The University of Massachusetts Amherst (UMass) has agreed to a $650,000 settlement with The Department of Health and Human Services’ Office for Civil Rights (OCR) . The settlement resolves HIPAA breaches that contributed to the university suffering a malware...
The Health Information Trust Alliance and the Electronic Healthcare Network Accreditation Commission (EHNAC) and t(HITRUST) have revealed a new collaboration. The aim is to lessen – and hopefully completely prevent – redundant assessments and their associated...
St. Joseph Health (SJH) has agreed, with the Department of Health and Human Services’ Office for Civil Rights, to settle potential violations of the HIPAA Privacy and Security Rules for the sum of $2.14 million. SJH is required to pay the figure to OCR and adopt a...
The Department of Health and Human Services has issued updated guidance on HIPAA and healthcare cloud computing to help covered bodies use the cloud without risking a HIPAA breach. The main emphasis of the guidance is the use of cloud service providers (CSPs). Cloud...
The Privacy and Security Rules of the Health Insurance Portability and Accountability Act (HIPAA) place a number of requirements on healthcare organizations and other covered entities, such as stipulating allowable uses and disclosures of Protected Health Information...
Following the violation of the privacy of patients WakeMed Health and Hospitals has been ordered to pay a fine of $70,000 by a North Carolina Bankruptcy Court. The violations happened when submitting proofs of claim to the bankruptcy court. Documents were filed...
OCR normally to settles HIPAA compliance issues through voluntary compliance and non-punitive means, although financial penalties are now becoming more the norm. If OCR investigators find HIPAA violations, financial penalties may be issued. Fines of up to $1.5 million...
The investigation into the 2015 Bizmatics data breach by the Department of Health and Human Services’ Office for Civil Rights has closed. The breach, which was identified in late 2015, affected many of the company’s clients. It was found that the malware was...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed it will be increasing the amount of investigations of small PHI breaches with immediate effect. violations impacting less than 500 individuals will now be subjected to tighter...
A major number of cases of abuse of nursing home and assisted living center residents have been seen recently. The cases have seen the taking of degrading and demeaning photographs and videos of residents by employees of nursing centers, and sharing the photos and...
In 2016, WTHR 13 carried out an investigation into the improper disposal of sensitive data by pharmacies. The investigation was initiated following a theft that took place at the home of an Indiana resident. A drug addict targeted the person knowing that she had pain...
A former staff member of Tampa General Hospital has been convicted of wrongful disclosure of individually identifiable health information and wire fraud. Shanakia Benton was accused of illegally obtaining the protected health information of patients during the time...
In a recent report released by the Department of Health and Human Services’ Office of Inspector General, a third of hospitals do not have sufficient HIPAA-compliant EHR contingency plans in place, although the majority are “largely addressing” HIPAA requirements for...
Following the 2.7 million HIPAA breach settlement with Oregon Health & Science University is news of yet another multi-million-dollar settlement with another university. The Department of Health and Human Services’ Office for Civil Rights revealed two days ago...
In recent years, there has been a substantial increase in the number of cyberattacks on healthcare organizations with the aim of obtaining PHI. It has proven profitable for hackers to conduct attacks on healthcare organizations and sell the data on the black...
Oregon Health & Science University (OHSU) has agreed to settle a case with the Department of Health and Human Services’ Office for Civil Rights which arose from two data breaches suffered in 2013. A penalty of $2.7 million will be paid by OHSU to settle alleged...
Cyberattacks on healthcare groups are now commonplace and, as long as it is profitable for hackers to attack healthcare organizations, the cyberattacks will continue. Given the number of healthcare data violations now being reported, it is evident that the healthcare...
Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) has agreed to settle alleged HIPAA violations with the OCR and has agreed to put in place a Corrective Action Plan (CAP). CHCS will also pay a financial fine of $650,000. CHCS is the sole...
Recently an officer from the Indianapolis Metropolitan Police Department (IMPD) found a number of medical records in a recycling dumpster, accessible to the public, in Broad Ripple Park, Indianapolis. A quantity of confidential documents were located in file folders...
Recently, the head of the House Select Investigative Panel tasked with reviewing the trade of baby body parts by abortion clinics corresponded with the director of the Department of Health and Human Services’ Office for Civil Rights asking an investigation into...
In a recent ruling the Department of Health and Human Services’ Office for Civil Rights (OCR) found that a former town administrator of Townsend, MA., violated the HIPAA Privacy Rule in June last year. This occurred when he posted an “information packet” online...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has fined New York Presbyterian Hospital (NYP) $2.2 million for permitting patients to be filmed for a TV show without receiving prior permission from the patients. In 2011, an ABC crew was...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed a compensation settlement has been agreed with Raleigh Orthopaedic Clinic, P.A., of North Carolina over alleged breaches of HIPAA Rules. Raleigh Orthopaedic has agreed to pay OCR...
A legal case has been initiated in Federal Court in San Jose, California by cancer patients who claim they have had their privacy violated after visiting the websites of cancer institutes. The plaintiffs allege that the websites of some cancer institutes contain...
Data violation notification laws in Tennessee have been reviewed to better protect state residents. The new law requires organizations to issue breach notifications to state residents more quickly, while the range of information covered has been widened. When the new...
Feinstein Institute for Medical Research has settled potential HIPAA violations for $3.9 million with the Department of Health and Human Services’ Office for Civil Rights. This is the second largest settlement penalty agreed with OCR, just below the $4.8 million...
The Department of Health and Human Services’ Office for Civil Rights has revealed it has reached a settlement with North Memorial Health Care of Minnesota over what is claimed were HIPAA violations arising from a 2011 data breach. North Memorial has agreed to pay...
The Office for Civil Rights encourages suggestions from HIPAA-covered bodies about aspects of HIPAA that are unclear or need further clarification. Some of the inquiries submitted via the OCR website indicate some covered bodies are struggling to comprehend the Health...
A report of an investigation into South Carolina’s Medicaid agency by The U.S. Department of Health and Human Services’ Office of Inspector General has been published The investigation was carried out in 2013 following the 2012 hacking of the Revenue Department and a...
OCR has revealed it has come at a settlement with a Los Angeles-based provider of physical therapy services after the discovery of HIPAA Privacy Rule breaches in 2012. Complete P.T., Pool & Land Physical Therapy, Inc., (CPT) has said they will pay a fine of...
OCR has ordered a HIPAA-covered entity to pay civil monetary penalties for HIPAA breaches. Lincare Inc. must to pay $239,800 for violations of the HIPAA Privacy Rule which were found during the investigation of a complaint about a breach of 278 patient records. The...
A recent survey carried out by Legal Workspace suggests that many are not. In fact, most health attorneys are not in adherence with HIPAA Rules and have failed to implement the appropriate technical, administrative, and physical measures to keep PHI/PII secure. Legal...
A nursing assistant from the Parkside Manor assisted-living center in Kenosha, WI., has been fired from her job for recording a video of a practically naked 93-year-old Alzheimer’s patient and sharing it on Snapchat. Recently an unwelcome trend has emerged involving...
TigertText has revealed the launch of two new communication solutions for healthcare providers. The two new devices have clear potential, and could convince many healthcare providers to start replacing pagers and faxes. The new products, named TigerPage &...
The healthcare industry trails well behind every other industry sector when it comes to implementing new technology. It is an acknowledged fact that the sector appears to dear change, even when those alterations stand to significantly improve the lot of patients. With...
Microsoft will be stopping support and security updates for Internet Explorer 8, 9 and 10 as of Wednesday January 12, 2016. All users of Internet Explorer must switch to Internet Explorer 11, or make the switch over to Microsoft Edge, in order to continue receiving...
Organizations operating in Oregon must now adhere with a new data breach law that came into effect on January 1, 2016. If a data breach that exposes the personal information of more than 250 state residents is experienced, a breach notice must be filed to the Oregon...
The Department of Health and Human Services’ Office for Civil Rights has started 2016 with the launch of a brand new website interface, and has now followed up on previous assurance by issuing new guidance on HIPAA. This is the first in what is expected to be a...
The FTC has also ordered Henry Schein Practice Solutions, Inc., to pay a fine of $250,000, and the company must also comply with a 20-year consent order after a recent ruling said the company had “falsely advertised the level of encryption it provided to protect...
The Department of Health and Human Services has revealed a final rule permitting certain covered bodies to disclose specific elements of Protected Health Information (PHI) to the National Instant Criminal Background Check System (NICS), altering the HIPAA Privacy...
The Department of Health and Human Services’ Office for Civil Rights website has completed a redesigned recently, upgrading with new features, a responsive design and a more user-friendly feel. The redesign was part of the Reimagined HHS.gov project. The aim was to...
The Federal Communication Commission has released a Declaratory Ruling and Order to clear up any confusion the rules in relation to HIPAA and patient telephone calls. Some healthcare suppliers have had difficulty with the rules regarding HIPAA and patient telephone...