Less than one month after Boston’s Beth Israel Deaconess Medical Center reached a settlement with the Massachusetts Attorney General for HIPAA violations after a laptop was stolen containing unencrypted PHI, Boston Children’s Hospital has been fined for failing to...

A security breach that has potentially impacted almost 13,000 patients has been announced by Hand & Upper Extremity Centers. The breach happened at Thousand Oaks, CA-based Hand Rehabilitation Specialists (HRS). While it is unclear when the breach actually...

An review has been completed into a privacy violation at the University of Pittsburgh Medical Center’s Bedford Memorial hospital, in a case which photographs and videos of a patient’s genitals were captured by hospital staff and in some cases, were shared with other...

Almost 70 patient files containing sensitive personal and medical data have been found in an alley in Denver, CO. The files include details of patients’ medical histories, insurance information, and Social Security numbers – The types of information chased by identity...

The Department of Health and Human Services’ Office for Civil Rights, earlier in 2017, settled a case with Mount Sinai St. Luke’s Hospital to resolve alleged breaches of HIPAA following  a 2014 impermissible disclosure of a patient’s HIV positive status to his...

In June 2014, hackers succeeded in accessing to a database controlled by CareFirst BlueCross BlueShield and the secured health information of 1.1 million of its members. The types of information exposed due to the hack included names, email addresses, dates of birth,...

The HIPAA Breach Notification Rule (45 CFR §§ 164.400-414) states that all covered entities must notify the HHS’ Office for Civil Rights of a breach of unsecured protected health information and issue notification letters to affected people without unreasonable delay...

The Health Information Trust Alliance (HITRUST) is looking to improve its threat information sharing capabilities and provide more assistance to HIPAA covered entities to help them manage cyber threats more effectively. HITRUST is already providing detailed...

The Breach Barometer mid year reviews has been released by Protenus, in conjunction with Databreaches.net. This report covers all data privacy breaches reported in health care over the past 6 months. It provides valuable insights into 2017 data breach trends for the...

The U.S. Senate has passed new legislation that will allow patients’ histories of drug addiction treatment to be shared with their physicians with consent. The legislation will help to ensure physicians can make more informed decisions about treatment for patients...

Regulations governing the treatment of substance use disorder records and HIPAA are currently at odds, although new legislation has been proposed to align both sets of regulations. Representatives Tim Murphy and Earl Blumenauer have introduced a new bill – The...

The Department of Health and Human Services’ Office for Civil Rights has reminded HIPAA-covered entities why security awareness training for healthcare employees is so important in its July Cybersecurity Newsletter. PHI security is not only about technological...

Cases of staff members accessing on medical records are relatively common, although an incident at Tewksbury Hospital in Massachusetts stands out duration of time that an employee was accessing medical records without authorization before being apprehended. The...

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule allows patients to view the health information held by their providers. According to a recent U.S. Government Accountability Office (GAO) release there is only a relatively small amount of...

In June 2017, the Department of Health and Human Services confirmed it was considering updating its data breach portal – commonly referred to as the OCR ‘Wall of Shame’. Section 13402(e)(4) of the HITECH Act obliges OCR to maintain a public list of privacy breaches of...

A Plastic Surgery Associates of South Dakota ransomware attack has potentially resulted in criminals gaining access to the protected health information (PHI) of 10,200 of its patients. Last year, OCR confirmed in its ransomware guidance that a ransomware attack is...

For the second time this month, a healthcare provider has announced that an investigation into a ransomware attack has revealed a historic data breach. Earlier this month, Peachtree Neurological Clinic discovered a 15-month data breach during an investigation into a...

AHIMA, the American Healthcare Information Management Association, has announced it has developed a model HIPAA release form that can be used by HIPAA-covered entities to streamline the processing of requests for copies of patients’ health information. The Health...

ONC National Coordinator Don Rucker, M.D., has confirmed that the office will be closed out in fiscal year 2018 due to the cuts  to the budget of the Office of the National Coordinator for Health Information Technology (ONC) Deven McGraw, the Deputy Director for...

Peachtree Neurological Clinic has uncovered a 15-month security incident during the investigation of a ransomware attack. The Atlanta, GA clinic says the incident has resulted in the exposure of 176,295 patients’ protected health information. Initially, sensitive data...

The names, admission dates and medical record numbers of 5,292 patients of University of Iowa Health Care were accessible over the Internet for around 2 years as a result of an error configuring an application development website. University of Iowa Healthcare reports...

Health insurance provider Aetna, based in Hartford, CT has found that the protected health data of more than 5,000 plan subscriber has been released online and was accessible to the public through search engines. Aetna started looking into a security issue affecting...

A ransomware attack on medical supply company Airway Oxygen Inc., in April 2017 may have led to the protected health information of 500,000 individuals being accessed by cyber attackers. No evidence of data access or theft was found by Airway Oxygen, based in Wyoming,...

The largest data breach settlement officially recorded has been agreed by the health insurer Anthem Inc. Anthem suffered the largest healthcare data breach ever reported in 2015, with s cyberattack leading to the theft of 78.8 million records of current and former...

One of the largest data breaches of the year to date has been reported by Washington State University. An unencrypted hard drive containing the data of more than 1 million individuals has been stolen. The breach is likely to be costly for the University. The 2017...

A data breach that happened in October 2015 should have seen affected people notified within 8 weeks. However, it took CoPilot Provider Support Services Inc., until early 2017 to issue data breach notifications. An administration online portal controlled by CoPilot...

The HIPAA Breach Notification Rule requires covered entities to issue breach notification letters to patients within 60 days of the discovery of a data breach. Already this year, OCR has agreed its first settlement with a HIPAA-covered entity solely for delaying the...

Beginning from 2009, the Department of Health and Human Services’ Office for Civil Rights has been publishing summaries of healthcare data breaches on its website, a list is often referred to as OCR’s ‘Wall of Shame’. This list only gives a brief summary of data...