HIPAA compliance and regulation
Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for safeguarding protected health information. Maintaining HIPAA compliance is essential to protecting patients and avoiding penalties and fines. Get the latest HIPAA news and learn strategies for compliance with HIPAA and other healthcare privacy and security regulations.
Top Stories
-
Feature
19 Dec 2024
Top healthcare cybersecurity, privacy predictions for 2025
Healthcare cybersecurity and privacy experts predict a renewed focus on cyber-resilience, advancements in AI and additional privacy legislation going into 2025. Continue Reading
By- Jill McKeon, Associate Editor
-
News
11 Dec 2024
OCR settles with Inmediata Health over HIPAA violations
Inmediata Health paid $250K to OCR to settle potential HIPAA violations relating to a breach in which PHI was made publicly available online. Continue Reading
By- Jill McKeon, Associate Editor
-
News
21 Sep 2022
OCR Settles Three HIPAA Right of Access Cases With Dental Practices
OCR resolved three HIPAA right of access cases involving dental practices, reinforcing its commitment to ensuring timely patient access to health records. Continue Reading
By- Jill McKeon, Associate Editor
-
News
15 Sep 2022
Senators Once Again Ask HHS to Update HIPAA, Citing Patient Privacy Concerns
A group of 30 Senators urged HHS to update HIPAA, citing “widespread confusion” among healthcare providers about health privacy provisions and growing patient privacy concerns. Continue Reading
By- Jill McKeon, Associate Editor
-
News
23 Aug 2022
OCR Settles Improper PHI Disposal Case, Resolves Potential HIPAA Violation
New England Dermatology agreed to pay $300,640 to resolve a potential HIPAA violation after it threw away specimen containers labeled with PHI in an unsecured garbage bin. Continue Reading
By- Jill McKeon, Associate Editor
-
News
18 Jul 2022
OCR Settles 11 HIPAA Right of Access Cases
OCR announced the resolution of 11 HIPAA Right of Access cases to reinforce patient health record access under the HIPAA Privacy Rule. Continue Reading
By- Jill McKeon, Associate Editor
-
News
15 Jul 2022
Oklahoma State University Agrees to $875K OCR Data Breach Settlement
Oklahoma State University – Center for Health Sciences (OSU-CHS) paid $875,000 to OCR in a data breach settlement and agreed to a corrective action plan. Continue Reading
By- Jill McKeon, Associate Editor
-
News
11 Jul 2022
How Identity Management IGA Secures Protected Health Information
Identity governance and administration are essential to securing protected health information in an increasingly digital healthcare environment. Continue Reading
By- SecureLink an Imprivata Company
-
News
08 Jul 2022
Abortion Restrictions Clash With HIPAA, Patient Privacy Protections
A JAMA Health Forum article discussed the Supreme Court’s decision to overturn Roe v. Wade and how HIPAA fails to protect patient privacy in certain circumstances. Continue Reading
By- Jill McKeon, Associate Editor
-
News
07 Jul 2022
Senators Ask HHS to Update HIPAA Privacy Rule, Defend Reproductive Rights
Two US Senators penned a letter to HHS asking it to consider updates to the HIPAA Privacy Rule to safeguard reproductive rights and patient privacy. Continue Reading
By- Jill McKeon, Associate Editor
-
Answer
29 Jun 2022
How New Federal, State Laws Impact Healthcare Data Privacy
HIPAA-covered entities must navigate HIPAA compliance along with recently introduced federal and state data privacy standards, creating significant challenges and complexity. Continue Reading
By- Jill McKeon, Associate Editor
-
News
28 Jun 2022
GAO Calls on HHS to Improve Healthcare Data Breach Reporting Process
In a new report, GAO suggested that HHS improve its healthcare data breach reporting process to allow entities to provide feedback on it. Continue Reading
By- Jill McKeon, Associate Editor
-
News
15 Jun 2022
ONC, OCR Release Updated Version of HHS Security Risk Assessment (SRA) Tool
Version 3.3 of the HHS Security Risk Assessment (SRA) Tool includes a new SRA Tool Excel Workbook to replace the legacy paper version. Continue Reading
By- Jill McKeon, Associate Editor
-
News
13 Jun 2022
OCR to Release Video on HITECH Recognized Security Practices
OCR announced plans to produce a pre-recorded video presentation on HITECH recognized security practices and is seeking relevant questions and comments from covered entities. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
10 Jun 2022
Common HIPAA Administrative Safeguards Under The HIPAA Security Rule
HIPAA administrative safeguards are crucial measures that all covered entities must consider under the HIPAA Security Rule. Continue Reading
By- Editorial Staff
-
News
08 Jun 2022
CHI, MGMA Respond to OCR’s RFI On Recognized Security Practices Under HITECH
The Connected Health Initiative (CHI) and MGMA both responded to OCR’s request for information by proposing several measures to ensure the effectiveness of HITECH. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
03 Jun 2022
Common HIPAA Physical Safeguards Under The HIPAA Security Rule
HIPAA physical safeguards are crucial to protecting electronic protected health information (ePHI) and are essential to maintaining HIPAA compliance. Continue Reading
By- Editorial Staff
-
Feature
20 May 2022
What is the HIPAA Privacy Rule?
The HIPAA Privacy Rule protects patient privacy while enabling the flow of health information. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
13 May 2022
What is the HIPAA Security Rule?
The HIPAA Security Rule requires covered entities and business associates to implement technical, physical, and administrative safeguards. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
03 May 2022
Misconceptions About HIPAA, Interoperability, Information Blocking
At the HealthITSecurity virtual summit, panelists discussed common misconceptions surrounding HIPAA, interoperability, and information blocking. Continue Reading
By- Jill McKeon, Associate Editor
-
News
07 Apr 2022
OCR Seeks Public Input on Penalties, Security Measures Under HITECH
OCR issued a request for information regarding HITECH’s recognized security practices and civil monetary penalty and settlement sharing sections. Continue Reading
By- Jill McKeon, Associate Editor
-
News
28 Mar 2022
OCR Announces Four HIPAA Enforcement Actions
OCR announced four HIPAA enforcement actions, two of which stemmed from OCR’s HIPAA Right of Access Initiative. Continue Reading
By- Jill McKeon, Associate Editor
-
News
21 Mar 2022
EHNAC, HITRUST Partner to Promote Security, Privacy Standards
EHNAC and HITRUST announced a partnership to promote the security and privacy of trusted networks while aligning with TEFCA requirements. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
11 Mar 2022
Your Responsibilities Under the HIPAA Breach Notification Rule
After experiencing a PHI breach, HIPAA-covered entities and business associates must comply with reporting requirements under the HIPAA Breach Notification Rule. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
21 Feb 2022
HIPAA Technical Safeguards: A Basic Review
It’s critical to review the requirements of HIPAA technical safeguards to ensure that your healthcare organization is compliant and able to keep PHI safe. Continue Reading
By- Editorial Staff
-
News
18 Feb 2022
Deadline to Report PHI Breaches Impacting Less Than 500 People Nears
March 1 is the deadline to report 2021 PHI breaches impacting less than 500 people to HHS under the HIPAA Breach Notification Rule. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
14 Feb 2022
What Is a HIPAA Business Associate Agreement (BAA)?
HIPAA-covered entities must have a business associate agreement (BAA) in place with each of their partners to maintain PHI security and overall HIPAA compliance. Continue Reading
By- Editorial Staff
-
News
11 Feb 2022
Legislators Introduce Bill to Modernize HIPAA, Health Data Privacy Laws
Two US Senators introduced the Health Data Use and Privacy Commission Act, aimed at modernizing outdated health data privacy laws. Continue Reading
By- Jill McKeon, Associate Editor
-
News
07 Feb 2022
Four Ways Covered Entities Can Ensure HIPAA Compliance
Staying HIPAA compliant helps covered entities remain secure and prevent health data breaches and costly fines. Continue Reading
By- SecureLink an Imprivata Company
-
News
02 Feb 2022
GAO Seeks Feedback on Healthcare Data Breach Reporting
The Government Accountability Office (GAO) is seeking feedback from HIPAA-covered entities on the healthcare data breach reporting process. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
20 Jan 2022
PCI Compliance Versus HIPAA Compliance In Healthcare
Maintaining PCI compliance and HIPAA compliance can help healthcare organizations protect all forms of patient data, from medical information to credit card numbers. Continue Reading
By- Jill McKeon, Associate Editor
-
News
03 Jan 2022
How Access Monitoring Protects Providers From Health Data Breaches
Access monitoring best practices are key for healthcare organizations to prevent data breaches before they happen. Continue Reading
By- SecureLink an Imprivata Company
-
News
21 Dec 2021
OCR Issues HIPAA Guidance Surrounding Extreme Risk Protection Orders
HIPAA covered healthcare providers can disclose PHI to support an extreme risk protection order, which prevents patients in crisis from accessing firearms. Continue Reading
By- Jill McKeon, Associate Editor
-
News
02 Dec 2021
OCR Settles 5 HIPAA Right of Access Cases
OCR announced the resolution of five HIPAA Right of Access cases, bringing the total number of enforcement actions to 25 since the HIPAA Right of Access Initiative began. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
18 Nov 2021
How to Implement a Cyber Incident Response Plan for Healthcare
Creating a comprehensive cyber incident response plan can help healthcare organizations maintain reputation and patient safety. Continue Reading
By- Jill McKeon, Associate Editor
-
News
16 Nov 2021
2 NJ Printing Companies Fined for HIPAA Violations, PHI Exposure
Two New Jersey printing companies agreed to pay $130,000 in fines for PHI exposure and potential HIPAA violations. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
16 Nov 2021
Status, Challenges of Information Blocking Rule Compliance
The Information Blocking Rule compliance deadline passed in April 2021, but questions about electronic health information sharing remain. Continue Reading
By- Jill McKeon, Associate Editor
-
News
25 Oct 2021
Ensuring Healthcare Industry Compliance with HIPAA in 2021
Healthcare compliance is set to change significantly with changes to HIPAA around patient access to health information and data sharing. Continue Reading
By- SAI360
-
Feature
15 Oct 2021
De-Identification of PHI According to the HIPAA Privacy Rule
The two HHS-approved methods for the de-identification of PHI can aid in clinical research while ensuring HIPAA compliance and patient privacy. Continue Reading
By- Jill McKeon, Associate Editor
-
News
11 Oct 2021
With A New Leader, OCR to Focus on Risk Analysis, HIPAA Enforcement
OCR’s appointment of a new director signifies a shift for the office and presents implications for the future of HIPAA enforcement and security and privacy regulations. Continue Reading
By- Jill McKeon, Associate Editor
-
News
04 Oct 2021
OCR Clarifies HIPAA Rules Surrounding Vaccination Status
OCR issued guidance emphasizing that the HIPAA Privacy Rule does not prohibit anyone from asking an individual about their vaccination status. Continue Reading
By- Jill McKeon, Associate Editor
-
News
04 Oct 2021
How Health Plans Must Prepare for Vendor Risk, Noncompliance
Covered entities and business associates must be in alignment about HIPAA compliance with new provisions coming into place Continue Reading
By- SAI360
-
News
01 Oct 2021
CA Extends Telehealth HIPAA Penalty Exemption Until End of PHE
Governor Newsom renewed an executive order offering certain HIPAA penalty exemptions for providers who administer telehealth throughout the PHE. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
17 Sep 2021
Key Differences Between PHI and PII, How They Impact HIPAA Compliance
Covered entities must understand the differences between PII and PHI to maintain HIPAA compliance and protect patient data. Continue Reading
By- Jill McKeon, Associate Editor
-
News
14 Sep 2021
OCR Settles 20th HIPAA Right of Access Case With Nebraska Hospital
Children’s Hospital & Medical Center in Nebraska paid an $80,000 civil monetary penalty to resolve the twentieth case under OCR’s HIPAA Right of Access Initiative. Continue Reading
By- Jill McKeon, Associate Editor
-
News
24 Aug 2021
Common Misconceptions About HIPAA and COVID-19 Vaccination Status
Asking someone about their COVID-19 vaccination status is not a HIPAA violation, despite prominent figures saying otherwise. Continue Reading
By- Jill McKeon, Associate Editor
-
News
23 Aug 2021
15 Years Later, Walgreens’ HIPAA Violation Case Raises Questions
Newly obtained internal emails revealed that OCR may not have known that its investigation into a Walgreens HIPAA violation was still open 10 years later. Continue Reading
By- Jill McKeon, Associate Editor
-
News
23 Aug 2021
Top HIPAA Right of Access Cases in 2021, So Far
As HIPAA turns 25, HHS’ Office of Civil Rights has been cracking down on HIPAA right of access enforcement to ensure individuals’ timely access to health records. Continue Reading
By- Jill McKeon, Associate Editor
-
News
20 Aug 2021
How Do New Patient Right of Access Policies Impact HIPAA?
Recent developments in patient right of access policies have experts uncertain about the future of HIPAA and data sharing practices. Continue Reading
By- Jill McKeon, Associate Editor
-
News
26 Jul 2021
LA Patient Privacy Incident Discloses COVID-19 Vaccine Status
The vaccination status of thousands of LA County employees was shared online. Continue Reading
By- Lisa Gentes-Hunt
-
News
07 Jul 2021
Data Breach Exposes One Medical Customer Email Addresses
Customers had their email addresses exposed during a recent data breach. Continue Reading
By- Lisa Gentes-Hunt
-
News
01 Jul 2021
Ohio Hospital HIPAA Violation Goes Unnoticed for Over a Decade
An employee of Aultman Health Foundation in Ohio accessed more than 7,000 EHRs over the past 12 years and was terminated for committing a HIPAA violation. Continue Reading
By- Jill McKeon, Associate Editor
-
News
02 Jun 2021
OCR Settles With West Virginia-Based DELC for HIPAA Right of Access Failure
Marking the nineteenth settlement under the HIPAA Right of Access Initiative, West Virginia-based specialist DELC paid OCR a civil monetary penalty and agreed to a corrective action plan. Continue Reading
By- Jessica Davis
-
News
25 May 2021
GAO: Insurers Limiting Coverage in Attack-Laden Sectors, Like Healthcare
Sectors experiencing an onslaught of cyberattacks, like healthcare, are facing another concerning challenge: Cyber insurers are limiting coverage for many embattled entities, GAO finds. Continue Reading
By- Jessica Davis
-
News
25 May 2021
OCR Settles with AEON Clinical for $25K Over Multiple HIPAA Failures
Peachstate Health, d/b/a AEON Clinical, will pay OCR $25,000 for possible HIPAA failures, following an audit into a 2015 data breach of the VA telehealth program managed by the business associate. Continue Reading
By- Jessica Davis
-
News
11 May 2021
HHS’ Proposed HIPAA Right of Access Changes: CHIME, ABHW Weigh in
In response to HHS requests for comments on proposed HIPAA rule changes, CHIME and ABHW raised privacy and security concerns, including Right of Access amendments. Continue Reading
By- Jessica Davis
-
News
05 May 2021
NIST Seeks Feedback on Guide to Implementing HIPAA Security Rule
Industry stakeholders are being urged to comment on proposed changes to the NIST HIPAA Security Rule resource guide, including its uses and applications. Continue Reading
By- Jessica Davis
-
News
27 Apr 2021
Breach Victims File Class Action Lawsuit Against Einstein Healthcare
In January 2021, Einstein Healthcare began its public notifications for a weeks-long email hack that occurred nearly six months earlier. The breach victims have since filed a class action lawsuit. Continue Reading
By- Jessica Davis
-
Answer
07 Apr 2021
COVID-19, Info Blocking Provisions: Time for HIPAA Compliance Checkup
ONC’s info blocking provisions went into effect on April 5, about one year from the COVID-19 nation emergency declaration, stressing the need for a HIPAA compliance checkup. Continue Reading
By- Jessica Davis
-
News
29 Mar 2021
OCR Settles With NJ Specialist for Over HIPAA Right of Access Failure
New Jersey-based specialist Village Plastic Surgery has agreed to pay OCR $30,000 to resolve a potential violation of the HIPAA Privacy Rule’s right of access standard. Continue Reading
By- Jessica Davis
-
News
25 Mar 2021
Arbour Hospital Pays OCR $65K Over HIPAA Right of Access Violation
The $65,000 settlement with Arbour Hospital is the seventeenth made by OCR under its HIPAA Right of Access Initiative, an agency compliance priority. Continue Reading
By- Jessica Davis
-
News
09 Mar 2021
HHS Extends Comment Period for HIPAA Privacy Rule Changes
Proposed in December, the HHS amendments to the HIPAA rule are designed to improve right of access requirements. The comment period has been extended due to high public interest. Continue Reading
By- Jessica Davis
-
News
17 Feb 2021
Patients Sue Wilmington Surgical For Netwalker Ransomware Data Leak
A lawsuit has been filed by patients impacted by a Netwalker ransomware attack on Wilmington Surgical Associates and the subsequent leak of 13GB of data in October. Continue Reading
By- Jessica Davis
-
News
15 Feb 2021
$70K OCR Penalty for Sharp Health Over HIPAA Right of Access Failures
Sharp HealthCare’s $70,000 civil monetary penalty with OCR is the sixteenth enforcement action under the HIPAA Right of Access Initiative and the second announced this week. Continue Reading
By- Jessica Davis
-
News
11 Feb 2021
Renown Health Pays OCR $75K for HIPAA Right of Access Failure
The $75,000 settlement with Renown Health becomes the fifteenth enforcement action brought under the OCR HIPAA Right of Access Initiative since its launch in 2019. Continue Reading
By- Jessica Davis
-
News
01 Feb 2021
OIG: VA Staff Hid Privacy, Security Risks of AI Health Data Project
Two VA employees hid and falsely represented the privacy and security risks of an AI project with a health vendor in 2016. VA pulled the contract before health data was shared. Continue Reading
By- Jessica Davis
-
News
20 Jan 2021
OCR Lifts HIPAA Penalties for Use of COVID-19 Vaccine Scheduling Apps
A new OCR enforcement discretion will allow providers to use online or web-based apps for scheduling COVID-19 vaccine appointments in good faith without the risk of a HIPAA penalty. Continue Reading
By- Jessica Davis
-
News
15 Jan 2021
Insurer Pays $5.1M OCR Penalty for Data Breach Involving 9.3M Patients
OCR settled with insurer Excellus Health Plan for $5.1 million and a corrective action plan, to resolve potential HIPAA violations following a 2015 patient data breach. Continue Reading
By- Jessica Davis
-
News
15 Jan 2021
Judge Vacates $4.3M OCR Penalty Against MD Anderson Over Data Loss
The MD Anderson Cancer Center has been appealing a $4.3M OCR HIPAA penalty over lost, unencrypted devices for two years; a judge vacated an earlier ruling, reducing the penalty by a factor of 10. Continue Reading
By- Jessica Davis
-
News
13 Jan 2021
Banner Health to Pay OCR $200K for HIPAA Right of Access Failures
One of the largest US health systems, Banner Health, reached a $200,000 settlement with OCR to resolve two separate patient complaints that alleged right of access failures. Continue Reading
By- Jessica Davis
-
News
11 Jan 2021
HIPAA Safe Harbor Bill Becomes Law; Requires HHS to Incentivize Security
On January 5, the President signed the HR 7898, HIPAA Safe Harbor Bill, into law, which amends the HITECH Act to require HHS to incentivize best practice security. Continue Reading
By- Jessica Davis
-
News
28 Dec 2020
OCR Guide on HIPAA-Compliant PHI Disclosures Via HIEs, Amid COVID-19
Recent OCR guidance sheds light on HIPAA-permitted disclosures of protected health information via HIEs for public health activities amid COVID-19. Continue Reading
By- Jessica Davis
-
News
28 Dec 2020
Elite Primary Care Pays OCR $36K for HIPAA Right of Access Violation
OCR announced a $36,000 settlement and corrective action plan with Elite Primary Care to resolve a HIPAA right of access failure; the thirteenth enforcement action made under the HHS initiative. Continue Reading
By- Jessica Davis
-
News
18 Dec 2020
OCR: Healthcare HIPAA Compliance Report Finds PHI Security Failures
While many covered entities and business associates met HIPAA-required breach notification compliance requirements, an OCR audit revealed a host of PHI security failures for most providers. Continue Reading
By- Jessica Davis
-
News
17 Dec 2020
FTC Reaches Settlement with SkyMed for 2019 Consumer Data, PHI Breach
FTC reached a settlement with SkyMed requiring the vendor to build a comprehensive security program, which will resolve issues stemming from a 2019 breach of consumer data, including PHI. Continue Reading
By- Jessica Davis
-
News
15 Dec 2020
Health IT Groups Laud Proposed Bill Incentivizing Best Practice Security
House E&C members passed a bill that amends the HITECH Act, requiring HHS to incentivize best practice cybersecurity and consider those efforts for enforcement purposes. Continue Reading
By- Jessica Davis
-
News
10 Dec 2020
HHS Proposes HIPAA Privacy Rule Changes, Improving Right of Access
HHS OCR released a set of proposed changes to the HIPAA Privacy Rule, which would bolster individuals’ right of access, reduce regulatory burden, and support care coordination. Continue Reading
By- Jessica Davis
-
News
24 Nov 2020
Final HHS Rules Provide Safe Harbor for Cybersecurity Tech Donations
CMS and HHS OIG finalized federal anti-kickback and Stark Law rules, which included provisions allowing health systems and hospitals to donate cybersecurity technologies to provider offices. Continue Reading
By- Jessica Davis
-
News
24 Nov 2020
Blackbaud Faces Another Lawsuit, as More Healthcare Victims Reported
Another lawsuit has been filed against Blackbaud following its massive breach involving hundreds of companies. At least six healthcare entities were added to the breach tally this month. Continue Reading
By- Jessica Davis
-
News
20 Nov 2020
Ohio Medical Center Pays OCR $65K for HIPAA Right of Access Failure
OCR reached a $65,000 settlement with the University of Cincinnati Medical Center, after failing to respond to a patient’s request for access to her medical records, as required by HIPAA. Continue Reading
By- Jessica Davis
-
News
12 Nov 2020
NY Specialist Pays OCR $15K for HIPAA Right of Access Failures
Rajendra Bhayani, MD, a New York specialist, is the eleventh provider to settle with OCR under its Right of Access Initiative. The enforcement action will resolve possible HIPAA failures. Continue Reading
By- Jessica Davis
-
News
12 Nov 2020
Medical Device Vendor Zoll Sues IT Firm Over Breach Affecting 277K
Barracuda Networks is being sued by its client Zoll, a medical device vendor, after a server migration error compromised the personal and medical data of 277,139 patients in 2018. Continue Reading
By- Jessica Davis
-
News
06 Nov 2020
OCR Settles with Psychiatric Provider for HIPAA Right of Access Violation
Riverside Psychiatric Medical Group settles with HHS OCR to resolve a potential HIPAA Right of Access violation. The $25,000 settlement is the tenth of the OCR patient access initiative. Continue Reading
By- Jessica Davis
-
News
05 Nov 2020
$350K Proposed Settlement Reached in Saint Francis Data Breach Lawsuit
Saint Francis Healthcare, which owns Ferguson Medical Group (FMG), reached a $350,000 lawsuit settlement with the 107,000 patients affected by a 2019 ransomware attack on FMG. Continue Reading
By- Jessica Davis
-
News
03 Nov 2020
Wakefern, ShopRite Pay New Jersey $235K for Fraud Act, HIPAA Violations
New Jersey reached a settlement with Wakefern Food Corp and two associated ShopRite supermarkets for $235,000 to resolve violations of HIPAA and the NJ Consumer Fraud Act. Continue Reading
By- Jessica Davis
-
News
02 Nov 2020
New Haven Pays OCR $202K for PHI Breach of 498 Patients, HIPAA Failure
OCR settled with New Haven, Connecticut following the breach of 498 patients in 2017, caused by failing to implement employee termination procedures, a potential HIPAA violation. Continue Reading
By- Jessica Davis
-
News
28 Oct 2020
Aetna to Pay OCR $1M Over 3 Patient Data Breaches, HIPAA Violations
The insurance giant Aetna agreed to pay HHS OCR $1 million and a corrective action plan to resolve three separate HIPAA violations that caused patient data breaches. Continue Reading
By- Jessica Davis
-
Answer
21 Oct 2020
Ensuring Transparency: Language to Avoid in HIPAA Breach Notifications
In the wake of a breach or ransomware, healthcare entities must be transparent with patients to protect privacy, prevent further crimes, and ensure compliance in HIPAA breach notifications. Continue Reading
By- Jessica Davis
-
News
16 Oct 2020
3 Compliance Considerations for HIPAA-Required Breach Response
With the rise in ransomware and other sophisticated cyberattacks, it’s crucial for providers to remain compliant with HIPAA guidelines when responding to a breach. Continue Reading
By- Jessica Davis
-
News
12 Oct 2020
NY Spine Settles with OCR for $100K Over HIPAA Right of Access Violation
OCR announced its ninth settlement under the HIPAA Right of Access Initiative. NY Spine Medicine will pay $100,000 after failing to provide a patient timely access to her medical records. Continue Reading
By- Jessica Davis
-
News
08 Oct 2020
Dignity Health to Pay OCR $160K for HIPAA Right of Access Failure
OCR has reached a settlement with Dignity Health for $160,000 over a HIPAA Right of Access failure, the eighth and largest penalty under its 2019 initiative. Continue Reading
By- Jessica Davis
-
News
01 Oct 2020
Treasury Dept: Ransomware Payment Facilitation Could Be Sanction Risk
COVID-19 spurred an increase in ransomware attacks. The Treasury Department warns entities against facilitating ransomware payments for breach victims and possible sanction risks. Continue Reading
By- Jessica Davis
-
News
01 Oct 2020
Anthem Settles with 44 States for $40M Over 2014 Breach of 78.8M
The multi-state coalition of 44 states and Washington, DC reached a settlement of nearly $40 million with Anthem to resolve the 2014 healthcare data breach impacting 78.8 million patients. Continue Reading
By- Jessica Davis
-
News
30 Sep 2020
Blackbaud Confirms Hackers Stole Some SSNs, as Lawsuits Increase
An SEC filing reveals hackers gained access to more unencrypted data than previously thought. Some of the millions of breach victims have filed lawsuits against the vendor in response. Continue Reading
By- Jessica Davis
-
News
28 Sep 2020
Premera Pays OCR $6.85M to Settle HIPAA Violations, Breach of 10.4M
An OCR audit into the 2015 Premera Blue Cross healthcare data breach impacting 10.4 million patients, found systemic noncompliance with HIPAA. The insurer will pay $6.85 million to settle with OCR. Continue Reading
By- Jessica Davis
-
News
24 Sep 2020
OCR Settles With Business Associate CHSPSC for $2.3 Over Breach of 6M
CHSPSC, a Community Health Systems business associate, reported a breach of 6 million patients in 2019. The OCR audit found longstanding, systemic noncompliance with HIPAA. Continue Reading
By- Jessica Davis
-
News
21 Sep 2020
Athens Orthopedic Pays OCR $1.5M Over Systemic HIPAA Noncompliance
The notorious hacking group “thedarkoverlord” hacked the Athens Orthopedic Clinic in 2016, posting patient data online. The OCR audit that followed revealed systemic HIPAA noncompliance. Continue Reading
By- Jessica Davis
-
News
21 Sep 2020
Patient Breach Victims File Lawsuits Against Assured Imaging, BJC Health
Pysa ransomware hackers posted patient data from Assured Imaging online, while BJC Healthcare fell victim to a massive phishing attack; the breach victims filed lawsuits in response. Continue Reading
By- Jessica Davis
-
News
15 Sep 2020
HIPAA Compliance: ONC Updates Security Risk Assessment Tool
The Security Risk Assessment (SRA) tool was designed in collaboration between ONC and OCR and is designed to help healthcare entities ensure compliance with HIPAA safeguards. Continue Reading
By- Jessica Davis
-
News
15 Sep 2020
OCR Settles with 5 Providers Over HIPAA Right of Access Violations
OCR closed investigations into HIPAA right of access violations at Housing Works, All Inclusive Medical Services, Beth Israel Lahey Health Behavioral Services, King MD, and Wise Psychiatry. Continue Reading
By- Jessica Davis
-
News
08 Sep 2020
Patient Data Privacy Lawsuit Against Google, UChicago Dismissed
A Judge ruled to dismiss the patient data privacy lawsuit brought against Google and UChicago, as the patient failed to adequately demonstrate what damages were caused by the partnership. Continue Reading
By- Jessica Davis
-
News
26 Aug 2020
OCR: IT Asset Inventory Can Improve HIPAA-Required Risk Analysis
In its summer newsletter, OCR outlines best practice IT asset inventory steps to help healthcare entities improve their risk analysis as required under the HIPAA Security Rule. Continue Reading
By- Jessica Davis