The largest data breach settlement officially recorded has been agreed by the health insurer Anthem Inc. Anthem suffered the largest healthcare data breach ever reported in 2015, with s cyberattack leading to the theft of 78.8 million records of current and former...

One of the largest data breaches of the year to date has been reported by Washington State University. An unencrypted hard drive containing the data of more than 1 million individuals has been stolen. The breach is likely to be costly for the University. The 2017...

A data breach that happened in October 2015 should have seen affected people notified within 8 weeks. However, it took CoPilot Provider Support Services Inc., until early 2017 to issue data breach notifications. An administration online portal controlled by CoPilot...

The HIPAA Breach Notification Rule requires covered entities to issue breach notification letters to patients within 60 days of the discovery of a data breach. Already this year, OCR has agreed its first settlement with a HIPAA-covered entity solely for delaying the...

Beginning from 2009, the Department of Health and Human Services’ Office for Civil Rights has been publishing summaries of healthcare data breaches on its website, a list is often referred to as OCR’s ‘Wall of Shame’. This list only gives a brief summary of data...

Patient medical record access guidance has been issued by the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC). The HIPAA Privacy Rule permits patients to obtain copies of their health information from...

The healthcare industry is under attack from hackers and malicious insiders. Systems are being compromised at a greater rate than ever before. Last year saw record numbers of HIPAA breaches reported to OCR and the trend has continued in 2017. This year looks like it...

The recent ransomware attacks and healthcare IT security incidents have driven the Department of Health and Human Services’ Office for Civil Rights to release a reminder to covered entities about HIPAA Rules on security breaches. In its May 2017 Cyber Newsletter, OCR...

Iliana Peters, Office for Civil Rights Senior Advisor for HIPAA Compliance and Enforcement, has given an update on OCR’s enforcement activities in a recent Health Care Compliance Association ‘Compliance Perspectives’ podcast. OCR reviews all data breaches involving...

The Trump administration has revealed its 2018 fiscal budget with the Department of Health and Human Services’ Office for Civil Rights (OCR) and Office of the National Coordinator for Health Information Technology (ONC) both facing major cuts to their operational...

St. Luke’s-Roosevelt Hospital Center Inc., has paid OCR $387,200 to resolve potential HIPAA violations identified during an OCR investigation of a complaint about a disclosure of PHI without permission. In September 2014, OCR was informed of a potential privacy...

Following the recent WannaCry ransomware attacks, the Department of Health and Human Services’ Office for Civil Rights (OCR) was particularly active. OCR sent out warnings, updates, and threat information related to WannaCry ransomware. OCR also took the attacks as an...

A $2.4y m settlement has been agreed by Memorial Hermann Health System with the Department of Health and Human Services’ Office for Civil Rights (OCR) to settle potential HIPAA Privacy Rule violations  The settlement arises from an impermissible disclosure on an...

A class action lawsuit has been filed following an allegation claiming that telemedicine company MDLive violated the privacy of patients by releasing sensitive medical information to a third party without informing, or obtaining consent from, subscribednpatients. App...

CardioNet, a Pennsylvania-based provider of remote mobile monitoring and rapid response services to patients at risk for cardiac arrhythmias, has agreed a $2.5 million settlement to resolve potential HIPAA violations. Compensation settlements have, in the past been,...

Patient records held by the New York Organ Donor Network must be turned over to a plaintiff, and that the request cannot be denied based on HIPAA, following a ruling made by a New York Supreme Court Judge. Patrick McMahon claims he was removed from his role of...

A legal action has been taken action against a Denver, CO-based federally-qualified health center (FQHC), by Department of Health and Human Services’ Office for Civil Rights (OCR) for security management process failures that contributed to the organization...

Indications are that 2017 will be another record breaking year for healthcare data violations. Results for the first quarter of 2017 show data breaches have risen, with rises in theft incidents, hacks and unauthorized disclosures. Last year was a very bad year for...

The Kentucky-based 6-hospital health organization Med Center Health has reported a data violation affecting around 160,000 patients. Med Center Health believes a former staff member may have stolen patients’ protected health information (PHI) prior to leaving their...

Following the appointment of Roger Severino as head of OCR many human rights organizations have expressed concern over  due to the views he views regarding transgender people and same-sex marriages. Mr Severino has written a number of reports in which he has expressed...

Former civil rights trial attorney Roger Severino has been appointed by The Department of Health and Human Services’ Office for Civil Rights has a new leader by The Trump Administration. Mr Severino will lead the HIPAA enforcement efforts of the Office for Civil...

A medical physician at the Dr. O Medical and Wellness Center in San Antonio, Texas allegedly retaliated against a patient by posting a recorded video of the person wearing only underwear on Facebook and YouTube. The actions of the physician, which appear to be a clear...

With Phase 2 of the Department of Health and Human Services’ Office for Civil Rights HIPAA compliance audits now well underway, the American Health Information Management Association (AHIMA) has updated its HIPAA audit readiness toolkit. Late last year, covered bodies...

The Health Insurance Portability and Accountability Act (HIPAA) allows patients to access a copy of their medical records in electronic or paper form. In 2016, the Department of Health and Human Services released a series of videos and documentation to outline...

Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) has agreed to pay a $1.1 million fine for failing to protect the electronic protected health information of almost 690,000 plan members. The New Jersey Division of Consumer Affairs made the announcement of...

The official deadline for reporting 2016 healthcare data breaches which impacted fewer than 500 people is March 1, 2017. The Health Insurance Portability and Accountability Act’s Breach Notification Rule states that all covered bodies must report breaches of unsecured...

The Department of Health and Human Services’ Office for Civil Rights (OCR), equaling last year’s record HIPAA settlement with Advocate Health, announced that a $5.5 million settlement had been agreed with Florida-based Memorial Healthcare Systems to settle potential...

In January 2017, the Department of Health and Human Services’ Office for Civil Rights issued a communication to covered entities in relation to the late reporting of data breaches following the announcement of a settlement with Chicago-based healthcare network...

The Children’s Medical Center of Dallas has paid a civil monetary penalty of $3.2 million to resolve multiple HIPAA violations spanning several years. The Department of Health and Human Services’ Office for Civil Rights (OCR) made the announcement revealing the fine...