HIPAA and Compliance News

Judge Vacates $4.3M OCR Penalty Against MD Anderson Over Data Loss

by

The US Court of Appeals for the Fifth Circuit has vacated the $4.3 million civil monetary penalty against the University of Texas MD Anderson Cancer Center after two years and several lost appeals. The...

Banner Health to Pay OCR $200K for HIPAA Right of Access Failures

by

The Department of Health and Human Services Office for Civil Rights reached a $200,000 civil monetary penalty and a corrective action plan with Banner Health, to resolve potential violations of the...

HIPAA Safe Harbor Bill Becomes Law; Requires HHS to Incentivize Security

by

President Donald Trump officially signed HR 7898 into law on January 5. The HIPAA Safe Harbor bill amends the HITECH act to require the Department of Health and Human Services to incentivize best...

OCR Guide on HIPAA-Compliant PHI Disclosures Via HIEs, Amid COVID-19

by

The Office for Civil Rights recently released guidance for covered entities and business associates on HIPAA-permitted disclosures of protected health information through the use of health information...

Elite Primary Care Pays OCR $36K for HIPAA Right of Access Violation

by

Elite Primary Care in Georgia has agreed to a $36,000 settlement with the Office for Civil Rights to resolve a potential violation of the HIPAA Privacy Rule's right of access...

OCR: Healthcare HIPAA Compliance Report Finds PHI Security Failures

by

The Department of Health and Human Services Office for Civil Rights released an audit report on HIPAA compliance in the sector from 2016 to 2017 based on reviews of selected healthcare covered entities...

FTC Reaches Settlement with SkyMed for 2019 Consumer Data, PHI Breach

by

The FTC reached a settlement with SkyMed that requires the Nevada-based provider of emergency services to implement a comprehensive information security program, which will resolve allegations stemming...

Health IT Groups Laud Proposed Bill Incentivizing Best Practice Security

by

Several health IT industry stakeholder groups have issued support of legislation recently passed by the House Energy and Commerce Committee. The proposed HR 7898 bill would require the Department...

HHS Proposes HIPAA Privacy Rule Changes, Improving Right of Access

by

The Department of Health and Human Services Office for Civil Rights released a set of proposed changes to the HIPAA Privacy Rule, which take aim at Right of Access rules and are designed to reduce...

Final HHS Rules Provide Safe Harbor for Cybersecurity Tech Donations

by

The Department of Health and Human Services published two final rules on Friday designed to reduce regulatory barriers and improve care coordination, which both contain safe harbor provisions that will...

Blackbaud Faces Another Lawsuit, as More Healthcare Victims Reported

by

Another class-action lawsuit has been filed against Blackbaud following a ransomware attack that breached the data of more than 10 million individuals from well over 100 companies. In recent weeks, the...

Ohio Medical Center Pays OCR $65K for HIPAA Right of Access Failure

by

The University of Cincinnati Medical Center in Ohio has agreed to a $65,000 settlement and a corrective action penalty with the Office for Civil Rights to resolve a potential violation of the...

NY Specialist Pays OCR $15K for HIPAA Right of Access Failures

by

The Office for Civil Rights announced it reached a settlement with Rajendra Bhayani, MD, a private practice otolaryngology specialist based in Regal Park, New York for $15,000 and a corrective action...

Medical Device Vendor Zoll Sues IT Firm Over Breach Affecting 277K

by

Medical device vendor Zoll filed a lawsuit with the US District Court of Massachusetts against IT service vendor Barracuda Networks, after an error during a server...

OCR Settles with Psychiatric Provider for HIPAA Right of Access Violation

by

The Department of Health and Human Services Office for Civil Rights announced it reached a $25,000 settlement with California-based Riverside Psychiatric Medical Group...

$350K Proposed Settlement Reached in Saint Francis Data Breach Lawsuit

by

Missouri-based Saint Francis Healthcare System has reached a proposed $350,000 lawsuit settlement with the patients impacted by a ransomware attack on Ferguson Medical Group (FMG). Saint Francis...

Wakefern, ShopRite Pay New Jersey $235K for Fraud Act, HIPAA Violations

by

The New Jersey Division of Consumer Affairs and NJ Attorney General Gurbir Grewal announced a settlement with Wakefern Food Corp and two associated ShopRite supermarkets to resolve...

New Haven Pays OCR $202K for PHI Breach of 498 Patients, HIPAA Failure

by

The Office for Civil Rights reached a settlement with the city of New Haven, Connecticut, including a $202,400 civil monetary penalty and a corrective action plan, following a...

Aetna to Pay OCR $1M Over 3 Patient Data Breaches, HIPAA Violations

by

The Department of Health and Human Services Office for Civil Rights announced it reached a $1 million settlement with Aetna to resolve potential HIPAA violations stemming from three...

Ensuring Transparency: Language to Avoid in HIPAA Breach Notifications

by

HIPAA-required breach notifications in the wake of a security incident continue to be an Achille’s heel for the healthcare sector. Many notices appear laden with flowery...