HIPAA compliance and regulation

Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for safeguarding protected health information. Maintaining HIPAA compliance is essential to protecting patients and avoiding penalties and fines. Get the latest HIPAA news and learn strategies for compliance with HIPAA and other healthcare privacy and security regulations.

Top Stories

Podcast 04 Nov 2024
Understanding new NY hospital cybersecurity regulations

Recently enacted New York State general hospital cybersecurity requirements could be a sign of what's to come for the healthcare sector as a whole. Continue Reading
By
- Jill McKeon, Associate Editor
News 25 Oct 2024
HHS, NIST conference: OCR identifies top priority areas

Updating the HIPAA Security Rule is one of OCR's current top priorities, OCR Director Melanie Fontes Rainer said during an HHS/NIST conference on safeguarding health information. Continue Reading
By
- Jill McKeon, Associate Editor

News 08 Jul 2022
Abortion Restrictions Clash With HIPAA, Patient Privacy Protections

A JAMA Health Forum article discussed the Supreme Court’s decision to overturn Roe v. Wade and how HIPAA fails to protect patient privacy in certain circumstances. Continue Reading
By
- Jill McKeon, Associate Editor
News 07 Jul 2022
Senators Ask HHS to Update HIPAA Privacy Rule, Defend Reproductive Rights

Two US Senators penned a letter to HHS asking it to consider updates to the HIPAA Privacy Rule to safeguard reproductive rights and patient privacy. Continue Reading
By
- Jill McKeon, Associate Editor
Answer 29 Jun 2022
How New Federal, State Laws Impact Healthcare Data Privacy

HIPAA-covered entities must navigate HIPAA compliance along with recently introduced federal and state data privacy standards, creating significant challenges and complexity. Continue Reading
By
- Jill McKeon, Associate Editor
News 28 Jun 2022
GAO Calls on HHS to Improve Healthcare Data Breach Reporting Process

In a new report, GAO suggested that HHS improve its healthcare data breach reporting process to allow entities to provide feedback on it. Continue Reading
By
- Jill McKeon, Associate Editor
News 15 Jun 2022
ONC, OCR Release Updated Version of HHS Security Risk Assessment (SRA) Tool

Version 3.3 of the HHS Security Risk Assessment (SRA) Tool includes a new SRA Tool Excel Workbook to replace the legacy paper version. Continue Reading
By
- Jill McKeon, Associate Editor
News 13 Jun 2022
OCR to Release Video on HITECH Recognized Security Practices

OCR announced plans to produce a pre-recorded video presentation on HITECH recognized security practices and is seeking relevant questions and comments from covered entities. Continue Reading
By
- Jill McKeon, Associate Editor
Feature 10 Jun 2022
Common HIPAA Administrative Safeguards Under The HIPAA Security Rule

HIPAA administrative safeguards are crucial measures that all covered entities must consider under the HIPAA Security Rule. Continue Reading
By
- Editorial Staff
News 08 Jun 2022
CHI, MGMA Respond to OCR’s RFI On Recognized Security Practices Under HITECH

The Connected Health Initiative (CHI) and MGMA both responded to OCR’s request for information by proposing several measures to ensure the effectiveness of HITECH. Continue Reading
By
- Jill McKeon, Associate Editor
Feature 03 Jun 2022
Common HIPAA Physical Safeguards Under The HIPAA Security Rule

HIPAA physical safeguards are crucial to protecting electronic protected health information (ePHI) and are essential to maintaining HIPAA compliance. Continue Reading
By
- Editorial Staff
Feature 20 May 2022
What is the HIPAA Privacy Rule?

The HIPAA Privacy Rule protects patient privacy while enabling the flow of health information. Continue Reading
By
- Jill McKeon, Associate Editor
Feature 13 May 2022
What is the HIPAA Security Rule?

The HIPAA Security Rule requires covered entities and business associates to implement technical, physical, and administrative safeguards. Continue Reading
By
- Jill McKeon, Associate Editor
Feature 03 May 2022
Misconceptions About HIPAA, Interoperability, Information Blocking

At the HealthITSecurity virtual summit, panelists discussed common misconceptions surrounding HIPAA, interoperability, and information blocking. Continue Reading
By
- Jill McKeon, Associate Editor
News 07 Apr 2022
OCR Seeks Public Input on Penalties, Security Measures Under HITECH

OCR issued a request for information regarding HITECH’s recognized security practices and civil monetary penalty and settlement sharing sections. Continue Reading
By
- Jill McKeon, Associate Editor
News 28 Mar 2022
OCR Announces Four HIPAA Enforcement Actions

OCR announced four HIPAA enforcement actions, two of which stemmed from OCR’s HIPAA Right of Access Initiative. Continue Reading
By
- Jill McKeon, Associate Editor
News 21 Mar 2022
EHNAC, HITRUST Partner to Promote Security, Privacy Standards

EHNAC and HITRUST announced a partnership to promote the security and privacy of trusted networks while aligning with TEFCA requirements. Continue Reading
By
- Jill McKeon, Associate Editor
Feature 11 Mar 2022
Your Responsibilities Under the HIPAA Breach Notification Rule

After experiencing a PHI breach, HIPAA-covered entities and business associates must comply with reporting requirements under the HIPAA Breach Notification Rule. Continue Reading
By
- Jill McKeon, Associate Editor
Feature 21 Feb 2022
HIPAA Technical Safeguards: A Basic Review

It’s critical to review the requirements of HIPAA technical safeguards to ensure that your healthcare organization is compliant and able to keep PHI safe. Continue Reading
By
- Editorial Staff
News 18 Feb 2022
Deadline to Report PHI Breaches Impacting Less Than 500 People Nears

March 1 is the deadline to report 2021 PHI breaches impacting less than 500 people to HHS under the HIPAA Breach Notification Rule. Continue Reading
By
- Jill McKeon, Associate Editor
Feature 14 Feb 2022
What Is a HIPAA Business Associate Agreement (BAA)?

HIPAA-covered entities must have a business associate agreement (BAA) in place with each of their partners to maintain PHI security and overall HIPAA compliance. Continue Reading
By
- Editorial Staff
News 11 Feb 2022
Legislators Introduce Bill to Modernize HIPAA, Health Data Privacy Laws

Two US Senators introduced the Health Data Use and Privacy Commission Act, aimed at modernizing outdated health data privacy laws. Continue Reading
By
- Jill McKeon, Associate Editor
News 07 Feb 2022
Four Ways Covered Entities Can Ensure HIPAA Compliance

Staying HIPAA compliant helps covered entities remain secure and prevent health data breaches and costly fines. Continue Reading
By
- SecureLink an Imprivata Company
News 02 Feb 2022
GAO Seeks Feedback on Healthcare Data Breach Reporting

The Government Accountability Office (GAO) is seeking feedback from HIPAA-covered entities on the healthcare data breach reporting process. Continue Reading
By
- Jill McKeon, Associate Editor
Feature 20 Jan 2022
PCI Compliance Versus HIPAA Compliance In Healthcare

Maintaining PCI compliance and HIPAA compliance can help healthcare organizations protect all forms of patient data, from medical information to credit card numbers. Continue Reading
By
- Jill McKeon, Associate Editor
News 03 Jan 2022
How Access Monitoring Protects Providers From Health Data Breaches

Access monitoring best practices are key for healthcare organizations to prevent data breaches before they happen. Continue Reading
By
- SecureLink an Imprivata Company
News 21 Dec 2021
OCR Issues HIPAA Guidance Surrounding Extreme Risk Protection Orders

HIPAA covered healthcare providers can disclose PHI to support an extreme risk protection order, which prevents patients in crisis from accessing firearms. Continue Reading
By
- Jill McKeon, Associate Editor
News 02 Dec 2021
OCR Settles 5 HIPAA Right of Access Cases

OCR announced the resolution of five HIPAA Right of Access cases, bringing the total number of enforcement actions to 25 since the HIPAA Right of Access Initiative began. Continue Reading
By
- Jill McKeon, Associate Editor
Feature 18 Nov 2021
How to Implement a Cyber Incident Response Plan for Healthcare

Creating a comprehensive cyber incident response plan can help healthcare organizations maintain reputation and patient safety. Continue Reading
By
- Jill McKeon, Associate Editor
News 16 Nov 2021
2 NJ Printing Companies Fined for HIPAA Violations, PHI Exposure

Two New Jersey printing companies agreed to pay $130,000 in fines for PHI exposure and potential HIPAA violations. Continue Reading
By
- Jill McKeon, Associate Editor
Feature 16 Nov 2021
Status, Challenges of Information Blocking Rule Compliance

The Information Blocking Rule compliance deadline passed in April 2021, but questions about electronic health information sharing remain. Continue Reading
By
- Jill McKeon, Associate Editor
News 25 Oct 2021
Ensuring Healthcare Industry Compliance with HIPAA in 2021

Healthcare compliance is set to change significantly with changes to HIPAA around patient access to health information and data sharing. Continue Reading
By
- SAI360
Feature 15 Oct 2021
De-Identification of PHI According to the HIPAA Privacy Rule

The two HHS-approved methods for the de-identification of PHI can aid in clinical research while ensuring HIPAA compliance and patient privacy. Continue Reading
By
- Jill McKeon, Associate Editor
News 11 Oct 2021
With A New Leader, OCR to Focus on Risk Analysis, HIPAA Enforcement

OCR’s appointment of a new director signifies a shift for the office and presents implications for the future of HIPAA enforcement and security and privacy regulations. Continue Reading
By
- Jill McKeon, Associate Editor
News 04 Oct 2021
OCR Clarifies HIPAA Rules Surrounding Vaccination Status

OCR issued guidance emphasizing that the HIPAA Privacy Rule does not prohibit anyone from asking an individual about their vaccination status. Continue Reading
By
- Jill McKeon, Associate Editor
News 04 Oct 2021
How Health Plans Must Prepare for Vendor Risk, Noncompliance

Covered entities and business associates must be in alignment about HIPAA compliance with new provisions coming into place Continue Reading
By
- SAI360
News 01 Oct 2021
CA Extends Telehealth HIPAA Penalty Exemption Until End of PHE

Governor Newsom renewed an executive order offering certain HIPAA penalty exemptions for providers who administer telehealth throughout the PHE. Continue Reading
By
- Jill McKeon, Associate Editor
Feature 17 Sep 2021
Key Differences Between PHI and PII, How They Impact HIPAA Compliance

Covered entities must understand the differences between PII and PHI to maintain HIPAA compliance and protect patient data. Continue Reading
By
- Jill McKeon, Associate Editor
News 14 Sep 2021
OCR Settles 20th HIPAA Right of Access Case With Nebraska Hospital

Children’s Hospital & Medical Center in Nebraska paid an $80,000 civil monetary penalty to resolve the twentieth case under OCR’s HIPAA Right of Access Initiative. Continue Reading
By
- Jill McKeon, Associate Editor
News 24 Aug 2021
Common Misconceptions About HIPAA and COVID-19 Vaccination Status

Asking someone about their COVID-19 vaccination status is not a HIPAA violation, despite prominent figures saying otherwise. Continue Reading
By
- Jill McKeon, Associate Editor
News 23 Aug 2021
15 Years Later, Walgreens’ HIPAA Violation Case Raises Questions

Newly obtained internal emails revealed that OCR may not have known that its investigation into a Walgreens HIPAA violation was still open 10 years later. Continue Reading
By
- Jill McKeon, Associate Editor
News 23 Aug 2021
Top HIPAA Right of Access Cases in 2021, So Far

As HIPAA turns 25, HHS’ Office of Civil Rights has been cracking down on HIPAA right of access enforcement to ensure individuals’ timely access to health records. Continue Reading
By
- Jill McKeon, Associate Editor
News 20 Aug 2021
How Do New Patient Right of Access Policies Impact HIPAA?

Recent developments in patient right of access policies have experts uncertain about the future of HIPAA and data sharing practices. Continue Reading
By
- Jill McKeon, Associate Editor
News 26 Jul 2021
LA Patient Privacy Incident Discloses COVID-19 Vaccine Status

The vaccination status of thousands of LA County employees was shared online. Continue Reading
By
- Lisa Gentes-Hunt
News 07 Jul 2021
Data Breach Exposes One Medical Customer Email Addresses

Customers had their email addresses exposed during a recent data breach. Continue Reading
By
- Lisa Gentes-Hunt
News 01 Jul 2021
Ohio Hospital HIPAA Violation Goes Unnoticed for Over a Decade

An employee of Aultman Health Foundation in Ohio accessed more than 7,000 EHRs over the past 12 years and was terminated for committing a HIPAA violation. Continue Reading
By
- Jill McKeon, Associate Editor
News 02 Jun 2021
OCR Settles With West Virginia-Based DELC for HIPAA Right of Access Failure

Marking the nineteenth settlement under the HIPAA Right of Access Initiative, West Virginia-based specialist DELC paid OCR a civil monetary penalty and agreed to a corrective action plan. Continue Reading
By
- Jessica Davis
News 25 May 2021
GAO: Insurers Limiting Coverage in Attack-Laden Sectors, Like Healthcare

Sectors experiencing an onslaught of cyberattacks, like healthcare, are facing another concerning challenge: Cyber insurers are limiting coverage for many embattled entities, GAO finds. Continue Reading
By
- Jessica Davis
News 25 May 2021
OCR Settles with AEON Clinical for $25K Over Multiple HIPAA Failures

Peachstate Health, d/b/a AEON Clinical, will pay OCR $25,000 for possible HIPAA failures, following an audit into a 2015 data breach of the VA telehealth program managed by the business associate. Continue Reading
By
- Jessica Davis
News 11 May 2021
HHS’ Proposed HIPAA Right of Access Changes: CHIME, ABHW Weigh in

In response to HHS requests for comments on proposed HIPAA rule changes, CHIME and ABHW raised privacy and security concerns, including Right of Access amendments. Continue Reading
By
- Jessica Davis
News 05 May 2021
NIST Seeks Feedback on Guide to Implementing HIPAA Security Rule

Industry stakeholders are being urged to comment on proposed changes to the NIST HIPAA Security Rule resource guide, including its uses and applications. Continue Reading
By
- Jessica Davis
News 27 Apr 2021
Breach Victims File Class Action Lawsuit Against Einstein Healthcare

In January 2021, Einstein Healthcare began its public notifications for a weeks-long email hack that occurred nearly six months earlier. The breach victims have since filed a class action lawsuit. Continue Reading
By
- Jessica Davis
Answer 07 Apr 2021
COVID-19, Info Blocking Provisions: Time for HIPAA Compliance Checkup

ONC’s info blocking provisions went into effect on April 5, about one year from the COVID-19 nation emergency declaration, stressing the need for a HIPAA compliance checkup. Continue Reading
By
- Jessica Davis
News 29 Mar 2021
OCR Settles With NJ Specialist for Over HIPAA Right of Access Failure

New Jersey-based specialist Village Plastic Surgery has agreed to pay OCR $30,000 to resolve a potential violation of the HIPAA Privacy Rule’s right of access standard. Continue Reading
By
- Jessica Davis
News 25 Mar 2021
Arbour Hospital Pays OCR $65K Over HIPAA Right of Access Violation

The $65,000 settlement with Arbour Hospital is the seventeenth made by OCR under its HIPAA Right of Access Initiative, an agency compliance priority. Continue Reading
By
- Jessica Davis
News 09 Mar 2021
HHS Extends Comment Period for HIPAA Privacy Rule Changes

Proposed in December, the HHS amendments to the HIPAA rule are designed to improve right of access requirements. The comment period has been extended due to high public interest. Continue Reading
By
- Jessica Davis
News 17 Feb 2021
Patients Sue Wilmington Surgical For Netwalker Ransomware Data Leak

A lawsuit has been filed by patients impacted by a Netwalker ransomware attack on Wilmington Surgical Associates and the subsequent leak of 13GB of data in October. Continue Reading
By
- Jessica Davis
News 15 Feb 2021
$70K OCR Penalty for Sharp Health Over HIPAA Right of Access Failures

Sharp HealthCare’s $70,000 civil monetary penalty with OCR is the sixteenth enforcement action under the HIPAA Right of Access Initiative and the second announced this week. Continue Reading
By
- Jessica Davis
News 11 Feb 2021
Renown Health Pays OCR $75K for HIPAA Right of Access Failure

The $75,000 settlement with Renown Health becomes the fifteenth enforcement action brought under the OCR HIPAA Right of Access Initiative since its launch in 2019. Continue Reading
By
- Jessica Davis
News 01 Feb 2021
OIG: VA Staff Hid Privacy, Security Risks of AI Health Data Project

Two VA employees hid and falsely represented the privacy and security risks of an AI project with a health vendor in 2016. VA pulled the contract before health data was shared. Continue Reading
By
- Jessica Davis
News 20 Jan 2021
OCR Lifts HIPAA Penalties for Use of COVID-19 Vaccine Scheduling Apps

A new OCR enforcement discretion will allow providers to use online or web-based apps for scheduling COVID-19 vaccine appointments in good faith without the risk of a HIPAA penalty. Continue Reading
By
- Jessica Davis
News 15 Jan 2021
Insurer Pays $5.1M OCR Penalty for Data Breach Involving 9.3M Patients

OCR settled with insurer Excellus Health Plan for $5.1 million and a corrective action plan, to resolve potential HIPAA violations following a 2015 patient data breach. Continue Reading
By
- Jessica Davis
News 15 Jan 2021
Judge Vacates $4.3M OCR Penalty Against MD Anderson Over Data Loss

The MD Anderson Cancer Center has been appealing a $4.3M OCR HIPAA penalty over lost, unencrypted devices for two years; a judge vacated an earlier ruling, reducing the penalty by a factor of 10. Continue Reading
By
- Jessica Davis
News 13 Jan 2021
Banner Health to Pay OCR $200K for HIPAA Right of Access Failures

One of the largest US health systems, Banner Health, reached a $200,000 settlement with OCR to resolve two separate patient complaints that alleged right of access failures. Continue Reading
By
- Jessica Davis
News 11 Jan 2021
HIPAA Safe Harbor Bill Becomes Law; Requires HHS to Incentivize Security

On January 5, the President signed the HR 7898, HIPAA Safe Harbor Bill, into law, which amends the HITECH Act to require HHS to incentivize best practice security. Continue Reading
By
- Jessica Davis
News 28 Dec 2020
OCR Guide on HIPAA-Compliant PHI Disclosures Via HIEs, Amid COVID-19

Recent OCR guidance sheds light on HIPAA-permitted disclosures of protected health information via HIEs for public health activities amid COVID-19. Continue Reading
By
- Jessica Davis
News 28 Dec 2020
Elite Primary Care Pays OCR $36K for HIPAA Right of Access Violation

OCR announced a $36,000 settlement and corrective action plan with Elite Primary Care to resolve a HIPAA right of access failure; the thirteenth enforcement action made under the HHS initiative. Continue Reading
By
- Jessica Davis
News 18 Dec 2020
OCR: Healthcare HIPAA Compliance Report Finds PHI Security Failures

While many covered entities and business associates met HIPAA-required breach notification compliance requirements, an OCR audit revealed a host of PHI security failures for most providers. Continue Reading
By
- Jessica Davis
News 17 Dec 2020
FTC Reaches Settlement with SkyMed for 2019 Consumer Data, PHI Breach

FTC reached a settlement with SkyMed requiring the vendor to build a comprehensive security program, which will resolve issues stemming from a 2019 breach of consumer data, including PHI. Continue Reading
By
- Jessica Davis
News 15 Dec 2020
Health IT Groups Laud Proposed Bill Incentivizing Best Practice Security

House E&C members passed a bill that amends the HITECH Act, requiring HHS to incentivize best practice cybersecurity and consider those efforts for enforcement purposes. Continue Reading
By
- Jessica Davis
News 10 Dec 2020
HHS Proposes HIPAA Privacy Rule Changes, Improving Right of Access

HHS OCR released a set of proposed changes to the HIPAA Privacy Rule, which would bolster individuals’ right of access, reduce regulatory burden, and support care coordination. Continue Reading
By
- Jessica Davis
News 24 Nov 2020
Final HHS Rules Provide Safe Harbor for Cybersecurity Tech Donations

CMS and HHS OIG finalized federal anti-kickback and Stark Law rules, which included provisions allowing health systems and hospitals to donate cybersecurity technologies to provider offices. Continue Reading
By
- Jessica Davis
News 24 Nov 2020
Blackbaud Faces Another Lawsuit, as More Healthcare Victims Reported

Another lawsuit has been filed against Blackbaud following its massive breach involving hundreds of companies. At least six healthcare entities were added to the breach tally this month. Continue Reading
By
- Jessica Davis
News 20 Nov 2020
Ohio Medical Center Pays OCR $65K for HIPAA Right of Access Failure

OCR reached a $65,000 settlement with the University of Cincinnati Medical Center, after failing to respond to a patient’s request for access to her medical records, as required by HIPAA. Continue Reading
By
- Jessica Davis
News 12 Nov 2020
NY Specialist Pays OCR $15K for HIPAA Right of Access Failures

Rajendra Bhayani, MD, a New York specialist, is the eleventh provider to settle with OCR under its Right of Access Initiative. The enforcement action will resolve possible HIPAA failures. Continue Reading
By
- Jessica Davis
News 12 Nov 2020
Medical Device Vendor Zoll Sues IT Firm Over Breach Affecting 277K

Barracuda Networks is being sued by its client Zoll, a medical device vendor, after a server migration error compromised the personal and medical data of 277,139 patients in 2018. Continue Reading
By
- Jessica Davis
News 06 Nov 2020
OCR Settles with Psychiatric Provider for HIPAA Right of Access Violation

Riverside Psychiatric Medical Group settles with HHS OCR to resolve a potential HIPAA Right of Access violation. The $25,000 settlement is the tenth of the OCR patient access initiative. Continue Reading
By
- Jessica Davis
News 05 Nov 2020
$350K Proposed Settlement Reached in Saint Francis Data Breach Lawsuit

Saint Francis Healthcare, which owns Ferguson Medical Group (FMG), reached a $350,000 lawsuit settlement with the 107,000 patients affected by a 2019 ransomware attack on FMG. Continue Reading
By
- Jessica Davis
News 03 Nov 2020
Wakefern, ShopRite Pay New Jersey $235K for Fraud Act, HIPAA Violations

New Jersey reached a settlement with Wakefern Food Corp and two associated ShopRite supermarkets for $235,000 to resolve violations of HIPAA and the NJ Consumer Fraud Act. Continue Reading
By
- Jessica Davis
News 02 Nov 2020
New Haven Pays OCR $202K for PHI Breach of 498 Patients, HIPAA Failure

OCR settled with New Haven, Connecticut following the breach of 498 patients in 2017, caused by failing to implement employee termination procedures, a potential HIPAA violation. Continue Reading
By
- Jessica Davis
News 28 Oct 2020
Aetna to Pay OCR $1M Over 3 Patient Data Breaches, HIPAA Violations

The insurance giant Aetna agreed to pay HHS OCR $1 million and a corrective action plan to resolve three separate HIPAA violations that caused patient data breaches. Continue Reading
By
- Jessica Davis
Answer 21 Oct 2020
Ensuring Transparency: Language to Avoid in HIPAA Breach Notifications

In the wake of a breach or ransomware, healthcare entities must be transparent with patients to protect privacy, prevent further crimes, and ensure compliance in HIPAA breach notifications. Continue Reading
By
- Jessica Davis
News 16 Oct 2020
3 Compliance Considerations for HIPAA-Required Breach Response

With the rise in ransomware and other sophisticated cyberattacks, it’s crucial for providers to remain compliant with HIPAA guidelines when responding to a breach. Continue Reading
By
- Jessica Davis
News 12 Oct 2020
NY Spine Settles with OCR for $100K Over HIPAA Right of Access Violation

OCR announced its ninth settlement under the HIPAA Right of Access Initiative. NY Spine Medicine will pay $100,000 after failing to provide a patient timely access to her medical records. Continue Reading
By
- Jessica Davis
News 08 Oct 2020
Dignity Health to Pay OCR $160K for HIPAA Right of Access Failure

OCR has reached a settlement with Dignity Health for $160,000 over a HIPAA Right of Access failure, the eighth and largest penalty under its 2019 initiative. Continue Reading
By
- Jessica Davis
News 01 Oct 2020
Treasury Dept: Ransomware Payment Facilitation Could Be Sanction Risk

COVID-19 spurred an increase in ransomware attacks. The Treasury Department warns entities against facilitating ransomware payments for breach victims and possible sanction risks. Continue Reading
By
- Jessica Davis
News 01 Oct 2020
Anthem Settles with 44 States for $40M Over 2014 Breach of 78.8M

The multi-state coalition of 44 states and Washington, DC reached a settlement of nearly $40 million with Anthem to resolve the 2014 healthcare data breach impacting 78.8 million patients. Continue Reading
By
- Jessica Davis
News 30 Sep 2020
Blackbaud Confirms Hackers Stole Some SSNs, as Lawsuits Increase

An SEC filing reveals hackers gained access to more unencrypted data than previously thought. Some of the millions of breach victims have filed lawsuits against the vendor in response. Continue Reading
By
- Jessica Davis
News 28 Sep 2020
Premera Pays OCR $6.85M to Settle HIPAA Violations, Breach of 10.4M

An OCR audit into the 2015 Premera Blue Cross healthcare data breach impacting 10.4 million patients, found systemic noncompliance with HIPAA. The insurer will pay $6.85 million to settle with OCR. Continue Reading
By
- Jessica Davis
News 24 Sep 2020
OCR Settles With Business Associate CHSPSC for $2.3 Over Breach of 6M

CHSPSC, a Community Health Systems business associate, reported a breach of 6 million patients in 2019. The OCR audit found longstanding, systemic noncompliance with HIPAA. Continue Reading
By
- Jessica Davis
News 21 Sep 2020
Athens Orthopedic Pays OCR $1.5M Over Systemic HIPAA Noncompliance

The notorious hacking group “thedarkoverlord” hacked the Athens Orthopedic Clinic in 2016, posting patient data online. The OCR audit that followed revealed systemic HIPAA noncompliance. Continue Reading
By
- Jessica Davis
News 21 Sep 2020
Patient Breach Victims File Lawsuits Against Assured Imaging, BJC Health

Pysa ransomware hackers posted patient data from Assured Imaging online, while BJC Healthcare fell victim to a massive phishing attack; the breach victims filed lawsuits in response. Continue Reading
By
- Jessica Davis
News 15 Sep 2020
HIPAA Compliance: ONC Updates Security Risk Assessment Tool

The Security Risk Assessment (SRA) tool was designed in collaboration between ONC and OCR and is designed to help healthcare entities ensure compliance with HIPAA safeguards. Continue Reading
By
- Jessica Davis
News 15 Sep 2020
OCR Settles with 5 Providers Over HIPAA Right of Access Violations

OCR closed investigations into HIPAA right of access violations at Housing Works, All Inclusive Medical Services, Beth Israel Lahey Health Behavioral Services, King MD, and Wise Psychiatry. Continue Reading
By
- Jessica Davis
News 08 Sep 2020
Patient Data Privacy Lawsuit Against Google, UChicago Dismissed

A Judge ruled to dismiss the patient data privacy lawsuit brought against Google and UChicago, as the patient failed to adequately demonstrate what damages were caused by the partnership. Continue Reading
By
- Jessica Davis
News 26 Aug 2020
OCR: IT Asset Inventory Can Improve HIPAA-Required Risk Analysis

In its summer newsletter, OCR outlines best practice IT asset inventory steps to help healthcare entities improve their risk analysis as required under the HIPAA Security Rule. Continue Reading
By
- Jessica Davis
News 28 Jul 2020
Lifespan to Pay OCR $1.04M HIPAA Penalty For Unencrypted Laptop Theft

Lifespan will pay a $1.04M civil monetary penalty over the theft of an unencrypted laptop in 2017. An OCR audit found "systemic noncompliance” with elements of the HIPAA rule. Continue Reading
By
- Jessica Davis
News 24 Jul 2020
OCR Settles with Small Provider for $25K Over Multiple HIPAA Violations

Metropolitan Community Health Services, DBA Agape Health, reported a breach affecting 1,263 patients in 2011. The OCR audit into the incident found several longstanding HIPAA violations. Continue Reading
By
- Jessica Davis
News 13 Jul 2020
SAMHSA Revises Privacy Rule 42 CFR Part 2 for Substance Use Patients

A year after asking for industry comment, HHS SAMHSA has adopted revisions to the Health Privacy Rule Part 42 CFR designed to fuel care coordination and maintain patient privacy. Continue Reading
By
- Jessica Davis
News 02 Jul 2020
$185K Proposed Settlement Reached in Grays Harbor Data Breach Lawsuit

Grays Harbor Community Hospital and Harbor Medical Group was hit with a ransomware attack in June 2019, where hackers demanded a $1 million ransom; the proposal will settle claims of negligence. Continue Reading
By
- Jessica Davis
News 01 Jul 2020
Inadequate Security, Policies Led to LifeLabs Data Breach of 15M Patients

An audit into LifeLab’s 2019 massive data breach by B.C. and Ontario privacy commissioners found the testing giant collected more PHI than necessary and lacked adequate security policies and procedures to protect patient data. Continue Reading
By
- Jessica Davis
News 29 Jun 2020
UnityPoint Health Reaches $2.8M Settlement Over 2018 Data Breach

After two years of litigation and a partial dismissal, UnityPoint Health has reached a proposed $2.8M settlement with the 1.4 million patients impacted by two phishing-related data breaches. Continue Reading
By
- Jessica Davis