HIPAA compliance and regulation
Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for safeguarding protected health information. Maintaining HIPAA compliance is essential to protecting patients and avoiding penalties and fines. Get the latest HIPAA news and learn strategies for compliance with HIPAA and other healthcare privacy and security regulations.
Top Stories
-
News
08 Oct 2024
HHS settles 2 investigations under HIPAA Security Rule
HHS imposed civil monetary penalties against two healthcare organizations following ransomware investigations and potential HIPAA Security Rule violations. Continue Reading
By- Jill McKeon, Associate Editor
-
News
26 Sep 2024
Proposed bill calls for minimum healthcare cyber standards
The Health Infrastructure Security and Accountability Act would require HHS to establish minimum healthcare cyber standards and remove the cap on fines under HIPAA. Continue Reading
By- Jill McKeon, Associate Editor
-
News
15 Jun 2022
ONC, OCR Release Updated Version of HHS Security Risk Assessment (SRA) Tool
Version 3.3 of the HHS Security Risk Assessment (SRA) Tool includes a new SRA Tool Excel Workbook to replace the legacy paper version. Continue Reading
By- Jill McKeon, Associate Editor
-
News
13 Jun 2022
OCR to Release Video on HITECH Recognized Security Practices
OCR announced plans to produce a pre-recorded video presentation on HITECH recognized security practices and is seeking relevant questions and comments from covered entities. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
10 Jun 2022
Common HIPAA Administrative Safeguards Under The HIPAA Security Rule
HIPAA administrative safeguards are crucial measures that all covered entities must consider under the HIPAA Security Rule. Continue Reading
By- Editorial Staff
-
News
08 Jun 2022
CHI, MGMA Respond to OCR’s RFI On Recognized Security Practices Under HITECH
The Connected Health Initiative (CHI) and MGMA both responded to OCR’s request for information by proposing several measures to ensure the effectiveness of HITECH. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
03 Jun 2022
Common HIPAA Physical Safeguards Under The HIPAA Security Rule
HIPAA physical safeguards are crucial to protecting electronic protected health information (ePHI) and are essential to maintaining HIPAA compliance. Continue Reading
By- Editorial Staff
-
Feature
20 May 2022
What is the HIPAA Privacy Rule?
The HIPAA Privacy Rule protects patient privacy while enabling the flow of health information. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
13 May 2022
What is the HIPAA Security Rule?
The HIPAA Security Rule requires covered entities and business associates to implement technical, physical, and administrative safeguards. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
03 May 2022
Misconceptions About HIPAA, Interoperability, Information Blocking
At the HealthITSecurity virtual summit, panelists discussed common misconceptions surrounding HIPAA, interoperability, and information blocking. Continue Reading
By- Jill McKeon, Associate Editor
-
News
07 Apr 2022
OCR Seeks Public Input on Penalties, Security Measures Under HITECH
OCR issued a request for information regarding HITECH’s recognized security practices and civil monetary penalty and settlement sharing sections. Continue Reading
By- Jill McKeon, Associate Editor
-
News
28 Mar 2022
OCR Announces Four HIPAA Enforcement Actions
OCR announced four HIPAA enforcement actions, two of which stemmed from OCR’s HIPAA Right of Access Initiative. Continue Reading
By- Jill McKeon, Associate Editor
-
News
21 Mar 2022
EHNAC, HITRUST Partner to Promote Security, Privacy Standards
EHNAC and HITRUST announced a partnership to promote the security and privacy of trusted networks while aligning with TEFCA requirements. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
11 Mar 2022
Your Responsibilities Under the HIPAA Breach Notification Rule
After experiencing a PHI breach, HIPAA-covered entities and business associates must comply with reporting requirements under the HIPAA Breach Notification Rule. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
21 Feb 2022
HIPAA Technical Safeguards: A Basic Review
It’s critical to review the requirements of HIPAA technical safeguards to ensure that your healthcare organization is compliant and able to keep PHI safe. Continue Reading
By- Editorial Staff
-
News
18 Feb 2022
Deadline to Report PHI Breaches Impacting Less Than 500 People Nears
March 1 is the deadline to report 2021 PHI breaches impacting less than 500 people to HHS under the HIPAA Breach Notification Rule. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
14 Feb 2022
What Is a HIPAA Business Associate Agreement (BAA)?
HIPAA-covered entities must have a business associate agreement (BAA) in place with each of their partners to maintain PHI security and overall HIPAA compliance. Continue Reading
By- Editorial Staff
-
News
11 Feb 2022
Legislators Introduce Bill to Modernize HIPAA, Health Data Privacy Laws
Two US Senators introduced the Health Data Use and Privacy Commission Act, aimed at modernizing outdated health data privacy laws. Continue Reading
By- Jill McKeon, Associate Editor
-
News
07 Feb 2022
Four Ways Covered Entities Can Ensure HIPAA Compliance
Staying HIPAA compliant helps covered entities remain secure and prevent health data breaches and costly fines. Continue Reading
By- SecureLink an Imprivata Company
-
News
02 Feb 2022
GAO Seeks Feedback on Healthcare Data Breach Reporting
The Government Accountability Office (GAO) is seeking feedback from HIPAA-covered entities on the healthcare data breach reporting process. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
20 Jan 2022
PCI Compliance Versus HIPAA Compliance In Healthcare
Maintaining PCI compliance and HIPAA compliance can help healthcare organizations protect all forms of patient data, from medical information to credit card numbers. Continue Reading
By- Jill McKeon, Associate Editor
-
News
03 Jan 2022
How Access Monitoring Protects Providers From Health Data Breaches
Access monitoring best practices are key for healthcare organizations to prevent data breaches before they happen. Continue Reading
By- SecureLink an Imprivata Company
-
News
21 Dec 2021
OCR Issues HIPAA Guidance Surrounding Extreme Risk Protection Orders
HIPAA covered healthcare providers can disclose PHI to support an extreme risk protection order, which prevents patients in crisis from accessing firearms. Continue Reading
By- Jill McKeon, Associate Editor
-
News
02 Dec 2021
OCR Settles 5 HIPAA Right of Access Cases
OCR announced the resolution of five HIPAA Right of Access cases, bringing the total number of enforcement actions to 25 since the HIPAA Right of Access Initiative began. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
18 Nov 2021
How to Implement a Cyber Incident Response Plan for Healthcare
Creating a comprehensive cyber incident response plan can help healthcare organizations maintain reputation and patient safety. Continue Reading
By- Jill McKeon, Associate Editor
-
News
16 Nov 2021
2 NJ Printing Companies Fined for HIPAA Violations, PHI Exposure
Two New Jersey printing companies agreed to pay $130,000 in fines for PHI exposure and potential HIPAA violations. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
16 Nov 2021
Status, Challenges of Information Blocking Rule Compliance
The Information Blocking Rule compliance deadline passed in April 2021, but questions about electronic health information sharing remain. Continue Reading
By- Jill McKeon, Associate Editor
-
News
25 Oct 2021
Ensuring Healthcare Industry Compliance with HIPAA in 2021
Healthcare compliance is set to change significantly with changes to HIPAA around patient access to health information and data sharing. Continue Reading
By- SAI360
-
Feature
15 Oct 2021
De-Identification of PHI According to the HIPAA Privacy Rule
The two HHS-approved methods for the de-identification of PHI can aid in clinical research while ensuring HIPAA compliance and patient privacy. Continue Reading
By- Jill McKeon, Associate Editor
-
News
11 Oct 2021
With A New Leader, OCR to Focus on Risk Analysis, HIPAA Enforcement
OCR’s appointment of a new director signifies a shift for the office and presents implications for the future of HIPAA enforcement and security and privacy regulations. Continue Reading
By- Jill McKeon, Associate Editor
-
News
04 Oct 2021
OCR Clarifies HIPAA Rules Surrounding Vaccination Status
OCR issued guidance emphasizing that the HIPAA Privacy Rule does not prohibit anyone from asking an individual about their vaccination status. Continue Reading
By- Jill McKeon, Associate Editor
-
News
04 Oct 2021
How Health Plans Must Prepare for Vendor Risk, Noncompliance
Covered entities and business associates must be in alignment about HIPAA compliance with new provisions coming into place Continue Reading
By- SAI360
-
News
01 Oct 2021
CA Extends Telehealth HIPAA Penalty Exemption Until End of PHE
Governor Newsom renewed an executive order offering certain HIPAA penalty exemptions for providers who administer telehealth throughout the PHE. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
17 Sep 2021
Key Differences Between PHI and PII, How They Impact HIPAA Compliance
Covered entities must understand the differences between PII and PHI to maintain HIPAA compliance and protect patient data. Continue Reading
By- Jill McKeon, Associate Editor
-
News
14 Sep 2021
OCR Settles 20th HIPAA Right of Access Case With Nebraska Hospital
Children’s Hospital & Medical Center in Nebraska paid an $80,000 civil monetary penalty to resolve the twentieth case under OCR’s HIPAA Right of Access Initiative. Continue Reading
By- Jill McKeon, Associate Editor
-
News
24 Aug 2021
Common Misconceptions About HIPAA and COVID-19 Vaccination Status
Asking someone about their COVID-19 vaccination status is not a HIPAA violation, despite prominent figures saying otherwise. Continue Reading
By- Jill McKeon, Associate Editor
-
News
23 Aug 2021
15 Years Later, Walgreens’ HIPAA Violation Case Raises Questions
Newly obtained internal emails revealed that OCR may not have known that its investigation into a Walgreens HIPAA violation was still open 10 years later. Continue Reading
By- Jill McKeon, Associate Editor
-
News
23 Aug 2021
Top HIPAA Right of Access Cases in 2021, So Far
As HIPAA turns 25, HHS’ Office of Civil Rights has been cracking down on HIPAA right of access enforcement to ensure individuals’ timely access to health records. Continue Reading
By- Jill McKeon, Associate Editor
-
News
20 Aug 2021
How Do New Patient Right of Access Policies Impact HIPAA?
Recent developments in patient right of access policies have experts uncertain about the future of HIPAA and data sharing practices. Continue Reading
By- Jill McKeon, Associate Editor
-
News
26 Jul 2021
LA Patient Privacy Incident Discloses COVID-19 Vaccine Status
The vaccination status of thousands of LA County employees was shared online. Continue Reading
By- Lisa Gentes-Hunt
-
News
07 Jul 2021
Data Breach Exposes One Medical Customer Email Addresses
Customers had their email addresses exposed during a recent data breach. Continue Reading
By- Lisa Gentes-Hunt
-
News
01 Jul 2021
Ohio Hospital HIPAA Violation Goes Unnoticed for Over a Decade
An employee of Aultman Health Foundation in Ohio accessed more than 7,000 EHRs over the past 12 years and was terminated for committing a HIPAA violation. Continue Reading
By- Jill McKeon, Associate Editor
-
News
02 Jun 2021
OCR Settles With West Virginia-Based DELC for HIPAA Right of Access Failure
Marking the nineteenth settlement under the HIPAA Right of Access Initiative, West Virginia-based specialist DELC paid OCR a civil monetary penalty and agreed to a corrective action plan. Continue Reading
By- Jessica Davis
-
News
25 May 2021
GAO: Insurers Limiting Coverage in Attack-Laden Sectors, Like Healthcare
Sectors experiencing an onslaught of cyberattacks, like healthcare, are facing another concerning challenge: Cyber insurers are limiting coverage for many embattled entities, GAO finds. Continue Reading
By- Jessica Davis
-
News
25 May 2021
OCR Settles with AEON Clinical for $25K Over Multiple HIPAA Failures
Peachstate Health, d/b/a AEON Clinical, will pay OCR $25,000 for possible HIPAA failures, following an audit into a 2015 data breach of the VA telehealth program managed by the business associate. Continue Reading
By- Jessica Davis
-
News
11 May 2021
HHS’ Proposed HIPAA Right of Access Changes: CHIME, ABHW Weigh in
In response to HHS requests for comments on proposed HIPAA rule changes, CHIME and ABHW raised privacy and security concerns, including Right of Access amendments. Continue Reading
By- Jessica Davis
-
News
05 May 2021
NIST Seeks Feedback on Guide to Implementing HIPAA Security Rule
Industry stakeholders are being urged to comment on proposed changes to the NIST HIPAA Security Rule resource guide, including its uses and applications. Continue Reading
By- Jessica Davis
-
News
27 Apr 2021
Breach Victims File Class Action Lawsuit Against Einstein Healthcare
In January 2021, Einstein Healthcare began its public notifications for a weeks-long email hack that occurred nearly six months earlier. The breach victims have since filed a class action lawsuit. Continue Reading
By- Jessica Davis
-
Answer
07 Apr 2021
COVID-19, Info Blocking Provisions: Time for HIPAA Compliance Checkup
ONC’s info blocking provisions went into effect on April 5, about one year from the COVID-19 nation emergency declaration, stressing the need for a HIPAA compliance checkup. Continue Reading
By- Jessica Davis
-
News
29 Mar 2021
OCR Settles With NJ Specialist for Over HIPAA Right of Access Failure
New Jersey-based specialist Village Plastic Surgery has agreed to pay OCR $30,000 to resolve a potential violation of the HIPAA Privacy Rule’s right of access standard. Continue Reading
By- Jessica Davis
-
News
25 Mar 2021
Arbour Hospital Pays OCR $65K Over HIPAA Right of Access Violation
The $65,000 settlement with Arbour Hospital is the seventeenth made by OCR under its HIPAA Right of Access Initiative, an agency compliance priority. Continue Reading
By- Jessica Davis
-
News
09 Mar 2021
HHS Extends Comment Period for HIPAA Privacy Rule Changes
Proposed in December, the HHS amendments to the HIPAA rule are designed to improve right of access requirements. The comment period has been extended due to high public interest. Continue Reading
By- Jessica Davis
-
News
17 Feb 2021
Patients Sue Wilmington Surgical For Netwalker Ransomware Data Leak
A lawsuit has been filed by patients impacted by a Netwalker ransomware attack on Wilmington Surgical Associates and the subsequent leak of 13GB of data in October. Continue Reading
By- Jessica Davis
-
News
15 Feb 2021
$70K OCR Penalty for Sharp Health Over HIPAA Right of Access Failures
Sharp HealthCare’s $70,000 civil monetary penalty with OCR is the sixteenth enforcement action under the HIPAA Right of Access Initiative and the second announced this week. Continue Reading
By- Jessica Davis
-
News
11 Feb 2021
Renown Health Pays OCR $75K for HIPAA Right of Access Failure
The $75,000 settlement with Renown Health becomes the fifteenth enforcement action brought under the OCR HIPAA Right of Access Initiative since its launch in 2019. Continue Reading
By- Jessica Davis
-
News
01 Feb 2021
OIG: VA Staff Hid Privacy, Security Risks of AI Health Data Project
Two VA employees hid and falsely represented the privacy and security risks of an AI project with a health vendor in 2016. VA pulled the contract before health data was shared. Continue Reading
By- Jessica Davis
-
News
20 Jan 2021
OCR Lifts HIPAA Penalties for Use of COVID-19 Vaccine Scheduling Apps
A new OCR enforcement discretion will allow providers to use online or web-based apps for scheduling COVID-19 vaccine appointments in good faith without the risk of a HIPAA penalty. Continue Reading
By- Jessica Davis
-
News
15 Jan 2021
Insurer Pays $5.1M OCR Penalty for Data Breach Involving 9.3M Patients
OCR settled with insurer Excellus Health Plan for $5.1 million and a corrective action plan, to resolve potential HIPAA violations following a 2015 patient data breach. Continue Reading
By- Jessica Davis
-
News
15 Jan 2021
Judge Vacates $4.3M OCR Penalty Against MD Anderson Over Data Loss
The MD Anderson Cancer Center has been appealing a $4.3M OCR HIPAA penalty over lost, unencrypted devices for two years; a judge vacated an earlier ruling, reducing the penalty by a factor of 10. Continue Reading
By- Jessica Davis
-
News
13 Jan 2021
Banner Health to Pay OCR $200K for HIPAA Right of Access Failures
One of the largest US health systems, Banner Health, reached a $200,000 settlement with OCR to resolve two separate patient complaints that alleged right of access failures. Continue Reading
By- Jessica Davis
-
News
11 Jan 2021
HIPAA Safe Harbor Bill Becomes Law; Requires HHS to Incentivize Security
On January 5, the President signed the HR 7898, HIPAA Safe Harbor Bill, into law, which amends the HITECH Act to require HHS to incentivize best practice security. Continue Reading
By- Jessica Davis
-
News
28 Dec 2020
OCR Guide on HIPAA-Compliant PHI Disclosures Via HIEs, Amid COVID-19
Recent OCR guidance sheds light on HIPAA-permitted disclosures of protected health information via HIEs for public health activities amid COVID-19. Continue Reading
By- Jessica Davis
-
News
28 Dec 2020
Elite Primary Care Pays OCR $36K for HIPAA Right of Access Violation
OCR announced a $36,000 settlement and corrective action plan with Elite Primary Care to resolve a HIPAA right of access failure; the thirteenth enforcement action made under the HHS initiative. Continue Reading
By- Jessica Davis
-
News
18 Dec 2020
OCR: Healthcare HIPAA Compliance Report Finds PHI Security Failures
While many covered entities and business associates met HIPAA-required breach notification compliance requirements, an OCR audit revealed a host of PHI security failures for most providers. Continue Reading
By- Jessica Davis
-
News
17 Dec 2020
FTC Reaches Settlement with SkyMed for 2019 Consumer Data, PHI Breach
FTC reached a settlement with SkyMed requiring the vendor to build a comprehensive security program, which will resolve issues stemming from a 2019 breach of consumer data, including PHI. Continue Reading
By- Jessica Davis
-
News
15 Dec 2020
Health IT Groups Laud Proposed Bill Incentivizing Best Practice Security
House E&C members passed a bill that amends the HITECH Act, requiring HHS to incentivize best practice cybersecurity and consider those efforts for enforcement purposes. Continue Reading
By- Jessica Davis
-
News
10 Dec 2020
HHS Proposes HIPAA Privacy Rule Changes, Improving Right of Access
HHS OCR released a set of proposed changes to the HIPAA Privacy Rule, which would bolster individuals’ right of access, reduce regulatory burden, and support care coordination. Continue Reading
By- Jessica Davis
-
News
24 Nov 2020
Final HHS Rules Provide Safe Harbor for Cybersecurity Tech Donations
CMS and HHS OIG finalized federal anti-kickback and Stark Law rules, which included provisions allowing health systems and hospitals to donate cybersecurity technologies to provider offices. Continue Reading
By- Jessica Davis
-
News
24 Nov 2020
Blackbaud Faces Another Lawsuit, as More Healthcare Victims Reported
Another lawsuit has been filed against Blackbaud following its massive breach involving hundreds of companies. At least six healthcare entities were added to the breach tally this month. Continue Reading
By- Jessica Davis
-
News
20 Nov 2020
Ohio Medical Center Pays OCR $65K for HIPAA Right of Access Failure
OCR reached a $65,000 settlement with the University of Cincinnati Medical Center, after failing to respond to a patient’s request for access to her medical records, as required by HIPAA. Continue Reading
By- Jessica Davis
-
News
12 Nov 2020
NY Specialist Pays OCR $15K for HIPAA Right of Access Failures
Rajendra Bhayani, MD, a New York specialist, is the eleventh provider to settle with OCR under its Right of Access Initiative. The enforcement action will resolve possible HIPAA failures. Continue Reading
By- Jessica Davis
-
News
12 Nov 2020
Medical Device Vendor Zoll Sues IT Firm Over Breach Affecting 277K
Barracuda Networks is being sued by its client Zoll, a medical device vendor, after a server migration error compromised the personal and medical data of 277,139 patients in 2018. Continue Reading
By- Jessica Davis
-
News
06 Nov 2020
OCR Settles with Psychiatric Provider for HIPAA Right of Access Violation
Riverside Psychiatric Medical Group settles with HHS OCR to resolve a potential HIPAA Right of Access violation. The $25,000 settlement is the tenth of the OCR patient access initiative. Continue Reading
By- Jessica Davis
-
News
05 Nov 2020
$350K Proposed Settlement Reached in Saint Francis Data Breach Lawsuit
Saint Francis Healthcare, which owns Ferguson Medical Group (FMG), reached a $350,000 lawsuit settlement with the 107,000 patients affected by a 2019 ransomware attack on FMG. Continue Reading
By- Jessica Davis
-
News
03 Nov 2020
Wakefern, ShopRite Pay New Jersey $235K for Fraud Act, HIPAA Violations
New Jersey reached a settlement with Wakefern Food Corp and two associated ShopRite supermarkets for $235,000 to resolve violations of HIPAA and the NJ Consumer Fraud Act. Continue Reading
By- Jessica Davis
-
News
02 Nov 2020
New Haven Pays OCR $202K for PHI Breach of 498 Patients, HIPAA Failure
OCR settled with New Haven, Connecticut following the breach of 498 patients in 2017, caused by failing to implement employee termination procedures, a potential HIPAA violation. Continue Reading
By- Jessica Davis
-
News
28 Oct 2020
Aetna to Pay OCR $1M Over 3 Patient Data Breaches, HIPAA Violations
The insurance giant Aetna agreed to pay HHS OCR $1 million and a corrective action plan to resolve three separate HIPAA violations that caused patient data breaches. Continue Reading
By- Jessica Davis
-
Answer
21 Oct 2020
Ensuring Transparency: Language to Avoid in HIPAA Breach Notifications
In the wake of a breach or ransomware, healthcare entities must be transparent with patients to protect privacy, prevent further crimes, and ensure compliance in HIPAA breach notifications. Continue Reading
By- Jessica Davis
-
News
16 Oct 2020
3 Compliance Considerations for HIPAA-Required Breach Response
With the rise in ransomware and other sophisticated cyberattacks, it’s crucial for providers to remain compliant with HIPAA guidelines when responding to a breach. Continue Reading
By- Jessica Davis
-
News
12 Oct 2020
NY Spine Settles with OCR for $100K Over HIPAA Right of Access Violation
OCR announced its ninth settlement under the HIPAA Right of Access Initiative. NY Spine Medicine will pay $100,000 after failing to provide a patient timely access to her medical records. Continue Reading
By- Jessica Davis
-
News
08 Oct 2020
Dignity Health to Pay OCR $160K for HIPAA Right of Access Failure
OCR has reached a settlement with Dignity Health for $160,000 over a HIPAA Right of Access failure, the eighth and largest penalty under its 2019 initiative. Continue Reading
By- Jessica Davis
-
News
01 Oct 2020
Treasury Dept: Ransomware Payment Facilitation Could Be Sanction Risk
COVID-19 spurred an increase in ransomware attacks. The Treasury Department warns entities against facilitating ransomware payments for breach victims and possible sanction risks. Continue Reading
By- Jessica Davis
-
News
01 Oct 2020
Anthem Settles with 44 States for $40M Over 2014 Breach of 78.8M
The multi-state coalition of 44 states and Washington, DC reached a settlement of nearly $40 million with Anthem to resolve the 2014 healthcare data breach impacting 78.8 million patients. Continue Reading
By- Jessica Davis
-
News
30 Sep 2020
Blackbaud Confirms Hackers Stole Some SSNs, as Lawsuits Increase
An SEC filing reveals hackers gained access to more unencrypted data than previously thought. Some of the millions of breach victims have filed lawsuits against the vendor in response. Continue Reading
By- Jessica Davis
-
News
28 Sep 2020
Premera Pays OCR $6.85M to Settle HIPAA Violations, Breach of 10.4M
An OCR audit into the 2015 Premera Blue Cross healthcare data breach impacting 10.4 million patients, found systemic noncompliance with HIPAA. The insurer will pay $6.85 million to settle with OCR. Continue Reading
By- Jessica Davis
-
News
24 Sep 2020
OCR Settles With Business Associate CHSPSC for $2.3 Over Breach of 6M
CHSPSC, a Community Health Systems business associate, reported a breach of 6 million patients in 2019. The OCR audit found longstanding, systemic noncompliance with HIPAA. Continue Reading
By- Jessica Davis
-
News
21 Sep 2020
Athens Orthopedic Pays OCR $1.5M Over Systemic HIPAA Noncompliance
The notorious hacking group “thedarkoverlord” hacked the Athens Orthopedic Clinic in 2016, posting patient data online. The OCR audit that followed revealed systemic HIPAA noncompliance. Continue Reading
By- Jessica Davis
-
News
21 Sep 2020
Patient Breach Victims File Lawsuits Against Assured Imaging, BJC Health
Pysa ransomware hackers posted patient data from Assured Imaging online, while BJC Healthcare fell victim to a massive phishing attack; the breach victims filed lawsuits in response. Continue Reading
By- Jessica Davis
-
News
15 Sep 2020
HIPAA Compliance: ONC Updates Security Risk Assessment Tool
The Security Risk Assessment (SRA) tool was designed in collaboration between ONC and OCR and is designed to help healthcare entities ensure compliance with HIPAA safeguards. Continue Reading
By- Jessica Davis
-
News
15 Sep 2020
OCR Settles with 5 Providers Over HIPAA Right of Access Violations
OCR closed investigations into HIPAA right of access violations at Housing Works, All Inclusive Medical Services, Beth Israel Lahey Health Behavioral Services, King MD, and Wise Psychiatry. Continue Reading
By- Jessica Davis
-
News
08 Sep 2020
Patient Data Privacy Lawsuit Against Google, UChicago Dismissed
A Judge ruled to dismiss the patient data privacy lawsuit brought against Google and UChicago, as the patient failed to adequately demonstrate what damages were caused by the partnership. Continue Reading
By- Jessica Davis
-
News
26 Aug 2020
OCR: IT Asset Inventory Can Improve HIPAA-Required Risk Analysis
In its summer newsletter, OCR outlines best practice IT asset inventory steps to help healthcare entities improve their risk analysis as required under the HIPAA Security Rule. Continue Reading
By- Jessica Davis
-
News
28 Jul 2020
Lifespan to Pay OCR $1.04M HIPAA Penalty For Unencrypted Laptop Theft
Lifespan will pay a $1.04M civil monetary penalty over the theft of an unencrypted laptop in 2017. An OCR audit found "systemic noncompliance” with elements of the HIPAA rule. Continue Reading
By- Jessica Davis
-
News
24 Jul 2020
OCR Settles with Small Provider for $25K Over Multiple HIPAA Violations
Metropolitan Community Health Services, DBA Agape Health, reported a breach affecting 1,263 patients in 2011. The OCR audit into the incident found several longstanding HIPAA violations. Continue Reading
By- Jessica Davis
-
News
13 Jul 2020
SAMHSA Revises Privacy Rule 42 CFR Part 2 for Substance Use Patients
A year after asking for industry comment, HHS SAMHSA has adopted revisions to the Health Privacy Rule Part 42 CFR designed to fuel care coordination and maintain patient privacy. Continue Reading
By- Jessica Davis
-
News
02 Jul 2020
$185K Proposed Settlement Reached in Grays Harbor Data Breach Lawsuit
Grays Harbor Community Hospital and Harbor Medical Group was hit with a ransomware attack in June 2019, where hackers demanded a $1 million ransom; the proposal will settle claims of negligence. Continue Reading
By- Jessica Davis
-
News
01 Jul 2020
Inadequate Security, Policies Led to LifeLabs Data Breach of 15M Patients
An audit into LifeLab’s 2019 massive data breach by B.C. and Ontario privacy commissioners found the testing giant collected more PHI than necessary and lacked adequate security policies and procedures to protect patient data. Continue Reading
By- Jessica Davis
-
News
29 Jun 2020
UnityPoint Health Reaches $2.8M Settlement Over 2018 Data Breach
After two years of litigation and a partial dismissal, UnityPoint Health has reached a proposed $2.8M settlement with the 1.4 million patients impacted by two phishing-related data breaches. Continue Reading
By- Jessica Davis
-
News
23 Jun 2020
Judge Sends Episcopal Health Data Breach Lawsuit Back to State Court
Citing a lack of standing for a federal lawsuit, a New York federal judge sent a data breach lawsuit against Episcopal Health down to state court as the allegations fall under HIPAA. Continue Reading
By- Jessica Davis
-
News
15 Jun 2020
OCR Shares COVID-19 Guide on Contacting Patients for Blood Donations
In light of COVID-19, OCR reminds healthcare providers that HIPAA allows covered entities to contact patients recovering from the Coronavirus to inform them about blood and plasma donations. Continue Reading
By- Jessica Davis
-
News
12 Jun 2020
Community Care Patients Sue Accounting Firm Over Data Breach
BST, the accounting firm for Community Care Physicians, was targeted by Maze ransomware in December. One of the 170,000 patients impacted by the breach has sued BST, citing negligence. Continue Reading
By- Jessica Davis
-
News
03 Jun 2020
Aveanna Healthcare Faces Lawsuit Over Monthlong Data Breach
Patients have filed a lawsuit against Aveanna Healthcare over a monthlong data breach, alleging the provider lacked adequate security and failed to provide timely notice, among other claims. Continue Reading
By- Jessica Davis