Patient Data Stolen in Legacy Health Phishing Attack

Legacy Health has announced that the PHI of 38,000 patients was stolen during a phishing attack on their facility. Legacy Health is a non-profit hospital system based in Portland, Oregon. The organisation consists of six hospitals and employs upwards of 10,000 staff. IT security staff at Legacy Health discovered the breach on June 21. The … Read more

Press America Inc Faces Lawsuit Over HIPAA Breach

Press America, Inc, a mail service used by a pharmacy benefit manager CVS Pharmacy, is being sued for the occurrence of an accidental disclosure of 41 people’ protected health information. As a subcontractor to supply a mail-order pharmacy service for the health planCVS Pharmacy is a business associate of health plan CVS Pharmacy and, as such, … Read more

Iliana Peters Now Acting Deputy at the OCR

OCR’s Iliana Peters has stepped in to replace Deven McGraw, Deputy Director for Health Information Privacy at the Department of Health and Human Services’ Office for Civil Rights (OCR), in an interim role. Peters will serve as Acting Deputy Director until a suitable replacement for McGraw can be identified. Peters has departed her role as … Read more

HIPAA Alliance Marketplace Matches Healthcare Organizations With HIPAA-Compliant Business

This week has seen the launch of a new platform that streamlines the process of searching for HIPAA-compliant business associates. The HIPAA Alliance Marketplace has been developed to match HIPAA covered entities with trusted vendors that have been independently verified as HIPAA-compliant. Healthcare organizations are required to comply with Health Insurance Portability and Accountability Act … Read more

HIPAA Compliant Business Associates Easier to Locate with New Tool

The challenge of finding HIPAA compliant business associates has been addressed with the introduction of a new tool to simplify this task. Healthcare organizations are only allowed to use business associates that comply with HIPAA Rules and sign a business associate agreement. Finding HIPAA compliant business associates is time consuming, although locating vendors willing to follow … Read more

Improperly Configured Cloud Services in Over Half of Businesses

The healthcare sector has made great waves recently in embracing cloud based technology. Most healthcare groups now implementing secure cloud storage services to host web applications or store data which contains electronic protected health information (ePHI) pertaining to subscribers. However, as the proliferation of secure cloud storage systems continues at pace, it does not mean … Read more

Almost 500K Records Exposed in September Healthcare Data Breaches

The Breach Barometer report from for September has been released and shows there was a significant increase in healthcare data breaches during that month. The report collates healthcare data violations reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) and security breaches recorded by databreaches.net. The latter of which have … Read more

HIPAA Compliance and Skype: What You Need to Know

Skype and other text messaging platforms are a useful way of broadcasting information, but there are some questions to be answered in relation to HIPAA compliance of the service. There has recently been a lot of discussions and debate regarding this. There are security measure implemented by Skype to prevent unauthorized access of information transmitted … Read more

Proposed Rule for Certification of Compliance for Health Plans Withdrawn by HHS

The Department of Health and Human Services, at the start of 2014, completed a proposal for introducing a new rule to bring in an official certification of compliance for health plans. The proposed rule would have obligated all controlling health plans (CHPs) to complete a variety of documentation to HHS to confirm compliance with electronic … Read more

Redlock Report: Cloud Storage Services are Misconfigured in over Half of Businesses

According to a recent study by cloud threat defense firm RedLock, more than half of businesses have made mistakes that have exposed sensitive data in the cloud. The report reveals that as muc as 53% of organizations are not following established security best practices, such as using multi-factor authentication for all privileged account holders. Worse again, many … Read more

Should Identity Theft Protection Services Be Offered to Data Breach Victims Under HIPAA?

The HIPAA Breach Notification Rule stated that covered bodies must advise people once their ePHI has been compromised. It is less clear if it is a requirement that credit monitoring and identity theft protection services should be be offered to those affected. HIPAA does not stata outright whether credit monitoring and identity theft protection services should be … Read more

OCR Issue Clarification on HIPAA Disclosure Rules

The Department of Health and Human Services’ Office for Civil Rights OCR, has, following the recent attacks in Las Vegas, moved to issue a clarification on HIPAA Rules regarding disclosures to family, friends and other people. In the aftermath of Hurricane Irma and Hurricane Maria, OCR issued a partial waiver of certain provisions of the … Read more

February Sees Dramatic Rise in Insider Healthcare Data Breaches

In its most recent healthcare data breach report. Protenus has indicated that the month of February witness a significant increase in insider healthcare data breaches. The February Breach Barometer report shows that there were 31 reported healthcare data breaches during February. Although that number is equal to January 2017, when a total of 31 healthcare … Read more

Highmark BCBS of Delaware Probes Data Break Impacting 19K People

Highmark BlueCross BlueShield of Delaware is probing a data break which has affected 19,000 payees of employer-paid health policies. The data break affects 2 contractors of Highmark BCBS – BCS Financial Corporation and Summit Reinsurance Services. Highmark BSBC director of secrecy as well as information supervision, Karen Kane, released a statement stating 16 former and … Read more

$475K Settlement for Late HIPAA Break Notice

The Division of Health and Human Services’ OCR has publicized the 1st HIPAA payment of current year. This is additionally the 1st settlement so far exclusively based on a needless delay to break notice after the revelation of patients’ safeguarded health info. Presence Health, among the biggest healthcare systems serving people of Illinois, has consented … Read more

UMass to Pay the Office for Civil Rights $650K to Settle HIPAA Breaches

The Division of Health and Human Services’ OCR has consented to a $650K agreement with University of Massachusetts Amherst (UMass). The agreement solves HIPAA breaches that caused the UMass undergoing a malware contagion in 2013. In early 2013, a malevolent program was set up on a computer terminal in the Center for Speech, Language, and … Read more

St. Joseph Health to make Payment of OCR $2.14 Million to Resolve HIPAA Case

The Division of Health and Human Services’ OCR has declared it has decided to resolve possible breaches of the HIPAA Security and Privacy Laws with St. Joseph Health (SJH). St. Joseph Health has to pay $2,140.50 to OCR and implement a corrective action plan (CAP) to bring procedures and policies up to the standard required … Read more

Assistance on HIPAA as well as Cloud Computing Released by HHS

The Division of Health and Human Services has issued revised advice on cloud computing and HIPAA to assist protected bodies to take benefit of the cloud devoid of endangering a HIPAA breach. The key emphasis of the help is the usage of cloud service providers (CSPs). CSPs which are lawfully independent bodies from a HIPAA-covered … Read more

$400K HIPAA Payment for BAA Failures

The Section of Human and Health Services’ OCR has stated it has concluded an agreement with Care New England Health System (CNE) to settle suspected breaches of the HIPAA. CNE should reimburse a financial fine of $400K and should implement a complete Corrective Action Plan (CAP) to tackle different parts of HIPAA defiance. Care New … Read more

Revised Safety Risk Evaluation Device Announced by ONC

OCR has a preference to resolve HIPAA conformity problems through voluntary conformity as well as non-punitive ways, even though financial fines are these days becoming more usual. If OCR detectives discover HIPAA breaches, financial fines might be imposed. Penalties of as much as $1.5 million can be imposed for each breach type found. Among the … Read more

Biggest Ever HIPAA Agreement: Advocate Health to Reimburse OCR $5.5 Million

Previous month, the Department of Health and Human Services’ OCR publicized 2 huge agreements with protected entities to settle suspected HIPAA breaches. Nevertheless, even the $2.7 million, as well as, $2.75 million settlements at UMMC and  OHSU  were not big as compared to the latest implementation case. OCR has just publicized it has consented to the … Read more

2.75 Million Dollar HIPAA Agreement Achieved with UMMC

Immediately after the 2.7 million HIPAA break agreement with OHSU comes news of one more multi-million-dollar agreement with one more university. The Division of Health and Human Services’ OCR declared four days ago that University of Mississippi Medical Center (UMMC) has consented to settle down suspected HIPAA breaches and will reimburse a monetary fine of … Read more

Oregon Health & Science Varsity to Pay The Office for Civil Rights $2.7 Million for 2013 Data Breaks

Oregon Health & Science University (OHSU) has consented to resolve a lawsuit with the Division of Health and Human Services’ OCR originating from 2 data breaks suffered in 2013. A fine of $2.7 million will be funded by OHSU to resolve suspected HIPAA breaches without confession of responsibility. The secrecy breaks happened soon after each … Read more

Philadelphia BA Agrees to $650K OCR Payment

The Division of Health and Human Services’ OCR issued particulars of a settlement which was concluded with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) on June 24, 2016.  CHCS has approved to settle down suspected HIPAA breaches with the Office for Civil Rights OCR as well as has approved to execute a … Read more

$1.55 Million HIPAA Agreement for Want of BAA as well as Risk Study Failures

The Division of Health and Human Services’ OCR has declared it has achieved an agreement with North Memorial Health Care of Minnesota on suspected HIPAA breaches from a 2011 data break. North Memorial has consented to pay $1,550,000 to OCR to settle down the HIPAA violation fees. After a PHI break reported on September 27, 2011, … Read more

HIPAA Business Associate Informs 31K Record Data Violation

Omaha-based Seim Johnson, a commercial partner of several healthcare providers in Nebraska and outside, has declared that one of its laptops was thieved in Nashville, Tennessee, revealing almost 31,000 healthcare patient files. The laptop had the protected health information of 30,972 healthcare patients, including 4,200 patients of Community Hospital in McCook, Nebraska. It’s not sure … Read more

Apple Health HIPAA Violation Affects 91K Medicaid Receivers

As per a statement released by Steve Dotson, HCA risk manager, a Washington State Health Care Authority (HCA) worker has breached the safeguarded health info of 91,000 Apple Health Medicaid package customers over a duration of nearly 3 years. All affected persons are being informed that their name, Social Security number, Apple Health ID number, … Read more

Two Employees Sacked for Jason Pierre-Paul HIPAA Violation

Earlier in July 2015, Jason Pierre-Paul, New York Giant football team member paid a visit to Jackson Memorial Hospital of Miami for medication following a fireworks mishap. News reports appeared soon after verifying Pierre-Paul had undergone a major hand damage. At the time of the disaster, the football player was discussing a new $60 million … Read more

Borgess Rheumatology Notifies 700 Patients of Mailing Mistake

Borgess Rheumatology has notified that 700 of its patients have been affected by a mailing mistake which happened on December 9, 2015. That revealed their PHI. Although no Social Security numbers or other extremely confidential data have been revealed, concerned patients have had their names as well as the truth that they get medical services … Read more

Survey Shows Law Companies are not Complying with HIPAA Regulations

The Health Insurance Portability and Accountability Act (HIPAA) deals with health insurers, healthcare providers, and healthcare clearinghouses, and all covered entities are required to comply with HIPAA Privacy, Security, and Infringement Announcement Laws. HIPAA additionally applies to vendors as well as other firms carrying out business with covered bodies, which are classified as HIPAA Business … Read more

ONC Publicizes Final 10-Year Interoperability Program

On Tuesday, the Office of the National Coordinator for Health IT announced the long-anticipated final 10-Year Interoperability Program. After the announcement of the draft form of the program in January 2015, the Office of the National Coordinator wanted remarks from interested parties. More than 250 remarks were received, which were utilized to fine- tune the … Read more

Existing Risk of Scam from 2012 Philadelphia Ambulance HIPAA Break

This week the Philadelphia Fire Department informed a data break involving 750 people who had utilized the ambulance facility in 2012. Three years before a worker of Intermedix, the company accustomed to managing the Fire Department’s data requirements, had been provided access to files; however, one worker utilized his data access rights to thieve financial … Read more

Indiana Attorney General Announces $12,000 HIPAA Penalty for Discarded PHI

The Indiana Attorney General’s Office has announced its first penalty for Health Insurance Portability and Accountability Act violations pursuant to part 13410(e) of the HITECH Act. The penalty of $12,000 was imposed on ex Kokomo dentist, Joseph Beck, for unlawfully throwing out of the Protected Health Information (PHI) of his patients. 63 boxes of private … Read more

Highmark Branch Visionworks Struck by 75K HIPAA Break

Highmark Inc., the Pennsylvania-based health Insurance business, has declared today that Visionworks, one of its branches, has misplaced a computer server having the medical files of roughly 75,000 patients. The medicinal information saved on the server contained particulars of patients’ trips to Visionworks optometrists, their lens recommendations and names as well as addresses. The HIPAA … Read more

Boston Business Associate Sacked Over 15K HIPAA Violation

MDF Transcription Services, a Business Partner of Boston Medical Center, has been sacked after a HIPAA breach that revealed the secret data of roughly 15,000 people when their information was publicized on an unsafe transcription website. The HIPAA breach wasn’t found by the hospital, but by a different healthcare provider who noted that information had … Read more

HIPAA Violations Cost Healthcare Industry $5.6 Billion a Year

A latest statement from the Ponemon Institute has emphasized the gravity of the danger from cyber-attacks and must serve as a notice to healthcare providers that they should improve data safety. The cost to the industry is substantial. Data violations are projected to cost the healthcare trade $5.6 billion a year, and that money might be put … Read more

Wellpoint Approves $1.7 Million Payment for HIPAA Breaches

Wellpoint is among the leading providers of Affiliated Health Policies, with nearly 36 million policy holders throughout the United States. Fraction of its databank of policy holders was accessible to illegal persons between October 23, 2009, and March 7, 2010. The safety infringement was brought to the notice of Wellpoint in March 2010 when a … Read more

Idaho State University Instructed to Pay $400K Settlement for HIPAA Violation

Disobeying HIPAA rules can incur severe fines, as found by Idaho State University this month. The organization has lately been compelled to settle down with the Division of Health and Human Services’ Office of Civil Rights for suspected breaches of the HIPAA Privacy Law. Penalties were issued for HIPAA non-compliance problems pertaining to inadequacies, network … Read more

HIPAA Comprehensive Rule Comes into Force

The HIPAA Comprehensive Regulation was printed on Jan 25, 2013, by the Division of Health and Human Services (HHS) like an improvement to the Health Insurance Portability and Accountability Act (HIPAA). The latest rule came into effect on March 26, 2013, and changes current HIPAA rules to provide greater safety of patient data; spreading the … Read more

Texas Lady Pleads Guilty to HIPAA Breaches

U.S. Lawyer John M. Bales has declared that Joneshia Cranford, a 33-year old inhabitant of Lufkin in the Eastern Region of Texas, has pleaded guilty to breaches of the Health Information Portability and Accountability Law of 1996. Cranford was accused of wrongly accessing the Safeguarded Health Info of patients at the healthcare establishment where she … Read more

Blue Cross Blue Shield to Reimburse HHS $1.5M for HIPAA Infringement

The Office for Civil Rights has accomplished its first implementation action developing from the HITECH Infringement Notice Rule and has penalized Blue Cross Blue Shield of Tennessee (BCBST) for breaching the Security and Privacy Regulations of the Health Insurance Portability and Accountability Law (1996). BCBST has currently bargained a disbursement with the HHS and will … Read more

Negligence in Business Associate Security Results in 20K Patient HIPAA Infringement

As per a New York Times story circulated this week, the health reports of 20,000 patients of Stanford University Hospital in Palo Alto, Calif., have been announced online and available to the public for nearly a year after a mistake was made by one of the hospital’s business partners. The hospital as well as its service provider – Multi-Specialty … Read more

Health Net Penalized 55K for Late HIPAA Infringement Notice

Health Net, Connecticut-based insurance firm is to pay a penalty of $55,000 to the Office of Vermont Attorney General for HIPAA disobedience and failing to safeguard the information of the state’s policyholders after a HIPAA data infringement that revealed the private health info of 1.5 million persons. The Health Insurance Portability and Accountability Act (1996) … Read more