Healthcare Information Security

HIPAA

Reviewing Concentra Health and QCA HIPAA breach CAPs

by Patrick Ouellette

We learned yesterday that two HIPAA covered entities, Concentra Health Services and QCA Health Plan, had come to individual monetary agreements with the Office for Civil Rights (OCR) to settle HIPAA violations. Those resolutions included corrective...

Concentra, QCA Health Plan agree to HIPAA breach settlements

by Patrick Ouellette

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) sent out a release today detailing two entities’ settlements for HIPAA Privacy and Security Rule violations involving unencrypted laptop thefts. According to...

Fitting the HIPAA security risk assessment tool into security plans

by Patrick Ouellette

How exactly healthcare organizations will use the recently-released HIPAA Security Risk Analysis Tool remains largely up to each organization. However, Mark Swearingen, Shareholder at Hall, Render, Killian, Heath, & Lyman, discussed with...

UPMC alerts employees of data breach, fraud activity

by Patrick Ouellette

The University of Pittsburgh Medical Center (UPMC) reported that as many as 27,000 employees’ may have been affected by a data breach it learned of in February. It appeared as though the compromised information was accessed with access...

OIG report looks into Medicaid agency HIPAA BAA compliance

by Patrick Ouellette

A recent Office of Inspector General (OIG) report concentrated on how all 56 Medicaid agencies handle outsourcing administrative functions offshore, including whether they have HIPAA business associate agreements (BAAs) in place. The OIG found...

Unifying healthcare providers’ HIPAA and fundraising needs

by Patrick Ouellette

Ensuring that privacy and security needs don’t deter from a healthcare organization’s business initiatives, and vice-versa, requires the organization to have a strong understanding of the HIPAA Omnibus rule’s terminology. For...

LewisGale Regional Health System experiences data breach

by Patrick Ouellette

LewisGale Regional Health System of Salem, Va. recently reported a multi-state data breach that affected 400 patients, 40 of which were under LewisGale’s care. The breach, wdbj7.com reported, occurred in LewisGale’s billing department...

IT security study cites healthcare insider threat concerns

by Patrick Ouellette

A recent report released by software vendor IS Decisions, The Insider Threat Security Manifesto, took an international, cross-sector look at the current state of IT security, but there were healthcare information security findings of note as...

TigerText’s HIPAA guarantee: Provider, vendor ramifications

by Patrick Ouellette

Most healthcare professionals will agree that there are more secure messaging options out there than they can count. With different vendors competing against each other for hospital and provider business with their own versions of mobile platforms...

HHS, Medscape activity offers EHR privacy, security tips

by Patrick Ouellette

As the Department of Health and Human Services (HHS) reminded the HIMSS14 audience of a few months ago, HHS has been making concerted efforts to offer providers as many HIPAA related resources as possible. One of the latest pieces of content...

University Urology of Tenn. releases data breach statement

by Patrick Ouellette

University Urology, P.C. of Knoxville, Tenn. released a statement on April 11 that detailed how 1,144 patients’ data had been exposed in 2013 and early 2014. Though the information was limited to patient names and addresses, University...

HIPAA security risk assessment tool: Small provider needs

by Patrick Ouellette

Though the Department of Health and Human Services (HHS) released its HIPAA security risk assessment tool a few weeks ago, it’s still unclear how healthcare organizations will use the tool as part of their HIPAA Security Rule compliance...

Texas nonprofit advocacy group tells 2,934 of PHI breach

by Patrick Ouellette

An Austin, Texas nonprofit advocacy group for children with developmental disabilities, EveryChild, Inc., recently announced that it has informed 2,934 families of a potential data breach, according to mysanantonio.com. The group learned of the...

Tiger Team recommends VDT access, privacy best practices

by Patrick Ouellette

Following opening remarks from National Coordinator Karen DeSalvo, the Privacy and Security Tiger Team virtually presented its family, friends and personal representative update to the HIT Policy Committee April 8, 2014. The Tiger Team had wrapped...

Healthcare CIO perspective on BYOD, security vendor selection

by Patrick Ouellette

In bringing new security technologies into a healthcare organization, from a CIO’s standpoint, there has to be the right mix of compatibility and alignment with internal policy. And in deciding which technologies and vendors would work...

La Palma Intercommunity Hospital announces 2012 data breach

by Patrick Ouellette

Following a year and a half delay, La Palma Intercommunity Hospital recently announced that it has alerted an unknown number of patients of a September 2012 internal data breach that may have compromised their data. However, according to the...

Mich. Health Dept. reveals 2,595-patient data breach

by Patrick Ouellette

The Michigan Department of Community Health (MDCH) announced on April 3 that it had experienced a patient data breach on January 30 or 31 when an encrypted laptop and unencrypted flash drive were stolen from a State Long Term Care Ombudsman’s...

Los Angeles County DHS adds 170,200 patients to breach list

by Patrick Ouellette

About a month after Los Angeles County Department of Health Services (DHS) reported a 168,000-patient data breach at its billing company, Sutherland Healthcare Solutions, it has added 170,200 patients to the breach list. According to the Los...

Orlando medical center reports flash drive data breach

by Patrick Ouellette

Orlando Health’s Arnold Palmer Medical Center recently began notifying 586 patients of a data breach that occurred on Jan. 28, 2014. According to the Orlando Sentinel report, the medical center lost a flash drive with patient data on it...

Kaiser Permanente reports 2011 research server malware attack

by Patrick Ouellette

The Kaiser Permanente Northern California Division of Research will begin notifying an unknown number of patients today of a potential data breach that (1) happened in October 2011 and (2) it learned of on Feb. 12, 2014. According to a sample...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks