ICS-CERT Discovers Vulnerability in Philips Health App

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about a vulnerability that has been identified in the Philips HealthSuite Health Android App which would only take a “low level” of skill to exploit. The Philips HealthSuite Health Android App is used by individuals to help them achieve activity targets and health goals. The app collects user...

Read More

President Trump Signs Opioid Bill into Law

On October 26, 2017, President Donald Trump declared the opioid crisis a national public health emergency. According to the National Institute on Drug Abuse, over 100 people die every day in the United States from overdosing on opioids. Hundreds more suffer due addiction to opioids, which include drugs such as pain relievers, heroin, and fentanyl (a synthetic opioid). According to the Centers for Disease Control and Prevention, the...

Read More

Anthem Settles for Record $16 Million with OCR

Anthem, Inc., a health insurance company and the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, has been levied the largest ever fine for a HIPAA violation for the February 2015 attack on their servers which saw over 78.8 million records stolen. The Anthem data breach settlement of $16 million is nearly three times the previous record-holder for largest HIPAA fine ($5.55 million) and...

Read More
Press America Inc Faces Lawsuit Over HIPAA Breach
Feb01

Press America Inc Faces Lawsuit Over HIPAA Breach

Press America, Inc, a mail service used by a pharmacy benefit manager CVS Pharmacy, is being sued for the occurrence of an accidental disclosure of 41 people’ protected health information. As a subcontractor to supply a mail-order pharmacy service for the health planCVS Pharmacy is a business associate of health plan CVS Pharmacy and, as such, both bodies must adhere with HIPAA Rules. CVS Pharmacy completed a business associate...

Read More

Iliana Peters Now Acting Deputy at the OCR

OCR’s Iliana Peters has stepped in to replace Deven McGraw, Deputy Director for Health Information Privacy at the Department of Health and Human Services’ Office for Civil Rights (OCR), in an interim role. Peters will serve as Acting Deputy Director until a suitable replacement for McGraw can be identified. Peters has departed her role as senior advisor for HIPAA Compliance and Enforcement at OCR. There are no plans in place to bring...

Read More
HIPAA Alliance Marketplace Matches Healthcare Organizations With HIPAA-Compliant Business
Oct25

HIPAA Alliance Marketplace Matches Healthcare Organizations With HIPAA-Compliant Business

This week has seen the launch of a new platform that streamlines the process of searching for HIPAA-compliant business associates. The HIPAA Alliance Marketplace has been developed to match HIPAA covered entities with trusted vendors that have been independently verified as HIPAA-compliant. Healthcare organizations are required to comply with Health Insurance Portability and Accountability Act Rules, and so too must their business...

Read More
HIPAA Compliant Business Associates Easier to Locate with New Tool
Oct23

HIPAA Compliant Business Associates Easier to Locate with New Tool

The challenge of finding HIPAA compliant business associates has been addressed with the introduction of a new tool to simplify this task. Healthcare organizations are only allowed to use business associates that comply with HIPAA Rules and sign a business associate agreement. Finding HIPAA compliant business associates is time consuming, although locating vendors willing to follow HIPAA Rules is only part of the steps that must be...

Read More
Improperly Configured Cloud Services in Over Half of Businesses
Oct20

Improperly Configured Cloud Services in Over Half of Businesses

The healthcare sector has made great waves recently in embracing cloud based technology. Most healthcare groups now implementing secure cloud storage services to host web applications or store data which contains electronic protected health information (ePHI) pertaining to subscribers. However, as the proliferation of secure cloud storage systems continues at pace, it does not mean data breaches will not be experienced, and neither...

Read More
Almost 500K Records Exposed in September Healthcare Data Breaches
Oct18

Almost 500K Records Exposed in September Healthcare Data Breaches

The Breach Barometer report from for September has been released and shows there was a significant increase in healthcare data breaches during that month. The report collates healthcare data violations reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) and security breaches recorded by databreaches.net. The latter of which have yet to appear on the OCR ‘Wall of Shame.’ Overall,...

Read More
HIPAA Compliance and Skype: What You Need to Know
Oct16

HIPAA Compliance and Skype: What You Need to Know

Skype and other text messaging platforms are a useful way of broadcasting information, but there are some questions to be answered in relation to HIPAA compliance of the service. There has recently been a lot of discussions and debate regarding this. There are security measure implemented by Skype to prevent unauthorized access of information transmitted via the platform and messages are encrypted. However it might still be unclear if...

Read More
Proposed Rule for Certification of Compliance for Health Plans Withdrawn by HHS
Oct11

Proposed Rule for Certification of Compliance for Health Plans Withdrawn by HHS

The Department of Health and Human Services, at the start of 2014, completed a proposal for introducing a new rule to bring in an official certification of compliance for health plans. The proposed rule would have obligated all controlling health plans (CHPs) to complete a variety of documentation to HHS to confirm compliance with electronic transaction standards established by the HHS under HIPAA Rules. The main objective pf proposed...

Read More
Redlock Report: Cloud Storage Services are Misconfigured in over Half of Businesses
Oct09

Redlock Report: Cloud Storage Services are Misconfigured in over Half of Businesses

According to a recent study by cloud threat defense firm RedLock, more than half of businesses have made mistakes that have exposed sensitive data in the cloud. The report reveals that as muc as 53% of organizations are not following established security best practices, such as using multi-factor authentication for all privileged account holders. Worse again, many businesses are notmonitor their cloud environments constantly which...

Read More
Should Identity Theft Protection Services Be Offered to Data Breach Victims Under HIPAA?
Oct04

Should Identity Theft Protection Services Be Offered to Data Breach Victims Under HIPAA?

The HIPAA Breach Notification Rule stated that covered bodies must advise people once their ePHI has been compromised. It is less clear if it is a requirement that credit monitoring and identity theft protection services should be be offered to those affected. HIPAA does not stata outright whether credit monitoring and identity theft protection services should be given to people affected by a data violation. The decision whether or...

Read More
OCR Issue Clarification on HIPAA Disclosure Rules
Oct02

OCR Issue Clarification on HIPAA Disclosure Rules

The Department of Health and Human Services’ Office for Civil Rights OCR, has, following the recent attacks in Las Vegas, moved to issue a clarification on HIPAA Rules regarding disclosures to family, friends and other people. In the aftermath of Hurricane Irma and Hurricane Maria, OCR issued a partial waiver of certain provisions of the HIPAA Privacy Rule in the regions where both hurricanes occurred. Such a waiver is often, but not...

Read More
Data Breach at Med Center Health affects almost 160,000 of its Patients
Aug09

Data Breach at Med Center Health affects almost 160,000 of its Patients

The FBI has been investigating a large Med Center Health data breach that affects many affiliates and approximately 160,000 patients. Hackers are not believed to be responsible for the Med Center Health data breach, in fact it is thought that the data was stolen by an ex-employee. It is understood that the thief took a large variety of personal data such as the names, home addresses, insurance information, procedure codes, billing...

Read More
February Sees Dramatic Rise in Insider Healthcare Data Breaches
Jul28

February Sees Dramatic Rise in Insider Healthcare Data Breaches

In its most recent healthcare data breach report. Protenus has indicated that the month of February witness a significant increase in insider healthcare data breaches. The February Breach Barometer report shows that there were 31 reported healthcare data breaches during February. Although that number is equal to January 2017, when a total of 31 healthcare data breaches were also reported, the number of insider healthcare data breaches...

Read More

Highmark BCBS of Delaware Probes Data Break Impacting 19K People

Highmark BlueCross BlueShield of Delaware is probing a data break which has affected 19,000 payees of employer-paid health policies. The data break affects 2 contractors of Highmark BCBS – BCS Financial Corporation and Summit Reinsurance Services. Highmark BSBC director of secrecy as well as information supervision, Karen Kane, released a statement stating 16 former and current Highmark self-insured clients have been affected....

Read More

$475K Settlement for Late HIPAA Break Notice

The Division of Health and Human Services’ OCR has publicized the 1st HIPAA payment of current year. This is additionally the 1st settlement so far exclusively based on a needless delay to break notice after the revelation of patients’ safeguarded health info. Presence Health, among the biggest healthcare systems serving people of Illinois, has consented to pay OCR $475K to resolve possible HIPAA Break Notice Law breaches. After a...

Read More

UMass to Pay the Office for Civil Rights $650K to Settle HIPAA Breaches

The Division of Health and Human Services’ OCR has consented to a $650K agreement with University of Massachusetts Amherst (UMass). The agreement solves HIPAA breaches that caused the UMass undergoing a malware contagion in 2013. In early 2013, a malevolent program was set up on a computer terminal in the Center for Speech, Language, and Hearing. The infection led to the forbidden revelation of the electronic safeguarded health...

Read More

St. Joseph Health to make Payment of OCR $2.14 Million to Resolve HIPAA Case

The Division of Health and Human Services’ OCR has declared it has decided to resolve possible breaches of the HIPAA Security and Privacy Laws with St. Joseph Health (SJH). St. Joseph Health has to pay $2,140.50 to OCR and implement a corrective action plan (CAP) to bring procedures and policies up to the standard required by HIPAA. St. Joseph Health is a not-for-profit cohesive Catholic health care distribution method backed by the...

Read More

Assistance on HIPAA as well as Cloud Computing Released by HHS

The Division of Health and Human Services has issued revised advice on cloud computing and HIPAA to assist protected bodies to take benefit of the cloud devoid of endangering a HIPAA breach. The key emphasis of the help is the usage of cloud service providers (CSPs). CSPs which are lawfully independent bodies from a HIPAA-covered body are categorized as business associates as per HIPAA rules if the cloud service provider has to...

Read More

$400K HIPAA Payment for BAA Failures

The Section of Human and Health Services’ OCR has stated it has concluded an agreement with Care New England Health System (CNE) to settle suspected breaches of the HIPAA. CNE should reimburse a financial fine of $400K and should implement a complete Corrective Action Plan (CAP) to tackle different parts of HIPAA defiance. Care New England Wellbeing Organization (CNE) offers central company help for several subordinate allied...

Read More

Revised Safety Risk Evaluation Device Announced by ONC

OCR has a preference to resolve HIPAA conformity problems through voluntary conformity as well as non-punitive ways, even though financial fines are these days becoming more usual. If OCR detectives discover HIPAA breaches, financial fines might be imposed. Penalties of as much as $1.5 million can be imposed for each breach type found. Among the most usual causes for a financial fine is the failure to carry out a complete,...

Read More

Biggest Ever HIPAA Agreement: Advocate Health to Reimburse OCR $5.5 Million

Previous month, the Department of Health and Human Services’ OCR publicized 2 huge agreements with protected entities to settle suspected HIPAA breaches. Nevertheless, even the $2.7 million, as well as, $2.75 million settlements at UMMC and  OHSU  were not big as compared to the latest implementation case. OCR has just publicized it has consented to the biggest ever HIPAA agreement with a single protected body. Advocate Health Care...

Read More

2.75 Million Dollar HIPAA Agreement Achieved with UMMC

Immediately after the 2.7 million HIPAA break agreement with OHSU comes news of one more multi-million-dollar agreement with one more university. The Division of Health and Human Services’ OCR declared four days ago that University of Mississippi Medical Center (UMMC) has consented to settle down suspected HIPAA breaches and will reimburse a monetary fine of $2.75 million. UMMC has also consented to implement a corrective action plan...

Read More

Oregon Health & Science Varsity to Pay The Office for Civil Rights $2.7 Million for 2013 Data Breaks

Oregon Health & Science University (OHSU) has consented to resolve a lawsuit with the Division of Health and Human Services’ OCR originating from 2 data breaks suffered in 2013. A fine of $2.7 million will be funded by OHSU to resolve suspected HIPAA breaches without confession of responsibility. The secrecy breaks happened soon after each other during 2013. Within the duration of 3 months, the safeguarded health information of...

Read More

Philadelphia BA Agrees to $650K OCR Payment

The Division of Health and Human Services’ OCR issued particulars of a settlement which was concluded with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) on June 24, 2016.  CHCS has approved to settle down suspected HIPAA breaches with the Office for Civil Rights OCR as well as has approved to execute a Corrective Action Plan. Catholic Health Care Services of the Archdiocese of Philadelphia will also reimburse...

Read More

$1.55 Million HIPAA Agreement for Want of BAA as well as Risk Study Failures

The Division of Health and Human Services’ OCR has declared it has achieved an agreement with North Memorial Health Care of Minnesota on suspected HIPAA breaches from a 2011 data break. North Memorial has consented to pay $1,550,000 to OCR to settle down the HIPAA violation fees. After a PHI break reported on September 27, 2011, OCR carried out an inquiry and found HIPAA violations that contributed to the cause of a breach of...

Read More

HIPAA Business Associate Informs 31K Record Data Violation

Omaha-based Seim Johnson, a commercial partner of several healthcare providers in Nebraska and outside, has declared that one of its laptops was thieved in Nashville, Tennessee, revealing almost 31,000 healthcare patient files. The laptop had the protected health information of 30,972 healthcare patients, including 4,200 patients of Community Hospital in McCook, Nebraska. It’s not sure which other healthcare providers were functioning...

Read More

Apple Health HIPAA Violation Affects 91K Medicaid Receivers

As per a statement released by Steve Dotson, HCA risk manager, a Washington State Health Care Authority (HCA) worker has breached the safeguarded health info of 91,000 Apple Health Medicaid package customers over a duration of nearly 3 years. All affected persons are being informed that their name, Social Security number, Apple Health ID number, date of birth, and private health info were improperly revealed between 2013 and 2015. The...

Read More

Two Employees Sacked for Jason Pierre-Paul HIPAA Violation

Earlier in July 2015, Jason Pierre-Paul, New York Giant football team member paid a visit to Jackson Memorial Hospital of Miami for medication following a fireworks mishap. News reports appeared soon after verifying Pierre-Paul had undergone a major hand damage. At the time of the disaster, the football player was discussing a new $60 million agreement with the Giants. ESPN’s Adam Schefter succeeded to get control of Pierre-Paul’s...

Read More

Borgess Rheumatology Notifies 700 Patients of Mailing Mistake

Borgess Rheumatology has notified that 700 of its patients have been affected by a mailing mistake which happened on December 9, 2015. That revealed their PHI. Although no Social Security numbers or other extremely confidential data have been revealed, concerned patients have had their names as well as the truth that they get medical services at Borgess Rheumatology revealed to another patient. In each one incident, a lone patient...

Read More

Lincare Inc to Disburse $239,800 CMP for HIPAA Infringement

For just the second time in its past, OCR has instructed a HIPAA-covered body to disburse civil fiscal fines for HIPAA infringements. Lincare Inc. is needed to pay $239,800 for breaches of the HIPAA Secrecy Law which were found during the inquiry of a complaint concerning an infringement of 278 patient data. The Secrecy Law breach – 45 C.F.R. § 164.530(i) – was lately approved by a U.S. Department of Health as well as Human Services...

Read More

Survey Shows Law Companies are not Complying with HIPAA Regulations

The Health Insurance Portability and Accountability Act (HIPAA) deals with health insurers, healthcare providers, and healthcare clearinghouses, and all covered entities are required to comply with HIPAA Privacy, Security, and Infringement Announcement Laws. HIPAA additionally applies to vendors as well as other firms carrying out business with covered bodies, which are classified as HIPAA Business Associates. In case a Business...

Read More

ONC Publicizes Final 10-Year Interoperability Program

On Tuesday, the Office of the National Coordinator for Health IT announced the long-anticipated final 10-Year Interoperability Program. After the announcement of the draft form of the program in January 2015, the Office of the National Coordinator wanted remarks from interested parties. More than 250 remarks were received, which were utilized to fine- tune the plan before the announcement of the final form. The final Countrywide...

Read More

Existing Risk of Scam from 2012 Philadelphia Ambulance HIPAA Break

This week the Philadelphia Fire Department informed a data break involving 750 people who had utilized the ambulance facility in 2012. Three years before a worker of Intermedix, the company accustomed to managing the Fire Department’s data requirements, had been provided access to files; however, one worker utilized his data access rights to thieve financial files of patients. The files were thieved to file fake tax returns as per an...

Read More

Indiana Attorney General Announces $12,000 HIPAA Penalty for Discarded PHI

The Indiana Attorney General’s Office has announced its first penalty for Health Insurance Portability and Accountability Act violations pursuant to part 13410(e) of the HITECH Act. The penalty of $12,000 was imposed on ex Kokomo dentist, Joseph Beck, for unlawfully throwing out of the Protected Health Information (PHI) of his patients. 63 boxes of private records comprising an approximated 7,000 files were found in an Olive Branch...

Read More

Business Associates Constitute 40 Percent of HIPAA Breaks

In the 1st quarter of 2013, 40 percent of all HIPAA breaks involving the revelation of PHI that affected over 500 people were the consequence of the acts of BAs of HIPAA–protected entities. The problem seems to be increasing because throughout the preceding 4 years BAs caused 30 percent of all registered HIPPA security breaks. This fact hasn’t been overlooked by the Division of Health and Human Services. A fresh rule has been created...

Read More

Highmark Branch Visionworks Struck by 75K HIPAA Break

Highmark Inc., the Pennsylvania-based health Insurance business, has declared today that Visionworks, one of its branches, has misplaced a computer server having the medical files of roughly 75,000 patients. The medicinal information saved on the server contained particulars of patients’ trips to Visionworks optometrists, their lens recommendations and names as well as addresses. The HIPAA break is believed to have possibly revealed...

Read More

Boston Business Associate Sacked Over 15K HIPAA Violation

MDF Transcription Services, a Business Partner of Boston Medical Center, has been sacked after a HIPAA breach that revealed the secret data of roughly 15,000 people when their information was publicized on an unsafe transcription website. The HIPAA breach wasn’t found by the hospital, but by a different healthcare provider who noted that information had been erroneously displayed on the website. According to a statement provided...

Read More

HIPAA Violations Cost Healthcare Industry $5.6 Billion a Year

A latest statement from the Ponemon Institute has emphasized the gravity of the danger from cyber-attacks and must serve as a notice to healthcare providers that they should improve data safety. The cost to the industry is substantial. Data violations are projected to cost the healthcare trade $5.6 billion a year, and that money might be put to much better use conducting research and improving healthcare facilities. While the report...

Read More

Wellpoint Approves $1.7 Million Payment for HIPAA Breaches

Wellpoint is among the leading providers of Affiliated Health Policies, with nearly 36 million policy holders throughout the United States. Fraction of its databank of policy holders was accessible to illegal persons between October 23, 2009, and March 7, 2010. The safety infringement was brought to the notice of Wellpoint in March 2010 when a litigation was recorded in California by a claimant who found it was likely to access the...

Read More

Idaho State University Instructed to Pay $400K Settlement for HIPAA Violation

Disobeying HIPAA rules can incur severe fines, as found by Idaho State University this month. The organization has lately been compelled to settle down with the Division of Health and Human Services’ Office of Civil Rights for suspected breaches of the HIPAA Privacy Law. Penalties were issued for HIPAA non-compliance problems pertaining to inadequacies, network security which revealed secret patient health info to 3rd parties. ISU had...

Read More

HIPAA Comprehensive Rule Comes into Force

The HIPAA Comprehensive Regulation was printed on Jan 25, 2013, by the Division of Health and Human Services (HHS) like an improvement to the Health Insurance Portability and Accountability Act (HIPAA). The latest rule came into effect on March 26, 2013, and changes current HIPAA rules to provide greater safety of patient data; spreading the reach of HIPAA as well as changing rules to conform them with the Health Information...

Read More

Texas Lady Pleads Guilty to HIPAA Breaches

U.S. Lawyer John M. Bales has declared that Joneshia Cranford, a 33-year old inhabitant of Lufkin in the Eastern Region of Texas, has pleaded guilty to breaches of the Health Information Portability and Accountability Law of 1996. Cranford was accused of wrongly accessing the Safeguarded Health Info of patients at the healthcare establishment where she worked and revealing that info for financial compensation, with the lady pleading...

Read More

Alaska DHSS Arrives at $1.7M Agreement with OCR for HIPAA Safety Rule Breaches

The thievery of a moveable hard drive from a worker of the Alaska Department of Health and Social Services (DHSS) possibly revealed the ePHI of about 2,000 persons. After an inquiry by the HHS Office for Civil Rights (OCR), an agreement has been achieved and the DHHS should pay the HHS $1.7 million for the HIPAA Safety Law breaches. The U.S. Division of Health and Human Services’ Office for Civil Rights was warned to the violation...

Read More

Online Patient Calendars Bring about $100K HIPAA Violation

Prior to displaying Safeguarded Health Info on any website, it’s necessary that the method is evaluated for safety dangers. If a website is maintained or owned by a 3rd party or a cloud service is offered, an authorized business associate contract should also be obtained prior to any info is publicized. It might appear obvious that ePHI can’t be publicized on freely accessible websites; nevertheless, it’s a fault that can simply be...

Read More

Blue Cross Blue Shield to Reimburse HHS $1.5M for HIPAA Infringement

The Office for Civil Rights has accomplished its first implementation action developing from the HITECH Infringement Notice Rule and has penalized Blue Cross Blue Shield of Tennessee (BCBST) for breaching the Security and Privacy Regulations of the Health Insurance Portability and Accountability Law (1996). BCBST has currently bargained a disbursement with the HHS and will disburse $1.5 million for the security infringement for its...

Read More

Negligence in Business Associate Security Results in 20K Patient HIPAA Infringement

As per a New York Times story circulated this week, the health reports of 20,000 patients of Stanford University Hospital in Palo Alto, Calif., have been announced online and available to the public for nearly a year after a mistake was made by one of the hospital’s business partners. The hospital as well as its service provider – Multi-Specialty Collection Services of Los Angeles (MSCS) – verified that a work sheet having the medical...

Read More

Health Net Penalized 55K for Late HIPAA Infringement Notice

Health Net, Connecticut-based insurance firm is to pay a penalty of $55,000 to the Office of Vermont Attorney General for HIPAA disobedience and failing to safeguard the information of the state’s policyholders after a HIPAA data infringement that revealed the private health info of 1.5 million persons. The Health Insurance Portability and Accountability Act (1996) needs all protected entities inform security infringements that reveal...

Read More