This week a case against University of Cincinnati Medical Center (UCMC) was presided over by Judge Jody Luebbers in the Hamilton County Common Pleas Court in relation to the posting of Protected Health Information of a patient on social media. The incident that lead...

Boston US Attorney’s Office has revealed that a unit of pharmaceutical company Warner Chilcott has agreed to plead guilty to healthcare fraud, and will be required to pay $125 million to resolve civil and criminal liability. The legal case against the pharmaceutical...

As part of Phase IV of the CAQH® CORE® Operating Rules, the CAQH® Committee on Operating Rules for Information Exchange (CORE®) recently approved new national rules for electronic HIPAA transactions. These new rules for electronic HIPAA transactions govern four groups...

The Workgroup for Electronic Data Interchange (WEDI) has developed two new resources to help groupsput in place the new ICD-10 codes required by the Health Insurance Portability and Accountability Act (HIPAA). The new resources, ICD-10 State Workers’ Compensation...

The newly appointed Deputy Director for Information Privacy at the Department of Health and Human Services’ Office for Civil Rights has been adjusting to her new role at the OCR since her appointment earlier this year, but until recently she has not given spoken to...

Cancer Care Group, an Indiana-based radiation oncology private physician practice, has agreed to settle with the Department of Health and Human Services’ Office for Civil Rights for $750,000, for potential HIPAA breaches relating to a 2012 data violation. In August...

Fitbit, America’s leading producer of activity and fitness trackers, announced it has developed a HIPAA compliant wellness platform which it should corner the lucrative healthcare market. The company has dabbled with health and fitness trackers for the healthcare...

The VA Office of the Inspector General (OIG) has recently issued the findings of its administrative examination of  into improper web-based collaboration technology by the Department of Veteran Affairs (VA). It found the agency is particularly vulnerable to data...

The Federal Communication Commission (FCC) has released a Declaratory Ruling and Order to clarify the rules in relation HIPAA and patient telephone calls. Some healthcare providers have had difficulty understanding the rules regarding HIPAA and patient telephone...

This week, the Vice President and Deputy Director of the American Hospital Association (AHA) sent a correspondence to the Centers for Medicare & Medicaid Services (CMMS) revealing concern over the implementation of Health Plan Identification numbers (HPIDs) and...

In May, The University of Rochester Medical Center experience a data violation after a member of staff took the Protected Health Information (PHI) of patients to a new employer, The employee in question,  who was trying to ensure continuity of patient care, was a...

A recent ePHI data security audit completed by the New York Office of the State Comptroller has seen Roswell Park Cancer Institute pass with no HIPAA violations identified. The healthcare provider was commended for the effort it has put in to protecting the privacy of...

Two employees who retained the Protected Health Information (PHI) of patients after their employment at Arkansas Children’s Hospital was terminated, did not violate the Health Insurance Portability and Accountability Act (HIPAA) according to a rulign made by the U.S...

The FCC has recently clarified it the rules regarding HIPAA and patient telephone calls, but fails to properly consider automated telephone calls. There has been some confusion reported by healthcare authorities over the rules regarding HIPAA and patient telephone...

Electronics giant Samsung has yet to issue a fix for a  a security vulnerability existing on Samsung Galaxy devices, 7 months after the company was first alerted to it. A hacking vulnerability affecting S3 to S6 models of Samsung Galaxy phones was identified that...

A survey recently released by Healthcare Information Security Today (HIST) shows many Covered Entities (CEs) are making the same compliance errors that were uncovered during the initial phase of audits. It has been three years since the OCR finished the pilot phase of...

Microsoft has revealed it will be stopping ceasing patches and software updates for Windows Server 2003 on July 15, 2015. Any HIPAA-covered body that is still running the defunct software on any of its servers after this date will be in violation of the HIPAA Security...

A former business owned by Crown Point Medical Tests has breached the Health Insurance Portability and Accountability Act (HIPAA) after it did not securely dispose of files containing the Protected Health Information (PHI) of at least 167 people. The victims had...

Cybercriminals are stealing healthcare IT devices to gain access to Protected Health Information (PHI) so they can can make false insurance claims, apply for credit, and obtain medical prescriptions and services. This is one of many ways that data is obtained to...

North Dakota and Nevada have updated their breach notification laws this year, joining the growing list of states to do so. In May 2017, new laws were passed to tighten up the legislation and expand “personal information” definitions, with the two states following the...

The Department of Health and Human Services’ Office for Civil Rights has confirmed – to Fierce Health IT – that its preliminary HIPAA surveys have now been issued, marking the start of the 2015 HIPAA compliance audits. In a recent article in the National Law Review,...

A Business Associate (BA) of the University of Pittsburgh Medical Center has issued a notification to  the healthcare center, and many other clients, of a HIPAA breach caused by a member of staff. The now former staff member is accused of having stolen the records of...

According to HIPAA Rules, healthcare providers and other covered entities (CEs) are allowed to use the Protected Health Information (PHI) of patients – and share this data with others – provided that this data has been de-identified. It must not be possible for PHI...

Protected Health Information (PHI) is kept secure  under Health Insurance Portability and Accountability Act Rules, which requires adherence from covered entities (CEs) to put in place a number of controls to ensure that healthcare data is not disclosed to...

The second round of HIPAA compliance audits have yet to commence, the last round was  in 2012, but they are supposedly returning and will be bigger and bolder than before. The Department of Health and Human Services’ Office for Civil Rights (OCR) indicated to...

Microsoft Office 365 cloud services for the healthcare industry has been awarded the highest possible HITRUST CSF rating – achieving a maximum score of five – in a certification review of its security and privacy controls begun by Centura Health. The Health...

Law firm, Day Pitney LLP, has released a warning to healthcare workers to be careful when disclosing Protected Health Information, even when asked to supply medical records to attorneys under subpoena. A Connecticut Supreme Court ruling in November 2014 allowed a...