HIPAA Updates

For the second time this month, a healthcare provider has announced that an investigation into a ransomware attack has revealed a historic data breach. Earlier this month, Peachtree Neurological Clinic discovered a 15-month data breach […]

AHIMA, the American Healthcare Information Management Association, has announced it has developed a model HIPAA release form that can be used by HIPAA-covered entities to streamline the processing of requests for copies of patients’ health […]

ONC National Coordinator Don Rucker, M.D., has confirmed that the office will be closed out in fiscal year 2018 due to the cuts  to the budget of the Office of the National Coordinator for Health Information […]

Peachtree Neurological Clinic has uncovered a 15-month security incident during the investigation of a ransomware attack. The Atlanta, GA clinic says the incident has resulted in the exposure of 176,295 patients’ protected health information. Initially, […]

The names, admission dates and medical record numbers of 5,292 patients of University of Iowa Health Care were accessible over the Internet for around 2 years as a result of an error configuring an application […]

Health insurance provider Aetna, based in Hartford, CT has found that the protected health data of more than 5,000 plan subscriber has been released online and was accessible to the public through search engines. Aetna […]

A ransomware attack on medical supply company Airway Oxygen Inc., in April 2017 may have led to the protected health information of 500,000 individuals being accessed by cyber attackers. No evidence of data access or […]

The largest data breach settlement officially recorded has been agreed by the health insurer Anthem Inc. Anthem suffered the largest healthcare data breach ever reported in 2015, with s cyberattack leading to the theft of […]

One of the largest data breaches of the year to date has been reported by Washington State University. An unencrypted hard drive containing the data of more than 1 million individuals has been stolen. The […]

A data breach that happened in October 2015 should have seen affected people notified within 8 weeks. However, it took CoPilot Provider Support Services Inc., until early 2017 to issue data breach notifications. An administration […]

The HIPAA Breach Notification Rule requires covered entities to issue breach notification letters to patients within 60 days of the discovery of a data breach. Already this year, OCR has agreed its first settlement with […]

Beginning from 2009, the Department of Health and Human Services’ Office for Civil Rights has been publishing summaries of healthcare data breaches on its website, a list is often referred to as OCR’s ‘Wall of […]

Patient medical record access guidance has been issued by the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC). The HIPAA Privacy Rule permits patients to obtain copies […]

The healthcare industry is under attack from hackers and malicious insiders. Systems are being compromised at a greater rate than ever before. Last year saw record numbers of HIPAA breaches reported to OCR and the […]

The recent ransomware attacks and healthcare IT security incidents have driven the Department of Health and Human Services’ Office for Civil Rights to release a reminder to covered entities about HIPAA Rules on security breaches. In its […]

Iliana Peters, Office for Civil Rights Senior Advisor for HIPAA Compliance and Enforcement, has given an update on OCR’s enforcement activities in a recent Health Care Compliance Association ‘Compliance Perspectives’ podcast. OCR reviews all data […]

The Trump administration has revealed its 2018 fiscal budget with the Department of Health and Human Services’ Office for Civil Rights (OCR) and Office of the National Coordinator for Health Information Technology (ONC) both facing […]

St. Luke’s-Roosevelt Hospital Center Inc., has paid OCR $387,200 to resolve potential HIPAA violations identified during an OCR investigation of a complaint about a disclosure of PHI without permission. In September 2014, OCR was informed […]

Following the recent WannaCry ransomware attacks, the Department of Health and Human Services’ Office for Civil Rights (OCR) was particularly active. OCR sent out warnings, updates, and threat information related to WannaCry ransomware. OCR also […]

A $2.4y m settlement has been agreed by Memorial Hermann Health System with the Department of Health and Human Services’ Office for Civil Rights (OCR) to settle potential HIPAA Privacy Rule violations  The settlement arises […]

A class action lawsuit has been filed following an allegation claiming that telemedicine company MDLive violated the privacy of patients by releasing sensitive medical information to a third party without informing, or obtaining consent from, […]

CardioNet, a Pennsylvania-based provider of remote mobile monitoring and rapid response services to patients at risk for cardiac arrhythmias, has agreed a $2.5 million settlement to resolve potential HIPAA violations. Compensation settlements have, in the […]

Patient records held by the New York Organ Donor Network must be turned over to a plaintiff, and that the request cannot be denied based on HIPAA, following a ruling made by a New York Supreme […]

A legal action has been taken action against a Denver, CO-based federally-qualified health center (FQHC), by Department of Health and Human Services’ Office for Civil Rights (OCR) for security management process failures that contributed to […]

Indications are that 2017 will be another record breaking year for healthcare data violations. Results for the first quarter of 2017 show data breaches have risen, with rises in theft incidents, hacks and unauthorized disclosures. […]

The Kentucky-based 6-hospital health organization Med Center Health has reported a data violation affecting around 160,000 patients. Med Center Health believes a former staff member may have stolen patients’ protected health information (PHI) prior to […]

Following the appointment of Roger Severino as head of OCR many human rights organizations have expressed concern over  due to the views he views regarding transgender people and same-sex marriages. Mr Severino has written a number […]

Former civil rights trial attorney Roger Severino has been appointed by The Department of Health and Human Services’ Office for Civil Rights has a new leader by The Trump Administration. Mr Severino will lead the […]

A medical physician at the Dr. O Medical and Wellness Center in San Antonio, Texas allegedly retaliated against a patient by posting a recorded video of the person wearing only underwear on Facebook and YouTube. […]

With Phase 2 of the Department of Health and Human Services’ Office for Civil Rights HIPAA compliance audits now well underway, the American Health Information Management Association (AHIMA) has updated its HIPAA audit readiness toolkit. […]

The Health Insurance Portability and Accountability Act (HIPAA) allows patients to access a copy of their medical records in electronic or paper form. In 2016, the Department of Health and Human Services released a series of […]

Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) has agreed to pay a $1.1 million fine for failing to protect the electronic protected health information of almost 690,000 plan members. The New Jersey […]

The official deadline for reporting 2016 healthcare data breaches which impacted fewer than 500 people is March 1, 2017. The Health Insurance Portability and Accountability Act’s Breach Notification Rule states that all covered bodies must […]

The Department of Health and Human Services’ Office for Civil Rights (OCR), equaling last year’s record HIPAA settlement with Advocate Health, announced that a $5.5 million settlement had been agreed with Florida-based Memorial Healthcare Systems to settle […]

In January 2017, the Department of Health and Human Services’ Office for Civil Rights issued a communication to covered entities in relation to the late reporting of data breaches following the announcement of a settlement […]

The Children’s Medical Center of Dallas has paid a civil monetary penalty of $3.2 million to resolve multiple HIPAA violations spanning several years. The Department of Health and Human Services’ Office for Civil Rights (OCR) […]

Covenant HealthCare has advised more than 6,000 patients that their electronic medical records were inappropriately accessed by one of its staff members. The improper access was identified during a November 2016 review of EMR access […]

The first HIPAA settlement of 2017 has been announced by the Department of Health and Human Services’ Office for Civil Rights (OCR). This is also the first settlement to date specifically based on an unnecessary […]

MAPFRE Life Assurance Company of Puerto Rico – A subsidiary of MAPFRE S.A., of Spain – has agreed a $2.2 million settlement, with the U.S. Department of Health and Human Services’ Office for Civil Rights, […]

During her campaign to become Republican state senator for Virginia in 2015, Henrico County physician Siobhan Dunnavant, M.D., impermissably used patients’ contact information – classed as protected health information under HIPAA Rules – to garner […]

HIPAA settlements reached record highs in 2016. This is in part due to the Department of Health and Human Services’ Office for Civil Rights increasing its enforcement activities in recent years. In total, payments of […]

Over the past two weeks, the number of organizations that have had their MongoDB databases accessed, copied, and deleted has been on the rise. Ethical Hacker Victor Gevers found in late December that many MondoDB […]

The University of Massachusetts Amherst (UMass) has agreed to a $650,000 settlement with The Department of Health and Human Services’ Office for Civil Rights (OCR) . The settlement resolves HIPAA breaches that contributed to the university […]

The Health Information Trust Alliance and the Electronic Healthcare Network Accreditation Commission (EHNAC) and t(HITRUST) have revealed a new collaboration. The aim is to lessen – and hopefully completely prevent – redundant assessments and their […]

St. Joseph Health (SJH) has agreed, with the Department of Health and Human Services’ Office for Civil Rights, to settle potential violations of the HIPAA Privacy and Security Rules for the sum of $2.14 million. […]

Following the violation of the privacy of patients WakeMed Health and Hospitals has been ordered to pay a fine of $70,000 by a North Carolina Bankruptcy Court. The violations happened when submitting proofs of claim […]

OCR normally to settles HIPAA compliance issues through voluntary compliance and non-punitive means, although financial penalties are now becoming more the norm. If OCR investigators find HIPAA violations, financial penalties may be issued. Fines of […]

The investigation into the 2015 Bizmatics data breach by the Department of Health and Human Services’ Office for Civil Rights has closed.  The breach, which was identified in late 2015, affected many of the company’s […]

The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed it will be increasing the amount of investigations of small PHI breaches with immediate effect. violations impacting less than 500 individuals […]

A major number of cases of abuse of nursing home and assisted living center residents have been seen recently. The cases have seen  the taking of degrading and demeaning photographs and videos of residents by […]

In 2016, WTHR 13 carried out an investigation into the improper disposal of sensitive data by pharmacies. The investigation was initiated following a theft that took place at the home of an Indiana resident. A […]

A former staff member of Tampa General Hospital has been convicted of wrongful disclosure of individually identifiable health information and wire fraud. Shanakia Benton was accused of illegally obtaining the protected health information of patients during […]

Following the 2.7 million HIPAA breach settlement with Oregon Health & Science University is news of yet another multi-million-dollar settlement with another university. The Department of Health and Human Services’ Office for Civil Rights revealed […]

Oregon Health & Science University (OHSU) has agreed to settle a case with the Department of Health and Human Services’ Office for Civil Rights which arose from two data breaches suffered in 2013. A penalty […]

Cyberattacks on healthcare groups are now commonplace and, as long as it is profitable for hackers to attack healthcare organizations, the cyberattacks will continue. Given the number of healthcare data violations now being reported, it […]

Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) has agreed to settle alleged HIPAA violations with the OCR and has agreed to put in place a Corrective Action Plan (CAP). CHCS will also […]

Recently an officer from the Indianapolis Metropolitan Police Department (IMPD) found a number of medical records in a recycling dumpster, accessible to the public, in Broad Ripple Park, Indianapolis. A quantity of confidential documents were […]

Recently, the head of the House Select Investigative Panel tasked with reviewing the trade of baby body parts by abortion clinics corresponded with the director of the Department of Health and Human Services’ Office for Civil Rights asking […]

In a recent ruling the Department of Health and Human Services’ Office for Civil Rights (OCR) found that a former town administrator of Townsend, MA., violated the HIPAA Privacy Rule in June last year. This […]

The Department of Health and Human Services’ Office for Civil Rights (OCR) has fined New York Presbyterian Hospital (NYP) $2.2 million for permitting patients to be filmed for a TV show without receiving prior permission […]

The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed a compensation settlement has been agreed with Raleigh Orthopaedic Clinic, P.A., of North Carolina over alleged breaches of HIPAA Rules. Raleigh […]

A legal case has been initiated in Federal Court in San Jose, California by cancer patients who claim they have had their privacy violated after visiting the websites of cancer institutes. The plaintiffs allege that […]

Data violation notification laws in Tennessee have been reviewed to better protect state residents. The new law requires organizations to issue breach notifications to state residents more quickly, while the range of information covered has […]

Feinstein Institute for Medical Research has settled potential HIPAA violations for $3.9 million with the Department of Health and Human Services’ Office for Civil Rights. This is the second largest settlement penalty agreed with OCR, […]

The Department of Health and Human Services’ Office for Civil Rights has revealed it has reached a settlement with North Memorial Health Care of Minnesota over what is claimed were HIPAA violations  arising from a 2011 […]

The Office for Civil Rights encourages suggestions from HIPAA-covered bodies about aspects of HIPAA that are unclear or need further clarification. Some of the inquiries submitted via the OCR website indicate some covered bodies are […]

A report of an investigation into South Carolina’s Medicaid agency by The U.S. Department of Health and Human Services’ Office of Inspector General has been published The investigation was carried out  in 2013 following the […]

OCR has revealed it has come at a settlement with a Los Angeles-based provider of physical therapy services after the discovery of HIPAA Privacy Rule breaches in 2012. Complete P.T., Pool & Land Physical Therapy, […]

OCR has ordered a HIPAA-covered entity to pay civil monetary penalties for HIPAA breaches. Lincare Inc. must to pay $239,800 for violations of the HIPAA Privacy Rule which were found during the investigation of a […]

A recent survey carried out by Legal Workspace suggests that many are not. In fact, most health attorneys are not in adherence with HIPAA Rules and have failed to implement the appropriate technical, administrative, and […]

TigertText has revealed the launch of two new communication solutions for healthcare providers. The two new devices have clear potential, and could convince many healthcare providers to start replacing pagers and faxes. The new products, […]

The healthcare industry trails well behind every other industry sector when it comes to implementing new technology. It is an acknowledged fact that the sector appears to dear change, even when those alterations stand to […]

Microsoft will be stopping support and security updates for Internet Explorer 8, 9 and 10 as of Wednesday January 12, 2016. All users of Internet Explorer must switch to Internet Explorer 11, or make the […]

Organizations operating in Oregon must now adhere with a new data breach law that came into effect on January 1, 2016. If a data breach that exposes the personal information of more than 250 state […]

The Department of Health and Human Services’ Office for Civil Rights has started 2016 with the launch of a brand new website interface, and has now followed up on previous assurance by issuing new guidance […]

The FTC has also ordered Henry Schein Practice Solutions, Inc., to pay a fine of $250,000, and the company must also comply with a 20-year consent order after a recent ruling said the company had […]

The Department of Health and Human Services has revealed a final rule permitting certain covered bodies to disclose specific elements of Protected Health Information (PHI) to the National Instant Criminal Background Check System (NICS), altering […]

The Department of Health and Human Services’ Office for Civil Rights website has completed a redesigned recently, upgrading with new features, a responsive design and a more user-friendly feel. The redesign was part of the […]

The Office for Civil Rights recently release its first financial penalty to an organization that experienced a data violation after its staff responded to a phishing campaign. The case lead to The University of Washington […]

New cybersecurity measures specifically for the healthcare industry have been added to the Omnibus bill signed into law by Congress late last week. The aim of their inclusion is to help healthcare organizations tackle the […]

TigerText, the largest supplier of secure text messaging solutions, has revealed the its latest initiative, TigerText Anywhere: A HIPAA compliant secure texting app for desktop computing. TigerText’s HIPAA compliant text message platform has already been a […]

The Department of Health & Human Services Office of Inspector General has recently published the results of information system reviews conducted on three Californian Medicaid managed-care organizations (MCOs), revealinf numerous, significant security vulnerabilities. Overall, 74 high-risk […]

Day Pitney LLP has launch of a new HIPAA Self-Assessment Tool just before of the second round of Dept. Health and Human Services’ Office for Civil Rights HIPAA-compliance audits. The law firm, with approximately 300 attorneys […]

University of Washington Medicine has agreed to settle a HIPAA fine of $750,000, for potential HIPAA violations with the Department of Health and Human Services’ Office for Civil Rights, arising from a 90,000-record data breach […]

An HIPAA fine of $15,000 has been issued by the attorney general to University of Rochester Medical Center for a breach of patient privacy that happened in March, 2015. It is not only the Office […]

The Department of Health and Human Services’ Office for Civil Rights has agreed a HIPAA violation fine of $3.5 million with Puerto Rico Blue Cross Blue Shield licensee Triple S Management Corporation. This is the […]

A legal case has been filed by the Texas attorney general’s office against Alliance Health Management & Consulting Inc., for the improper disposal of Protected Health Information (PHI) of patients. The home healthcare management company […]

This week a case against University of Cincinnati Medical Center (UCMC) was presided over by Judge Jody Luebbers in the Hamilton County Common Pleas Court in relation to the posting of Protected Health Information of […]

Boston US Attorney’s Office has revealed that a unit of pharmaceutical company Warner Chilcott has agreed to plead guilty to healthcare fraud, and will be required to pay $125 million to resolve civil and criminal […]

As part of Phase IV of the CAQH® CORE® Operating Rules, the CAQH® Committee on Operating Rules for Information Exchange (CORE®) recently approved new national rules for electronic HIPAA transactions. These new rules for electronic […]

The Workgroup for Electronic Data Interchange (WEDI) has developed two new resources to help groupsput in place the new ICD-10 codes required by the Health Insurance Portability and Accountability Act (HIPAA). The new resources, ICD-10 State […]

The newly appointed Deputy Director for Information Privacy at the Department of Health and Human Services’ Office for Civil Rights has been adjusting to her new role at the OCR since her appointment earlier this […]

Cancer Care Group, an Indiana-based radiation oncology private physician practice, has agreed to settle with the Department of Health and Human Services’ Office for Civil Rights for $750,000, for potential HIPAA breaches relating to a […]

Fitbit, America’s leading producer of activity and fitness trackers, announced it has developed a HIPAA compliant wellness platform which it should corner the lucrative healthcare market. The company has dabbled with health and fitness trackers […]

The VA Office of the Inspector General (OIG) has recently issued the findings of its administrative examination of  into improper web-based collaboration technology by the Department of Veteran Affairs (VA). It found the agency is particularly vulnerable […]

The Federal Communication Commission (FCC) has released a Declaratory Ruling and Order to clarify the rules in relation HIPAA and patient telephone calls. Some healthcare providers have had difficulty understanding the rules regarding HIPAA and […]

This week, the Vice President and Deputy Director of the American Hospital Association (AHA) sent a correspondence to the Centers for Medicare & Medicaid Services (CMMS) revealing concern over the implementation of Health Plan Identification numbers (HPIDs) […]