The Allina Health System Minneapolis Isles clinic has notified around 6,000 patients of a breach of their Protected Health Information (PHI). The clinic, located at 2800 Hennepin Avenue, found instances of improper PHI disposal had occurred after documents including...
The Office for Civil Rights recently release its first financial penalty to an organization that experienced a data violation after its staff responded to a phishing campaign. The case lead to The University of Washington Medicine agreeing to a $750,000 fine to settle...
New cybersecurity measures specifically for the healthcare industry have been added to the Omnibus bill signed into law by Congress late last week. The aim of their inclusion is to help healthcare organizations tackle the growing danger of cyberattacks, and supply...
TigerText, the largest supplier of secure text messaging solutions, has revealed the its latest initiative, TigerText Anywhere: A HIPAA compliant secure texting app for desktop computing. TigerText’s HIPAA compliant text message platform has already been a great...
The Department of Health & Human Services Office of Inspector General has recently published the results of information system reviews conducted on three Californian Medicaid managed-care organizations (MCOs), revealinf numerous, significant security...
Day Pitney LLP has launch of a new HIPAA Self-Assessment Tool just before of the second round of Dept. Health and Human Services’ Office for Civil Rights HIPAA-compliance audits. The law firm, with approximately 300 attorneys in it its Connecticut, New Jersey, New...
University of Washington Medicine has agreed to settle a HIPAA fine of $750,000, for potential HIPAA violations with the Department of Health and Human Services’ Office for Civil Rights, arising from a 90,000-record data breach experienced in 2013. There has been an...
An HIPAA fine of $15,000 has been issued by the attorney general to University of Rochester Medical Center for a breach of patient privacy that happened in March, 2015. It is not only the Office for Civil Rights that issues financial penalties for violations of HIPAA...
The Department of Health and Human Services’ Office for Civil Rights has agreed a HIPAA violation fine of $3.5 million with Puerto Rico Blue Cross Blue Shield licensee Triple S Management Corporation. This is the second HIPAA violation fine to be revealed in the space...
Following a data breach that occurred back in 2011, the HHS has revealed that Lahey Hospital and Medical Center has agreed to settle a case with the Office for Civil Rights (OCR) over alleged HIPAA violations for $850,000. Lahey Hospital and Medical Center has agreed...
A legal case has been filed by the Texas attorney general’s office against Alliance Health Management & Consulting Inc., for the improper disposal of Protected Health Information (PHI) of patients. The home healthcare management company is no longer operating,...
This week a case against University of Cincinnati Medical Center (UCMC) was presided over by Judge Jody Luebbers in the Hamilton County Common Pleas Court in relation to the posting of Protected Health Information of a patient on social media. The incident that lead...
Following the 2012 theft of a laptop computer containing the unencrypted data of 8,883 Connecticut residents, Hartford Hospital – and one of its Business Associates, EMC Corporation (EMC) – have agreed to a settlement with the Connecticut Office of the...
Boston US Attorney’s Office has revealed that a unit of pharmaceutical company Warner Chilcott has agreed to plead guilty to healthcare fraud, and will be required to pay $125 million to resolve civil and criminal liability. The legal case against the pharmaceutical...
As part of Phase IV of the CAQH® CORE® Operating Rules, the CAQH® Committee on Operating Rules for Information Exchange (CORE®) recently approved new national rules for electronic HIPAA transactions. These new rules for electronic HIPAA transactions govern four groups...
The Workgroup for Electronic Data Interchange (WEDI) has developed two new resources to help groupsput in place the new ICD-10 codes required by the Health Insurance Portability and Accountability Act (HIPAA). The new resources, ICD-10 State Workers’ Compensation...
The newly appointed Deputy Director for Information Privacy at the Department of Health and Human Services’ Office for Civil Rights has been adjusting to her new role at the OCR since her appointment earlier this year, but until recently she has not given spoken to...
Cancer Care Group, an Indiana-based radiation oncology private physician practice, has agreed to settle with the Department of Health and Human Services’ Office for Civil Rights for $750,000, for potential HIPAA breaches relating to a 2012 data violation. In August...
Fitbit, America’s leading producer of activity and fitness trackers, announced it has developed a HIPAA compliant wellness platform which it should corner the lucrative healthcare market. The company has dabbled with health and fitness trackers for the healthcare...
The VA Office of the Inspector General (OIG) has recently issued the findings of its administrative examination of into improper web-based collaboration technology by the Department of Veteran Affairs (VA). It found the agency is particularly vulnerable to data...
The Federal Communication Commission (FCC) has released a Declaratory Ruling and Order to clarify the rules in relation HIPAA and patient telephone calls. Some healthcare providers have had difficulty understanding the rules regarding HIPAA and patient telephone...
This week, the Vice President and Deputy Director of the American Hospital Association (AHA) sent a correspondence to the Centers for Medicare & Medicaid Services (CMMS) revealing concern over the implementation of Health Plan Identification numbers (HPIDs) and...
Being compliant with HIPAA Privacy and Security Rules can be a challenge for all organizations, regardless of size. However, smaller healthcare providers tend to have more issues. Budgets tend to be tighter, and a lack of suitable staff means progress is slow. This...
In May, The University of Rochester Medical Center experience a data violation after a member of staff took the Protected Health Information (PHI) of patients to a new employer, The employee in question, who was trying to ensure continuity of patient care, was a...
A recent ePHI data security audit completed by the New York Office of the State Comptroller has seen Roswell Park Cancer Institute pass with no HIPAA violations identified. The healthcare provider was commended for the effort it has put in to protecting the privacy of...
Two employees who retained the Protected Health Information (PHI) of patients after their employment at Arkansas Children’s Hospital was terminated, did not violate the Health Insurance Portability and Accountability Act (HIPAA) according to a rulign made by the U.S...
The FCC has recently clarified it the rules regarding HIPAA and patient telephone calls, but fails to properly consider automated telephone calls. There has been some confusion reported by healthcare authorities over the rules regarding HIPAA and patient telephone...
Electronics giant Samsung has yet to issue a fix for a a security vulnerability existing on Samsung Galaxy devices, 7 months after the company was first alerted to it. A hacking vulnerability affecting S3 to S6 models of Samsung Galaxy phones was identified that...
Deven McGraw been appointed to the role of Deputy Director of Health Information Privacy, and must get the agency auditing, advising and enforcing as it is supposed to be. Ms McGraw will be filling the role left vacant by departure of Susan McAndrew, who retired last...
A survey recently released by Healthcare Information Security Today (HIST) shows many Covered Entities (CEs) are making the same compliance errors that were uncovered during the initial phase of audits. It has been three years since the OCR finished the pilot phase of...
Microsoft has revealed it will be stopping ceasing patches and software updates for Windows Server 2003 on July 15, 2015. Any HIPAA-covered body that is still running the defunct software on any of its servers after this date will be in violation of the HIPAA Security...
A lack of a appropriate workforce with appropriate skills to improve cybersecurity defenses is leading many CISOs and CIOs to look outside their organizations for assistance. Businesses and healthcare suppliers are now increasingly hiring third party consultants and...
A former business owned by Crown Point Medical Tests has breached the Health Insurance Portability and Accountability Act (HIPAA) after it did not securely dispose of files containing the Protected Health Information (PHI) of at least 167 people. The victims had...
Cybercriminals are stealing healthcare IT devices to gain access to Protected Health Information (PHI) so they can can make false insurance claims, apply for credit, and obtain medical prescriptions and services. This is one of many ways that data is obtained to...
North Dakota and Nevada have updated their breach notification laws this year, joining the growing list of states to do so. In May 2017, new laws were passed to tighten up the legislation and expand “personal information” definitions, with the two states following the...
The Department of Health and Human Services’ Office for Civil Rights has confirmed – to Fierce Health IT – that its preliminary HIPAA surveys have now been issued, marking the start of the 2015 HIPAA compliance audits. In a recent article in the National Law Review,...
A Business Associate (BA) of the University of Pittsburgh Medical Center has issued a notification to the healthcare center, and many other clients, of a HIPAA breach caused by a member of staff. The now former staff member is accused of having stolen the records of...
The following article considers the use, benefits and disadvantages of e-signatures in the healthcare industry, and whether they are compliant with HIPAA rules. The increasing utilisation of digital signatures in the healthcare industry increases the efficiency of...
The Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) reqiores that all covered bodies put in place the appropriate administrative, physical and technical safeguards to keep PHI secure. Failure to adopt those basic minimum...
Calculating the cost of a HIPAA data violation is not a simple process, at least not until a number of years after a data breach happened. Corrective actions must be taken following a data breach, and the cost of notification and damage mitigation can escalate....
According to HIPAA Rules, healthcare providers and other covered entities (CEs) are allowed to use the Protected Health Information (PHI) of patients – and share this data with others – provided that this data has been de-identified. It must not be possible for PHI...
Protected Health Information (PHI) is kept secure under Health Insurance Portability and Accountability Act Rules, which requires adherence from covered entities (CEs) to put in place a number of controls to ensure that healthcare data is not disclosed to...
The second round of HIPAA compliance audits have yet to commence, the last round was in 2012, but they are supposedly returning and will be bigger and bolder than before. The Department of Health and Human Services’ Office for Civil Rights (OCR) indicated to...
Microsoft Office 365 cloud services for the healthcare industry has been awarded the highest possible HITRUST CSF rating – achieving a maximum score of five – in a certification review of its security and privacy controls begun by Centura Health. The Health...
Law firm, Day Pitney LLP, has released a warning to healthcare workers to be careful when disclosing Protected Health Information, even when asked to supply medical records to attorneys under subpoena. A Connecticut Supreme Court ruling in November 2014 allowed a...
The last month has seen one HIPAA data breach affecting 150,000 individuals and another where affecting 11 million individuals. Both incidents have were experienced this month, with the most recent large data breach affecting almost three times the number of...
An Illinois house committee will be meeting soon to debate the privacy issues raised by the installation of web based video cameras in nursing home residents’ bedrooms and how HIPAA Rules and the Wiretap Act regulations can be complied with, according to a recent CBS...
The Health Insurance Portability and Accountability Act of 1996 is one of the most important pieces of legislation in recent years in regard to the healthcare industry. In spite of its importance, many healthcare providers and insurers remain unaware of many HIPAA...
Government department heads and industry leaders will be attending the 23rd National HIPAA Summit to give updates on the work that has been completed in the last year and to provide information on new legislation and regulations. The summit also offers the chance for...
The Medical College of Wisconsin has release a statement revealing that a data breach suffered has affected approximately 400 of its patients. WDJT Milwaukee, an affiliate of CBS, was contacted on Feb 28, 2015 by a spokesperson for the Medical College of Wisconsin...
The Aventura HIPAA breach, discovered in June 2014, has lead to a lawsuit being filed by a patient of the hospital, according to a Courthouse News Service report. The lawsuit was taken by Aventura patient, Kellie Lynn Case, in the Miami Federal Court. She is claiming...
Recent progress in technology have allowed wearable devices to be developed to monitor health and fitness, and while these gadgets, monitors and sensors can significantly improve healthcare, they also carry a great danger of HIPAA violation. Over the past year the...
Late last week the Senate Health, Education, Labor and Pensions committee revealed thathealthcare IT security is to be addressed and that it will “take up the matter as part of a bipartisan review of health information security”. The Associate Press Agency reports...
The deadline for making security breaches, affecting less than 500 people, from 2014 known is coming in the next three weeks. Any healthcare supplier or other covered entity that has not filed all 2014 breach reports must ensure they have all beensubmitted – and are...
The HHS has reacted to a letter sent by Representative Peter DeFazio (D-OR) asking for greater transparency on HIPAA Rules relating to the mobile health industry, and has confirmed that the OCR will be working more closely with the industry to ensure HIPAA Rules are...
The App Association (ACT) – an advocacy and educational group set up to represent mobile app developers – recently wrote to the Office for Civil Rights seeking clarification on HIPAA privacy rules, and how they apply to mobile developers. Developers are eager...
The Health IT Policy Committee’s Privacy and Security Workgroup has been reviewing a number of Big Data issues affecting the privacy and security of patients after two public hearings conducted by the organization in December 2014. The focus the working group to make...
After the success of its HIPAA Enterprise Platform, Caspio has revealed it will now be offering HIPAA Compliant Professional Services for App Development, Caspio, a major cloud platform provider, offers its platform-as-a-service to businesses and groups in the public...
January 1 normally sees many announcements from hospitals around the country advising the public of the first babies to be born in the New Year; however 2015 has seen less hospitals opting to make the announcements. Many healthcare suppliers have made the decision not...