Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field.
Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile: https://www.linkedin.com/in/pkkennedy/
The Trump administration has revealed its 2018 fiscal budget with the Department of Health and Human Services’ Office for Civil Rights (OCR) and Office of the National Coordinator for Health Information Technology (ONC) both facing major cuts to their operational...
St. Luke’s-Roosevelt Hospital Center Inc., has paid OCR $387,200 to resolve potential HIPAA violations identified during an OCR investigation of a complaint about a disclosure of PHI without permission. In September 2014, OCR was informed of a potential privacy...
A $2.4y m settlement has been agreed by Memorial Hermann Health System with the Department of Health and Human Services’ Office for Civil Rights (OCR) to settle potential HIPAA Privacy Rule violations The settlement arises from an impermissible disclosure on an...
A class action lawsuit has been filed following an allegation claiming that telemedicine company MDLive violated the privacy of patients by releasing sensitive medical information to a third party without informing, or obtaining consent from, subscribednpatients. App...
CardioNet, a Pennsylvania-based provider of remote mobile monitoring and rapid response services to patients at risk for cardiac arrhythmias, has agreed a $2.5 million settlement to resolve potential HIPAA violations. Compensation settlements have, in the past been,...
Patient records held by the New York Organ Donor Network must be turned over to a plaintiff, and that the request cannot be denied based on HIPAA, following a ruling made by a New York Supreme Court Judge. Patrick McMahon claims he was removed from his role of...
A legal action has been taken action against a Denver, CO-based federally-qualified health center (FQHC), by Department of Health and Human Services’ Office for Civil Rights (OCR) for security management process failures that contributed to the organization...
Indications are that 2017 will be another record breaking year for healthcare data violations. Results for the first quarter of 2017 show data breaches have risen, with rises in theft incidents, hacks and unauthorized disclosures. Last year was a very bad year for...
The Kentucky-based 6-hospital health organization Med Center Health has reported a data violation affecting around 160,000 patients. Med Center Health believes a former staff member may have stolen patients’ protected health information (PHI) prior to leaving their...
Following the appointment of Roger Severino as head of OCR many human rights organizations have expressed concern over due to the views he views regarding transgender people and same-sex marriages. Mr Severino has written a number of reports in which he has expressed...
Former civil rights trial attorney Roger Severino has been appointed by The Department of Health and Human Services’ Office for Civil Rights has a new leader by The Trump Administration. Mr Severino will lead the HIPAA enforcement efforts of the Office for Civil...
A medical physician at the Dr. O Medical and Wellness Center in San Antonio, Texas allegedly retaliated against a patient by posting a recorded video of the person wearing only underwear on Facebook and YouTube. The actions of the physician, which appear to be a clear...
With Phase 2 of the Department of Health and Human Services’ Office for Civil Rights HIPAA compliance audits now well underway, the American Health Information Management Association (AHIMA) has updated its HIPAA audit readiness toolkit. Late last year, covered bodies...
The Health Insurance Portability and Accountability Act (HIPAA) allows patients to access a copy of their medical records in electronic or paper form. In 2016, the Department of Health and Human Services released a series of videos and documentation to outline...
Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) has agreed to pay a $1.1 million fine for failing to protect the electronic protected health information of almost 690,000 plan members. The New Jersey Division of Consumer Affairs made the announcement of...
The official deadline for reporting 2016 healthcare data breaches which impacted fewer than 500 people is March 1, 2017. The Health Insurance Portability and Accountability Act’s Breach Notification Rule states that all covered bodies must report breaches of unsecured...
The Department of Health and Human Services’ Office for Civil Rights (OCR), equaling last year’s record HIPAA settlement with Advocate Health, announced that a $5.5 million settlement had been agreed with Florida-based Memorial Healthcare Systems to settle potential...
In January 2017, the Department of Health and Human Services’ Office for Civil Rights issued a communication to covered entities in relation to the late reporting of data breaches following the announcement of a settlement with Chicago-based healthcare network...
The Children’s Medical Center of Dallas has paid a civil monetary penalty of $3.2 million to resolve multiple HIPAA violations spanning several years. The Department of Health and Human Services’ Office for Civil Rights (OCR) made the announcement revealing the fine...
Covenant HealthCare has advised more than 6,000 patients that their electronic medical records were inappropriately accessed by one of its staff members. The improper access was identified during a November 2016 review of EMR access logs. The audit revealed an unusual...
The first HIPAA settlement of 2017 has been announced by the Department of Health and Human Services’ Office for Civil Rights (OCR). This is also the first settlement to date specifically based on an unnecessary delay to breach notification after the exposure of...
MAPFRE Life Assurance Company of Puerto Rico – A subsidiary of MAPFRE S.A., of Spain – has agreed a $2.2 million settlement, with the U.S. Department of Health and Human Services’ Office for Civil Rights, to resolve potential noncompliance with the Health Insurance...
During her campaign to become Republican state senator for Virginia in 2015, Henrico County physician Siobhan Dunnavant, M.D., impermissably used patients’ contact information – classed as protected health information under HIPAA Rules – to garner donations from...
Over the past two weeks, the number of organizations that have had their MongoDB databases accessed, copied, and deleted has been on the rise. Ethical Hacker Victor Gevers found in late December that many MondoDB databases had been left unsecured and were freely...
The University of Massachusetts Amherst (UMass) has agreed to a $650,000 settlement with The Department of Health and Human Services’ Office for Civil Rights (OCR) . The settlement resolves HIPAA breaches that contributed to the university suffering a malware...
The Health Information Trust Alliance and the Electronic Healthcare Network Accreditation Commission (EHNAC) and t(HITRUST) have revealed a new collaboration. The aim is to lessen – and hopefully completely prevent – redundant assessments and their associated...
St. Joseph Health (SJH) has agreed, with the Department of Health and Human Services’ Office for Civil Rights, to settle potential violations of the HIPAA Privacy and Security Rules for the sum of $2.14 million. SJH is required to pay the figure to OCR and adopt a...
The Department of Health and Human Services has issued updated guidance on HIPAA and healthcare cloud computing to help covered bodies use the cloud without risking a HIPAA breach. The main emphasis of the guidance is the use of cloud service providers (CSPs). Cloud...
Following the violation of the privacy of patients WakeMed Health and Hospitals has been ordered to pay a fine of $70,000 by a North Carolina Bankruptcy Court. The violations happened when submitting proofs of claim to the bankruptcy court. Documents were filed...
OCR normally to settles HIPAA compliance issues through voluntary compliance and non-punitive means, although financial penalties are now becoming more the norm. If OCR investigators find HIPAA violations, financial penalties may be issued. Fines of up to $1.5 million...
The investigation into the 2015 Bizmatics data breach by the Department of Health and Human Services’ Office for Civil Rights has closed. The breach, which was identified in late 2015, affected many of the company’s clients. It was found that the malware was...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed it will be increasing the amount of investigations of small PHI breaches with immediate effect. violations impacting less than 500 individuals will now be subjected to tighter...
A major number of cases of abuse of nursing home and assisted living center residents have been seen recently. The cases have seen the taking of degrading and demeaning photographs and videos of residents by employees of nursing centers, and sharing the photos and...
In 2016, WTHR 13 carried out an investigation into the improper disposal of sensitive data by pharmacies. The investigation was initiated following a theft that took place at the home of an Indiana resident. A drug addict targeted the person knowing that she had pain...
A former staff member of Tampa General Hospital has been convicted of wrongful disclosure of individually identifiable health information and wire fraud. Shanakia Benton was accused of illegally obtaining the protected health information of patients during the time...
In a recent report released by the Department of Health and Human Services’ Office of Inspector General, a third of hospitals do not have sufficient HIPAA-compliant EHR contingency plans in place, although the majority are “largely addressing” HIPAA requirements for...
Following the 2.7 million HIPAA breach settlement with Oregon Health & Science University is news of yet another multi-million-dollar settlement with another university. The Department of Health and Human Services’ Office for Civil Rights revealed two days ago...
Oregon Health & Science University (OHSU) has agreed to settle a case with the Department of Health and Human Services’ Office for Civil Rights which arose from two data breaches suffered in 2013. A penalty of $2.7 million will be paid by OHSU to settle alleged...
Cyberattacks on healthcare groups are now commonplace and, as long as it is profitable for hackers to attack healthcare organizations, the cyberattacks will continue. Given the number of healthcare data violations now being reported, it is evident that the healthcare...
Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) has agreed to settle alleged HIPAA violations with the OCR and has agreed to put in place a Corrective Action Plan (CAP). CHCS will also pay a financial fine of $650,000. CHCS is the sole...
Recently an officer from the Indianapolis Metropolitan Police Department (IMPD) found a number of medical records in a recycling dumpster, accessible to the public, in Broad Ripple Park, Indianapolis. A quantity of confidential documents were located in file folders...
Recently, the head of the House Select Investigative Panel tasked with reviewing the trade of baby body parts by abortion clinics corresponded with the director of the Department of Health and Human Services’ Office for Civil Rights asking an investigation into...
In a recent ruling the Department of Health and Human Services’ Office for Civil Rights (OCR) found that a former town administrator of Townsend, MA., violated the HIPAA Privacy Rule in June last year. This occurred when he posted an “information packet” online...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has fined New York Presbyterian Hospital (NYP) $2.2 million for permitting patients to be filmed for a TV show without receiving prior permission from the patients. In 2011, an ABC crew was...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed a compensation settlement has been agreed with Raleigh Orthopaedic Clinic, P.A., of North Carolina over alleged breaches of HIPAA Rules. Raleigh Orthopaedic has agreed to pay OCR...
A legal case has been initiated in Federal Court in San Jose, California by cancer patients who claim they have had their privacy violated after visiting the websites of cancer institutes. The plaintiffs allege that the websites of some cancer institutes contain...
Data violation notification laws in Tennessee have been reviewed to better protect state residents. The new law requires organizations to issue breach notifications to state residents more quickly, while the range of information covered has been widened. When the new...
Feinstein Institute for Medical Research has settled potential HIPAA violations for $3.9 million with the Department of Health and Human Services’ Office for Civil Rights. This is the second largest settlement penalty agreed with OCR, just below the $4.8 million...
The Department of Health and Human Services’ Office for Civil Rights has revealed it has reached a settlement with North Memorial Health Care of Minnesota over what is claimed were HIPAA violations arising from a 2011 data breach. North Memorial has agreed to pay...
The Office for Civil Rights encourages suggestions from HIPAA-covered bodies about aspects of HIPAA that are unclear or need further clarification. Some of the inquiries submitted via the OCR website indicate some covered bodies are struggling to comprehend the Health...
A report of an investigation into South Carolina’s Medicaid agency by The U.S. Department of Health and Human Services’ Office of Inspector General has been published The investigation was carried out in 2013 following the 2012 hacking of the Revenue Department and a...
OCR has revealed it has come at a settlement with a Los Angeles-based provider of physical therapy services after the discovery of HIPAA Privacy Rule breaches in 2012. Complete P.T., Pool & Land Physical Therapy, Inc., (CPT) has said they will pay a fine of...
OCR has ordered a HIPAA-covered entity to pay civil monetary penalties for HIPAA breaches. Lincare Inc. must to pay $239,800 for violations of the HIPAA Privacy Rule which were found during the investigation of a complaint about a breach of 278 patient records. The...
A recent survey carried out by Legal Workspace suggests that many are not. In fact, most health attorneys are not in adherence with HIPAA Rules and have failed to implement the appropriate technical, administrative, and physical measures to keep PHI/PII secure. Legal...
A nursing assistant from the Parkside Manor assisted-living center in Kenosha, WI., has been fired from her job for recording a video of a practically naked 93-year-old Alzheimer’s patient and sharing it on Snapchat. Recently an unwelcome trend has emerged involving...
TigertText has revealed the launch of two new communication solutions for healthcare providers. The two new devices have clear potential, and could convince many healthcare providers to start replacing pagers and faxes. The new products, named TigerPage &...
The healthcare industry trails well behind every other industry sector when it comes to implementing new technology. It is an acknowledged fact that the sector appears to dear change, even when those alterations stand to significantly improve the lot of patients. With...
Microsoft will be stopping support and security updates for Internet Explorer 8, 9 and 10 as of Wednesday January 12, 2016. All users of Internet Explorer must switch to Internet Explorer 11, or make the switch over to Microsoft Edge, in order to continue receiving...
Organizations operating in Oregon must now adhere with a new data breach law that came into effect on January 1, 2016. If a data breach that exposes the personal information of more than 250 state residents is experienced, a breach notice must be filed to the Oregon...
The Department of Health and Human Services’ Office for Civil Rights has started 2016 with the launch of a brand new website interface, and has now followed up on previous assurance by issuing new guidance on HIPAA. This is the first in what is expected to be a...
The FTC has also ordered Henry Schein Practice Solutions, Inc., to pay a fine of $250,000, and the company must also comply with a 20-year consent order after a recent ruling said the company had “falsely advertised the level of encryption it provided to protect...
The Department of Health and Human Services has revealed a final rule permitting certain covered bodies to disclose specific elements of Protected Health Information (PHI) to the National Instant Criminal Background Check System (NICS), altering the HIPAA Privacy...
The Department of Health and Human Services’ Office for Civil Rights website has completed a redesigned recently, upgrading with new features, a responsive design and a more user-friendly feel. The redesign was part of the Reimagined HHS.gov project. The aim was to...
The Federal Communication Commission has released a Declaratory Ruling and Order to clear up any confusion the rules in relation to HIPAA and patient telephone calls. Some healthcare suppliers have had difficulty with the rules regarding HIPAA and patient telephone...
The Allina Health System Minneapolis Isles clinic has notified around 6,000 patients of a breach of their Protected Health Information (PHI). The clinic, located at 2800 Hennepin Avenue, found instances of improper PHI disposal had occurred after documents including...
The Office for Civil Rights recently release its first financial penalty to an organization that experienced a data violation after its staff responded to a phishing campaign. The case lead to The University of Washington Medicine agreeing to a $750,000 fine to settle...
New cybersecurity measures specifically for the healthcare industry have been added to the Omnibus bill signed into law by Congress late last week. The aim of their inclusion is to help healthcare organizations tackle the growing danger of cyberattacks, and supply...
TigerText, the largest supplier of secure text messaging solutions, has revealed the its latest initiative, TigerText Anywhere: A HIPAA compliant secure texting app for desktop computing. TigerText’s HIPAA compliant text message platform has already been a great...
The Department of Health & Human Services Office of Inspector General has recently published the results of information system reviews conducted on three Californian Medicaid managed-care organizations (MCOs), revealinf numerous, significant security...
Day Pitney LLP has launch of a new HIPAA Self-Assessment Tool just before of the second round of Dept. Health and Human Services’ Office for Civil Rights HIPAA-compliance audits. The law firm, with approximately 300 attorneys in it its Connecticut, New Jersey, New...
University of Washington Medicine has agreed to settle a HIPAA fine of $750,000, for potential HIPAA violations with the Department of Health and Human Services’ Office for Civil Rights, arising from a 90,000-record data breach experienced in 2013. There has been an...
An HIPAA fine of $15,000 has been issued by the attorney general to University of Rochester Medical Center for a breach of patient privacy that happened in March, 2015. It is not only the Office for Civil Rights that issues financial penalties for violations of HIPAA...
The Department of Health and Human Services’ Office for Civil Rights has agreed a HIPAA violation fine of $3.5 million with Puerto Rico Blue Cross Blue Shield licensee Triple S Management Corporation. This is the second HIPAA violation fine to be revealed in the space...
Following a data breach that occurred back in 2011, the HHS has revealed that Lahey Hospital and Medical Center has agreed to settle a case with the Office for Civil Rights (OCR) over alleged HIPAA violations for $850,000. Lahey Hospital and Medical Center has agreed...
A legal case has been filed by the Texas attorney general’s office against Alliance Health Management & Consulting Inc., for the improper disposal of Protected Health Information (PHI) of patients. The home healthcare management company is no longer operating,...
This week a case against University of Cincinnati Medical Center (UCMC) was presided over by Judge Jody Luebbers in the Hamilton County Common Pleas Court in relation to the posting of Protected Health Information of a patient on social media. The incident that lead...
Following the 2012 theft of a laptop computer containing the unencrypted data of 8,883 Connecticut residents, Hartford Hospital – and one of its Business Associates, EMC Corporation (EMC) – have agreed to a settlement with the Connecticut Office of the...
Boston US Attorney’s Office has revealed that a unit of pharmaceutical company Warner Chilcott has agreed to plead guilty to healthcare fraud, and will be required to pay $125 million to resolve civil and criminal liability. The legal case against the pharmaceutical...
As part of Phase IV of the CAQH® CORE® Operating Rules, the CAQH® Committee on Operating Rules for Information Exchange (CORE®) recently approved new national rules for electronic HIPAA transactions. These new rules for electronic HIPAA transactions govern four groups...
The Workgroup for Electronic Data Interchange (WEDI) has developed two new resources to help groupsput in place the new ICD-10 codes required by the Health Insurance Portability and Accountability Act (HIPAA). The new resources, ICD-10 State Workers’ Compensation...
The newly appointed Deputy Director for Information Privacy at the Department of Health and Human Services’ Office for Civil Rights has been adjusting to her new role at the OCR since her appointment earlier this year, but until recently she has not given spoken to...
Cancer Care Group, an Indiana-based radiation oncology private physician practice, has agreed to settle with the Department of Health and Human Services’ Office for Civil Rights for $750,000, for potential HIPAA breaches relating to a 2012 data violation. In August...
Fitbit, America’s leading producer of activity and fitness trackers, announced it has developed a HIPAA compliant wellness platform which it should corner the lucrative healthcare market. The company has dabbled with health and fitness trackers for the healthcare...
The VA Office of the Inspector General (OIG) has recently issued the findings of its administrative examination of into improper web-based collaboration technology by the Department of Veteran Affairs (VA). It found the agency is particularly vulnerable to data...
The Federal Communication Commission (FCC) has released a Declaratory Ruling and Order to clarify the rules in relation HIPAA and patient telephone calls. Some healthcare providers have had difficulty understanding the rules regarding HIPAA and patient telephone...
This week, the Vice President and Deputy Director of the American Hospital Association (AHA) sent a correspondence to the Centers for Medicare & Medicaid Services (CMMS) revealing concern over the implementation of Health Plan Identification numbers (HPIDs) and...
Being compliant with HIPAA Privacy and Security Rules can be a challenge for all organizations, regardless of size. However, smaller healthcare providers tend to have more issues. Budgets tend to be tighter, and a lack of suitable staff means progress is slow. This...
In May, The University of Rochester Medical Center experience a data violation after a member of staff took the Protected Health Information (PHI) of patients to a new employer, The employee in question, who was trying to ensure continuity of patient care, was a...
A recent ePHI data security audit completed by the New York Office of the State Comptroller has seen Roswell Park Cancer Institute pass with no HIPAA violations identified. The healthcare provider was commended for the effort it has put in to protecting the privacy of...
Two employees who retained the Protected Health Information (PHI) of patients after their employment at Arkansas Children’s Hospital was terminated, did not violate the Health Insurance Portability and Accountability Act (HIPAA) according to a rulign made by the U.S...
Electronics giant Samsung has yet to issue a fix for a a security vulnerability existing on Samsung Galaxy devices, 7 months after the company was first alerted to it. A hacking vulnerability affecting S3 to S6 models of Samsung Galaxy phones was identified that...
Deven McGraw been appointed to the role of Deputy Director of Health Information Privacy, and must get the agency auditing, advising and enforcing as it is supposed to be. Ms McGraw will be filling the role left vacant by departure of Susan McAndrew, who retired last...
A survey recently released by Healthcare Information Security Today (HIST) shows many Covered Entities (CEs) are making the same compliance errors that were uncovered during the initial phase of audits. It has been three years since the OCR finished the pilot phase of...
Microsoft has revealed it will be stopping ceasing patches and software updates for Windows Server 2003 on July 15, 2015. Any HIPAA-covered body that is still running the defunct software on any of its servers after this date will be in violation of the HIPAA Security...
A lack of a appropriate workforce with appropriate skills to improve cybersecurity defenses is leading many CISOs and CIOs to look outside their organizations for assistance. Businesses and healthcare suppliers are now increasingly hiring third party consultants and...
A former business owned by Crown Point Medical Tests has breached the Health Insurance Portability and Accountability Act (HIPAA) after it did not securely dispose of files containing the Protected Health Information (PHI) of at least 167 people. The victims had...
Cybercriminals are stealing healthcare IT devices to gain access to Protected Health Information (PHI) so they can can make false insurance claims, apply for credit, and obtain medical prescriptions and services. This is one of many ways that data is obtained to...
North Dakota and Nevada have updated their breach notification laws this year, joining the growing list of states to do so. In May 2017, new laws were passed to tighten up the legislation and expand “personal information” definitions, with the two states following the...
The Department of Health and Human Services’ Office for Civil Rights has confirmed – to Fierce Health IT – that its preliminary HIPAA surveys have now been issued, marking the start of the 2015 HIPAA compliance audits. In a recent article in the National Law Review,...
A Business Associate (BA) of the University of Pittsburgh Medical Center has issued a notification to the healthcare center, and many other clients, of a HIPAA breach caused by a member of staff. The now former staff member is accused of having stolen the records of...