Healthcare Information Security

Office for Civil Rights

Mobile Security at Center of $2.5M OCR HIPAA Settlement

April 25, 2017 - The latest OCR HIPAA settlement was the first of its kind for a wireless health services provider, following allegations of ePHI disclosure due to a stolen laptop. Pennsylvania-based CardioNet provides remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias and agreed to a $2.5 million settlement. CardioNet first reported to OCR in January 2012 that a laptop...


More Articles

Mobile Security at Center of $2.5M OCR HIPAA Settlement

by Elizabeth Snell

The latest OCR HIPAA settlement was the first of its kind for a wireless health services provider, following allegations of ePHI disclosure due to a stolen laptop. Pennsylvania-based CardioNet provides remote mobile monitoring of and rapid response...

2017 OCR HIPAA Settlements Focus on Risk Analyses, Safeguards

by Elizabeth Snell

Maintaining PHI security must remain a top priority for covered entities and business associates year-round. Lackluster safeguards and irregular risk analyses can lead to potential data security issues, and even an OCR HIPAA settlement. With...

Health Center Agrees to $400K OCR HIPAA Settlement

by Elizabeth Snell

Failing to conduct a risk analysis and not implementing a corresponding risk management plan to address found risks and vulnerabilities were part of the reasoning behind the latest OCR HIPAA settlement. Metro Community Provider Network (MCPN)...

OCR Urges End-to-End Security, Verified HTTPS to Protect PHI

by Elizabeth Snell

Implementing end-to-end connection security on internet transactions using Secure Hypertext Transport Protocol (HTTPS) can help healthcare organizations better protect PHI and even detect malware, according to OCR’s latest cybersecurity...

Roger Severino Appointed Office for Civil Rights Director

by Elizabeth Snell

Roger Severino was recently appointed as the new OCR Director. At the time of publication, OCR had not yet released a statement on the move. Previously, Severino served as Director of the DeVos Center for Religion and Civil Society...

OCR Calls for Healthcare Cybersecurity Collaboration

by Elizabeth Snell

The government, private sector, and international network defense communities all need to work toward stronger collaboration and information sharing to combat the increasing amount of healthcare cybersecurity threats, the Office for Civil Rights...

Audit Controls Underlined in $5.5M OCR HIPAA Settlement

by Elizabeth Snell

UPDATE: Memorial Healthcare System sent comments to HealthITSecurity.com on February 17.  Florida-based Memorial Healthcare Systems (MHS) recently agreed to a $5.5 million OCR HIPAA settlement, stemming from incidents that were reported...

$2.2M OCR HIPAA Settlement Highlights ePHI Safeguard Need

by Elizabeth Snell

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced a HIPAA settlement stemming from allegations of a lack of ePHI safeguards. MAPFRE Life Insurance Company of Puerto Rico (MAPFRE) agreed to the...

OCR Clarifies PHI Disclosure Guidance in HIPAA Privacy Rule

by Elizabeth Snell

Partially due to legal confusion following the 2016 Orlando nightclub shooting, the Office for Civil Rights (OCR) has released an FAQ clarifying certain aspects of PHI disclosure policies with patients’ loved ones under the HIPAA Privacy...

Breach Notification Center of Presence Health HIPAA Settlement

by Elizabeth Snell

Healthcare network Presence Health recently agreed to a $475,000 OCR HIPAA settlement following a reported data breach and a subsequent delayed breach notification process. Presence submitted a breach notification report to OCR on January 31,...

Utilizing Risk Analyses for Comprehensive HIPAA Compliance

by Elizabeth Snell

As technology continues to evolve and become more intricate, covered entities and their business associates have to ensure they account for potential risk in all aspects of their organization. A key part to complete HIPAA compliance is an updated...

2016 OCR HIPAA Settlements Target Risk Analyses, Total $23.5M

by Elizabeth Snell

With 2016 winding down, covered entities and their business associates cannot ease up when it comes to protecting PHI. As the OCR HIPAA settlements from the year have shown, there has been a strong focus on healthcare organizations conducting...

OCR Warns of Phishing Scam to HIPAA Covered Entities

by Elizabeth Snell

UPDATE: OCR released an additional update on November 30 with new details regarding the phishing scam.  Employees of HIPAA covered entities and their business associates should be aware of an alleged phishing scam that is using Department...

UMass Agrees to $650K OCR HIPAA Settlement after Allegations

by Elizabeth Snell

Following alleged HIPAA violations stemming from a malware infection that potentially exposed the ePHI of 1,670 individuals, the University of Massachusetts Amherst (UMass) agreed to an OCR HIPAA settlement. Along with adhering to a corrective...

OCR HIPAA Settlements Total $13.5M, Affect Entities and BAs

by Elizabeth Snell

The Office for Civil Rights (OCR) has shown with several of its recent HIPAA settlements that both covered entities and business associates are liable for potential HIPAA violations. OCR has said that as healthcare technology continues to evolve...

OCR Newsletter Underlines Healthcare Authentication Importance

by Elizabeth Snell

One of the causes of healthcare data breaches over the past few years has been to weakened healthcare authentication measures, according to the Office for Civil Rights (OCR). As healthcare continues to be a top target for cyber attacks, organizations...

Top 4 Healthcare Data Breaches Stem from Hacking Incident

by Elizabeth Snell

While 2016 is not yet complete, there have already been approximately 250 reported cases of potential healthcare data breaches affecting more than 500 individuals submitted to the Office for Civil Rights (OCR). The majority of these incidents...

St. Joseph Health Agrees to $2.14M OCR HIPAA Settlement

by Elizabeth Snell

A health care delivery system recently agreed to an OCR HIPAA settlement following reports that it had publicly accessible files containing ePHI from 2011 to 2012. St. Joseph Health (SJH) notified OCR on February 14, 2012 that certain files containing...

OCR ‘Laser Focused’ on HIPAA Violation Complaints, Enforcement

by Elizabeth Snell

While 2015 and 2016 saw the Office for Civil Rights (OCR) enter into a record number of settlement agreements, most of its received complaints do not involve an alleged HIPAA violation, according to HHS Director Jocelyn Samuels. Healthcare technology...

Latest OCR HIPAA Settlement Highlights BAA Importance

by Elizabeth Snell

Care New England Health System (CNE) agreed to an OCR HIPAA settlement after it was found to have not had a current business associate agreement in place to keep PHI secure. Woman & Infants Hospital of Rhode Island (WIH) was a CNE covered...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks