Financial Assistance Program Offered by UnitedHealth Group On March 8, 2024, about 2 weeks after the ransomware attack on Change Healthcare, UnitedHealth Group presented a schedule on when it is trying to have its systems and services available. UnitedHealth Group...
Data Breach Reports by Santa Clarita Community College District, Mental Health Center of North Central Alabama, and Cogdell Memorial Hospital
87,000 Patients Impacted by Cogdell Memorial Hospital Cyberattack On October 10, 2023, Cogdell Memorial Hospital based in Snyder, TX, found abnormal activity in its computer network. After securing its network, a third-party cybersecurity agency looked into the...
Green Ridge Behavioral Health Ransomware Attack and Empress Ambulance Service Lawsuit Settlement
Ransomware Attack on Green Ridge Behavioral Health Results in HIPAA Penalty The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled an alleged Health Insurance Portability and Accountability Act (HIPAA) violations with a behavioral...
HIPAA Audit Program Review and Approved Texting of Patient Data and Patient Orders
OCR Wants Opinions to Develop HIPAA Audit Program The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is having a HIPAA Audit Review Survey and is looking for comments from entities that need to undertake HIPAA compliance audits to get data...
Medical Center Settles Alleged Privacy Rule Violations for $80,000
St. Joseph’s Medical Center in Yonkers, NY, has agreed to settle alleged Privacy Rule violations for $80,000 and must comply with a corrective action plan to address the cause of the alleged violations – namely that members of the workforce impermissibly allowed a...
Lack of HIPAA Cybersecurity Training Contributes Towards $350,000 Violation Settlement
The lack of HIPAA cybersecurity training at a NY-based home health company has contributed to the company being fined $350,000 by the NY State Attorney General as part of a wide-ranging settlement agreement that includes a thorough overhaul of the company’s security...
Patients Concerned About Health Information Privacy
An American Medical Association (AMA) patient privacy survey has confirmed that patients are worried that their healthcare data is no longer being kept private and confidential. More must be done to protect medical information and strengthen trust. Virtually every...
New Report Further Strengthens Correlation between Cyberattacks and Increased Patient Mortality
The new report from Proofpoint not only provides further evidence of a correlation between cyberattacks and increased patient mortality but also suggests healthcare organizations are better prepared and more resilient against security incidents. In 2018, Dr. Sung Choi...
OCR Proposes HIPAA Changes to Prohibit PHI Disclosures to Law Enforcement for Abortion Prosecutions
The Department of Health and Human Services’ Office for Civil Rights (OCR) has proposed an update to the HIPAA Privacy Rule to strengthen protections for reproductive health care data and bolster patient-provider confidentiality. The proposed update is in response to...
OCR Confirms COVID-19 HIPAA Flexibilities will End on May 11, 2023
The Secretary of the Department of Health and Human Services will not be renewing the COVID-19 Public Health Emergency (PHE), which is set to expire at 11:59 pm on May 11, 2023. That means the four Notices of Enforcement Discretion issued by the HHS’ Office for Civil...
OCR Announces Plan to Address Backlog of Compliance Investigations
The Department of Health and Human Services’ Office for Civil Rights received more than 51,000 complaints in 2022 about violations of the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health...
Aveanna Healthcare Consents to $425,000 Judgement for Phishing Susceptibility
In July 2019, members of the workforce at Aveanna Healthcare were targeted with more than 600 phishing emails from an unknown source, attempting to trick the recipients into disclosing login credentials and other sensitive information. Many of the phishing emails were...
OCR Releases Video Explaining Recognized Security Practices Under HITECH
In January 2021, an amendment to the HITECH Act was enacted by Congress that required the Secretary of the Department of Health and Human Services to consider the “Recognized Security Practices” that have been implemented by a HIPAA-regulated entity when making...
$875,000 Penalty Paid by Oklahoma State University to Resolve Multiple HIPAA Violations
A hacking incident reported by Oklahoma State University – Center for Health Sciences (OSU-CHS) in January 2018 was investigated by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) which identified violations of 7 provisions of the...
OCR Fines 11 HIPAA-Covered Entities for HIPAA Right of Access Violations
The HHS’ Office for Civil Rights has announced it has resolved 11 more cases involving violations of the HIPAA Right of Access. 10 of the cases were settled with OCR, and one Civil Monetary Penalty was imposed due to the lack of cooperation with OCR and the failure to...
Biden Issues Executive Order on Protecting Access to Reproductive Healthcare Services
President Biden has issued an Executive Order on Protecting Access to Reproductive Healthcare Services following the Supreme Court decision that overturned Roe v. Wade. According to the Supreme Court, there is no right to abortion in the Constitution of the United...
Senators Call for HHS to Change HIPAA Privacy Rule Following Dobbs Ruling
Two U.S. senators have written to Xavier Becerra, Secretary of the Department of Health and Human Services, requesting a change to the HIPAA Privacy Rule in the wake of the decision of the Supreme Court (SCOTUS) in Dobbs v. Jackson Women’s Health Organization and the...
Supreme Court Decision on Abortion Rights Prompts OCR to Issue Reminder About Health Information Privacy
The HHS’ Office for Civil Rights (OCR) has recently issued guidance on HIPAA and explained how HIPAA protects the privacy of individuals’ reproductive health information following the decision of the U.S. Supreme Court in Dobbs v. Jackson Women's Health Organization,...
OCR to Implement Mechanism for Obtaining Feedback on HIPAA Breach Reporting Process
The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 introduced new breach reporting requirements for HIPAA-regulated entities and called for the Secretary of the Department of Health and Human Services to create a mechanism for...
Investigation Suggests HIPAA Violations by Hospitals That Transfer Website Patient Data to Facebook
Hundreds of U.S. hospitals may be violating the Rules of the Health Insurance Portability and Accountability Act (HIPAA) by including the Meta Pixel tool on their websites, according to an investigation conducted by The Markup/STAT. The revelation has also sparked a...
Version 3.3 of the HHS Security Risk Assessment Tool Released
A new version of the HHS Security Risk Assessment (SRA) Tool has been jointly developed by the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR). A...
OCR to Release Video Presentation to Improve Education on Recognized Security Practices under HITECH
In January 2021, the Health Information Technology for Economic and Clinical Health (HITECH) Act was amended (under Public Law 116-321) to require the Department of Health and Human Services to take any recognized security practices into account when investigating...
OCR Seeks Comments on Changes to HIPAA Enforcement Practices
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is seeking public comment on the HITECH Act requirements for sharing HIPAA penalties with harmed individuals and the implementation of the HIPAA Safe Harbor for entities that adhere to...
OCR Fines Healthcare Providers for Impermissible Disclosures of PHI and HIPAA Right of Access Violations
The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first HIPAA fines of 2022 – Two enforcement actions to resolve HIPAA Right of Access violations and two for impermissible PHI disclosures. No financial penalties were...
OCR Director: Improve Your Cybersecurity Posture in 2022
HHS' Office for Civil Rights (OCR) Director Lisa J. Pino is urging HIPAA-regulated entities to improve their cybersecurity posture in 2022 following a year of increased hacking activity and data breaches. There are no indications that the hacking attempts will fall in...
Former OCR Director Provides Insights into Recent HIPAA Enforcement Activities
The Department of Health and Human Services’ Office for Civil Rights has enforced compliance with the Health Insurance Portability and Accountability Act (HIPAA) more aggressively in recent years. While there was a downturn in enforcement actions in 2021, the number...
Health Data Use and Privacy Commission Act Introduced to Bring HIPAA into the Modern Age
The bipartisan Health Data Use and Privacy Commission Act has been introduced to bring HIPAA and health data privacy laws into the modern age and ensure that the use of emerging technologies does not put health data at risk. HIPAA was signed into law in 1996 at a time...
HHS Extends COVID-19 Public Health Emergency for Further 90 Days
Xavier Becerra, Secretary of the U.S. Department of Health and Human Services, has renewed the COVID-19 public health emergency for a further 90 days. Earlier this month, the American Hospital Association (AHA) wrote to Becerra to request an extension to the public...
OCR Explains How HIPAA Applies to PHI Disclosures for Extreme Risk Protection Orders
The Department of Health and Human Services’ Office for Civil Rights has issued guidance for healthcare providers on how the Health Insurance Portability and Accountability Act (HIPAA) applies to disclosures of protected health information (PHI) to support...
New Jersey Imposes $425,000 Fine on Cancer Care Providers to Resolve HIPAA Violations
The state of New Jersey has imposed another financial penalty to resolve violations of the Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act, its third penalty in as many months. Regional Cancer Care Associates will pay...
Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.
COMPREHENSIVE HIPAA TRAINING
Used in 1000+ Healthcare Organizations and 100+ Universities
Privacy is key to everything that we do at J Flowers Health Institute. We require the highest data privacy standards in our daily operations between our team members and patients. The HIPAA compliance and cyber security training we provide to our teams with ComplianceJunction creates enormous value for our organization.
Kevin DeLoach
Chief Operating Officer
J. Flowers Health Institute