Healthcare organizations often outsource many HIPAA transactions to third-party vendors, yet finding suitable companies that can provide the necessary services can be a time-consuming process. While there is unlikely to be a shortage of companies that could perform...

RiverMend Health, a Augusta, GA-based specialty behavioral health provider has reported an unauthorized person has gained access to the email account of one of its employees after suspicious emails were identified being sent from that employee’s account. The...

A nurse sacked for a HIPAA violation has lost her legal action against the termination of her employment and a subsequent appeal. On May 7, 2013, Dianna Hereford – a Registered Nurse at the Norton Audubon Hospital in Louisville, KY – was assisting a transesophageal...

The medical details of in excess of 10,000 patients of a Naperville, IL-based psychiatrist – Dr. Riaz Baber, M.D. – have been located in the basement of an Aurora residence by the female who rented the house from the psychiatrist. The files in question had been kept...

At the beginning of 2014 the HHS proposed a new rule for certification of compliance for health plans which would have required all controlling health plans (CHPs) to complete a range of documentation. This would have shown the  HHS that the CHPS were in compliance...

Amida Care, the New York-based not-for-profit community health plan, advised that a possible HIPAA breach may have occurred impacting up to 6,231 of its subscribers. The group provides health coverage and coordinated care to Medicaid subscribers with chronic health...

The U.S. House of Representatives has paased the Internet of Medical Things Resilience Partnership Act, aiming to put in place a public-private stakeholder partnership. This partnership will be charged with developing a cybersecurity framework that can be implemented...

According to a recent study by MediaPro, a provider of privacy and security awareness training, best practices for privacy and security are still not well understood by 70% of U.S. employees. For the study, MediaPro questioned 1,012 U.S. workers and posed them a range...

A settlement of $264,000 has been agreed with the Vermont Attorney Genera and SAManage USA in relation to the 2016 data breach that resulted in the Social Security numbers of 660 Vermont residents being exposed online. SAManage USA, a technology group that supplies...

Almost 4,000 people have potentially had their sensitive patient data exposed in Spokane, WA after a laptop computer once used by the Mann-Grandstaff VA Medical Center (MGVAMC) has been reported as missing. The laptop device was paired with a hematology analyzer and...

Some healthcare organizations have violated patient privacy and HIPAA Rules when responding to negative critiques on Yelp and otherreview sites according to a recent ProPublica report. For the report, ProPublica was given with access to around 1.7 million Yelp reviews...

The HIPAA Omnibus Rule (Health Insurance Portability and Accountability Act of 1996 Omnibus Rule) was drafted in July 2010; however the final release has been put off until this month some of the concerns raised by stakeholders about the latest HIPAA amendment can be...

The Californian multi-specialty physician’s group, Imperial Valley Family Care Medical Group (IVFCMG), has recently been audited by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) following a potential breach of patients’ protected...

Less than one month after Boston’s Beth Israel Deaconess Medical Center reached a settlement with the Massachusetts Attorney General for HIPAA violations after a laptop was stolen containing unencrypted PHI, Boston Children’s Hospital has been fined for failing to...

A security breach that has potentially impacted almost 13,000 patients has been announced by Hand & Upper Extremity Centers. The breach happened at Thousand Oaks, CA-based Hand Rehabilitation Specialists (HRS). While it is unclear when the breach actually...

An review has been completed into a privacy violation at the University of Pittsburgh Medical Center’s Bedford Memorial hospital, in a case which photographs and videos of a patient’s genitals were captured by hospital staff and in some cases, were shared with other...

Almost 70 patient files containing sensitive personal and medical data have been found in an alley in Denver, CO. The files include details of patients’ medical histories, insurance information, and Social Security numbers – The types of information chased by identity...

The Department of Health and Human Services’ Office for Civil Rights, earlier in 2017, settled a case with Mount Sinai St. Luke’s Hospital to resolve alleged breaches of HIPAA following  a 2014 impermissible disclosure of a patient’s HIV positive status to his...

In June 2014, hackers succeeded in accessing to a database controlled by CareFirst BlueCross BlueShield and the secured health information of 1.1 million of its members. The types of information exposed due to the hack included names, email addresses, dates of birth,...

The HIPAA Breach Notification Rule (45 CFR §§ 164.400-414) states that all covered entities must notify the HHS’ Office for Civil Rights of a breach of unsecured protected health information and issue notification letters to affected people without unreasonable delay...

The Health Information Trust Alliance (HITRUST) is looking to improve its threat information sharing capabilities and provide more assistance to HIPAA covered entities to help them manage cyber threats more effectively. HITRUST is already providing detailed...

The Breach Barometer mid year reviews has been released by Protenus, in conjunction with Databreaches.net. This report covers all data privacy breaches reported in health care over the past 6 months. It provides valuable insights into 2017 data breach trends for the...