threats and protecting patients. It is hoped … Read more
ICS-CERT Discovers Vulnerability in Philips Health App
The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about a vulnerability that has been identified in the Philips HealthSuite Health Android App which would only … Read more
GDPR Violation Penalty Levied Against Hospital for First Time
The Centro Hospitalar Barreiro Montijo, near Lisbon, Portugal, has become the first hospital to be issued a penalty for violating the EU’s new General Data Protection Regulation (GDPR). The Comissão Nacional de Protecção de Dados … Read more
President Trump Signs Opioid Bill into Law
On October 26, 2017, President Donald Trump declared the opioid crisis a national public health emergency. According to the National Institute on Drug Abuse, over 100 people die every day in the United States from … Read more
Anthem Settles for Record $16 Million with OCR
Anthem, Inc., a health insurance company and the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, has been levied the largest ever fine for a HIPAA violation for the … Read more
New York Hospital Fires Employees Following Security Breach
A hospital in New York has fired several employees following a security breach. Claxton-Hepburn Medical Center, a not-for-profit 115-bed community hospital in Ogdensburg, NY, announced that several employees accessed patient protected health information (PHI) without … Read more
Patient Data Stolen in Legacy Health Phishing Attack
Legacy Health has announced that the PHI of 38,000 patients was stolen during a phishing attack on their facility. Legacy Health is a non-profit hospital system based in Portland, Oregon. The organisation consists of six … Read more
Press America Inc Faces Lawsuit Over HIPAA Breach
Press America, Inc, a mail service used by a pharmacy benefit manager CVS Pharmacy, is being sued for the occurrence of an accidental disclosure of 41 people’ protected health information. As a subcontractor to supply a … Read more
HIPAA Alliance Market Equals Healthcare Companies With HIPAA-Compliant Trade
A new platform which simplifies the procedure of searching for HIPAA-compliant business associates has been launched this week. The HIPAA Alliance Market has been developed to match up HIPAA covered objects with reliable dealers that … Read more