The Department of Health & Human Services Office of Inspector General has recently published the results of information system reviews conducted on three Californian Medicaid managed-care organizations (MCOs), revealinf numerous, significant security...

Day Pitney LLP has launch of a new HIPAA Self-Assessment Tool just before of the second round of Dept. Health and Human Services’ Office for Civil Rights HIPAA-compliance audits. The law firm, with approximately 300 attorneys in it its Connecticut, New Jersey, New...

University of Washington Medicine has agreed to settle a HIPAA fine of $750,000, for potential HIPAA violations with the Department of Health and Human Services’ Office for Civil Rights, arising from a 90,000-record data breach experienced in 2013. There has been an...

An HIPAA fine of $15,000 has been issued by the attorney general to University of Rochester Medical Center for a breach of patient privacy that happened in March, 2015. It is not only the Office for Civil Rights that issues financial penalties for violations of HIPAA...

The Department of Health and Human Services’ Office for Civil Rights has agreed a HIPAA violation fine of $3.5 million with Puerto Rico Blue Cross Blue Shield licensee Triple S Management Corporation. This is the second HIPAA violation fine to be revealed in the space...

A legal case has been filed by the Texas attorney general’s office against Alliance Health Management & Consulting Inc., for the improper disposal of Protected Health Information (PHI) of patients. The home healthcare management company is no longer operating,...

This week a case against University of Cincinnati Medical Center (UCMC) was presided over by Judge Jody Luebbers in the Hamilton County Common Pleas Court in relation to the posting of Protected Health Information of a patient on social media. The incident that lead...

Boston US Attorney’s Office has revealed that a unit of pharmaceutical company Warner Chilcott has agreed to plead guilty to healthcare fraud, and will be required to pay $125 million to resolve civil and criminal liability. The legal case against the pharmaceutical...

As part of Phase IV of the CAQH® CORE® Operating Rules, the CAQH® Committee on Operating Rules for Information Exchange (CORE®) recently approved new national rules for electronic HIPAA transactions. These new rules for electronic HIPAA transactions govern four groups...

The Workgroup for Electronic Data Interchange (WEDI) has developed two new resources to help groupsput in place the new ICD-10 codes required by the Health Insurance Portability and Accountability Act (HIPAA). The new resources, ICD-10 State Workers’ Compensation...

The newly appointed Deputy Director for Information Privacy at the Department of Health and Human Services’ Office for Civil Rights has been adjusting to her new role at the OCR since her appointment earlier this year, but until recently she has not given spoken to...

Cancer Care Group, an Indiana-based radiation oncology private physician practice, has agreed to settle with the Department of Health and Human Services’ Office for Civil Rights for $750,000, for potential HIPAA breaches relating to a 2012 data violation. In August...

Fitbit, America’s leading producer of activity and fitness trackers, announced it has developed a HIPAA compliant wellness platform which it should corner the lucrative healthcare market. The company has dabbled with health and fitness trackers for the healthcare...

The VA Office of the Inspector General (OIG) has recently issued the findings of its administrative examination of  into improper web-based collaboration technology by the Department of Veteran Affairs (VA). It found the agency is particularly vulnerable to data...

The Federal Communication Commission (FCC) has released a Declaratory Ruling and Order to clarify the rules in relation HIPAA and patient telephone calls. Some healthcare providers have had difficulty understanding the rules regarding HIPAA and patient telephone...

This week, the Vice President and Deputy Director of the American Hospital Association (AHA) sent a correspondence to the Centers for Medicare & Medicaid Services (CMMS) revealing concern over the implementation of Health Plan Identification numbers (HPIDs) and...

In May, The University of Rochester Medical Center experience a data violation after a member of staff took the Protected Health Information (PHI) of patients to a new employer, The employee in question,  who was trying to ensure continuity of patient care, was a...

A recent ePHI data security audit completed by the New York Office of the State Comptroller has seen Roswell Park Cancer Institute pass with no HIPAA violations identified. The healthcare provider was commended for the effort it has put in to protecting the privacy of...

Two employees who retained the Protected Health Information (PHI) of patients after their employment at Arkansas Children’s Hospital was terminated, did not violate the Health Insurance Portability and Accountability Act (HIPAA) according to a rulign made by the U.S...

The FCC has recently clarified it the rules regarding HIPAA and patient telephone calls, but fails to properly consider automated telephone calls. There has been some confusion reported by healthcare authorities over the rules regarding HIPAA and patient telephone...

Electronics giant Samsung has yet to issue a fix for a  a security vulnerability existing on Samsung Galaxy devices, 7 months after the company was first alerted to it. A hacking vulnerability affecting S3 to S6 models of Samsung Galaxy phones was identified that...

A survey recently released by Healthcare Information Security Today (HIST) shows many Covered Entities (CEs) are making the same compliance errors that were uncovered during the initial phase of audits. It has been three years since the OCR finished the pilot phase of...

Microsoft has revealed it will be stopping ceasing patches and software updates for Windows Server 2003 on July 15, 2015. Any HIPAA-covered body that is still running the defunct software on any of its servers after this date will be in violation of the HIPAA Security...

A former business owned by Crown Point Medical Tests has breached the Health Insurance Portability and Accountability Act (HIPAA) after it did not securely dispose of files containing the Protected Health Information (PHI) of at least 167 people. The victims had...

Cybercriminals are stealing healthcare IT devices to gain access to Protected Health Information (PHI) so they can can make false insurance claims, apply for credit, and obtain medical prescriptions and services. This is one of many ways that data is obtained to...

North Dakota and Nevada have updated their breach notification laws this year, joining the growing list of states to do so. In May 2017, new laws were passed to tighten up the legislation and expand “personal information” definitions, with the two states following the...

The Department of Health and Human Services’ Office for Civil Rights has confirmed – to Fierce Health IT – that its preliminary HIPAA surveys have now been issued, marking the start of the 2015 HIPAA compliance audits. In a recent article in the National Law Review,...