Security Breaches October 5, 2017 Responding to a Cyberattack: Advice Issued by OCR Recently, the Department of Health and Human Services’ Office for Civil Rights published new guide lines for covered organizations on the correct way to respond ... Read more
Compliance September 28, 2017 HITRUST/AMA Begin Project to Assist Small Healthcare Firms with HIPAA Compliance HITRUST has revealed it will be working with the American Medical Association (AMA) for a new project that will assist small healthcare companies with HIPAA ... Read more
Compliance September 23, 2017 HHS Issues Partial HIPAA Privacy Rule Waiver in Hurricane Maria Disaster Zone A partial waiver of HIPAA has been issued by the U.S. Department of Health and Human Services in the Hurricane Maria disaster area in Puerto ... Read more
Trends & Reports September 13, 2017 Hospitals in Irma Disaster Area Granted Limited HIPAA Waiver A limited waiver of HIPAA Privacy Rule sanctions and penalties for hospitals affected by Hurricane Irma has been issued by the U.S. Department of Health and Human ... Read more
Tools & Practices September 9, 2017 OCR Warns Covered Entities to Prepare for Natural Disasters Medical Centers and Hospitals in Texas and Louisiana have been stretched due to Hurricane Harvey,and are trying to provide medical services without breaching HIPAA Rules. ... Read more
Security Breaches September 7, 2017 Finding ‘Big, Juicy, Egregious’ HIPAA Breaches Priority for OCR Head The main enforcement priority for 2017 of Roger Severino, the Director of the Department of Health and Human Services’ Office for Civil Rights (OCR), is ... Read more
Compliance September 1, 2017 Hurricane Harvey Disaster Zone: HHS Issues Partial Waiver of HIPAA Sanctions HHS Secretary Tom Price announced that OCRis issuing a partial waiver of sanctions and financial penalties for specific Privacy Rule breaches for hospitals in Texas ... Read more
Security Breaches August 16, 2017 Getting Basics Correct Key to Avoiding Data Breaches Intrusion identification systems, next generation firewalls, insider threat management software and data encryption will all help healthcare groups recognize danger, cut out security violations, and ... Read more
Security Breaches August 12, 2017 Breach Notification Rule is Violated by Delaying Issuing of Breach Notifications The HIPAA Breach Notification Rule (45 CFR §§ 164.400-414) states that covered organizations to advise the HHS’ Office for Civil Rights of any violation of ... Read more
Trends & Reports August 4, 2017 2017 Healthcare Data Breach Trends Highlighted in Protenus Report Protenus, working with Databreaches.net, has released its Breach Barometer mid-year review. The report includes all healthcare data violations reported over the past six months and ... Read more
Security Breaches August 3, 2017 NotPetya Attack on Nuance Communications Not Reported to OCR The Department of Health and Human Services’ Office for Civil Rights has previously made it clear, in its ransomware guidance, if ePHI is encrypted ransomware ... Read more
Security Breaches July 28, 2017 HIPAA Breaches Under Investigation Highlighted in OCR Data Breach Portal Update In June 2017, the Department of Health and Human Services announced it was considering an update to its data breach portal, normally called the OCR ... Read more
Compliance July 28, 2017 33% of Patients Access Their Health Data via Patient Portals The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule allow people to view information regarding their health stored by their providers. However, as revealed in ... Read more
Trends & Reports July 22, 2017 Hows Does HIPAA Affect Use of Google Drive? The service G Suite – formerly known as Google Apps, of which Google Drive is a part – is compliant with HIPAA. The service does ... Read more
Security Breaches July 20, 2017 Study: Data Breaches by Ex Employees a Concern A recent study carried out by OneLogin showed many groups are not doing enough to stop data violations by ex-employees. While access to computer systems ... Read more
Tools & Practices July 19, 2017 ONC Office of the Chief Privacy Officer Funding Stopping in 2018 The withdrawal of funding for the Office of the Chief Privacy Officer has resulted in ONC National Coordinator Don Rucker, M.D. confirming that the office ... Read more
Tools & Practices July 5, 2017 File Sharing Tools and Cloud Computing: OCR Highlights Risks File sharing and collaboration services offer many advantages to HIPAA-covered companies, although the services can also introduce risks to the privacy and security of electronic ... Read more
Security Breaches June 28, 2017 Anthem Agrees Largest Ever Data Violation Settlement The largest ever data violation settlement has recently been agreed by the health insurer Anthem Inc. Anthem was hit with a cyber attack in 2015 ... Read more
Security Breaches June 21, 2017 CoPilot Fined $130,000 by NY AG for Breach Notification Submitted Late A data breach that happened in the second half of 2015 should have seen targeted people warned within 2 months. However it took CoPilot Provider ... Read more
Compliance June 17, 2017 HHS Looking Into OCR’s Wall of Shame Following Criticism The Department of Health and Human Services’ Office for Civil Rights started publishing OCR’s ‘Wall of Shame’ – summaries of healthcare data breaches – on ... Read more
Security Breaches June 4, 2017 Need for Access Controls and Alerts Highlighted by Internal Staff Snooping Incidents Ransomware, malware and unaddressed software weaknesses pose a danger to the confidentiality, integrity and access to PHI, although healthcare groups should put in place processes ... Read more
Trends & Reports May 26, 2017 $387,000 HIPAA Penalty for Disclosing HIV Status to Employer Following a Department of Health and Human Services’ Office for Civil Rights (OCR) investigation of a complaint about a case of impermissible disclosure of PHI, St. Luke’s-Roosevelt ... Read more
Compliance May 21, 2017 Dept. of Health and Human Services Issues Ransomware Warning Following the recent WannaCry ransomware attacks, the Department of Health and Human Services has been issuing cybersecurity alerts and warnings to healthcare organizations on the threat ... Read more
Compliance May 12, 2017 $2.4 Million HIPAA Fine Following Memorial Hermann Health System HIPAA Breach A HIPAA compliance breach arising from disclosure on a press release issued by Memorial Hermann Health System (MHHS) in September 2015 has led to the ... Read more
Cyber Threats May 6, 2017 Healthcare Cyber Threat Landscape to be Covered in HIMSS Privacy and Security Forum Over the next week, the HIMSS Privacy and Security Forum will be held in San Francisco. The two-day conference provides an chance for CISOs, CIOs ... Read more
Compliance April 27, 2017 Alleged Patient Privacy Violations Could Lead to Class Action Lawsuit for MDLive Claims that telemedicine company MDLive violated the privacy of patients by disclosing sensitive medical information to a third party without informing or obtaining official consent ... Read more
Tools & Practices April 26, 2017 CardioNet Settles HIPAA Violations with OCR for $2.5 Million Pensylvania-based CardioNet has agreed a $2.5 million settlement to resolve potential HIPAA compliance violations. The provider of remote mobile monitoring and quick response services to ... Read more
Trends & Reports April 23, 2017 CCDH Agrees OCR Settlement for Potential Violations The OCR recently revealed it has agreed to settle potential breaches of the Health Insurance Portability and Accountability Act with The Center for Children’s Digestive ... Read more
Compliance April 23, 2017 Supreme Court Ruling: Donor Network Must Disclose Patient Details A New York Supreme Court Judge has recently ruled that patient details recorded by the New York Organ Donor Network must be handed over to a plaintiff ... Read more
Tools & Practices April 15, 2017 Denver-Based Metro Community Agrees $400,000 HIPAA Penalty Metro Community Provider Network (MCPN), a Denver, CO-based federally-qualified health center (FQHC), has agreed to pay OCR $400,000 and implement a stringent corrective action plan ... Read more
