HIPAA compliance and regulation
Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for safeguarding protected health information. Maintaining HIPAA compliance is essential to protecting patients and avoiding penalties and fines. Get the latest HIPAA news and learn strategies for compliance with HIPAA and other healthcare privacy and security regulations.
Top Stories
-
News
12 Jul 2024
Industry groups express concern over proposed CIRCIA reporting requirements
Industry groups such as the AHA and MGMA suggested that CISA’s proposed CIRCIA reporting requirements are redundant and burdensome for healthcare entities. Continue Reading
-
News
02 Jul 2024
OCR reaches third-ever ransomware settlement
Heritage Valley Health System will pay $950,000 and implement a corrective action plan as part of OCR’s third settlement involving ransomware. Continue Reading
-
Feature
03 May 2022
Misconceptions About HIPAA, Interoperability, Information Blocking
At the HealthITSecurity virtual summit, panelists discussed common misconceptions surrounding HIPAA, interoperability, and information blocking. Continue Reading
-
News
07 Apr 2022
OCR Seeks Public Input on Penalties, Security Measures Under HITECH
OCR issued a request for information regarding HITECH’s recognized security practices and civil monetary penalty and settlement sharing sections. Continue Reading
-
News
28 Mar 2022
OCR Announces Four HIPAA Enforcement Actions
OCR announced four HIPAA enforcement actions, two of which stemmed from OCR’s HIPAA Right of Access Initiative. Continue Reading
-
News
21 Mar 2022
EHNAC, HITRUST Partner to Promote Security, Privacy Standards
EHNAC and HITRUST announced a partnership to promote the security and privacy of trusted networks while aligning with TEFCA requirements. Continue Reading
-
Feature
11 Mar 2022
Your Responsibilities Under the HIPAA Breach Notification Rule
After experiencing a PHI breach, HIPAA-covered entities and business associates must comply with reporting requirements under the HIPAA Breach Notification Rule. Continue Reading
-
Feature
21 Feb 2022
HIPAA Technical Safeguards: A Basic Review
It’s critical to review the requirements of HIPAA technical safeguards to ensure that your healthcare organization is compliant and able to keep PHI safe. Continue Reading
-
News
18 Feb 2022
Deadline to Report PHI Breaches Impacting Less Than 500 People Nears
March 1 is the deadline to report 2021 PHI breaches impacting less than 500 people to HHS under the HIPAA Breach Notification Rule. Continue Reading
-
Feature
14 Feb 2022
What Is a HIPAA Business Associate Agreement (BAA)?
HIPAA-covered entities must have a business associate agreement (BAA) in place with each of their partners to maintain PHI security and overall HIPAA compliance. Continue Reading
-
News
11 Feb 2022
Legislators Introduce Bill to Modernize HIPAA, Health Data Privacy Laws
Two US Senators introduced the Health Data Use and Privacy Commission Act, aimed at modernizing outdated health data privacy laws. Continue Reading
-
News
07 Feb 2022
Four Ways Covered Entities Can Ensure HIPAA Compliance
Staying HIPAA compliant helps covered entities remain secure and prevent health data breaches and costly fines. Continue Reading
-
News
02 Feb 2022
GAO Seeks Feedback on Healthcare Data Breach Reporting
The Government Accountability Office (GAO) is seeking feedback from HIPAA-covered entities on the healthcare data breach reporting process. Continue Reading
-
Feature
20 Jan 2022
PCI Compliance Versus HIPAA Compliance In Healthcare
Maintaining PCI compliance and HIPAA compliance can help healthcare organizations protect all forms of patient data, from medical information to credit card numbers. Continue Reading
-
News
03 Jan 2022
How Access Monitoring Protects Providers From Health Data Breaches
Access monitoring best practices are key for healthcare organizations to prevent data breaches before they happen. Continue Reading
-
News
21 Dec 2021
OCR Issues HIPAA Guidance Surrounding Extreme Risk Protection Orders
HIPAA covered healthcare providers can disclose PHI to support an extreme risk protection order, which prevents patients in crisis from accessing firearms. Continue Reading
-
News
02 Dec 2021
OCR Settles 5 HIPAA Right of Access Cases
OCR announced the resolution of five HIPAA Right of Access cases, bringing the total number of enforcement actions to 25 since the HIPAA Right of Access Initiative began. Continue Reading
-
Feature
18 Nov 2021
How to Implement a Cyber Incident Response Plan for Healthcare
Creating a comprehensive cyber incident response plan can help healthcare organizations maintain reputation and patient safety. Continue Reading
-
News
16 Nov 2021
2 NJ Printing Companies Fined for HIPAA Violations, PHI Exposure
Two New Jersey printing companies agreed to pay $130,000 in fines for PHI exposure and potential HIPAA violations. Continue Reading
-
Feature
16 Nov 2021
Status, Challenges of Information Blocking Rule Compliance
The Information Blocking Rule compliance deadline passed in April 2021, but questions about electronic health information sharing remain. Continue Reading
-
News
25 Oct 2021
Ensuring Healthcare Industry Compliance with HIPAA in 2021
Healthcare compliance is set to change significantly with changes to HIPAA around patient access to health information and data sharing. Continue Reading
-
Feature
15 Oct 2021
De-Identification of PHI According to the HIPAA Privacy Rule
The two HHS-approved methods for the de-identification of PHI can aid in clinical research while ensuring HIPAA compliance and patient privacy. Continue Reading
-
News
11 Oct 2021
With A New Leader, OCR to Focus on Risk Analysis, HIPAA Enforcement
OCR’s appointment of a new director signifies a shift for the office and presents implications for the future of HIPAA enforcement and security and privacy regulations. Continue Reading
-
News
04 Oct 2021
OCR Clarifies HIPAA Rules Surrounding Vaccination Status
OCR issued guidance emphasizing that the HIPAA Privacy Rule does not prohibit anyone from asking an individual about their vaccination status. Continue Reading
-
News
04 Oct 2021
How Health Plans Must Prepare for Vendor Risk, Noncompliance
Covered entities and business associates must be in alignment about HIPAA compliance with new provisions coming into place Continue Reading
-
News
01 Oct 2021
CA Extends Telehealth HIPAA Penalty Exemption Until End of PHE
Governor Newsom renewed an executive order offering certain HIPAA penalty exemptions for providers who administer telehealth throughout the PHE. Continue Reading
-
Feature
17 Sep 2021
Key Differences Between PHI and PII, How They Impact HIPAA Compliance
Covered entities must understand the differences between PII and PHI to maintain HIPAA compliance and protect patient data. Continue Reading
-
News
14 Sep 2021
OCR Settles 20th HIPAA Right of Access Case With Nebraska Hospital
Children’s Hospital & Medical Center in Nebraska paid an $80,000 civil monetary penalty to resolve the twentieth case under OCR’s HIPAA Right of Access Initiative. Continue Reading
-
News
24 Aug 2021
Common Misconceptions About HIPAA and COVID-19 Vaccination Status
Asking someone about their COVID-19 vaccination status is not a HIPAA violation, despite prominent figures saying otherwise. Continue Reading
-
News
23 Aug 2021
15 Years Later, Walgreens’ HIPAA Violation Case Raises Questions
Newly obtained internal emails revealed that OCR may not have known that its investigation into a Walgreens HIPAA violation was still open 10 years later. Continue Reading
-
News
23 Aug 2021
Top HIPAA Right of Access Cases in 2021, So Far
As HIPAA turns 25, HHS’ Office of Civil Rights has been cracking down on HIPAA right of access enforcement to ensure individuals’ timely access to health records. Continue Reading
-
News
20 Aug 2021
How Do New Patient Right of Access Policies Impact HIPAA?
Recent developments in patient right of access policies have experts uncertain about the future of HIPAA and data sharing practices. Continue Reading
-
News
26 Jul 2021
LA Patient Privacy Incident Discloses COVID-19 Vaccine Status
The vaccination status of thousands of LA County employees was shared online. Continue Reading
-
News
07 Jul 2021
Data Breach Exposes One Medical Customer Email Addresses
Customers had their email addresses exposed during a recent data breach. Continue Reading
-
News
01 Jul 2021
Ohio Hospital HIPAA Violation Goes Unnoticed for Over a Decade
An employee of Aultman Health Foundation in Ohio accessed more than 7,000 EHRs over the past 12 years and was terminated for committing a HIPAA violation. Continue Reading
-
News
02 Jun 2021
OCR Settles With West Virginia-Based DELC for HIPAA Right of Access Failure
Marking the nineteenth settlement under the HIPAA Right of Access Initiative, West Virginia-based specialist DELC paid OCR a civil monetary penalty and agreed to a corrective action plan. Continue Reading
-
News
25 May 2021
GAO: Insurers Limiting Coverage in Attack-Laden Sectors, Like Healthcare
Sectors experiencing an onslaught of cyberattacks, like healthcare, are facing another concerning challenge: Cyber insurers are limiting coverage for many embattled entities, GAO finds. Continue Reading
-
News
25 May 2021
OCR Settles with AEON Clinical for $25K Over Multiple HIPAA Failures
Peachstate Health, d/b/a AEON Clinical, will pay OCR $25,000 for possible HIPAA failures, following an audit into a 2015 data breach of the VA telehealth program managed by the business associate. Continue Reading
-
News
11 May 2021
HHS’ Proposed HIPAA Right of Access Changes: CHIME, ABHW Weigh in
In response to HHS requests for comments on proposed HIPAA rule changes, CHIME and ABHW raised privacy and security concerns, including Right of Access amendments. Continue Reading
-
News
05 May 2021
NIST Seeks Feedback on Guide to Implementing HIPAA Security Rule
Industry stakeholders are being urged to comment on proposed changes to the NIST HIPAA Security Rule resource guide, including its uses and applications. Continue Reading
-
News
27 Apr 2021
Breach Victims File Class Action Lawsuit Against Einstein Healthcare
In January 2021, Einstein Healthcare began its public notifications for a weeks-long email hack that occurred nearly six months earlier. The breach victims have since filed a class action lawsuit. Continue Reading
-
Answer
07 Apr 2021
COVID-19, Info Blocking Provisions: Time for HIPAA Compliance Checkup
ONC’s info blocking provisions went into effect on April 5, about one year from the COVID-19 nation emergency declaration, stressing the need for a HIPAA compliance checkup. Continue Reading
-
News
29 Mar 2021
OCR Settles With NJ Specialist for Over HIPAA Right of Access Failure
New Jersey-based specialist Village Plastic Surgery has agreed to pay OCR $30,000 to resolve a potential violation of the HIPAA Privacy Rule’s right of access standard. Continue Reading
-
News
25 Mar 2021
Arbour Hospital Pays OCR $65K Over HIPAA Right of Access Violation
The $65,000 settlement with Arbour Hospital is the seventeenth made by OCR under its HIPAA Right of Access Initiative, an agency compliance priority. Continue Reading
-
News
09 Mar 2021
HHS Extends Comment Period for HIPAA Privacy Rule Changes
Proposed in December, the HHS amendments to the HIPAA rule are designed to improve right of access requirements. The comment period has been extended due to high public interest. Continue Reading
-
News
17 Feb 2021
Patients Sue Wilmington Surgical For Netwalker Ransomware Data Leak
A lawsuit has been filed by patients impacted by a Netwalker ransomware attack on Wilmington Surgical Associates and the subsequent leak of 13GB of data in October. Continue Reading
-
News
15 Feb 2021
$70K OCR Penalty for Sharp Health Over HIPAA Right of Access Failures
Sharp HealthCare’s $70,000 civil monetary penalty with OCR is the sixteenth enforcement action under the HIPAA Right of Access Initiative and the second announced this week. Continue Reading
-
News
11 Feb 2021
Renown Health Pays OCR $75K for HIPAA Right of Access Failure
The $75,000 settlement with Renown Health becomes the fifteenth enforcement action brought under the OCR HIPAA Right of Access Initiative since its launch in 2019. Continue Reading
-
News
01 Feb 2021
OIG: VA Staff Hid Privacy, Security Risks of AI Health Data Project
Two VA employees hid and falsely represented the privacy and security risks of an AI project with a health vendor in 2016. VA pulled the contract before health data was shared. Continue Reading
-
News
20 Jan 2021
OCR Lifts HIPAA Penalties for Use of COVID-19 Vaccine Scheduling Apps
A new OCR enforcement discretion will allow providers to use online or web-based apps for scheduling COVID-19 vaccine appointments in good faith without the risk of a HIPAA penalty. Continue Reading
-
News
15 Jan 2021
Insurer Pays $5.1M OCR Penalty for Data Breach Involving 9.3M Patients
OCR settled with insurer Excellus Health Plan for $5.1 million and a corrective action plan, to resolve potential HIPAA violations following a 2015 patient data breach. Continue Reading
-
News
15 Jan 2021
Judge Vacates $4.3M OCR Penalty Against MD Anderson Over Data Loss
The MD Anderson Cancer Center has been appealing a $4.3M OCR HIPAA penalty over lost, unencrypted devices for two years; a judge vacated an earlier ruling, reducing the penalty by a factor of 10. Continue Reading
-
News
13 Jan 2021
Banner Health to Pay OCR $200K for HIPAA Right of Access Failures
One of the largest US health systems, Banner Health, reached a $200,000 settlement with OCR to resolve two separate patient complaints that alleged right of access failures. Continue Reading
-
News
11 Jan 2021
HIPAA Safe Harbor Bill Becomes Law; Requires HHS to Incentivize Security
On January 5, the President signed the HR 7898, HIPAA Safe Harbor Bill, into law, which amends the HITECH Act to require HHS to incentivize best practice security. Continue Reading
-
News
28 Dec 2020
OCR Guide on HIPAA-Compliant PHI Disclosures Via HIEs, Amid COVID-19
Recent OCR guidance sheds light on HIPAA-permitted disclosures of protected health information via HIEs for public health activities amid COVID-19. Continue Reading
-
News
28 Dec 2020
Elite Primary Care Pays OCR $36K for HIPAA Right of Access Violation
OCR announced a $36,000 settlement and corrective action plan with Elite Primary Care to resolve a HIPAA right of access failure; the thirteenth enforcement action made under the HHS initiative. Continue Reading
-
News
18 Dec 2020
OCR: Healthcare HIPAA Compliance Report Finds PHI Security Failures
While many covered entities and business associates met HIPAA-required breach notification compliance requirements, an OCR audit revealed a host of PHI security failures for most providers. Continue Reading
-
News
17 Dec 2020
FTC Reaches Settlement with SkyMed for 2019 Consumer Data, PHI Breach
FTC reached a settlement with SkyMed requiring the vendor to build a comprehensive security program, which will resolve issues stemming from a 2019 breach of consumer data, including PHI. Continue Reading
-
News
15 Dec 2020
Health IT Groups Laud Proposed Bill Incentivizing Best Practice Security
House E&C members passed a bill that amends the HITECH Act, requiring HHS to incentivize best practice cybersecurity and consider those efforts for enforcement purposes. Continue Reading
-
News
10 Dec 2020
HHS Proposes HIPAA Privacy Rule Changes, Improving Right of Access
HHS OCR released a set of proposed changes to the HIPAA Privacy Rule, which would bolster individuals’ right of access, reduce regulatory burden, and support care coordination. Continue Reading
-
News
24 Nov 2020
Final HHS Rules Provide Safe Harbor for Cybersecurity Tech Donations
CMS and HHS OIG finalized federal anti-kickback and Stark Law rules, which included provisions allowing health systems and hospitals to donate cybersecurity technologies to provider offices. Continue Reading
-
News
24 Nov 2020
Blackbaud Faces Another Lawsuit, as More Healthcare Victims Reported
Another lawsuit has been filed against Blackbaud following its massive breach involving hundreds of companies. At least six healthcare entities were added to the breach tally this month. Continue Reading
-
News
20 Nov 2020
Ohio Medical Center Pays OCR $65K for HIPAA Right of Access Failure
OCR reached a $65,000 settlement with the University of Cincinnati Medical Center, after failing to respond to a patient’s request for access to her medical records, as required by HIPAA. Continue Reading
-
News
12 Nov 2020
NY Specialist Pays OCR $15K for HIPAA Right of Access Failures
Rajendra Bhayani, MD, a New York specialist, is the eleventh provider to settle with OCR under its Right of Access Initiative. The enforcement action will resolve possible HIPAA failures. Continue Reading
-
News
12 Nov 2020
Medical Device Vendor Zoll Sues IT Firm Over Breach Affecting 277K
Barracuda Networks is being sued by its client Zoll, a medical device vendor, after a server migration error compromised the personal and medical data of 277,139 patients in 2018. Continue Reading
-
News
06 Nov 2020
OCR Settles with Psychiatric Provider for HIPAA Right of Access Violation
Riverside Psychiatric Medical Group settles with HHS OCR to resolve a potential HIPAA Right of Access violation. The $25,000 settlement is the tenth of the OCR patient access initiative. Continue Reading
-
News
05 Nov 2020
$350K Proposed Settlement Reached in Saint Francis Data Breach Lawsuit
Saint Francis Healthcare, which owns Ferguson Medical Group (FMG), reached a $350,000 lawsuit settlement with the 107,000 patients affected by a 2019 ransomware attack on FMG. Continue Reading
-
News
03 Nov 2020
Wakefern, ShopRite Pay New Jersey $235K for Fraud Act, HIPAA Violations
New Jersey reached a settlement with Wakefern Food Corp and two associated ShopRite supermarkets for $235,000 to resolve violations of HIPAA and the NJ Consumer Fraud Act. Continue Reading
-
News
02 Nov 2020
New Haven Pays OCR $202K for PHI Breach of 498 Patients, HIPAA Failure
OCR settled with New Haven, Connecticut following the breach of 498 patients in 2017, caused by failing to implement employee termination procedures, a potential HIPAA violation. Continue Reading
-
News
28 Oct 2020
Aetna to Pay OCR $1M Over 3 Patient Data Breaches, HIPAA Violations
The insurance giant Aetna agreed to pay HHS OCR $1 million and a corrective action plan to resolve three separate HIPAA violations that caused patient data breaches. Continue Reading
-
Answer
21 Oct 2020
Ensuring Transparency: Language to Avoid in HIPAA Breach Notifications
In the wake of a breach or ransomware, healthcare entities must be transparent with patients to protect privacy, prevent further crimes, and ensure compliance in HIPAA breach notifications. Continue Reading
-
News
16 Oct 2020
3 Compliance Considerations for HIPAA-Required Breach Response
With the rise in ransomware and other sophisticated cyberattacks, it’s crucial for providers to remain compliant with HIPAA guidelines when responding to a breach. Continue Reading
-
News
12 Oct 2020
NY Spine Settles with OCR for $100K Over HIPAA Right of Access Violation
OCR announced its ninth settlement under the HIPAA Right of Access Initiative. NY Spine Medicine will pay $100,000 after failing to provide a patient timely access to her medical records. Continue Reading
-
News
08 Oct 2020
Dignity Health to Pay OCR $160K for HIPAA Right of Access Failure
OCR has reached a settlement with Dignity Health for $160,000 over a HIPAA Right of Access failure, the eighth and largest penalty under its 2019 initiative. Continue Reading
-
News
01 Oct 2020
Treasury Dept: Ransomware Payment Facilitation Could Be Sanction Risk
COVID-19 spurred an increase in ransomware attacks. The Treasury Department warns entities against facilitating ransomware payments for breach victims and possible sanction risks. Continue Reading
-
News
01 Oct 2020
Anthem Settles with 44 States for $40M Over 2014 Breach of 78.8M
The multi-state coalition of 44 states and Washington, DC reached a settlement of nearly $40 million with Anthem to resolve the 2014 healthcare data breach impacting 78.8 million patients. Continue Reading
-
News
30 Sep 2020
Blackbaud Confirms Hackers Stole Some SSNs, as Lawsuits Increase
An SEC filing reveals hackers gained access to more unencrypted data than previously thought. Some of the millions of breach victims have filed lawsuits against the vendor in response. Continue Reading
-
News
28 Sep 2020
Premera Pays OCR $6.85M to Settle HIPAA Violations, Breach of 10.4M
An OCR audit into the 2015 Premera Blue Cross healthcare data breach impacting 10.4 million patients, found systemic noncompliance with HIPAA. The insurer will pay $6.85 million to settle with OCR. Continue Reading
-
News
24 Sep 2020
OCR Settles With Business Associate CHSPSC for $2.3 Over Breach of 6M
CHSPSC, a Community Health Systems business associate, reported a breach of 6 million patients in 2019. The OCR audit found longstanding, systemic noncompliance with HIPAA. Continue Reading
-
News
21 Sep 2020
Athens Orthopedic Pays OCR $1.5M Over Systemic HIPAA Noncompliance
The notorious hacking group “thedarkoverlord” hacked the Athens Orthopedic Clinic in 2016, posting patient data online. The OCR audit that followed revealed systemic HIPAA noncompliance. Continue Reading
-
News
21 Sep 2020
Patient Breach Victims File Lawsuits Against Assured Imaging, BJC Health
Pysa ransomware hackers posted patient data from Assured Imaging online, while BJC Healthcare fell victim to a massive phishing attack; the breach victims filed lawsuits in response. Continue Reading
-
News
15 Sep 2020
HIPAA Compliance: ONC Updates Security Risk Assessment Tool
The Security Risk Assessment (SRA) tool was designed in collaboration between ONC and OCR and is designed to help healthcare entities ensure compliance with HIPAA safeguards. Continue Reading
-
News
15 Sep 2020
OCR Settles with 5 Providers Over HIPAA Right of Access Violations
OCR closed investigations into HIPAA right of access violations at Housing Works, All Inclusive Medical Services, Beth Israel Lahey Health Behavioral Services, King MD, and Wise Psychiatry. Continue Reading
-
News
08 Sep 2020
Patient Data Privacy Lawsuit Against Google, UChicago Dismissed
A Judge ruled to dismiss the patient data privacy lawsuit brought against Google and UChicago, as the patient failed to adequately demonstrate what damages were caused by the partnership. Continue Reading
-
News
26 Aug 2020
OCR: IT Asset Inventory Can Improve HIPAA-Required Risk Analysis
In its summer newsletter, OCR outlines best practice IT asset inventory steps to help healthcare entities improve their risk analysis as required under the HIPAA Security Rule. Continue Reading
-
News
28 Jul 2020
Lifespan to Pay OCR $1.04M HIPAA Penalty For Unencrypted Laptop Theft
Lifespan will pay a $1.04M civil monetary penalty over the theft of an unencrypted laptop in 2017. An OCR audit found "systemic noncompliance” with elements of the HIPAA rule. Continue Reading
-
News
24 Jul 2020
OCR Settles with Small Provider for $25K Over Multiple HIPAA Violations
Metropolitan Community Health Services, DBA Agape Health, reported a breach affecting 1,263 patients in 2011. The OCR audit into the incident found several longstanding HIPAA violations. Continue Reading
-
News
13 Jul 2020
SAMHSA Revises Privacy Rule 42 CFR Part 2 for Substance Use Patients
A year after asking for industry comment, HHS SAMHSA has adopted revisions to the Health Privacy Rule Part 42 CFR designed to fuel care coordination and maintain patient privacy. Continue Reading
-
News
02 Jul 2020
$185K Proposed Settlement Reached in Grays Harbor Data Breach Lawsuit
Grays Harbor Community Hospital and Harbor Medical Group was hit with a ransomware attack in June 2019, where hackers demanded a $1 million ransom; the proposal will settle claims of negligence. Continue Reading
-
News
01 Jul 2020
Inadequate Security, Policies Led to LifeLabs Data Breach of 15M Patients
An audit into LifeLab’s 2019 massive data breach by B.C. and Ontario privacy commissioners found the testing giant collected more PHI than necessary and lacked adequate security policies and procedures to protect patient data. Continue Reading
-
News
29 Jun 2020
UnityPoint Health Reaches $2.8M Settlement Over 2018 Data Breach
After two years of litigation and a partial dismissal, UnityPoint Health has reached a proposed $2.8M settlement with the 1.4 million patients impacted by two phishing-related data breaches. Continue Reading
-
News
23 Jun 2020
Judge Sends Episcopal Health Data Breach Lawsuit Back to State Court
Citing a lack of standing for a federal lawsuit, a New York federal judge sent a data breach lawsuit against Episcopal Health down to state court as the allegations fall under HIPAA. Continue Reading
-
News
15 Jun 2020
OCR Shares COVID-19 Guide on Contacting Patients for Blood Donations
In light of COVID-19, OCR reminds healthcare providers that HIPAA allows covered entities to contact patients recovering from the Coronavirus to inform them about blood and plasma donations. Continue Reading
-
News
12 Jun 2020
Community Care Patients Sue Accounting Firm Over Data Breach
BST, the accounting firm for Community Care Physicians, was targeted by Maze ransomware in December. One of the 170,000 patients impacted by the breach has sued BST, citing negligence. Continue Reading
-
News
03 Jun 2020
Aveanna Healthcare Faces Lawsuit Over Monthlong Data Breach
Patients have filed a lawsuit against Aveanna Healthcare over a monthlong data breach, alleging the provider lacked adequate security and failed to provide timely notice, among other claims. Continue Reading
-
News
01 Jun 2020
Crafting Successful Business Associate Agreements, Breach Response
The latest Healthcare Strategies’ podcast sheds light on needed elements for a successful business associate agreement, including breach response, with Impact Advisors’ Shefali Mookencherry. Continue Reading
-
News
11 May 2020
Zoom Settles with NY AG Over COVID-19-Related Privacy, Security Issues
As COVID-19 drove Zoom participation up 2,000 percent, reports found serious privacy and security risks in the platform; the New York AG settlement will enforce security controls requirements. Continue Reading
-
Feature
08 May 2020
Insights into HHS COVID-19 HIPAA Waivers and Lasting Implications
HHS and OCR have issued several COVID-19 HIPAA waivers around telehealth and data sharing amid the pandemic. But it’s crucial providers keep privacy and security in focus. Continue Reading
-
News
06 May 2020
COVID-19: OCR Reminds Providers of Media Access Restrictions to PHI
Even during the COVID-19 emergency, OCR reminds providers that HIPAA restricts the media and film crews from accessing areas where PHI could be accessible without patient authorization. Continue Reading
-
News
05 May 2020
LabCorp Hit with Shareholder Lawsuit Over 2 Separate Data Breaches
Following a second breach in less than a year, a LabCorp shareholder is suing the testing giant in an attempt to recoup share value losses. Continue Reading
-
News
01 May 2020
Ciitizen: ‘Significant Improvement’ in HIPAA Right of Access Compliance
The third version of Ciitizen’s Patient Record Scorecard, evaluating providers on their compliance with the HIPAA Privacy Rule's Right of Access, saw ‘significant improvement’ from the initial reports. Continue Reading
-
News
13 Apr 2020
OCR Lifts HIPAA Penalties for COVID-19 Community-Based Testing Sites
In the latest move to support the COVID-19 response, OCR announced it will lift penalties around HIPAA noncompliance for Community-Based Testing Sites during the pandemic. Continue Reading