Why is HIPAA important to patients?

They may have heard of HIPAA, and they may also be aware of some of their rights under HIPAA, but many patients will know: why is HIPAA important to patients? What exactly are their rights, and what does it protect them from?  The Health Insurance Portability and Accountability Act was established in 1996 to address … Read more

 What happens if you violate HIPAA?

HIPAA is a federal law that applies in the vast majority of healthcare settings, but what happens if you violate HIPAA? Can you lose your job or be fined? Can you go to jail? Unsurprisingly, there is a range of possible consequences for HIPAA violations, depending on whether you are an employee or a Covered … Read more

Is telling a story about a patient a HIPAA violation?

The Health Insurance Portability and Accountability Act of 1996 was introduced with a variety of aims, from introducing new tax laws to reforming the health insurance market. However, it has now become synonymous with protecting patient privacy. But how far does the law stretch? Is telling a story about a patient a HIPAA violation? When … Read more

What is the HIPAA Privacy Rule?

Anyone who is familiar with HIPAA will be aware of the Privacy Rule, one of the central Rules that make up the legislation. But what is the HIPAA Privacy Rule? What rights does it confer to patients, and what does it mean for HIPAA Covered Entities and their Business Associates? We will discuss the answers … Read more

 What is the HIPAA Security Rule?

Anyone who has heard of HIPAA will probably be aware of the various “HIPAA Rules” that make up the legislation. But what is the HIPAA Security Rule? The Security Standards for the Protection of Electronic Protected Health Information (shortened to the “Security Rule”), which – as its name suggests – lays out what is required … Read more

Former Medical Assistant Charged with Stealing Patient Data

Ashley Latimer, a former medical assistant based in Pennsylvania, has been changed in a 39-count indictment for stealing patient information for personal gain. Latimer, 34, who was previously employed at Axia Women’s Health, was charged by the Upper Moreland Police Department in Montgomery County, PA. She is alleged to have been involved in a scheme … Read more

What is a Covered Entity under HIPAA?

The Health Insurance Portability and Accountability Act was established in 1996 with a variety of objectives. Though one of its primary goals was to give expand access to health insurance and introduce tax reforms, it has now become synonymous with health data privacy. HIPAA, and the subsequent rules that were added to it over the … Read more

Warning Issued about Hive Ransomware Group

On November 17, 2022, the Federal Bureau of Investigation (FBI), the Department for Health and Human Services (DHSS) and the Cybersecurity and Infrastructure Agency (CISA) have together issued a warning to the Health and Public Sector (HPH) over the increased risk of ransomware attacks. This comes after a sustained period of attacks between June 2021 … Read more

 How do you avoid HIPAA violations?

Are HIPAA violations at all avoidable? Is it inevitable that mistakes will be made, and that Covered Entities will end up paying fines for HIPAA violations? In short: how do you avoid HIPAA violations? We will discuss that here.  Unfortunately, to some degree, HIPAA violations are hard to avoid. Human nature means that mistakes will … Read more

 What happens after a HIPAA complaint is filed?

What happens once a HIPAA complaint is filed? Are there any set procedures in place? What can employees, patients, Covered Entities and Business Associates expect? We discuss what happens after a HIPAA complaint is filed here.  All patients have the right to register any HIPAA-related concerns and make complaints with an organization’s HIPAA Privacy Officer … Read more

How long do you have to report a HIPAA violation?

How long do you have to report a HIPAA violation? If someone uncovers a HIPAA violation, do they have to report it immediately? And who should they report it to? We investigate these questions, and others, in this article.  It is imperative that all HIPAA violations are reported within the workplace. The reasoning for this … Read more

Children’s Hospital Offers Settlement to Resolve Class Action Lawsuit

The Ann & Robert H. Lurie Children’s Hospital, based in Chicago, Illinois, has proposed a settlement to resolve a privacy-related class action lawsuit. The lawsuit was filed in response to two privacy breaches in which protected health information (PHI) was accessed by unauthorized employees. The breach was discovered on November 15, 2019. Lurie Children’s Hospital … Read more

What is PHI?

PHI – or Protected Health Information – is a term frequently used in articles discussing HIPAA compliance, yet the meaning of the term is sometimes misunderstood. However, it is important for Covered Entities, Business Associates, and their workforces to know what is PHI – and what it isn´t – because one of the primary objectives … Read more

What happens if a nurse violates HIPAA?

No matter who commits them, HIPAA violations are incredibly serious. There are a wide range of consequences for violations, both for the employee that committed the violation and the Covered Entity that they work for. Here, we will discuss what happens when a nurse violates HIPAA.  By nature of their job, nurses have regular contact … Read more

Aveanna Healthcare agrees to $425,000 Settlement for Phishing Attack

A home health company based in Georgia has agreed to pay a $425,000 fine to Massachusetts’ Office of the Attorney General for violating state laws that required them to implement safeguards against phishing attacks. Though it is based in Georgia, Aveanna Healthcare is the United State’s largest provider of pediatric home care and operates in … Read more

 Does HIPAA apply to Dentists?

Unfortunately, there is no simple answer to the question, “does HIPAA apply to dentists?”. The response will depend on a number of factors, from which State the dentist is practicing in to the exact role of the dentists.  The Department of Health and Human Services stipulates that dentists are only considered to be Covered Entities … Read more

Is HIPAA a Federal Law?

The Health Insurance Portability and Accountability Act was passed by Congress in 1996. It is a Federal Law, meaning that it applies to all States. The fact that it is a Federal Law ensures that a minimum standard of privacy and security is applied to all patient data across the country, and there is not … Read more

November Declared Critical Infrastructure Security and Resilience Month by Whitehouse

In an effort to promote cybersecurity and raise awareness of the physical and digital threats to critical infrastructure, President Biden has declared that November will be “Critical Infrastructure Security and Resilience” month. The announcement reaffirms the White House’s commitment to strengthening critical infrastructure “by building better roads, bridges, and ports; fortifying our information technology and … Read more

Who Should HIPAA Complaints be Directed to within the Covered Entity?

If a workforce is trained properly in HIPAA compliance, they should be able to identify violations of HIPAA. Additionally, patients who have concerns about HIPAA compliance should be able to file a complaint with the Covered Entity that holds their data. But who should HIPAA complaints be directed to within a Covered Entity? Who is … Read more

Who is covered by HIPAA?

HIPAA is known by many, but who is actually covered by HIPAA? Is everyone who has any health-related data required to be HIPAA compliant? How does an organization know if they are a HIPAA-Covered Entity? We will discuss the answers to these questions here.  When it was originally enacted in 1996, Health Insurance Portability and … Read more

Phishing Attack Potentially Compromises PHI of 34,000 Patients

University of Michigan Health has sent breach notification letters to around 33,850 patients whose data was potentially compromised during a phishing attack. Though there is not yet any evidence that the data has been sold or misused, University of Michigan Health has stated in its breach notification letter that affected patients should assume that all … Read more

Nearly 500,000 Patients Affected in Meta Pixel – WakeMed Data Breach

WakeMed Health and Hospitals (“WakeMed”) has sent breach notification letters to nearly 495,000 patients notifying them that their PHI may have been impermissibly disclosed to Meta/Facebook. This breach was due to the use of the Meta Pixel tracking code of WakeMed’s website. The Meta Pixel code was added to WakeMed’s website and patient portal in … Read more

EyeMed Vision Care fined $4.5 million for Cybersecurity Data Breach

EyeMed Vision Care (“EyeMed”), an Ohio-based health insurance company, has been ordered to pay a $4.5 million fine by the New York State Department of Financial Services (DFS). The fine resulted from an investigation into potential violations of the DFS Cybersecurity Regulations.   As part of its practices as a licensed health insurance company, EyeMed … Read more

Who enforces HIPAA?

The answer to the question who enforces HIPAA is “it depends”. This is because different agencies enforce different parts of the Health Insurance Portability and Accountability Act, and also because each organization subject to HIPAA should have a Privacy and/or Security Officer responsible for enforcing HIPAA within the organization. HIPAA is a complex piece of … Read more

Breach Affecting over 33k Patients Reported by the Aesthetic Dermatology Associates.

  The Aesthetic Dermatology Associates, based in Pennsylvania, have confirmed a breach involving the protected health information (PHI) of 33,793 current and former patients. The cyberattack, during which authorized individuals viewed and, in some cases, acquired, the PHI, was first detected on August 15, 2022.   Upon detection of the suspicious network activity, the Aesthetic … Read more

Florida Physician Pleads Guilty to Criminal Violations of HIPAA

A doctor, who has since ceased practicing, has pleaded guilty to criminal violations of HIPAA in which he passed on protected health information to the sales representative of a pharmaceutical firm. The doctor, who had practices in New York, New Jersey, and Florida, was prosecuted by the U.S. Attorney’s Office of the District of New … Read more

When should you promote HIPAA Awareness?

Ideally, there should be no need to promote HIPAA awareness, as employees would always be aware of HIPAA and acting in a HIPAA-compliant manner. However, in reality, memory fades and people need to be reminded of their obligations under HIPAA. With that in mind, when should you promote HIPAA awareness in a company?  Any HIPAA … Read more

Why is HIPAA important?

The Health Insurance Portability and Accountability Act was first enacted in 1996, but why is HIPAA important in the current healthcare landscape? The Act has cemented the value of patient rights, particularly in relation to the privacy of their health data. In this article, we will discuss how HIPAA has maintained its importance to date.  … Read more

Is workplace gossip a HIPAA violation?

It is only natural that colleagues will chat with each other, but is workplace gossip a HIPAA violation? Obviously, it will depend on the nature of the gossip – talking about the latest Christmas party would not be a violation – but even when the topics of discussion are healthcare-related, it is not a straightforward … Read more

What does HIPAA stand for?

Put simply, HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. However, the title of the act does little to explain its purpose. HIPAA essentially established standards for protecting health information and reformed aspects of the health insurance industry to make it fairer for policyholders. The act is often incorrectly referred to … Read more

Is Microsoft Teams HIPPA compliant?

Microsoft products are used globally, but healthcare providers must ensure that their use of Microsoft Teams is HIPAA compliant. The recent shift to remote working has been a boon for online communications platforms, which are now used across a wide range of industries. During the recent COVID-19 pandemic, Microsoft Teams saw a surge in its … Read more

What is Considered Protected Health Information under HIPAA?

Explaining what is considered Protected Health Information under HIPAA can be complicated because, although individually identifiable health information is always protected when it is created, received, maintained, or transmitted by a Covered Entity or Business Associate, the information stored with health information can sometimes be considered Protected Health Information under HIPAA – and sometimes not. … Read more

What happens if HIPAA is violated?

Whether accidental or intentional, what happens if HIPAA is violated? Can employees be fired for violating HIPAA? What penalties are there for covered entities? These will all be explored in more detail below.  The consequences for HIPAA violations will usually depend on the severity of the violation, whether it was accidental or intentional, and what … Read more

Tens of Thousands of Patients Impacted in Eye Care Leaders Cyberattack

It has been discovered that Eye Care Leaders, a supplier of electronic health records and client management software products for eye care clinics, had its databases illegally accessed by cybercriminals on or around December 4, 2021. Upon obtaining access to the network they hackers logged into the myCare Identity solution and removed databases, systems configuration … Read more

Ransomware Attack on Omnicell Reports Revealed in SEC Filing

Mountain View, California-located supplier of medication management solutions, Omnicell has revealed recently, as part of an 8-K submission with the Securities and Exchange Commission (SEC), that the groups was successfully targeted in the cyber attack on its databases. The cyber attack was initially discovered on May 4, 2022, and lead to a number of specific … Read more

Illinois Gastroenterology Group Reports Hacking Incident

It has recently been revealed by Illinois Gastroenterology Group that a number of unauthorized individuals were able to obtained access to its group databases to the extent that they may have been in a position to view and downloads sensitive private patient data. The illegal data breach was initially discovered when the group IT team … Read more

Is SharePoint HIPAA compliant?

It may be one of the most popular cloud-based document management services on the market, but is SharePoint HIPAA compliant?  Developed by Microsoft, SharePoint is based on their OpenXML document standard and integrates with all products in the Microsoft Office Suite. It can also be used as the foundation for a customer management system (CRM), … Read more

318,000 Patients Impacted in SuperCare Health Data Breach

Downey, California-based SuperCare Health, a post-acute in-home respiratory care supplier for the western states in the USA, has begun contacting 318,379 patients to inform them that a portion of their PHI may have been accessed by unauthorized people during a cyberattack in July 2021. SuperCare Health, in a breach notification letter circulated on March 25 … Read more

Recognized Security Practices, & Sharing of HIPAA Settlements with Harmed Individuals, Feedback sought by OCR

A Request for information (RFI) has been released by the Department of Health and Human Services’ Office for Civil Rights (OCR) in connection with the two outstanding requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The HITECH Act, which was changed in 2021 by the introduction of … Read more

Medical Device Cybersecurity Enhanced with Introduction of the Protecting and Transforming Cyber Health Care (PATCH) Act

U.S. Senators Bill Cassidy, M.D. (R-LA) and Tammy Baldwin (D-WI), bipartisan senators, have introduced the Protecting and Transforming Cyber Health Care (PATCH) Act which seeks to enhance the security of medical technology. There are often flaws discovered in medical technological devices that can be targeted by cybercriminals who can alter the functionality of the devices, … Read more

What is HITECH in healthcare?

To help alleviate many of the economic problems that accompanied the Great Recession of 2008, the Obama administration introduced the American Recovery and Reinvestment Act (ARRA) in 2009. The Act was an economic stimulus package aimed at creating jobs, reducing poverty, and improving infrastructure.  Another large part of ARRA aimed at encouraging advancements in health … Read more

Social Media HIPAA Violation Results in $50,000 Civil Monetary Penalty for Dental Clinic

A dental clinic operating out of Charlotte and Monroe, North Carolina, has been investigated by OCR due to a complaint that was filed in November 2015 claiming that the unauthorised release of protected health information (PHI) took place following the publishing of a negative online review of the practice.   On or around September 28 2015 … Read more

OCR Highlights How HIPAA Security Rule Compliance Can Prevent Breaches

In recent years cyberattacks have been on the rise with a 45% rise in hacking/IT incidents recorded from 2019 to 2020. In 2021 66% of breaches involving unsecured electronic protected health information (ePHI) happed as a result of hacking and other IT shortcomings.Most of these breaches could have been avoided if HIPAA-regulated entities were 100% … Read more

What is HIPAA Authorization?

HIPAA is long and complex, with many different stipulations and requirements. Here, we examine just one part of the HIPAA compliance requirements, answering the question: “What is HIPAA authorization?” “Authorization” is required under the HIPAA Privacy Rule if the covered entity (CE) wishes to use or disclose a patient’s protected health information (PHI) in a … Read more

50m Healthcare Records Breached During 2021: Breach Barometer Report

Protenus has published its 2022 Breach Barometer Report which shows that there were over 50 million healthcare records exposed or compromised during 2021. The report lists healthcare data breaches made known to regulators, including data breaches that have been covered by news outlets, incidents that have not been shared by the breached entity, and data … Read more

What does HIPAA Training do?

First introduced in 1996 to allow workers to maintain health insurance cover as they moved from one job to another, the Health Insurance Portability and Accountability Act (HIPAA) states that training should be conducted for staff in relation to HIPAA policies and procedures. But what is this training for? Here we will explore what HIPAA … Read more

Morley Companies Reports Security Breach Impacted 521,000

A cyberattack on Michigan-based business services provider Morley Companies, which was initiated on August 1 2021, prevented internal access to databases. The Saginaw, MI-based group recently reported the breach to the Department of Health and Human Services’ Office for Civil Rights (OCR), confirming that cybercriminal successfully infiltrated their network, impacting the Private Health Information of … Read more

Data Breach Litigation Sees $4.75 Million Settlement Offer from CaptureRx

In order to settle claims connected with a 2021 data breach that impacted the private health information of around 2.4 million of the patients of the healthcare provider it was working at, CaptureRx has offered a $4.75m settlement proposal. A healthcare admin solution that assists hospitals operate their 340B drug discount programs, CaptureRx revealed on … Read more

AccelHealth and Pace Center for Girls Report Cyberattacks

AccelHealth entity Cross Timbers Health Clinics was infiltrated by a ransomware attack on December 15 2021 which stopped the Federally Qualified Health Center from logging onto its own databases. The Brownwood, Texas-based clinic brought in the help of an external cybersecurity firm to review the security breach. This group was able to determine that access … Read more

What information can be shared without violating HIPAA?

HIPAA is a complex piece of legislation covering many aspects of patient privacy, which may leave healthcare workers wondering: what information can be shared without violating HIPAA?  To answer this question, we must first discuss what kinds of information are covered by HIPAA. The HIPAA Privacy Rule defines “Protected Health Information” as any patient-related information … Read more

Can I get fired for an accidental HIPAA violation?

Can employees be fired if they accidentally commit a HIPPA violation? The answer to this question will depend on a range of factors, not least the nature of the HIPAA violation, how the employee responded, and the employer’s own workplace policy.  Whether accidental or not, HIPAA violations are serious events. A HIPAA violation occurs when … Read more

New York Fines EyeMed $600,000 for 2.1 Million-Record Data Breach

The first healthcare data breach settlement of 2022 has been revealed by Letitia James, Attorney General for New York . EyeMed Vision Care, an Ohio-based vision benefits supplier, has committed to handing over a fine of $600,000 to settle a 2020 data breach that resulted in the personal data of 2.1 million people being impacted … Read more

August 2021 Cyberattack Sees Memorial Health System Facing Class Action Lawsuit

Following a cyberattack and data breach that was first discovered by Memorial Health System on August 14, 2021, Marietta Area Health Care Inc., which operates as Memorial Health System, is facing a class action lawsuit. After the discovery of the breach, an investigation showed that hackers initially obtained access to company databases at some point … Read more

105,000 Patients Notified About Cyberattack and Potential Theft of PHI at Online Pharmacy

Health app developer Ravkoo and Auburndale, FL-based digital pharmacy and has begun alerting 105,000 clients that a portion of their sensitive personal data may have been breached and possibly obtained by someone who was not authorized to do so. The portal on which Ravkoo hosts its online prescription portal on Amazon Web Services (AWS), was … Read more

Is HIPAA still in effect?

It has been 26 years since it was enacted, but is HIPAA still in effect? Yes, it is, but it is now quite different from its original form. Numerous additions over the decades have strengthened parts of the legislation, ultimately providing greater protections to patients and their data.  HIPAA (short for the Health Insurance Portability … Read more

Email Account Breaches at Three HIPAA Entities Expose PHI of 40,000 People

The protected health information (PHI) of 40,000 people has been exposed following a recent cyberattacks on three separate healthcare providers which focused on employee email accounts. The attacks were as follows: 1. Boulder Neurosurgical and Spine Associates it was discovered that a corporate email account was breached on September 21, 2021. Once the breach was … Read more

UH College of Optometry & Valley Mountain Regional Center Report Data Breaches

Tt has been revealed that the University of Houston College of Optometry had its databases infiltrated when an unauthorized person obtained access to the network of an affiliated eye clinic and stole information that was being held in the clinic’s database. The access took place at a location outside of the United States. UH College … Read more

HIPAA Right of Access Violations Results in Fines for Five Entities

Five financial penalties related to HIPAA Right of Access breaches have been sanctioned by the HHS’ Office for Civil Rights (OCR), in line with its current focus on heightened compliance enforcement. This current campaign began in the second half of 2019 following a spike in reports from patients that were not given adequate access to … Read more

HIPAA Violation Leads to Criminal Charge for Former Huntington Hospital Worker

An individual, a former healthcare worker at New York’s Huntington Hospital, who illegally accessed the PHI in 13,000 patient records is facing a potential criminal conviction. The person in question was employed to work on the late night shift at the Huntington Hospital when the breach occurred. At different points in time from October 2018 … Read more

Do I need HIPAA Certification?

Any health information manager working for a HIPAA entity will be seeking to ensure that they are doing everything possible to prevent a HIPAA breach from occurring. HIPAA training forms a key part of this project but what sort of training is required? Is it sufficient to have staff complete a free HIPAA training course … Read more

Cyberattack Results to Southern Ohio Medical Center Diverting Ambulances

A cyberattack on the Southern Ohio Medical Center (SOMC) in Portsmouth, OH, resulter in the healthcare facility diverting ambulances to alternative healthcare centers. In addition to this the hospital was forced to cancel some medical appointments and services that were to be provided to outpatients. The cyberattack in question was carried out in the early … Read more

PHI of 45,262 Desert Pain Institute Patients Potentially Compromised in Cyberattack

It has been revealed that illegal access of the databases of Baywood Medical Associates,  operating as Desert Pain Institute (DPI) in Mesa, AZ, has taken place. Additionally, it was discovered that some of the parts of the network that were open to access were holding the protected health information of patients of the healthcare group.  … Read more

Ransomware Attack Impacts 50,000 Patients of ReproSource Fertility Diagnostics

ReproSource Fertility Diagnostics a Malborough, MA-based clinic has experienced a ransomware attack that allowed cybercriminals to illegally gain access to databases that were holding the PHI of approximately 350,000 patients. ReproSource is a large laboratory that services reproductive health clinics and is operated by Quest Diagnostics. ReproSource first noticed the ransomware infiltration on August 10, … Read more

180,000 Impacted in U.S. Vision Subsidiary Security Breach

It has been revealed that the U.S. Vision Inc. subsidiary, USV Optical Inc. suffered a security breach when cybercriminals were able to obtain access to a range of databases that were holding patients’ protected health information (PHI).  This breach was initially noticed on May 12, 2021 and resulted in an in depth forensic investigation which … Read more

Alaska DHSS Says May 2021 Cyberattack Could Impact All Alaskans

Following a highly sophisticated cyberattack, believe to have been managed by a nation state threat actor, the Alaska Department of Health and Social Services (DHSS) has initiated a correspondence project to inform all state citizens that there PHI may have been infiltrated in the data breach.  This breach was initially discovered on May 2, 2021, … Read more

Waste Management Firm Employees PHI Compromised in Data Breach

Due to a a January 2021 cyberattack, USA Waste-Management Resources, LLC has begun getting in touch with a range of internal members of staff and their dependents, as well as those of certain former employees, to make them aware that its self-administered health plan has been impacted as part of the incident in question. Waste-Management … Read more

637,000 Patients Impacted in UNM Health Data Breach

It has been confirmed that an unauthorized third party was able to access the network of UNM Health, possibly obtaining access to and downloading files that included patients’ protected health information (PHI) . Following the initial identification of the breach on June 4 2021 and a review of the UNM Health databases was begun in … Read more

Electromed Inc. Data Breach Suffer Breach Impacted 47,000 Individuals Private Information

A security breach that occurred during June 2021 at Electromed Inc. that involved unauthorized people obtaining access to the groups databases. The New Prague, Michigan developer and producer of airway clearance devices, revealed that the breach was initially discovered on June 16, 2021. Once this discovery was made the group quickly moved to mitigate any … Read more

Cyberattack Impacting 2.41 Million Reported by Wisconsin Dermatology Practice

  On June 4, 2021 it was discovered by Manitowoc, WI-based Forefront Management, LLC and Forefront Dermatology, S.C. that unauthorized people had obtained access to its databases which included private and confidential employee and patient data. The impacted databases were quickly made inactive to stop additional unauthorized access and a review was initiated to ascertain … Read more

Data Breach Affecting 2.41 Million Individuals Reported by Wisconsin Dermatology Practice

On June 4, 2021 Forefront Management, LLC and Forefront Dermatology, S.C. discovered that unauthorized access had been obtained to its databases which could have resulted in private and confidential employee and patient information being infiltrated.  The impacted databases were swiftly removed from the network so as to stop any additional unauthorized access taking place and … Read more

Class Action Data Breach Lawsuit Proposed Settlement of $2m Offered by Dominion National

A class action lawsuit filed by those impacted in a 2.96 million-record data breach, discovered in 2019, against Dominion National has resulted in a settlement offer being proposed by the defendant. After the official investigation into the data breach came to and end in April 2019, the Virginia-based insurer, health plan administrator, and administrator of … Read more

SEIU 775 Benefits Group Data Breach Impacts 140,000 Individuals

Service Employees International Union 775 (SEIU 775) Benefits Group, a benefits administrator for home healthcare and nursing home staff, has been infiltrated by a hacking group who managed to remove a range of sensitive data. An investigation, carried out by IT staff, discovered a variety of anomalies present on SEIU 775’s data systems at different … Read more

HIPAA Security Rule Violations Settled by Clinical Laboratory with OCR for $25,000

The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed that a HIPAA breach settlement has been agreed with Peachstate Health Management, LLC, dba AEON Clinical Laboratories to settle a range of different violations of the HIPAA Security Rule. A CLIA-certified laboratory, Peachstate offers a variety of services to its clients … Read more

How Regularly Should HIPAA Training Take Place?

When it come to HIPAA training and how often it should be scheduled both the HIPAA Privacy Rule and HIPAA Security Rule have training provisions included in relation to this. Despite this the amount of, and regularity of, HIPAA training required remains slightly is a little vague. The HIPAA Privacy Rule states that “A covered entity … Read more

Californian Healthcare Provider Discovers Patient Data was Exposed on the Internet for Over a Year

It has been discovered that a contractor used by a former vendor of Doctors Medical Center of Modesto (DCM) in California mistakenly breached patient data online. DCM had hired the services of SaaS platform provider Medifies to conduct virtual waiting room services. However, on April 2, 2021, DCM became aware that the data of a … Read more

200,000 Washington D.C. Health Plan Members have PHI Stolen

Following a cyberattack in which protected health information was stolen, CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) is alerting its impacted clients. Previously known as Trusted Health Plans,  CHPDC first identified a that a breach had taken place on its computer databases systems on January 28, 2021. The Washington D.C-based health plan … Read more

HIPAA Right of Access Case Breach Settlement of $30K for New Jersey Plastic Surgery Clinic

Ridgewood, NJ-based Village Plastic Surgery has reached a HIPAA settlement agreement with the HHS’ Office for Civil Rights to resolve possible violations of the HIPAA Right of Access. Village Plastic Surgery has agreed to hand over $30,000 penalty and implement a range of corrective measures linked to access to protected health information (PHI). OCR will … Read more

Gore Medical Management Alerted to 2017 Breach of 79,100 Patients’ PHI

A historic data breach which impacted the protected health information (PHI) of 79,100 clients Gore Medical Management, a medical practice firm located in Griffin, GA, has been discovered. The breach happened during in 2017 and impacts clients of Family Medical Center in Thomaston, which an entity within the Upson Regional Medical Center group. During November … Read more

How can Hospital Workers Help Prevent HIPAA Violations?

Hospital must adhere with the HIPAA Privacy, Security, and Breach Notifications Rules and put in place security measure to stop HIPAA breaches. However, even with these measures in place to manage the danger of HIPAA violations, data breaches still happen. In the majority of industry sector, cybercriminals that to blame for most security breaches, but … Read more

Universal Health Services Ransomware Attack Cost $67 Million in 2020

The past 12 months were very year for ransomware attacks on the healthcare sector. One of the worst of these was suffered by the King of Prussia, PA-based Fortune 500 healthcare system, Universal Health Services (UHS). UHS, which manages 400 hospitals and behavioral health clinics in the United States and United Kingdom, was impacted by … Read more

Cochise Eye & Laser Ransomware Attack Impacts Around 100,000 People

A ransomware attack took place on the Sierra Vista, the Arizona-based ophthalmology and optometry supplier Cochise Eye and Laser on January 13, 2021. This attack lead to the encryption of its patient scheduling and billing solutions. The attack stopped Cochise Eye and Laser from using any data in its scheduling system. Eye care services were … Read more

34,000 Patients Impacted by Grand River Medical Group Email Breach

  It has been discovered that an unauthorized individual gained access to the email account of an employee at Grand River Medical Group in Dubuque in Ohio, resulting in the possibility that someone could have viewed or obtained the protected health information of 34,000 patients. After uncovering the breach, a password reset was carried out … Read more

Kevin Fu Appointed as First Director of Medical Device Security by FDA

University of Michigan associate professor Kevin Fu has been appointed by the U.S. Food and Drug Administration (FDA) as its first director of medical device security. Mr Fu will be acting director of medical device security at the FDA’s Center for Devices and Radiological Health (CDRH) and the recently created Digital Health Center of Excellence … Read more

$5.1m HIPAA Settlement Agreed by PenaltyExcellus Health Plan

Health insurer provider Excellus Health Plan has agreed to pay a $5.1m penalty with the Department of Health and Human Services’ Office for Civil Rights OCR in order to settle a HIPAA breach arising from a 2015 data breach that impacted 9.3m people. In 2015 the breach was identified by Excellus, the group that operates as … Read more

HIPAA Penalty Actions by State Attorneys General

In relation to policing compliance with the Health Insurance Portability and Accountability Act Rules state Attorneys General play a major part. State attorneys general have been given the power to initiate civil proceeding on behalf of state residents who have been affected by breaches of the HIPAA Privacy and Security Rules in the Health Information … Read more

45% rise in Healthcare Industry Attacks by Cybercriminals

In the latter half of 2020 the joint CISA, FBI, and HHS cybersecurity advisory issued an alert for the healthcare and public health sectors as a result of a recorded increase in ransomware attacks. It revealed that these sectors were being concentrated on by ransomware operators and many cyber criminal groups had increased their level … Read more

Disclosures of PHI to Health Information Exchanges under HIPAA: OCR Issues Guidance

The Department of Health and Human Services’ Office for Civil Rights has released new information in relation to the Health Insurance Portability and Accountability Act (HIPAA) Rules governing the sharing of protected health information (PHI) to health information exchanges (HIEs) for the public health activities of a public health authority (PHA). An HIE is classified … Read more

EyeMed Phishing Attack Exposes Tufts Health Plan Members’ PHI

60,545 subscribers to Tufts Health Plan have had their protected health information infiltrated as result of a phishing attack on the vision benefits management firm EyeMed. The phishing attack happened in June 2020 and was identified by EyeMed on July 1, 2020. Access to the breached account was shut down the same day. EyeMed alerted … Read more

Over 1,000,000 Million Patients Impacted in Dental Care Alliance Data Breach

Dental Care Alliance, LLC, a dental support group with over 320 affiliated dental practices spread across 20 states, has been hacked and the protected health information of more than a million individuals has possibly been infiltrated. The breach happened on September 18, 2020, was detected on October 11, and was closed off on October 13. … Read more

Increasing Ragnar Locker Ransomware Activity leads to FBI Warning

Hackers using Ragnar Locker ransomware have increased up their activity and have been focusing on companies and groups in a number of different sectors, according to a recent private sector alert released by the Federal Bureau of Investigation (FBI). Ragnar Locker ransomware was first discovered by security experts during April 2019, with the first identified … Read more

University of Cincinnati Medical Center Fined $65,000 for HIPAA Right of Access Failure

The HHS’ Civil Rights Office has publicly acknowledged its 18th HIPAA financial penalty of the year, with the 12th fine under its HIPAA Right of Access enforcement initiative. In 2019, OCR revealed a new drive to ensure individuals are allowed timely access to their health records, at a reasonable cost, as mandated by the HIPAA … Read more

Ransomware Activity Targeting the Healthcare Sector Provided by ASPR

An update on ransomware activity targeting the healthcare and public health sectors has been released by the HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) saying, “At this time, we consider the threat to be credible, ongoing, and persistent.” Last month, a joint alert was released by the Cybersecurity and Infrastructure Security … Read more