UChicago Faces Lawsuit for Sharing Patient Data with Google

UChicago Medicine faces a potential class-action lawsuit for allegedly sharing patient information with Google with having the correct authorization to do so. The lawsuit names UChicago Medicine, UChicago Medical Center, and Google, and was filed by Matt Dinerstein, a former patient of UChicago Medicine. The suit claims patient information that still had personal identifiers attached … Read more

THH Paediatrics Fires Nurse for Accessing Data of 16,500 Patients without Authorization

Takai, Hoover & Hsu has terminated a nurse for accessing the protected health information (PHI) of 16,542 without the correct authorization to do so. The healthcare provider, owned by Takai, Hoover & Hsu and based in Germantown, MD, has stated that the information may have been passed on to a third-party and used for fraud … Read more

Maximum Penalties for HIPAA Violations Changed by HHS

The Department of Health and Humans Services has issued a notification of enforcement discretion in which they have reduced the maximum financial penalty for three of the four HIPAA violation tiers. The notification, entitled ‘Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties’, was published on April 20th. In 2009, the Health Information Technology for … Read more

Brookside ENT and Hearing Center Announces Closure Following Ransomware Attack

Michigan-based Brookside ENT and Hearing Center has announced its closure following a ransomware attack on their facility resulted in all of their patient files being permanently destroyed. The practice-run by just two doctors-lost access to patient records, appointment schedules, payment information, and other sensitive after a hacker gained access to their network and infected it … Read more

Report Released on Issues of Healthcare Data Collected by Non-HIPAA Covered Entities

The healthcare and fitness tech industry is booming, with millions of users across the US using these devices and apps to track everything from their weight, sleeping habits, heart rate, and food consumption. Some of this information is similar to that collected by healthcare organisations when monitoring their patients. However, there is a vast difference … Read more

IRS Launches 2019 Dirty Dozen Campaign

The Internal Revenue Service has launched a tax-related phishing awareness campaign. The campaign is designed to inform taxpayers fo the twelve most common tax scams, known as the ‘Dirty Dozen”. Each tax season, the IRS raises awareness of the most common phishing campaigns in an attempt to protect taxpayers, businesses, and tax professionals. Cybercriminals are particularly … Read more

What is Ransomware?

Ransomware attacks against healthcare organisations are becoming increasingly common. However, many individuals are still uncertain as to what constitutes a ransomware attack, and the potential consequences it has on an organisation. This article provides some background on ransomware attacks, outline how these attacks occur, and offer some guidance on how employees can mitigate the risk … Read more

HHS Guidelines on Cybersecurity Best Practices for Healthcare Organisations Released

The U.S. Department of Health and Human Services has issued a four-volume publication on voluntary cybersecurity best practices for healthcare organisations. The publication includes guidelines for managing cyber threats and protecting patients. It is hoped that the guidelines will help all organisations that handle the protected health information (PHI) and other sensitive information of patients … Read more

ICS-CERT Discovers Vulnerability in Philips Health App

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about a vulnerability that has been identified in the Philips HealthSuite Health Android App which would only take a “low level” of skill to exploit. The Philips HealthSuite Health Android App is used by individuals to help … Read more

President Trump Signs Opioid Bill into Law

On October 26, 2017, President Donald Trump declared the opioid crisis a national public health emergency. According to the National Institute on Drug Abuse, over 100 people die every day in the United States from overdosing on opioids. Hundreds more suffer due addiction to opioids, which include drugs such as pain relievers, heroin, and fentanyl … Read more

Anthem Settles for Record $16 Million with OCR

Anthem, Inc., a health insurance company and the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, has been levied the largest ever fine for a HIPAA violation for the February 2015 attack on their servers which saw over 78.8 million records stolen. The Anthem data breach settlement of $16 … Read more

New York Hospital Fires Employees Following Security Breach

A hospital in New York has fired several employees following a security breach. Claxton-Hepburn Medical Center, a not-for-profit 115-bed community hospital in Ogdensburg, NY, announced that several employees accessed patient protected health information (PHI) without proper authorisation to do so. This violates the Health Insurance Portability and Account Act (HIPAA). Officials at the hospital discovered … Read more

Patient Data Stolen in Legacy Health Phishing Attack

Legacy Health has announced that the PHI of 38,000 patients was stolen during a phishing attack on their facility. Legacy Health is a non-profit hospital system based in Portland, Oregon. The organisation consists of six hospitals and employs upwards of 10,000 staff. IT security staff at Legacy Health discovered the breach on June 21. The … Read more

Press America Inc Faces Lawsuit Over HIPAA Breach

Press America, Inc, a mail service used by a pharmacy benefit manager CVS Pharmacy, is being sued for the occurrence of an accidental disclosure of 41 people’ protected health information. As a subcontractor to supply a mail-order pharmacy service for the health planCVS Pharmacy is a business associate of health plan CVS Pharmacy and, as such, … Read more

Iliana Peters Now Acting Deputy at the OCR

OCR’s Iliana Peters has stepped in to replace Deven McGraw, Deputy Director for Health Information Privacy at the Department of Health and Human Services’ Office for Civil Rights (OCR), in an interim role. Peters will serve as Acting Deputy Director until a suitable replacement for McGraw can be identified. Peters has departed her role as … Read more

HIPAA Alliance Marketplace Matches Healthcare Organizations With HIPAA-Compliant Business

This week has seen the launch of a new platform that streamlines the process of searching for HIPAA-compliant business associates. The HIPAA Alliance Marketplace has been developed to match HIPAA covered entities with trusted vendors that have been independently verified as HIPAA-compliant. Healthcare organizations are required to comply with Health Insurance Portability and Accountability Act … Read more

HIPAA Compliant Business Associates Easier to Locate with New Tool

The challenge of finding HIPAA compliant business associates has been addressed with the introduction of a new tool to simplify this task. Healthcare organizations are only allowed to use business associates that comply with HIPAA Rules and sign a business associate agreement. Finding HIPAA compliant business associates is time consuming, although locating vendors willing to follow … Read more

Improperly Configured Cloud Services in Over Half of Businesses

The healthcare sector has made great waves recently in embracing cloud based technology. Most healthcare groups now implementing secure cloud storage services to host web applications or store data which contains electronic protected health information (ePHI) pertaining to subscribers. However, as the proliferation of secure cloud storage systems continues at pace, it does not mean … Read more

Almost 500K Records Exposed in September Healthcare Data Breaches

The Breach Barometer report from for September has been released and shows there was a significant increase in healthcare data breaches during that month. The report collates healthcare data violations reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) and security breaches recorded by databreaches.net. The latter of which have … Read more

HIPAA Compliance and Skype: What You Need to Know

Skype and other text messaging platforms are a useful way of broadcasting information, but there are some questions to be answered in relation to HIPAA compliance of the service. There has recently been a lot of discussions and debate regarding this. There are security measure implemented by Skype to prevent unauthorized access of information transmitted … Read more

Proposed Rule for Certification of Compliance for Health Plans Withdrawn by HHS

The Department of Health and Human Services, at the start of 2014, completed a proposal for introducing a new rule to bring in an official certification of compliance for health plans. The proposed rule would have obligated all controlling health plans (CHPs) to complete a variety of documentation to HHS to confirm compliance with electronic … Read more

Redlock Report: Cloud Storage Services are Misconfigured in over Half of Businesses

According to a recent study by cloud threat defense firm RedLock, more than half of businesses have made mistakes that have exposed sensitive data in the cloud. The report reveals that as muc as 53% of organizations are not following established security best practices, such as using multi-factor authentication for all privileged account holders. Worse again, many … Read more

Should Identity Theft Protection Services Be Offered to Data Breach Victims Under HIPAA?

The HIPAA Breach Notification Rule stated that covered bodies must advise people once their ePHI has been compromised. It is less clear if it is a requirement that credit monitoring and identity theft protection services should be be offered to those affected. HIPAA does not stata outright whether credit monitoring and identity theft protection services should be … Read more

OCR Issue Clarification on HIPAA Disclosure Rules

The Department of Health and Human Services’ Office for Civil Rights OCR, has, following the recent attacks in Las Vegas, moved to issue a clarification on HIPAA Rules regarding disclosures to family, friends and other people. In the aftermath of Hurricane Irma and Hurricane Maria, OCR issued a partial waiver of certain provisions of the … Read more

February Sees Dramatic Rise in Insider Healthcare Data Breaches

In its most recent healthcare data breach report. Protenus has indicated that the month of February witness a significant increase in insider healthcare data breaches. The February Breach Barometer report shows that there were 31 reported healthcare data breaches during February. Although that number is equal to January 2017, when a total of 31 healthcare … Read more

Highmark BCBS of Delaware Probes Data Break Impacting 19K People

Highmark BlueCross BlueShield of Delaware is probing a data break which has affected 19,000 payees of employer-paid health policies. The data break affects 2 contractors of Highmark BCBS – BCS Financial Corporation and Summit Reinsurance Services. Highmark BSBC director of secrecy as well as information supervision, Karen Kane, released a statement stating 16 former and … Read more

$475K Settlement for Late HIPAA Break Notice

The Division of Health and Human Services’ OCR has publicized the 1st HIPAA payment of current year. This is additionally the 1st settlement so far exclusively based on a needless delay to break notice after the revelation of patients’ safeguarded health info. Presence Health, among the biggest healthcare systems serving people of Illinois, has consented … Read more

UMass to Pay the Office for Civil Rights $650K to Settle HIPAA Breaches

The Division of Health and Human Services’ OCR has consented to a $650K agreement with University of Massachusetts Amherst (UMass). The agreement solves HIPAA breaches that caused the UMass undergoing a malware contagion in 2013. In early 2013, a malevolent program was set up on a computer terminal in the Center for Speech, Language, and … Read more

St. Joseph Health to make Payment of OCR $2.14 Million to Resolve HIPAA Case

The Division of Health and Human Services’ OCR has declared it has decided to resolve possible breaches of the HIPAA Security and Privacy Laws with St. Joseph Health (SJH). St. Joseph Health has to pay $2,140.50 to OCR and implement a corrective action plan (CAP) to bring procedures and policies up to the standard required … Read more

Assistance on HIPAA as well as Cloud Computing Released by HHS

The Division of Health and Human Services has issued revised advice on cloud computing and HIPAA to assist protected bodies to take benefit of the cloud devoid of endangering a HIPAA breach. The key emphasis of the help is the usage of cloud service providers (CSPs). CSPs which are lawfully independent bodies from a HIPAA-covered … Read more

$400K HIPAA Payment for BAA Failures

The Section of Human and Health Services’ OCR has stated it has concluded an agreement with Care New England Health System (CNE) to settle suspected breaches of the HIPAA. CNE should reimburse a financial fine of $400K and should implement a complete Corrective Action Plan (CAP) to tackle different parts of HIPAA defiance. Care New … Read more

Revised Safety Risk Evaluation Device Announced by ONC

OCR has a preference to resolve HIPAA conformity problems through voluntary conformity as well as non-punitive ways, even though financial fines are these days becoming more usual. If OCR detectives discover HIPAA breaches, financial fines might be imposed. Penalties of as much as $1.5 million can be imposed for each breach type found. Among the … Read more

Biggest Ever HIPAA Agreement: Advocate Health to Reimburse OCR $5.5 Million

Previous month, the Department of Health and Human Services’ OCR publicized 2 huge agreements with protected entities to settle suspected HIPAA breaches. Nevertheless, even the $2.7 million, as well as, $2.75 million settlements at UMMC and  OHSU  were not big as compared to the latest implementation case. OCR has just publicized it has consented to the … Read more

2.75 Million Dollar HIPAA Agreement Achieved with UMMC

Immediately after the 2.7 million HIPAA break agreement with OHSU comes news of one more multi-million-dollar agreement with one more university. The Division of Health and Human Services’ OCR declared four days ago that University of Mississippi Medical Center (UMMC) has consented to settle down suspected HIPAA breaches and will reimburse a monetary fine of … Read more

Oregon Health & Science Varsity to Pay The Office for Civil Rights $2.7 Million for 2013 Data Breaks

Oregon Health & Science University (OHSU) has consented to resolve a lawsuit with the Division of Health and Human Services’ OCR originating from 2 data breaks suffered in 2013. A fine of $2.7 million will be funded by OHSU to resolve suspected HIPAA breaches without confession of responsibility. The secrecy breaks happened soon after each … Read more

Philadelphia BA Agrees to $650K OCR Payment

The Division of Health and Human Services’ OCR issued particulars of a settlement which was concluded with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) on June 24, 2016.  CHCS has approved to settle down suspected HIPAA breaches with the Office for Civil Rights OCR as well as has approved to execute a … Read more

$1.55 Million HIPAA Agreement for Want of BAA as well as Risk Study Failures

The Division of Health and Human Services’ OCR has declared it has achieved an agreement with North Memorial Health Care of Minnesota on suspected HIPAA breaches from a 2011 data break. North Memorial has consented to pay $1,550,000 to OCR to settle down the HIPAA violation fees. After a PHI break reported on September 27, 2011, … Read more

HIPAA Business Associate Informs 31K Record Data Violation

Omaha-based Seim Johnson, a commercial partner of several healthcare providers in Nebraska and outside, has declared that one of its laptops was thieved in Nashville, Tennessee, revealing almost 31,000 healthcare patient files. The laptop had the protected health information of 30,972 healthcare patients, including 4,200 patients of Community Hospital in McCook, Nebraska. It’s not sure … Read more

Apple Health HIPAA Violation Affects 91K Medicaid Receivers

As per a statement released by Steve Dotson, HCA risk manager, a Washington State Health Care Authority (HCA) worker has breached the safeguarded health info of 91,000 Apple Health Medicaid package customers over a duration of nearly 3 years. All affected persons are being informed that their name, Social Security number, Apple Health ID number, … Read more

Two Employees Sacked for Jason Pierre-Paul HIPAA Violation

Earlier in July 2015, Jason Pierre-Paul, New York Giant football team member paid a visit to Jackson Memorial Hospital of Miami for medication following a fireworks mishap. News reports appeared soon after verifying Pierre-Paul had undergone a major hand damage. At the time of the disaster, the football player was discussing a new $60 million … Read more

Borgess Rheumatology Notifies 700 Patients of Mailing Mistake

Borgess Rheumatology has notified that 700 of its patients have been affected by a mailing mistake which happened on December 9, 2015. That revealed their PHI. Although no Social Security numbers or other extremely confidential data have been revealed, concerned patients have had their names as well as the truth that they get medical services … Read more

Survey Shows Law Companies are not Complying with HIPAA Regulations

The Health Insurance Portability and Accountability Act (HIPAA) deals with health insurers, healthcare providers, and healthcare clearinghouses, and all covered entities are required to comply with HIPAA Privacy, Security, and Infringement Announcement Laws. HIPAA additionally applies to vendors as well as other firms carrying out business with covered bodies, which are classified as HIPAA Business … Read more

ONC Publicizes Final 10-Year Interoperability Program

On Tuesday, the Office of the National Coordinator for Health IT announced the long-anticipated final 10-Year Interoperability Program. After the announcement of the draft form of the program in January 2015, the Office of the National Coordinator wanted remarks from interested parties. More than 250 remarks were received, which were utilized to fine- tune the … Read more

Existing Risk of Scam from 2012 Philadelphia Ambulance HIPAA Break

This week the Philadelphia Fire Department informed a data break involving 750 people who had utilized the ambulance facility in 2012. Three years before a worker of Intermedix, the company accustomed to managing the Fire Department’s data requirements, had been provided access to files; however, one worker utilized his data access rights to thieve financial … Read more

Indiana Attorney General Announces $12,000 HIPAA Penalty for Discarded PHI

The Indiana Attorney General’s Office has announced its first penalty for Health Insurance Portability and Accountability Act violations pursuant to part 13410(e) of the HITECH Act. The penalty of $12,000 was imposed on ex Kokomo dentist, Joseph Beck, for unlawfully throwing out of the Protected Health Information (PHI) of his patients. 63 boxes of private … Read more