A legal action has been taken action against a Denver, CO-based federally-qualified health center (FQHC), by Department of Health and Human Services’ Office for Civil Rights (OCR) for security management process failures that contributed to the organization...

Indications are that 2017 will be another record breaking year for healthcare data violations. Results for the first quarter of 2017 show data breaches have risen, with rises in theft incidents, hacks and unauthorized disclosures. Last year was a very bad year for...

The Kentucky-based 6-hospital health organization Med Center Health has reported a data violation affecting around 160,000 patients. Med Center Health believes a former staff member may have stolen patients’ protected health information (PHI) prior to leaving their...

Following the appointment of Roger Severino as head of OCR many human rights organizations have expressed concern over  due to the views he views regarding transgender people and same-sex marriages. Mr Severino has written a number of reports in which he has expressed...

Former civil rights trial attorney Roger Severino has been appointed by The Department of Health and Human Services’ Office for Civil Rights has a new leader by The Trump Administration. Mr Severino will lead the HIPAA enforcement efforts of the Office for Civil...

A medical physician at the Dr. O Medical and Wellness Center in San Antonio, Texas allegedly retaliated against a patient by posting a recorded video of the person wearing only underwear on Facebook and YouTube. The actions of the physician, which appear to be a clear...

With Phase 2 of the Department of Health and Human Services’ Office for Civil Rights HIPAA compliance audits now well underway, the American Health Information Management Association (AHIMA) has updated its HIPAA audit readiness toolkit. Late last year, covered bodies...

The Health Insurance Portability and Accountability Act (HIPAA) allows patients to access a copy of their medical records in electronic or paper form. In 2016, the Department of Health and Human Services released a series of videos and documentation to outline...

Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) has agreed to pay a $1.1 million fine for failing to protect the electronic protected health information of almost 690,000 plan members. The New Jersey Division of Consumer Affairs made the announcement of...

The official deadline for reporting 2016 healthcare data breaches which impacted fewer than 500 people is March 1, 2017. The Health Insurance Portability and Accountability Act’s Breach Notification Rule states that all covered bodies must report breaches of unsecured...

The Department of Health and Human Services’ Office for Civil Rights (OCR), equaling last year’s record HIPAA settlement with Advocate Health, announced that a $5.5 million settlement had been agreed with Florida-based Memorial Healthcare Systems to settle potential...

In January 2017, the Department of Health and Human Services’ Office for Civil Rights issued a communication to covered entities in relation to the late reporting of data breaches following the announcement of a settlement with Chicago-based healthcare network...

The Children’s Medical Center of Dallas has paid a civil monetary penalty of $3.2 million to resolve multiple HIPAA violations spanning several years. The Department of Health and Human Services’ Office for Civil Rights (OCR) made the announcement revealing the fine...

Covenant HealthCare has advised more than 6,000 patients that their electronic medical records were inappropriately accessed by one of its staff members. The improper access was identified during a November 2016 review of EMR access logs. The audit revealed an unusual...

The first HIPAA settlement of 2017 has been announced by the Department of Health and Human Services’ Office for Civil Rights (OCR). This is also the first settlement to date specifically based on an unnecessary delay to breach notification after the exposure of...

MAPFRE Life Assurance Company of Puerto Rico – A subsidiary of MAPFRE S.A., of Spain – has agreed a $2.2 million settlement, with the U.S. Department of Health and Human Services’ Office for Civil Rights, to resolve potential noncompliance with the Health Insurance...

During her campaign to become Republican state senator for Virginia in 2015, Henrico County physician Siobhan Dunnavant, M.D., impermissably used patients’ contact information – classed as protected health information under HIPAA Rules – to garner donations from...

HIPAA settlements reached record highs in 2016. This is in part due to the Department of Health and Human Services’ Office for Civil Rights increasing its enforcement activities in recent years. In total, payments of $22,855,300 were made to OCR in 2016 to resolve...

Over the past two weeks, the number of organizations that have had their MongoDB databases accessed, copied, and deleted has been on the rise. Ethical Hacker Victor Gevers found in late December that many MondoDB databases had been left unsecured and were freely...

The University of Massachusetts Amherst (UMass) has agreed to a $650,000 settlement with The Department of Health and Human Services’ Office for Civil Rights (OCR) . The settlement resolves HIPAA breaches that contributed to the university suffering a malware...

The Health Information Trust Alliance and the Electronic Healthcare Network Accreditation Commission (EHNAC) and t(HITRUST) have revealed a new collaboration. The aim is to lessen – and hopefully completely prevent – redundant assessments and their associated...

St. Joseph Health (SJH) has agreed, with the Department of Health and Human Services’ Office for Civil Rights, to settle potential violations of the HIPAA Privacy and Security Rules for the sum of $2.14 million. SJH is required to pay the figure to OCR and adopt a...

Following the violation of the privacy of patients WakeMed Health and Hospitals has been ordered to pay a fine of $70,000 by a North Carolina Bankruptcy Court. The violations happened when submitting proofs of claim to the bankruptcy court. Documents were filed...

OCR normally to settles HIPAA compliance issues through voluntary compliance and non-punitive means, although financial penalties are now becoming more the norm. If OCR investigators find HIPAA violations, financial penalties may be issued. Fines of up to $1.5 million...

The investigation into the 2015 Bizmatics data breach by the Department of Health and Human Services’ Office for Civil Rights has closed.  The breach, which was identified in late 2015, affected many of the company’s clients. It was found that the malware was...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed it will be increasing the amount of investigations of small PHI breaches with immediate effect. violations impacting less than 500 individuals will now be subjected to tighter...

A major number of cases of abuse of nursing home and assisted living center residents have been seen recently. The cases have seen  the taking of degrading and demeaning photographs and videos of residents by employees of nursing centers, and sharing the photos and...

In 2016, WTHR 13 carried out an investigation into the improper disposal of sensitive data by pharmacies. The investigation was initiated following a theft that took place at the home of an Indiana resident. A drug addict targeted the person knowing that she had pain...