Compliance and Regulations
Stay up-to-date of data protection regulations updates and industry compliance standards evolution. Learn about HIPAA, GDPR and data protection laws, compliance requirements specific to your industry, and stay up-to-date on legal developments affecting security practices. Stay inform on notable data breaches and security incidents related.
NCCoE Issues Guidance for Corporate-Owned Personally Enabled Devices
The National Cybersecurity Center of Excellence (NCCoE) has issued new draft NIST mobile device security guidance to help organizations mitigate the risks introduced by corporate-owned personally enabled (COPE) devices. Mobile devices are now ubiquitous in … Read more
Hurricane Dorian Triggers Limited HIPAA Waiver in Puerto Rico, Florida, Georgia and the Carolinas
The Secretary of the Department of Health and Human Services (HHS), has declared a public health emergency in Puerto Rico and the states of Florida, Georgia, and South Carolina due to Hurricane Dorian. On September … Read more
Swedish High School Issued GDPR Fine
A high school in Sweden has become the first organization to be issued a General Data Protection Regulation fine by Sweden’s Data Protection Authority (DPA). The school in Skellefteå, in the north-east of Sweden, was … Read more
Irish DPC Releases GDPR Breach Notification Guidance
The supervisory authority for the General Data Protection Regulations (GDPR) in Ireland has released a set of guidelines on issuing GDPR breach notifications. The Irish Data Protection Commission (DPC) has stated that the guidelines aim … Read more
Kaspersky Lab Report Reveals Deficiencies in Healthcare Employee Cybersecurity Training
Kaspersky Labs has released a report revealing significant deficiencies in the cybersecurity training provided to healthcare employees. The study was conducted by surveying 1,758 healthcare employees in the United States and Canada. Kaspersky Lab, a … Read more
Department of Veteran Affairs Office of Inspector General Uncovers Security Failings at Californian VA Center
The Department of Veteran Affairs Office of Inspector General (VA OIG) has discovered severe security failings at the Tibor Rubin VA Medical Center in Long Beach, California. A recent inspection by the VA OIG uncovered security … Read more
HHS Issues Limited Waiver of HIPAA Sanctions and Penalties in Louisiana
In response to the Tropical Storm Barry that made landfall in Louisiana on July 13, the Secretary of the US Department of Health and Human Services has issued a limited waiver of HIPAA sanctions and … Read more
UChicago Faces Lawsuit for Sharing Patient Data with Google
UChicago Medicine faces a potential class-action lawsuit for allegedly sharing patient information with Google with having the correct authorization to do so. The lawsuit names UChicago Medicine, UChicago Medical Center, and Google, and was filed … Read more
Kingman Regional Medical Center Notifies Patients Following Website Data Breach
Kingman Regional Medical Center (KRMC) is in the process of notifying patients that their sensitive data may have been compromised following the discovery of a flaw on its website which may have allowed unauthorized users … Read more
Boxes of Patient Medical Records found Abandoned in Chicago
Boxes of patient medical records have been found abandoned in a former medical centre in the Chatham area of Chicago, Illinois. Clean-up crews have been brought in to assist in the clean-up operation which started … Read more
What is a GDPR DPO?
The appointment of a data protection officer (DPO) is an essential part of complying with the EU’s General Data Protection Regulations. However, what exactly is the role of a DPO? Moreover, who needs to hire … Read more
Union Labor Life Insurance Phishing Attack Affects 87,000 Individuals
A phishing attack at Union Labor Life Insurance (ULLI) has compromised the protected health information (PHI) of more than 87,000 individuals. ULLI, a subsidiary The Ullico Inc., discovered the attack shortly after it commenced on … Read more
Alabama Woman Awarded $300,000 for Privacy Breach at Medical Center Enterprise
A jury has awarded a woman $300,000 in damages following a privacy breach at Medical Center Enterprise (MCE), Alabama. Amy Pertuit’s patient rights were violated when a physician at MCE accessed and disclosed her protected … Read more
THH Paediatrics Fires Nurse for Accessing Data of 16,500 Patients without Authorization
Takai, Hoover & Hsu has terminated a nurse for accessing the protected health information (PHI) of 16,542 without the correct authorization to do so. The healthcare provider, owned by Takai, Hoover & Hsu and based … Read more
HHS Issues Clarification On Business Associates Liability
On May 24, 2019, the Department of Health and Human Services issued a clarification on business associates liability for violations of the Health Insurance Portability and Accountability Act. HHS Office for Civil Rights released information … Read more
Maximum Penalties for HIPAA Violations Changed by HHS
The Department of Health and Humans Services has issued a notification of enforcement discretion in which they have reduced the maximum financial penalty for three of the four HIPAA violation tiers. The notification, entitled ‘Notification … Read more
Brookside ENT and Hearing Center Announces Closure Following Ransomware Attack
Michigan-based Brookside ENT and Hearing Center has announced its closure following a ransomware attack on their facility resulted in all of their patient files being permanently destroyed. The practice-run by just two doctors-lost access to … Read more
Report Released on Issues of Healthcare Data Collected by Non-HIPAA Covered Entities
The healthcare and fitness tech industry is booming, with millions of users across the US using these devices and apps to track everything from their weight, sleeping habits, heart rate, and food consumption. Some of … Read more
Microsoft CEO calls for Global GDPR-like Data Privacy Rights
The CEO of Microsoft has called for the implementation of GDPR-legislation worldwide to enhance global attitudes to data privacy rights. Microsoft CEO Satya Nadella made the statement during a live interview at the World Economic … Read more
IRS Launches 2019 Dirty Dozen Campaign
The Internal Revenue Service has launched a tax-related phishing awareness campaign. The campaign is designed to inform taxpayers fo the twelve most common tax scams, known as the ‘Dirty Dozen”. Each tax season, the IRS raises … Read more
HIPAA Training
HIPAA Overview The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was an important piece of legislation for the healthcare and healthcare insurance industries as it became the foundation for the Department of Health … Read more
What is Ransomware?
Ransomware attacks against healthcare organisations are becoming increasingly common. However, many individuals are still uncertain as to what constitutes a ransomware attack, and the potential consequences it has on an organisation. This article provides some … Read more
Cottage Health Pays $3,000,000 to OCR for HIPAA Violations
Cottage Health has agreed to pay a $3,000,000 settlement to the Department of Health and Human Services’ Office for Civil Rights (OCR) for two data breaches resulting from HIPAA violations. Cottage Health is a non-profit … Read more
HITRUST Incorporates GDPR into the CSF
The Health Information Trust Alliance (HITRUST) has incorporated the European Union’s General Data Protection Regulation (GDPR) into the HITRUST Cybersecurity Framework (HITRUST CSF). HITRUST is a US-based organisation which, in collaboration with the healthcare, technology … Read more
HHS Guidelines on Cybersecurity Best Practices for Healthcare Organisations Released
The U.S. Department of Health and Human Services has issued a four-volume publication on voluntary cybersecurity best practices for healthcare organisations. The publication includes guidelines for managing cyber threats and protecting patients. It is hoped … Read more
ICS-CERT Discovers Vulnerability in Philips Health App
The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about a vulnerability that has been identified in the Philips HealthSuite Health Android App which would only … Read more
GDPR Violation Penalty Levied Against Hospital for First Time
The Centro Hospitalar Barreiro Montijo, near Lisbon, Portugal, has become the first hospital to be issued a penalty for violating the EU’s new General Data Protection Regulation (GDPR). The Comissão Nacional de Protecção de Dados … Read more
President Trump Signs Opioid Bill into Law
On October 26, 2017, President Donald Trump declared the opioid crisis a national public health emergency. According to the National Institute on Drug Abuse, over 100 people die every day in the United States from … Read more
Anthem Settles for Record $16 Million with OCR
Anthem, Inc., a health insurance company and the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, has been levied the largest ever fine for a HIPAA violation for the … Read more
New York Hospital Fires Employees Following Security Breach
A hospital in New York has fired several employees following a security breach. Claxton-Hepburn Medical Center, a not-for-profit 115-bed community hospital in Ogdensburg, NY, announced that several employees accessed patient protected health information (PHI) without … Read more
Patient Data Stolen in Legacy Health Phishing Attack
Legacy Health has announced that the PHI of 38,000 patients was stolen during a phishing attack on their facility. Legacy Health is a non-profit hospital system based in Portland, Oregon. The organisation consists of six … Read more
Press America Inc Faces Lawsuit Over HIPAA Breach
Press America, Inc, a mail service used by a pharmacy benefit manager CVS Pharmacy, is being sued for the occurrence of an accidental disclosure of 41 people’ protected health information. As a subcontractor to supply a … Read more
Iliana Peters Now Acting Deputy at the OCR
OCR’s Iliana Peters has stepped in to replace Deven McGraw, Deputy Director for Health Information Privacy at the Department of Health and Human Services’ Office for Civil Rights (OCR), in an interim role. Peters will … Read more
HIPAA Laws
The HIPAA laws – sometimes known as the HIPAA Rules or the HIPAA regulations – are the standards contained within the Administrative Simplification provisions of the Healthcare Insurance Portability and Accountability Act 1996. These standards … Read more
HIPAA Alliance Marketplace Matches Healthcare Organizations With HIPAA-Compliant Business
This week has seen the launch of a new platform that streamlines the process of searching for HIPAA-compliant business associates. The HIPAA Alliance Marketplace has been developed to match HIPAA covered entities with trusted vendors … Read more
HIPAA Compliant Business Associates Easier to Locate with New Tool
The challenge of finding HIPAA compliant business associates has been addressed with the introduction of a new tool to simplify this task. Healthcare organizations are only allowed to use business associates that comply with HIPAA Rules … Read more
Improperly Configured Cloud Services in Over Half of Businesses
The healthcare sector has made great waves recently in embracing cloud based technology. Most healthcare groups now implementing secure cloud storage services to host web applications or store data which contains electronic protected health information … Read more
Almost 500K Records Exposed in September Healthcare Data Breaches
The Breach Barometer report from for September has been released and shows there was a significant increase in healthcare data breaches during that month. The report collates healthcare data violations reported to the Department of … Read more
HIPAA Compliance and Skype: What You Need to Know
Skype and other text messaging platforms are a useful way of broadcasting information, but there are some questions to be answered in relation to HIPAA compliance of the service. There has recently been a lot … Read more
Proposed Rule for Certification of Compliance for Health Plans Withdrawn by HHS
The Department of Health and Human Services, at the start of 2014, completed a proposal for introducing a new rule to bring in an official certification of compliance for health plans. The proposed rule would … Read more
Redlock Report: Cloud Storage Services are Misconfigured in over Half of Businesses
According to a recent study by cloud threat defense firm RedLock, more than half of businesses have made mistakes that have exposed sensitive data in the cloud. The report reveals that as muc as 53% of organizations … Read more
Should Identity Theft Protection Services Be Offered to Data Breach Victims Under HIPAA?
The HIPAA Breach Notification Rule stated that covered bodies must advise people once their ePHI has been compromised. It is less clear if it is a requirement that credit monitoring and identity theft protection services should be … Read more
GDPR Leads Lloyds to Alter Marketing Campaigns
Lloyds Banking Group has taken steps to introduce new marketing campaigns due to the coming introduction of the European Union’s GDPR legislation, a new set of guidelines on data privacy and security. Lloyds is moving from … Read more
OCR Issue Clarification on HIPAA Disclosure Rules
The Department of Health and Human Services’ Office for Civil Rights OCR, has, following the recent attacks in Las Vegas, moved to issue a clarification on HIPAA Rules regarding disclosures to family, friends and other … Read more
Data Breach at Med Center Health affects almost 160,000 of its Patients
The FBI has been investigating a large Med Center Health data breach that affects many affiliates and approximately 160,000 patients. Hackers are not believed to be responsible for the Med Center Health data breach, in … Read more
February Sees Dramatic Rise in Insider Healthcare Data Breaches
In its most recent healthcare data breach report. Protenus has indicated that the month of February witness a significant increase in insider healthcare data breaches. The February Breach Barometer report shows that there were 31 … Read more
Highmark BCBS of Delaware Probes Data Break Impacting 19K People
Highmark BlueCross BlueShield of Delaware is probing a data break which has affected 19,000 payees of employer-paid health policies. The data break affects 2 contractors of Highmark BCBS – BCS Financial Corporation and Summit Reinsurance … Read more
$475K Settlement for Late HIPAA Break Notice
The Division of Health and Human Services’ OCR has publicized the 1st HIPAA payment of current year. This is additionally the 1st settlement so far exclusively based on a needless delay to break notice after … Read more
UMass to Pay the Office for Civil Rights $650K to Settle HIPAA Breaches
The Division of Health and Human Services’ OCR has consented to a $650K agreement with University of Massachusetts Amherst (UMass). The agreement solves HIPAA breaches that caused the UMass undergoing a malware contagion in 2013. … Read more
St. Joseph Health to make Payment of OCR $2.14 Million to Resolve HIPAA Case
The Division of Health and Human Services’ OCR has declared it has decided to resolve possible breaches of the HIPAA Security and Privacy Laws with St. Joseph Health (SJH). St. Joseph Health has to pay … Read more
