Articles by compliancejunction

The Californian multi-specialty physician’s group, Imperial Valley Family Care Medical Group (IVFCMG), has recently been audited by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) following a potential breach of […]

The Health Information Trust Alliance (HITRUST) is looking to improve its threat information sharing capabilities and provide more assistance to HIPAA covered entities to help them manage cyber threats more effectively. HITRUST is already providing […]

The U.S. Senate has passed new legislation that will allow patients’ histories of drug addiction treatment to be shared with their physicians with consent. The legislation will help to ensure physicians can make more informed […]

Regulations governing the treatment of substance use disorder records and HIPAA are currently at odds, although new legislation has been proposed to align both sets of regulations. Representatives Tim Murphy and Earl Blumenauer have introduced […]

The Department of Health and Human Services’ Office for Civil Rights has reminded HIPAA-covered entities why security awareness training for healthcare employees is so important in its July Cybersecurity Newsletter. PHI security is not only […]

A Plastic Surgery Associates of South Dakota ransomware attack has potentially resulted in criminals gaining access to the protected health information (PHI) of 10,200 of its patients. Last year, OCR confirmed in its ransomware guidance that […]

For the second time this month, a healthcare provider has announced that an investigation into a ransomware attack has revealed a historic data breach. Earlier this month, Peachtree Neurological Clinic discovered a 15-month data breach […]

AHIMA, the American Healthcare Information Management Association, has announced it has developed a model HIPAA release form that can be used by HIPAA-covered entities to streamline the processing of requests for copies of patients’ health […]

Peachtree Neurological Clinic has uncovered a 15-month security incident during the investigation of a ransomware attack. The Atlanta, GA clinic says the incident has resulted in the exposure of 176,295 patients’ protected health information. Initially, […]

The names, admission dates and medical record numbers of 5,292 patients of University of Iowa Health Care were accessible over the Internet for around 2 years as a result of an error configuring an application […]

One of the largest data breaches of the year to date has been reported by Washington State University. An unencrypted hard drive containing the data of more than 1 million individuals has been stolen. The […]

The HIPAA Breach Notification Rule requires covered entities to issue breach notification letters to patients within 60 days of the discovery of a data breach. Already this year, OCR has agreed its first settlement with […]

Patient medical record access guidance has been issued by the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC). The HIPAA Privacy Rule permits patients to obtain copies […]

The healthcare industry is under attack from hackers and malicious insiders. Systems are being compromised at a greater rate than ever before. Last year saw record numbers of HIPAA breaches reported to OCR and the […]

Following the recent WannaCry ransomware attacks, the Department of Health and Human Services’ Office for Civil Rights (OCR) was particularly active. OCR sent out warnings, updates, and threat information related to WannaCry ransomware. OCR also […]

HIPAA settlements reached record highs in 2016. This is in part due to the Department of Health and Human Services’ Office for Civil Rights increasing its enforcement activities in recent years. In total, payments of […]

The FCC has recently clarified it the rules regarding HIPAA and patient telephone calls, but fails to properly consider automated telephone calls. There has been some confusion reported by healthcare authorities over the rules regarding […]