HIPAA compliance and regulation

Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for safeguarding protected health information. Maintaining HIPAA compliance is essential to protecting patients and avoiding penalties and fines. Get the latest HIPAA news and learn strategies for compliance with HIPAA and other healthcare privacy and security regulations.

Top Stories

News 12 Jul 2024
Industry groups express concern over proposed CIRCIA reporting requirements

Industry groups such as the AHA and MGMA suggested that CISA’s proposed CIRCIA reporting requirements are redundant and burdensome for healthcare entities. Continue Reading
News 02 Jul 2024
OCR reaches third-ever ransomware settlement

Heritage Valley Health System will pay $950,000 and implement a corrective action plan as part of OCR’s third settlement involving ransomware. Continue Reading

Feature 03 May 2022

Misconceptions About HIPAA, Interoperability, Information Blocking

At the HealthITSecurity virtual summit, panelists discussed common misconceptions surrounding HIPAA, interoperability, and information blocking. Continue Reading
News 07 Apr 2022

OCR Seeks Public Input on Penalties, Security Measures Under HITECH

OCR issued a request for information regarding HITECH’s recognized security practices and civil monetary penalty and settlement sharing sections. Continue Reading
News 28 Mar 2022

OCR Announces Four HIPAA Enforcement Actions

OCR announced four HIPAA enforcement actions, two of which stemmed from OCR’s HIPAA Right of Access Initiative. Continue Reading
News 21 Mar 2022

EHNAC, HITRUST Partner to Promote Security, Privacy Standards

EHNAC and HITRUST announced a partnership to promote the security and privacy of trusted networks while aligning with TEFCA requirements. Continue Reading
Feature 11 Mar 2022

Your Responsibilities Under the HIPAA Breach Notification Rule

After experiencing a PHI breach, HIPAA-covered entities and business associates must comply with reporting requirements under the HIPAA Breach Notification Rule. Continue Reading
Feature 21 Feb 2022

HIPAA Technical Safeguards: A Basic Review

It’s critical to review the requirements of HIPAA technical safeguards to ensure that your healthcare organization is compliant and able to keep PHI safe. Continue Reading
News 18 Feb 2022

Deadline to Report PHI Breaches Impacting Less Than 500 People Nears

March 1 is the deadline to report 2021 PHI breaches impacting less than 500 people to HHS under the HIPAA Breach Notification Rule. Continue Reading
Feature 14 Feb 2022

What Is a HIPAA Business Associate Agreement (BAA)?

HIPAA-covered entities must have a business associate agreement (BAA) in place with each of their partners to maintain PHI security and overall HIPAA compliance. Continue Reading
News 11 Feb 2022

Legislators Introduce Bill to Modernize HIPAA, Health Data Privacy Laws

Two US Senators introduced the Health Data Use and Privacy Commission Act, aimed at modernizing outdated health data privacy laws. Continue Reading
News 07 Feb 2022

Four Ways Covered Entities Can Ensure HIPAA Compliance

Staying HIPAA compliant helps covered entities remain secure and prevent health data breaches and costly fines. Continue Reading
News 02 Feb 2022

GAO Seeks Feedback on Healthcare Data Breach Reporting

The Government Accountability Office (GAO) is seeking feedback from HIPAA-covered entities on the healthcare data breach reporting process. Continue Reading
Feature 20 Jan 2022

PCI Compliance Versus HIPAA Compliance In Healthcare

Maintaining PCI compliance and HIPAA compliance can help healthcare organizations protect all forms of patient data, from medical information to credit card numbers. Continue Reading
News 03 Jan 2022

How Access Monitoring Protects Providers From Health Data Breaches

Access monitoring best practices are key for healthcare organizations to prevent data breaches before they happen. Continue Reading
News 21 Dec 2021

OCR Issues HIPAA Guidance Surrounding Extreme Risk Protection Orders

HIPAA covered healthcare providers can disclose PHI to support an extreme risk protection order, which prevents patients in crisis from accessing firearms. Continue Reading
News 02 Dec 2021

OCR Settles 5 HIPAA Right of Access Cases

OCR announced the resolution of five HIPAA Right of Access cases, bringing the total number of enforcement actions to 25 since the HIPAA Right of Access Initiative began. Continue Reading
Feature 18 Nov 2021

How to Implement a Cyber Incident Response Plan for Healthcare

Creating a comprehensive cyber incident response plan can help healthcare organizations maintain reputation and patient safety. Continue Reading
News 16 Nov 2021

2 NJ Printing Companies Fined for HIPAA Violations, PHI Exposure

Two New Jersey printing companies agreed to pay $130,000 in fines for PHI exposure and potential HIPAA violations. Continue Reading
Feature 16 Nov 2021

Status, Challenges of Information Blocking Rule Compliance

The Information Blocking Rule compliance deadline passed in April 2021, but questions about electronic health information sharing remain. Continue Reading
News 25 Oct 2021

Ensuring Healthcare Industry Compliance with HIPAA in 2021

Healthcare compliance is set to change significantly with changes to HIPAA around patient access to health information and data sharing. Continue Reading
Feature 15 Oct 2021

De-Identification of PHI According to the HIPAA Privacy Rule

The two HHS-approved methods for the de-identification of PHI can aid in clinical research while ensuring HIPAA compliance and patient privacy. Continue Reading
News 11 Oct 2021

With A New Leader, OCR to Focus on Risk Analysis, HIPAA Enforcement

OCR’s appointment of a new director signifies a shift for the office and presents implications for the future of HIPAA enforcement and security and privacy regulations. Continue Reading
News 04 Oct 2021

OCR Clarifies HIPAA Rules Surrounding Vaccination Status

OCR issued guidance emphasizing that the HIPAA Privacy Rule does not prohibit anyone from asking an individual about their vaccination status. Continue Reading
News 04 Oct 2021

How Health Plans Must Prepare for Vendor Risk, Noncompliance

Covered entities and business associates must be in alignment about HIPAA compliance with new provisions coming into place Continue Reading
News 01 Oct 2021

CA Extends Telehealth HIPAA Penalty Exemption Until End of PHE

Governor Newsom renewed an executive order offering certain HIPAA penalty exemptions for providers who administer telehealth throughout the PHE. Continue Reading
Feature 17 Sep 2021

Key Differences Between PHI and PII, How They Impact HIPAA Compliance

Covered entities must understand the differences between PII and PHI to maintain HIPAA compliance and protect patient data. Continue Reading
News 14 Sep 2021

OCR Settles 20th HIPAA Right of Access Case With Nebraska Hospital

Children’s Hospital & Medical Center in Nebraska paid an $80,000 civil monetary penalty to resolve the twentieth case under OCR’s HIPAA Right of Access Initiative. Continue Reading
News 24 Aug 2021

Common Misconceptions About HIPAA and COVID-19 Vaccination Status

Asking someone about their COVID-19 vaccination status is not a HIPAA violation, despite prominent figures saying otherwise. Continue Reading
News 23 Aug 2021

15 Years Later, Walgreens’ HIPAA Violation Case Raises Questions

Newly obtained internal emails revealed that OCR may not have known that its investigation into a Walgreens HIPAA violation was still open 10 years later. Continue Reading
News 23 Aug 2021

Top HIPAA Right of Access Cases in 2021, So Far

As HIPAA turns 25, HHS’ Office of Civil Rights has been cracking down on HIPAA right of access enforcement to ensure individuals’ timely access to health records. Continue Reading
News 20 Aug 2021

How Do New Patient Right of Access Policies Impact HIPAA?

Recent developments in patient right of access policies have experts uncertain about the future of HIPAA and data sharing practices. Continue Reading
News 26 Jul 2021

LA Patient Privacy Incident Discloses COVID-19 Vaccine Status

The vaccination status of thousands of LA County employees was shared online. Continue Reading
News 07 Jul 2021

Data Breach Exposes One Medical Customer Email Addresses

Customers had their email addresses exposed during a recent data breach. Continue Reading
News 01 Jul 2021

Ohio Hospital HIPAA Violation Goes Unnoticed for Over a Decade

An employee of Aultman Health Foundation in Ohio accessed more than 7,000 EHRs over the past 12 years and was terminated for committing a HIPAA violation. Continue Reading
News 02 Jun 2021

OCR Settles With West Virginia-Based DELC for HIPAA Right of Access Failure

Marking the nineteenth settlement under the HIPAA Right of Access Initiative, West Virginia-based specialist DELC paid OCR a civil monetary penalty and agreed to a corrective action plan. Continue Reading
News 25 May 2021

GAO: Insurers Limiting Coverage in Attack-Laden Sectors, Like Healthcare

Sectors experiencing an onslaught of cyberattacks, like healthcare, are facing another concerning challenge: Cyber insurers are limiting coverage for many embattled entities, GAO finds. Continue Reading
News 25 May 2021

OCR Settles with AEON Clinical for $25K Over Multiple HIPAA Failures

Peachstate Health, d/b/a AEON Clinical, will pay OCR $25,000 for possible HIPAA failures, following an audit into a 2015 data breach of the VA telehealth program managed by the business associate. Continue Reading
News 11 May 2021

HHS’ Proposed HIPAA Right of Access Changes: CHIME, ABHW Weigh in

In response to HHS requests for comments on proposed HIPAA rule changes, CHIME and ABHW raised privacy and security concerns, including Right of Access amendments. Continue Reading
News 05 May 2021

NIST Seeks Feedback on Guide to Implementing HIPAA Security Rule

Industry stakeholders are being urged to comment on proposed changes to the NIST HIPAA Security Rule resource guide, including its uses and applications. Continue Reading
News 27 Apr 2021

Breach Victims File Class Action Lawsuit Against Einstein Healthcare

In January 2021, Einstein Healthcare began its public notifications for a weeks-long email hack that occurred nearly six months earlier. The breach victims have since filed a class action lawsuit. Continue Reading
Answer 07 Apr 2021

COVID-19, Info Blocking Provisions: Time for HIPAA Compliance Checkup

ONC’s info blocking provisions went into effect on April 5, about one year from the COVID-19 nation emergency declaration, stressing the need for a HIPAA compliance checkup. Continue Reading
News 29 Mar 2021

OCR Settles With NJ Specialist for Over HIPAA Right of Access Failure

New Jersey-based specialist Village Plastic Surgery has agreed to pay OCR $30,000 to resolve a potential violation of the HIPAA Privacy Rule’s right of access standard. Continue Reading
News 25 Mar 2021

Arbour Hospital Pays OCR $65K Over HIPAA Right of Access Violation

The $65,000 settlement with Arbour Hospital is the seventeenth made by OCR under its HIPAA Right of Access Initiative, an agency compliance priority. Continue Reading
News 09 Mar 2021

HHS Extends Comment Period for HIPAA Privacy Rule Changes

Proposed in December, the HHS amendments to the HIPAA rule are designed to improve right of access requirements. The comment period has been extended due to high public interest. Continue Reading
News 17 Feb 2021

Patients Sue Wilmington Surgical For Netwalker Ransomware Data Leak

A lawsuit has been filed by patients impacted by a Netwalker ransomware attack on Wilmington Surgical Associates and the subsequent leak of 13GB of data in October. Continue Reading
News 15 Feb 2021

$70K OCR Penalty for Sharp Health Over HIPAA Right of Access Failures

Sharp HealthCare’s $70,000 civil monetary penalty with OCR is the sixteenth enforcement action under the HIPAA Right of Access Initiative and the second announced this week. Continue Reading
News 11 Feb 2021

Renown Health Pays OCR $75K for HIPAA Right of Access Failure

The $75,000 settlement with Renown Health becomes the fifteenth enforcement action brought under the OCR HIPAA Right of Access Initiative since its launch in 2019. Continue Reading
News 01 Feb 2021

OIG: VA Staff Hid Privacy, Security Risks of AI Health Data Project

Two VA employees hid and falsely represented the privacy and security risks of an AI project with a health vendor in 2016. VA pulled the contract before health data was shared. Continue Reading
News 20 Jan 2021

OCR Lifts HIPAA Penalties for Use of COVID-19 Vaccine Scheduling Apps

A new OCR enforcement discretion will allow providers to use online or web-based apps for scheduling COVID-19 vaccine appointments in good faith without the risk of a HIPAA penalty. Continue Reading
News 15 Jan 2021

Insurer Pays $5.1M OCR Penalty for Data Breach Involving 9.3M Patients

OCR settled with insurer Excellus Health Plan for $5.1 million and a corrective action plan, to resolve potential HIPAA violations following a 2015 patient data breach. Continue Reading
News 15 Jan 2021

Judge Vacates $4.3M OCR Penalty Against MD Anderson Over Data Loss

The MD Anderson Cancer Center has been appealing a $4.3M OCR HIPAA penalty over lost, unencrypted devices for two years; a judge vacated an earlier ruling, reducing the penalty by a factor of 10. Continue Reading
News 13 Jan 2021

Banner Health to Pay OCR $200K for HIPAA Right of Access Failures

One of the largest US health systems, Banner Health, reached a $200,000 settlement with OCR to resolve two separate patient complaints that alleged right of access failures. Continue Reading
News 11 Jan 2021

HIPAA Safe Harbor Bill Becomes Law; Requires HHS to Incentivize Security

On January 5, the President signed the HR 7898, HIPAA Safe Harbor Bill, into law, which amends the HITECH Act to require HHS to incentivize best practice security. Continue Reading
News 28 Dec 2020

OCR Guide on HIPAA-Compliant PHI Disclosures Via HIEs, Amid COVID-19

Recent OCR guidance sheds light on HIPAA-permitted disclosures of protected health information via HIEs for public health activities amid COVID-19. Continue Reading
News 28 Dec 2020

Elite Primary Care Pays OCR $36K for HIPAA Right of Access Violation

OCR announced a $36,000 settlement and corrective action plan with Elite Primary Care to resolve a HIPAA right of access failure; the thirteenth enforcement action made under the HHS initiative. Continue Reading
News 18 Dec 2020

OCR: Healthcare HIPAA Compliance Report Finds PHI Security Failures

While many covered entities and business associates met HIPAA-required breach notification compliance requirements, an OCR audit revealed a host of PHI security failures for most providers. Continue Reading
News 17 Dec 2020

FTC Reaches Settlement with SkyMed for 2019 Consumer Data, PHI Breach

FTC reached a settlement with SkyMed requiring the vendor to build a comprehensive security program, which will resolve issues stemming from a 2019 breach of consumer data, including PHI. Continue Reading
News 15 Dec 2020

Health IT Groups Laud Proposed Bill Incentivizing Best Practice Security

House E&C members passed a bill that amends the HITECH Act, requiring HHS to incentivize best practice cybersecurity and consider those efforts for enforcement purposes. Continue Reading
News 10 Dec 2020

HHS Proposes HIPAA Privacy Rule Changes, Improving Right of Access

HHS OCR released a set of proposed changes to the HIPAA Privacy Rule, which would bolster individuals’ right of access, reduce regulatory burden, and support care coordination. Continue Reading
News 24 Nov 2020

Final HHS Rules Provide Safe Harbor for Cybersecurity Tech Donations

CMS and HHS OIG finalized federal anti-kickback and Stark Law rules, which included provisions allowing health systems and hospitals to donate cybersecurity technologies to provider offices. Continue Reading
News 24 Nov 2020

Blackbaud Faces Another Lawsuit, as More Healthcare Victims Reported

Another lawsuit has been filed against Blackbaud following its massive breach involving hundreds of companies. At least six healthcare entities were added to the breach tally this month. Continue Reading
News 20 Nov 2020

Ohio Medical Center Pays OCR $65K for HIPAA Right of Access Failure

OCR reached a $65,000 settlement with the University of Cincinnati Medical Center, after failing to respond to a patient’s request for access to her medical records, as required by HIPAA. Continue Reading
News 12 Nov 2020

NY Specialist Pays OCR $15K for HIPAA Right of Access Failures

Rajendra Bhayani, MD, a New York specialist, is the eleventh provider to settle with OCR under its Right of Access Initiative. The enforcement action will resolve possible HIPAA failures. Continue Reading
News 12 Nov 2020

Medical Device Vendor Zoll Sues IT Firm Over Breach Affecting 277K

Barracuda Networks is being sued by its client Zoll, a medical device vendor, after a server migration error compromised the personal and medical data of 277,139 patients in 2018. Continue Reading
News 06 Nov 2020

OCR Settles with Psychiatric Provider for HIPAA Right of Access Violation

Riverside Psychiatric Medical Group settles with HHS OCR to resolve a potential HIPAA Right of Access violation. The $25,000 settlement is the tenth of the OCR patient access initiative. Continue Reading
News 05 Nov 2020

$350K Proposed Settlement Reached in Saint Francis Data Breach Lawsuit

Saint Francis Healthcare, which owns Ferguson Medical Group (FMG), reached a $350,000 lawsuit settlement with the 107,000 patients affected by a 2019 ransomware attack on FMG. Continue Reading
News 03 Nov 2020

Wakefern, ShopRite Pay New Jersey $235K for Fraud Act, HIPAA Violations

New Jersey reached a settlement with Wakefern Food Corp and two associated ShopRite supermarkets for $235,000 to resolve violations of HIPAA and the NJ Consumer Fraud Act. Continue Reading
News 02 Nov 2020

New Haven Pays OCR $202K for PHI Breach of 498 Patients, HIPAA Failure

OCR settled with New Haven, Connecticut following the breach of 498 patients in 2017, caused by failing to implement employee termination procedures, a potential HIPAA violation. Continue Reading
News 28 Oct 2020

Aetna to Pay OCR $1M Over 3 Patient Data Breaches, HIPAA Violations

The insurance giant Aetna agreed to pay HHS OCR $1 million and a corrective action plan to resolve three separate HIPAA violations that caused patient data breaches. Continue Reading
Answer 21 Oct 2020

Ensuring Transparency: Language to Avoid in HIPAA Breach Notifications

In the wake of a breach or ransomware, healthcare entities must be transparent with patients to protect privacy, prevent further crimes, and ensure compliance in HIPAA breach notifications. Continue Reading
News 16 Oct 2020

3 Compliance Considerations for HIPAA-Required Breach Response

With the rise in ransomware and other sophisticated cyberattacks, it’s crucial for providers to remain compliant with HIPAA guidelines when responding to a breach. Continue Reading
News 12 Oct 2020

NY Spine Settles with OCR for $100K Over HIPAA Right of Access Violation

OCR announced its ninth settlement under the HIPAA Right of Access Initiative. NY Spine Medicine will pay $100,000 after failing to provide a patient timely access to her medical records. Continue Reading
News 08 Oct 2020

Dignity Health to Pay OCR $160K for HIPAA Right of Access Failure

OCR has reached a settlement with Dignity Health for $160,000 over a HIPAA Right of Access failure, the eighth and largest penalty under its 2019 initiative. Continue Reading
News 01 Oct 2020

Treasury Dept: Ransomware Payment Facilitation Could Be Sanction Risk

COVID-19 spurred an increase in ransomware attacks. The Treasury Department warns entities against facilitating ransomware payments for breach victims and possible sanction risks. Continue Reading
News 01 Oct 2020

Anthem Settles with 44 States for $40M Over 2014 Breach of 78.8M

The multi-state coalition of 44 states and Washington, DC reached a settlement of nearly $40 million with Anthem to resolve the 2014 healthcare data breach impacting 78.8 million patients. Continue Reading
News 30 Sep 2020

Blackbaud Confirms Hackers Stole Some SSNs, as Lawsuits Increase

An SEC filing reveals hackers gained access to more unencrypted data than previously thought. Some of the millions of breach victims have filed lawsuits against the vendor in response. Continue Reading
News 28 Sep 2020

Premera Pays OCR $6.85M to Settle HIPAA Violations, Breach of 10.4M

An OCR audit into the 2015 Premera Blue Cross healthcare data breach impacting 10.4 million patients, found systemic noncompliance with HIPAA. The insurer will pay $6.85 million to settle with OCR. Continue Reading
News 24 Sep 2020

OCR Settles With Business Associate CHSPSC for $2.3 Over Breach of 6M

CHSPSC, a Community Health Systems business associate, reported a breach of 6 million patients in 2019. The OCR audit found longstanding, systemic noncompliance with HIPAA. Continue Reading
News 21 Sep 2020

Athens Orthopedic Pays OCR $1.5M Over Systemic HIPAA Noncompliance

The notorious hacking group “thedarkoverlord” hacked the Athens Orthopedic Clinic in 2016, posting patient data online. The OCR audit that followed revealed systemic HIPAA noncompliance. Continue Reading
News 21 Sep 2020

Patient Breach Victims File Lawsuits Against Assured Imaging, BJC Health

Pysa ransomware hackers posted patient data from Assured Imaging online, while BJC Healthcare fell victim to a massive phishing attack; the breach victims filed lawsuits in response. Continue Reading
News 15 Sep 2020

HIPAA Compliance: ONC Updates Security Risk Assessment Tool

The Security Risk Assessment (SRA) tool was designed in collaboration between ONC and OCR and is designed to help healthcare entities ensure compliance with HIPAA safeguards. Continue Reading
News 15 Sep 2020

OCR Settles with 5 Providers Over HIPAA Right of Access Violations

OCR closed investigations into HIPAA right of access violations at Housing Works, All Inclusive Medical Services, Beth Israel Lahey Health Behavioral Services, King MD, and Wise Psychiatry. Continue Reading
News 08 Sep 2020

Patient Data Privacy Lawsuit Against Google, UChicago Dismissed

A Judge ruled to dismiss the patient data privacy lawsuit brought against Google and UChicago, as the patient failed to adequately demonstrate what damages were caused by the partnership. Continue Reading
News 26 Aug 2020

OCR: IT Asset Inventory Can Improve HIPAA-Required Risk Analysis

In its summer newsletter, OCR outlines best practice IT asset inventory steps to help healthcare entities improve their risk analysis as required under the HIPAA Security Rule. Continue Reading
News 28 Jul 2020

Lifespan to Pay OCR $1.04M HIPAA Penalty For Unencrypted Laptop Theft

Lifespan will pay a $1.04M civil monetary penalty over the theft of an unencrypted laptop in 2017. An OCR audit found "systemic noncompliance” with elements of the HIPAA rule. Continue Reading
News 24 Jul 2020

OCR Settles with Small Provider for $25K Over Multiple HIPAA Violations

Metropolitan Community Health Services, DBA Agape Health, reported a breach affecting 1,263 patients in 2011. The OCR audit into the incident found several longstanding HIPAA violations. Continue Reading
News 13 Jul 2020

SAMHSA Revises Privacy Rule 42 CFR Part 2 for Substance Use Patients

A year after asking for industry comment, HHS SAMHSA has adopted revisions to the Health Privacy Rule Part 42 CFR designed to fuel care coordination and maintain patient privacy. Continue Reading
News 02 Jul 2020

$185K Proposed Settlement Reached in Grays Harbor Data Breach Lawsuit

Grays Harbor Community Hospital and Harbor Medical Group was hit with a ransomware attack in June 2019, where hackers demanded a $1 million ransom; the proposal will settle claims of negligence. Continue Reading
News 01 Jul 2020

Inadequate Security, Policies Led to LifeLabs Data Breach of 15M Patients

An audit into LifeLab’s 2019 massive data breach by B.C. and Ontario privacy commissioners found the testing giant collected more PHI than necessary and lacked adequate security policies and procedures to protect patient data. Continue Reading
News 29 Jun 2020

UnityPoint Health Reaches $2.8M Settlement Over 2018 Data Breach

After two years of litigation and a partial dismissal, UnityPoint Health has reached a proposed $2.8M settlement with the 1.4 million patients impacted by two phishing-related data breaches. Continue Reading
News 23 Jun 2020

Judge Sends Episcopal Health Data Breach Lawsuit Back to State Court

Citing a lack of standing for a federal lawsuit, a New York federal judge sent a data breach lawsuit against Episcopal Health down to state court as the allegations fall under HIPAA. Continue Reading
News 15 Jun 2020

OCR Shares COVID-19 Guide on Contacting Patients for Blood Donations

In light of COVID-19, OCR reminds healthcare providers that HIPAA allows covered entities to contact patients recovering from the Coronavirus to inform them about blood and plasma donations. Continue Reading
News 12 Jun 2020

Community Care Patients Sue Accounting Firm Over Data Breach

BST, the accounting firm for Community Care Physicians, was targeted by Maze ransomware in December. One of the 170,000 patients impacted by the breach has sued BST, citing negligence. Continue Reading
News 03 Jun 2020

Aveanna Healthcare Faces Lawsuit Over Monthlong Data Breach

Patients have filed a lawsuit against Aveanna Healthcare over a monthlong data breach, alleging the provider lacked adequate security and failed to provide timely notice, among other claims. Continue Reading
News 01 Jun 2020

Crafting Successful Business Associate Agreements, Breach Response

The latest Healthcare Strategies’ podcast sheds light on needed elements for a successful business associate agreement, including breach response, with Impact Advisors’ Shefali Mookencherry. Continue Reading
News 11 May 2020

Zoom Settles with NY AG Over COVID-19-Related Privacy, Security Issues

As COVID-19 drove Zoom participation up 2,000 percent, reports found serious privacy and security risks in the platform; the New York AG settlement will enforce security controls requirements. Continue Reading
Feature 08 May 2020

Insights into HHS COVID-19 HIPAA Waivers and Lasting Implications

HHS and OCR have issued several COVID-19 HIPAA waivers around telehealth and data sharing amid the pandemic. But it’s crucial providers keep privacy and security in focus. Continue Reading
News 06 May 2020

COVID-19: OCR Reminds Providers of Media Access Restrictions to PHI

Even during the COVID-19 emergency, OCR reminds providers that HIPAA restricts the media and film crews from accessing areas where PHI could be accessible without patient authorization. Continue Reading
News 05 May 2020

LabCorp Hit with Shareholder Lawsuit Over 2 Separate Data Breaches

Following a second breach in less than a year, a LabCorp shareholder is suing the testing giant in an attempt to recoup share value losses. Continue Reading
News 01 May 2020

Ciitizen: ‘Significant Improvement’ in HIPAA Right of Access Compliance

The third version of Ciitizen’s Patient Record Scorecard, evaluating providers on their compliance with the HIPAA Privacy Rule's Right of Access, saw ‘significant improvement’ from the initial reports. Continue Reading
News 13 Apr 2020

OCR Lifts HIPAA Penalties for COVID-19 Community-Based Testing Sites

In the latest move to support the COVID-19 response, OCR announced it will lift penalties around HIPAA noncompliance for Community-Based Testing Sites during the pandemic. Continue Reading