Kaiser Permanente Health Plan Inc. is informing 13.4 million people about disclosing some of their personal information to third parties including X (Twitter), Microsoft (Bing), and Google due to the use of tracking codes on its web pages and applications. This is the...
Data Breach Reports by American Healthcare Systems, Rutgers Robert Wood Johnson Medical School and Cherry Health Services
American Healthcare Systems and Rutgers Robert Wood Johnson Medical School have spotted email incidents due to the unauthorized access/disclosure of patient information, while Cherry Health Services suffered a ransomware attack. Email Security Incident at Randolph...
Cyberattack on Greylock McKinnon Associates and Group Health Cooperative of South Central Wisconsin
Medicare Data Compromised in Boston Consulting Agency Data Breach A data breach at Boston consulting agency, Greylock McKinnon Associates, Inc., (GMA) affected 341,650 persons. Based on the GMA breach notification, the agency discovered a security incident on May 30,...
West Caldwell Care Center to Pay $100,000 CMP to Settle HIPAA Right of Access Violation
The HHS Office for Civil Rights issued one more financial penalty for a HIPAA Right of Access violation. Essex Residential Care, LLC, also known as Hackensack Meridian Health, West Caldwell Care Center in New Jersey, was directed to pay a $100,000 civil monetary...
Avem Health Partners and Roper St. Francis Healthcare Opted to Settle Data Breach Lawsuits
Avem Health Partners Pays $1.45 Million to Settle Class Action Data Breach Lawsuit Avem Health Partners agreed to pay a $1.45 million settlement to settle claims associated with a 2022 data breach affecting the protected health information (PHI) of 271,303 persons....
63% of Identified Exploited Vulnerabilities are in Hospital Networks
Each regular U.S. hospital has 10 to 15 medical devices, so this means a 1,000-bed hospital can have about 15,000 medical devices, which considerably increases the attack surface. Medical devices may include clinical IoT devices, imaging devices, and surgery devices....
ComplianceJunction HIPAA Training Receives Accreditation from SCCE, Offers 2.6 CEUs to Healthcare Workers
ComplianceJunction's training course, "HIPAA Training for Organizations," has recently received accreditation from the Society of Corporate Compliance and Ethics (SCCE). The SCCE supports compliance and ethics professionals across the industry as part of the...
UnitedHealth Group’s Financial Assistance Program and HIPAA Compliance Investigation of Change Healthcare
Financial Assistance Program Offered by UnitedHealth Group On March 8, 2024, about 2 weeks after the ransomware attack on Change Healthcare, UnitedHealth Group presented a schedule on when it is trying to have its systems and services available. UnitedHealth Group...
Data Breach Reports by Santa Clarita Community College District, Mental Health Center of North Central Alabama, and Cogdell Memorial Hospital
87,000 Patients Impacted by Cogdell Memorial Hospital Cyberattack On October 10, 2023, Cogdell Memorial Hospital based in Snyder, TX, found abnormal activity in its computer network. After securing its network, a third-party cybersecurity agency looked into the...
Green Ridge Behavioral Health Ransomware Attack and Empress Ambulance Service Lawsuit Settlement
Ransomware Attack on Green Ridge Behavioral Health Results in HIPAA Penalty The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled an alleged Health Insurance Portability and Accountability Act (HIPAA) violations with a behavioral...
HIPAA Audit Program Review and Approved Texting of Patient Data and Patient Orders
OCR Wants Opinions to Develop HIPAA Audit Program The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is having a HIPAA Audit Review Survey and is looking for comments from entities that need to undertake HIPAA compliance audits to get data...
Medical Center Settles Alleged Privacy Rule Violations for $80,000
St. Joseph’s Medical Center in Yonkers, NY, has agreed to settle alleged Privacy Rule violations for $80,000 and must comply with a corrective action plan to address the cause of the alleged violations – namely that members of the workforce impermissibly allowed a...
Lack of HIPAA Cybersecurity Training Contributes Towards $350,000 Violation Settlement
The lack of HIPAA cybersecurity training at a NY-based home health company has contributed to the company being fined $350,000 by the NY State Attorney General as part of a wide-ranging settlement agreement that includes a thorough overhaul of the company’s security...
Patients Concerned About Health Information Privacy
An American Medical Association (AMA) patient privacy survey has confirmed that patients are worried that their healthcare data is no longer being kept private and confidential. More must be done to protect medical information and strengthen trust. Virtually every...
New Report Further Strengthens Correlation between Cyberattacks and Increased Patient Mortality
The new report from Proofpoint not only provides further evidence of a correlation between cyberattacks and increased patient mortality but also suggests healthcare organizations are better prepared and more resilient against security incidents. In 2018, Dr. Sung Choi...
OCR Proposes HIPAA Changes to Prohibit PHI Disclosures to Law Enforcement for Abortion Prosecutions
The Department of Health and Human Services’ Office for Civil Rights (OCR) has proposed an update to the HIPAA Privacy Rule to strengthen protections for reproductive health care data and bolster patient-provider confidentiality. The proposed update is in response to...
OCR Confirms COVID-19 HIPAA Flexibilities will End on May 11, 2023
The Secretary of the Department of Health and Human Services will not be renewing the COVID-19 Public Health Emergency (PHE), which is set to expire at 11:59 pm on May 11, 2023. That means the four Notices of Enforcement Discretion issued by the HHS’ Office for Civil...
OCR Announces Plan to Address Backlog of Compliance Investigations
The Department of Health and Human Services’ Office for Civil Rights received more than 51,000 complaints in 2022 about violations of the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health...
Aveanna Healthcare Consents to $425,000 Judgement for Phishing Susceptibility
In July 2019, members of the workforce at Aveanna Healthcare were targeted with more than 600 phishing emails from an unknown source, attempting to trick the recipients into disclosing login credentials and other sensitive information. Many of the phishing emails were...
OCR Releases Video Explaining Recognized Security Practices Under HITECH
In January 2021, an amendment to the HITECH Act was enacted by Congress that required the Secretary of the Department of Health and Human Services to consider the “Recognized Security Practices” that have been implemented by a HIPAA-regulated entity when making...
$875,000 Penalty Paid by Oklahoma State University to Resolve Multiple HIPAA Violations
A hacking incident reported by Oklahoma State University – Center for Health Sciences (OSU-CHS) in January 2018 was investigated by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) which identified violations of 7 provisions of the...
OCR Fines 11 HIPAA-Covered Entities for HIPAA Right of Access Violations
The HHS’ Office for Civil Rights has announced it has resolved 11 more cases involving violations of the HIPAA Right of Access. 10 of the cases were settled with OCR, and one Civil Monetary Penalty was imposed due to the lack of cooperation with OCR and the failure to...
Biden Issues Executive Order on Protecting Access to Reproductive Healthcare Services
President Biden has issued an Executive Order on Protecting Access to Reproductive Healthcare Services following the Supreme Court decision that overturned Roe v. Wade. According to the Supreme Court, there is no right to abortion in the Constitution of the United...
Senators Call for HHS to Change HIPAA Privacy Rule Following Dobbs Ruling
Two U.S. senators have written to Xavier Becerra, Secretary of the Department of Health and Human Services, requesting a change to the HIPAA Privacy Rule in the wake of the decision of the Supreme Court (SCOTUS) in Dobbs v. Jackson Women’s Health Organization and the...
Supreme Court Decision on Abortion Rights Prompts OCR to Issue Reminder About Health Information Privacy
The HHS’ Office for Civil Rights (OCR) has recently issued guidance on HIPAA and explained how HIPAA protects the privacy of individuals’ reproductive health information following the decision of the U.S. Supreme Court in Dobbs v. Jackson Women's Health Organization,...
OCR to Implement Mechanism for Obtaining Feedback on HIPAA Breach Reporting Process
The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 introduced new breach reporting requirements for HIPAA-regulated entities and called for the Secretary of the Department of Health and Human Services to create a mechanism for...
Investigation Suggests HIPAA Violations by Hospitals That Transfer Website Patient Data to Facebook
Hundreds of U.S. hospitals may be violating the Rules of the Health Insurance Portability and Accountability Act (HIPAA) by including the Meta Pixel tool on their websites, according to an investigation conducted by The Markup/STAT. The revelation has also sparked a...
Version 3.3 of the HHS Security Risk Assessment Tool Released
A new version of the HHS Security Risk Assessment (SRA) Tool has been jointly developed by the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR). A...
OCR to Release Video Presentation to Improve Education on Recognized Security Practices under HITECH
In January 2021, the Health Information Technology for Economic and Clinical Health (HITECH) Act was amended (under Public Law 116-321) to require the Department of Health and Human Services to take any recognized security practices into account when investigating...
OCR Seeks Comments on Changes to HIPAA Enforcement Practices
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is seeking public comment on the HITECH Act requirements for sharing HIPAA penalties with harmed individuals and the implementation of the HIPAA Safe Harbor for entities that adhere to...
Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.
COMPREHENSIVE HIPAA TRAINING
Used in 1000+ Healthcare Organizations and 100+ Universities
Privacy is key to everything that we do at J Flowers Health Institute. We require the highest data privacy standards in our daily operations between our team members and patients. The HIPAA compliance and cyber security training we provide to our teams with ComplianceJunction creates enormous value for our organization.
Kevin DeLoach
Chief Operating Officer
J. Flowers Health Institute