HIPAA Compliance

Health IT Groups Laud Proposed Bill Incentivizing Best Practice Security

by Jessica Davis

Several health IT industry stakeholder groups have issued support of legislation recently passed by the House Energy and Commerce Committee. The proposed HR 7898 bill would require the Department...

HHS Proposes HIPAA Privacy Rule Changes, Improving Right of Access

by Jessica Davis

The Department of Health and Human Services Office for Civil Rights released a set of proposed changes to the HIPAA Privacy Rule, which take aim at Right of Access rules and are designed to reduce...

UPDATE: The 10 Biggest Healthcare Data Breaches of 2020

by Jessica Davis

Cybersecurity proved to be a massive challenge for many in the healthcare sector in 2020 as providers worked to combat the COVID-19 crisis, while simultaneously being pummeled with targeted...

AMA Warns of Telehealth Cyber Risks, Insider Threats Tied to COVID-19

by Jessica Davis

Hospitals, health systems, and other providers should reassess their security posture in light of the COVID-19 pandemic, which has increased the number of cyber risks within the sector, such as...

Final HHS Rules Provide Safe Harbor for Cybersecurity Tech Donations

by Jessica Davis

The Department of Health and Human Services published two final rules on Friday designed to reduce regulatory barriers and improve care coordination, which both contain safe harbor provisions that will...

Blackbaud Faces Another Lawsuit, as More Healthcare Victims Reported

by Jessica Davis

Another class-action lawsuit has been filed against Blackbaud following a ransomware attack that breached the data of more than 10 million individuals from well over 100 companies. In recent weeks, the...

Ohio Medical Center Pays OCR $65K for HIPAA Right of Access Failure

by Jessica Davis

The University of Cincinnati Medical Center in Ohio has agreed to a $65,000 settlement and a corrective action penalty with the Office for Civil Rights to resolve a potential violation of the...

NY Specialist Pays OCR $15K for HIPAA Right of Access Failures

by Jessica Davis

The Office for Civil Rights announced it reached a settlement with Rajendra Bhayani, MD, a private practice otolaryngology specialist based in Regal Park, New York for $15,000 and a corrective action...

Medical Device Vendor Zoll Sues IT Firm Over Breach Affecting 277K

by Jessica Davis

Medical device vendor Zoll filed a lawsuit with the US District Court of Massachusetts against IT service vendor Barracuda Networks, after an error during a server...

OCR Settles with Psychiatric Provider for HIPAA Right of Access Violation

by Jessica Davis

The Department of Health and Human Services Office for Civil Rights announced it reached a $25,000 settlement with California-based Riverside Psychiatric Medical Group...

$350K Proposed Settlement Reached in Saint Francis Data Breach Lawsuit

by Jessica Davis

Missouri-based Saint Francis Healthcare System has reached a proposed $350,000 lawsuit settlement with the patients impacted by a ransomware attack on Ferguson Medical Group (FMG). Saint Francis...

Wakefern, ShopRite Pay New Jersey $235K for Fraud Act, HIPAA Violations

by Jessica Davis

The New Jersey Division of Consumer Affairs and NJ Attorney General Gurbir Grewal announced a settlement with Wakefern Food Corp and two associated ShopRite supermarkets to resolve...

New Haven Pays OCR $202K for PHI Breach of 498 Patients, HIPAA Failure

by Jessica Davis

The Office for Civil Rights reached a settlement with the city of New Haven, Connecticut, including a $202,400 civil monetary penalty and a corrective action plan, following a...

Aetna to Pay OCR $1M Over 3 Patient Data Breaches, HIPAA Violations

by Jessica Davis

The Department of Health and Human Services Office for Civil Rights announced it reached a $1 million settlement with Aetna to resolve potential HIPAA violations stemming from three...

Ensuring Transparency: Language to Avoid in HIPAA Breach Notifications

by Jessica Davis

HIPAA-required breach notifications in the wake of a security incident continue to be an Achille’s heel for the healthcare sector. Many notices appear laden with flowery...

3 Compliance Considerations for HIPAA-Required Breach Response

by Jessica Davis

In the wake of a breach, navigating a response to quickly eradicate the hackers from the network and reduce the impact of an attack is no easy feat. But in the healthcare sector, ensuring a...

3 Weeks After Ransomware Attack, All 400 UHS Systems Back Online

by Jessica Davis

Universal Health Services announced its IT team has brought all of the 400 US health system sites back online, three weeks after a massive ransomware attack drove clinicians...

NY Spine Settles with OCR for $100K Over HIPAA Right of Access Violation

by Jessica Davis

The Office for Civil Rights announced yet another settlement under the 2019 HIPAA Right of Access Initiative. NY Spine Medicine will pay the agency $100,000 and agreed to a corrective...

CHS Settles with 28 States for $5M Over 2014 Data Breach of 6.1M

by Jessica Davis

Tennessee-based Community Health Systems (CHS) reached a $5 million settlement with 28 states to resolve an investigation into its massive data breach that impacted 6.1 million patients...

Dignity Health to Pay OCR $160K for HIPAA Right of Access Failure

by Jessica Davis

Arizona-based Dignity Health, doing business as St. Joseph’s Hospital and Medical Center (SJHMC), has agreed to corrective actions and a $160,000 enforcement action with the...