Healthcare Information Security

HIPAA

HIPAA Security Rule Requires Secure Disposal of ePHI-Laden Devices

August 8, 2018 - The HIPAA Security Rule requires HIPAA covered entities and business associates to implement policies and procedures regarding the secure disposal and re-use of electronic devices and media containing ePHI so that ePHI cannot be retrieved, advised the July 2018 OCR Cybersecurity Newsletter. OCR stressed that improper disposal of electronic devices and media puts the ePHI stored on them...


More Articles

OCR On Pace To Assess Less Money in HIPAA Violation Fines in 2018

by Fred Donovan

OCR is on pace to conclude fewer HIPAA settlements and assess less money in HIPAA violation fines this year than in previous years, according to a report from the law firm Gibson Dunn. For the first half of this year, OCR has reported...

How Does HIPAA Apply to Wearable Health Technology?

by Fred Donovan

The use of wearable health technology is expected to expand substantially within the next few years. Wearable devices offer many health tracking capabilities, including measuring heart rate, number of steps taken per day, and glucose and...

Amazon’s Healthcare Push Could Run into HIPAA Compliance Issues

by Fred Donovan

Amazon has been expanding rapidly into the healthcare field, but its approach to patient privacy could use a lot of tweaking if the company doesn’t want to run into HIPAA compliance problems down the road. Amazon has set up a health...

Secure Healthcare Data Sharing Not a Priority for Some Workers

by Fred Donovan

Some healthcare workers don’t follow best practices for secure healthcare data sharing, according to a survey of 1,000 US workers by Igloo Software. Thirty percent of healthcare workers use non-approved apps in the workplace because...

Former UPMC Worker Indicted for HIPAA Violations

by Fred Donovan

Linda Sue Kalina, a former patient information coordinator at University of Pittsburgh Medical Center (UPMC), was indicted by a federal grand jury in Pittsburgh for HIPAA violations. The Butler County resident was charged on six counts of...

Judge Dismisses Lawsuit Charging LabCorp with HIPAA Violation

by Fred Donovan

US District Court Judge Rudolph Contreras dismissed a lawsuit by Hope Lee-Thomas accusing LabCorp of a HIPAA violation for not providing adequate privacy protections at its Providence Hospital computer intake station. Lee-Thomas argued in...

OCR Guidance Tackles PHI Research Use Under HIPAA Privacy Rule

by Fred Donovan

OCR has issued new guidance on the HIPAA Privacy Rule that explains certain requirements for an authorization to use or disclose PHI for research and clarifies aspects of the individual’s right to revoke an authorization. The...

Did EMS Worker Commit HIPAA Violation With Facebook Post?

by Fred Donovan

Did an emergency medical services (EMS) worker in Roane County, Tennessee, commit a HIPAA violation with a Facebook post that described the peculiar location of an emergency response—a chicken coop? The EMS worker was part of a...

Personal Injury Attorney Ads Could Raise Patient Privacy Issues

by Fred Donovan

In a new trend that could raise patient privacy concerns, personal injury attorneys and marketers are using geofencing technology to deliver targeted advertisements to patients’ mobile phones when they visit emergency rooms or...

HIPAA Security Rule Requires Physical Security of Equipment

by Fred Donovan

While most HIPAA Security Rule violations involve electronic data breaches, healthcare providers and business associates could also face a violation for failing to physically secure computers and other equipment holding PHI. The HIPAA...

Judge Upholds Doc’s Conviction for Criminal HIPAA Violation

by Fred Donovan

US District Judge Mark G. Mastroianni upheld May 16 a federal jury’s earlier conviction of Rita Luthra, a Springfield, Massachusetts-based gynecologist, for a criminal HIPAA violation and obstructing a criminal healthcare...

Steward Must Satisfy Jury Doc Got Sacked for HIPAA Violation

by Fred Donovan

A Massachusetts federal judge ruled May 16 that Boston-based Steward Healthcare System must convince a jury that it fired a psychiatrist for an alleged HIPAA violation, not in retaliation for his taking disability leave after contracting...

Does EHR Patient Access Fall Short of HIPAA Compliance?

by Fred Donovan

Patients and healthcare organizations face numerous challenges when providing EHR patient access for HIPAA compliance, according to a report released May 14 by the Government Accountability Office (GAO). Among the challenges faced by...

House Debates Bill to Align SUD Rules with HIPAA Privacy Rule

by Fred Donovan

Supporters and opponents of a bill that would align privacy protections for substance use disorder (SUD) patients with the HIPAA Privacy Rule faced off during a May 8 hearing of the House Energy and Commerce Committee’s health...

Massachusetts Physician Convicted of Criminal HIPAA Violation

by Fred Donovan

A federal jury has convicted Rita Luthra, a Springfield, Massachusetts-based gynecologist, of a criminal HIPAA violation and obstructing a criminal healthcare investigation, US Department of Justice (DoJ) announced April 30. DoJ alleged...

Senate Bill Has Version of Jessie’s Law, Not Aligned with HIPAA Privacy Rule

by Fred Donovan

The Senate Health, Education, Labor and Pensions Committee this week passed the Opioid Crisis Response Act of 2018 (S 2680) with a broad range of measures to combat the opioid epidemic, including a version of Jessie’s Law that allows...

73 Percent of Medical Professionals Share Passwords for EHR Access

by Kate Monica

A recent study examined the prevalence of password sharing among healthcare providers and found nearly three-quarters of surveyed medical professionals have used another staff member’s password to obtain EHR access at work. The...

CO Hospital Email Breach Possibly Exposes PHI of 3.4K Families

by Kate Monica

Children’s Hospital Colorado recently informed patients of a potential security breach possibly affecting the PHI of nearly 3,400 patient families. On July 11, 2017, Children’s Colorado discovered an employee’s email...

Tewksbury Hospital PHI Data Breach Threatens 1K Patients

by Kate Monica

Massachusetts-based Tewksbury Hospital recently discovered evidence of an incident of unauthorized EHR access potentially creating a PHI data breach. In April of 2017, a former Tewksbury Hospital patient stated an unauthorized individual...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks