Healthcare Information Security


HIPAA Security Rule Requires Secure Disposal of ePHI-Laden Devices

August 8, 2018 - The HIPAA Security Rule requires HIPAA covered entities and business associates to implement policies and procedures regarding the secure disposal and re-use of electronic devices and media containing ePHI so that ePHI cannot be retrieved, advised the July 2018 OCR Cybersecurity Newsletter. OCR stressed that improper disposal of electronic devices and media puts the ePHI stored on them...

More Articles

Records Containing PHI Stolen from TX Orthaepedic Facility

by Kate Monica

On December 15th, Oak Cliff Orthopaedic Associates announced a theft involving records containing personal PHI from the years 2006 to 2007. According to a report from Oak Cliff, the Lewisville Police Department has since located and...

DoD Wants Army EHR Security Audit, Security Protocol Review

by Elizabeth Snell

The Department of Defense plans to investigate whether or not the Army implemented effective security protocols to protect electronic health records through an EHR security audit, set to be performed in August 2016. The DoD Inspector...

Maryland Court Dismisses CareFirst Data Breach Lawsuit

by Elizabeth Snell

Plaintiffs in a class action lawsuit filed after the CareFirst data breach from last year failed to demonstrate sufficient standing, according to a Maryland district court. Pamela Chambliss and Scott Adamson claimed in their case against...

HHS Clarifies HIPAA Regulation Patient Right of Access Costs

by Jacqueline LaPointe

While HIPAA regulations state that patients have a right of access to their own health information, many individuals are left wondering just how much it will cost them to view their own PHI.  Fortunately, the Department of Health and...

Will Healthcare Data Encryption be Impacted by NIST Guide?

by Jacqueline LaPointe

Healthcare providers and other covered entities under HIPAA regulations may have a new resource on healthcare data encryption standards from the National Institute of Standards and Technology (NIST). NIST released the final draft of...

How HIPAA Regulations Support Quality Assessment Activities

by Elizabeth Snell

HIPAA regulations are designed to support the exchange of electronic health information in quality assessment/quality improvement and population-based activities, according to the Office of the National Coordinator for Health IT (ONC). In...

OIG: Healthcare Security Vulnerabilities at CA Facilities

by Elizabeth Snell

The Office of Inspector General (OIG) found high-risk security vulnerabilities, some of which included healthcare security issues, at three California Medicaid managed-care organizations (MCOs). The vulnerabilities raise concern over...

NY Cancer Institute ePHI Security Audit Shows Proper Policies

by Elizabeth Snell

An ePHI security audit of the Roswell Park Cancer Institute found that the organization has a strong information security program, but could still improve in its risk assessment ability, ePHI access controls, and certain technical...

PHI Security Compromised in Healthcare Data Breaches

by Elizabeth Snell

Two healthcare data breaches compromised patients’ PHI security. When healthcare organizations fail to adhere to HIPAA requirements, patients’ PHI security can become compromised. Whether employees improperly dispose of...

PHI Security Concerns Could Stop Hospital System ​Sale

by Stephanie Reardon

Eighteen members of the California Democratic Congressional Delegation have written a letter to Attorney General, Kamala D. Harris in an attempt to block Prime Healthcare from purchasing the Daughters of Charity Health system. These...

Laptop with PHI Stolen from Oregon Employee’s Car

by Elizabeth Snell

A personal laptop containing PHI was stolen from an Oregon health employee’s car while they were attending a work-related conference. Patients at an Oregon healthcare facility were notified this week that their protected health...

PHI of 2,000 Minn. Patients Accidentally Sent to Dumpsters

by Elizabeth Snell

Patients’ PHI was potentially exposed after a Minnesota facility improperly disposed of sensitive documents. A Minnesota health system is notifying approximately 2,000 patients that their protected health information (PHI) might...

How Long Can Healthcare Data Breaches Affect Facilities?

by Elizabeth Snell

Healthcare data breaches can affect organizations long after the security issue was discovered and patients were notified of the problem. Healthcare data breaches are unfortunately becoming a common scenario for hospitals, health systems...

Why Healthcare Providers Should Consider Data Encryption

by Elizabeth Snell

Healthcare Data Encryption is a crucial tool for providers as they implement BYOD policies and work to strengthen their EHR systems. Healthcare data encryption is becoming an increasingly hot topic, especially as more providers implement...

HIPAA Technical Safeguards: A Basic Review

by Elizabeth Snell

It’s critical to review the requirements of HIPAA technical safeguards to ensure that your healthcare organization is compliant and able to keep PHI safe. While no healthcare organization can guarantee that a data breach will never...

Patient Privacy, HIPAA Violation Case Argued in Calif. Court

by Elizabeth Snell

A California medical center has gone to court over accusations that it violated patient privacy by releasing a patient’s private medical information. Patient privacy rights and HIPAA compliance are taking center stage in a...

HIPAA Compliance Will Be Reviewed in OIG 2015 Work Plan

by Elizabeth Snell

The OIG released its 2015 work plan, which includes a review of hospitals’ contingency planning and if they are HIPAA compliant. The US Department of Health and Human Services Office of Inspector General (OIG) will bring a...

Five HIPAA Omnibus Compliance Myths

by Elizabeth Snell

The HIPAA Omnibus Rule was significant for the healthcare industry. Many of the rule’s stipulations drastically affected how covered entities, business associates (BAs) and subcontractors handle risk management and breach...

PHI Put At Risk after Fla. Community Center ID Theft

by Elizabeth Snell

A non-profit system of health clinics in Florida reported this week that it experienced a data breach that put patients’ PHI at risk. Jessie Trice Community Health Center announced that it was attacked by “an identity theft...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...