According to Health Insurance Portability and Accountability Act (HIPAA) regulations, healthcare organizations must report data violations involving more than 500 people to the Office of Civil Rights and financial sanctions apply for HIPAA breaches; however security...

The passing of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 updated HIPAA, and as such it obliged the Department of Health & Human Services’ Office for Civil Rights (OCR) to complete a program of compliance audits to make...

An official announcement has been released by the Office of the Massachusetts Attorney General that a settlement has now been agreed with South Shore Hospital. The healthcare supplier will have to pay a fine of $750,000 for violations of the state Consumer Protection...

Boston Children’s Hospital has released a press statement revealing a laptop issued to one of its staff member has been lost at a conference in Buenos Aires; possibly exposing the protected health records of 2,159 of its patients. The laptop had basic security...

Before publishing Protected Health Information on any public website it is vital that the medium is reviewed for security risks. If a website is owned or controlled by a third party or a cloud service is supplied, a signed business associate agreement must also be...

The Office for Civil Rights has released a statement confirming that a settlement has been agreed with Adult & Pediatric Dermatology, P.C., of Concord, Massachusetts after the accidental disclosure of almost 2,200 patients after a memory stick was taken from the...