After what is believed to have been inappropriate accessing of patient health records by staff members, Washington Health System has decided to suspend several staff members while the privacy breach is reviewed. While it has not been revealed how many staff members...
Individual Authorization of Uses and Disclosures of PHI for Research Guidance Issued by OCR
New guidance for HIPAA-covered bodies to streamline HIPAA authorizations for uses of protected health information for research purposes has been released by the Department of Health and Human Services’ Office for Civil Rights , as required by the 21st Century Cures...
HIMSS Survey Reveals Concerns in Relation to Mobile Device Security
The results of a HIMSS survey has revealed that medical device security is a strategic focus for most healthcare groups, yet fewer than 50% of healthcare providers have an approved budget for addressing security weaknesses in medical devices. For the survey, HIMSS...
Florida Agency for Persons with Disabilities Hit by Phishing Attack Reported by
A phishing attack has been experienced by the Florida Agency for Persons with Disabilities (FAPD), which provides support services for people with disabilities such as autism, cerebral palsy, spina bifida, and Downs syndrome. The phishing attack took place on April...
Consequences of Veteran Affairs and Sutter Health HIPAA Breaches Revealed
A former member of staff at the Veteran Affairs Medical Center located in Long Beach, CA who illegally stole the protected health information (PHI) of over 1,000 patients has been given a three-year jail sentence. Albert Torres, 51, was working as a clerk in the Long...
Patients PHI Exposed in Two Separate HIPAA Breaches
Two HIPAA-covered organizations are making their patients aware that some of their protected health information (PHI) has been stolen by unauthorized individuals in recent times. PHI Stolen from Staff Member of Christus Spohn Hospitals The protected health information...
HealthEquity Phishing Attack Exposes PHI
HealthEquity Inc. has been hit by a phishing attack leading to the exposure of members’ protected health information. The data breach was restricted to one email account, although a review of the messages in the account showed a range of PHI was potentially stolen by...
Terros Health Phishing Attack Impacts up to 1,600 Patients
A staff member at Phoenix-based Terros Health was tricked by a phishing scam and mistakenly handed over login credentials to the hacker. That person accessed the employee’s email account and may have viewed or obtained a range of protected health information listed in...
Black Book Research Survey Indicates that Mobile Technology is Improving Patient Safety
The results of a recent survey conducted by Black Book Research show that 90% of hospitals and 94% of physicians have implemented mobile technology and believe that it is helping to enhance patient safety and outcomes, . The survey was carried out on 770...
Ransomware Attack May Have Affected up to 3,700 Rise Wisconsin Plan Participants
3,700 plan members of Rise Wisconsin are being warned that some of their protected health information may have been obtained by unauthorized people during a recent ransomware attack. It is estimated that the ransomware was placed on on its IT systems around April 8,...
Nurse Who Shared Patient Data with New Employer gets 1-Year Suspension
A nurse who shared patient data with her new employer has been suspended for 12 months by the New York State Education Department, while her former employer has been fined $15,000 for the breach of Protected Health Information. In April 2015, Martha C. Smith-Lightfoot...
Aetna Maintains Efforts to Recoup 2017 HIV Status Privacy Breach Costs
Aetna have launched fresh attempts to recover some of the expenses they incurred in the ongoing legal battles in relation to a 2017 privacy breach involving the exposure of patients’ sensitive health information. A new lawsuit has been submitted by the insurance...
Phillips IntelliVue Patient and Avalon Fetal Monitors Weakness Warning Issued
An official advisory over weaknesses impacting certain Phillips IntelliVue Patient and Avalon Fetal monitors has been released by the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Three weaknesses have been...
API for Developers for EHR Data Use in Care Management Apps Launched by Apple
A new application programming interface (API) for developers that will allow them to develop health apps that include patients’ EHR data has been launched by Apple. Users who share their EHR data into the Apple Health Records app will be able to distribute the data...
Legal Action Taken over Dismissal of Mosaic Life Care Medical Center Employee
A former member of staff from Mosaic Life Care Medical Center in St. Joseph, MO has filed legal action over wrongful dismissal and retaliation for her taking measures to avoid a breach of the False Claims Act. Debra Conrad, aged 57, claims she was wrongfully sacked...
Colorado Governor Signs Data Protection Bill into Law
In Colorado bill HB 1128 has been signed into law by Governor John Hickenlooper. This bill enhances security for consumer data in the state of Colorado. The bipartisan bill, sponsored by Reps. Cole Wist (R) and Jeff Bridges (D) and Sens. Kent Lambert (R) and Lois...
Dignity Health Report Multiple Data Breaches
A number of different data breaches and violations of HIPAA Rules have been discovered by Dignity Health in the past few weeks. One incident involved a staff member accessing the PHI of patients without official permission, a mistake occurred that allowed a business...
PHI-Exposing Data Security Incidents Discovered by Purdue University
Purdue University have been discovered two security breaches that may have lead to unauthorized people obtaining access to the protected health information of patients. During April Purdue University’s security team identified a file on computers used by Purdue...
Psychiatrist ‘Sacked for a HIPAA Violation’ Take Legal Action Against Former Employers
Boston-based Steward Healthcare System fired a psychiatrist for breaching HIPAA Rules but must now show evidence to jury that he did so. The psychiatrist, Dr. Alexander Lipin, argues he was relieved of his position due to his taking extended disability leave, not for...
HIPAA Violation Settlements May Be Shared with Breach Victims Following OCR Plans
There was a provision included in the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed in 2009, for the Department of Health and Human Services to share a portion of HIPAA settlements with those affected by HIPAA breaches. There has...
Aultman Health Foundation Phishing Attack Impacts up to 42,600 Patients
Aultman Health Foundation, which operates Aultman Hospital in Canton, OH, is alerting around 42,600 patients that some of their protected health information may have been accessed due to a phishing attack. Unauthorized and unknown people succeeded in obtaining access...
Healthcare Organizations Slow to Adopt DMARC
By implementing the Domain-based Message Authentication, Reporting and Conformance (DMARC) Standard, healthcare organizations can identify and restrict email spoofing and abuse of their domains; however, relatively few healthcare groups are using DMARC for spam...
Release Form for HIPAA
If your organization is governed by some (Business Associates) or all (Covered Entities) of the Privacy Rule, it is necessary to obtain a valid release form for HIPAA compliance before Protected Health Information (PHI) is used or disclosed for a purpose not required...
Minnesota Ransomware Attack Impacts Over 6,500 Patients
Associates in Psychiatry and Psychology (APP) a Rochester, Minnesota-based health organization has suffered a ransomware attack that targeted several computers that stored patients’ protected health data. The ransomware attack was identified on March 31, 2018. Patient...
LifeBridge Health Data Breach Affects 538,000 Patients
Baltimore-based healthcare provider LifeBridge Health has revealed, in a press release issued on May 16, that it had encountered a data breach. While the release made no reference to number of patients impacted at the time of it being issued, additional information...
SamSam Ransomware Attack Hits Indiana Physicians Group
A May 17, 2018 ransomware attack that took part of the network belonging to Allied Physicians Group of Michiana out of action following the encryption of several files on its network. At present it remains unclear whether any protected health information encrypted. A...
Data Breach Impacts 2,553 Patients of Eye Care Surgery Center
The protected health information of 2,553 patients of Eye Care Surgery Center, Inc., of Baton Rouge, LA has been stolen following the theft of a A laptop computer containing. The theft in question was noticed by Eye Care Surgery Center on February 26, 2018. While it...
10-Month Exposure of PHI at 8,300 Cerebral Palsy Research Foundation of Kansas Patients Revealed
An error has caused a database utilized by Cerebral Palsy Research Foundation of Kansas (CPRF) to have its safeguard switched off for 10 months, making the protected health information (PHI) of 8,300 patients accessible. The demographic database that was affected was...
17,639 Individuals Notified of Capital Digestive Care PHI Exposure
Capital Digestive Care, a Silver Spring, MD-based gastroenterology group has revealed that one of its business associates shared files to a commercial cloud server that did not have proper security controls, exposing the protected health information of up to 17,639...
17,639 Clients Notified of Capital Digestive Care PHI Exposure
Capital Digestive Care, a Silver Spring, MD-based gastroenterology group has revealed that one of its business associates shared files to a commercial cloud server that dd not have appropriate security controls, exposing the protected health information of up to...
Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.
COMPREHENSIVE HIPAA TRAINING
Used in 1000+ Healthcare Organizations and 100+ Universities
Privacy is key to everything that we do at J Flowers Health Institute. We require the highest data privacy standards in our daily operations between our team members and patients. The HIPAA compliance and cyber security training we provide to our teams with ComplianceJunction creates enormous value for our organization.
Kevin DeLoach
Chief Operating Officer
J. Flowers Health Institute