Healthcare Information Security

HIPAA Administrative Safeguards

Personal Data of 200,000 Compromised by Former Employee

by Elizabeth Snell

A former employee improperly accessed the personal data of approximately 200,000 individuals. Often discussed on this website is the importance of healthcare organizations – and facilities that store individual’s healthcare information –...

Why HIPAA Administrative Safeguards Are Crucial

by Elizabeth Snell

HIPAA administrative safeguards are designed to manage the selection, development, implementation, and maintenance of security measures. These measures keep electronic protected health information (ePHI) safe and help manage a...

Does Healthcare Security Interfere with Clinical Workflow?

by Dustin Lake

Clinical workflows – an established process in a clinician’s daily activity of caring for patients – are increasingly integrating with healthcare information systems, and therefore, healthcare security.  The nation’s...

HIPAA Administrative Safeguards: A Basic Review

by Elizabeth Snell

Healthcare organizations of all sizes must remain diligent in keeping themselves HIPAA compliant, especially when it comes to technical, physical, and administrative safeguards. Data breaches can occur in a variety of ways, which is why facilities...

Data Breach News: Cone Health Mailing Error; New Calif. Law

by Patrick Ouellette

Cone Health of Greensboro, N.C. has alerted 2,076 Southeastern Heart and Vascular Center patients that their data was compromised as a result of a mailing error. reports that a clerical mistake led to letters, which included patient...

Ponemon study analyzes data breach preparedness trends

by Patrick Ouellette

The Ponemon Institute’s Second Annual Study on Data Breach Preparedness gauged 567 cross-vertical executives’ confidence in their organizations’ ability to respond to data breaches. Compared to last year’s findings, organizations...

Medical practice notifies 3,000 patients of data breach

by Patrick Ouellette

Owensboro Medical Practice is currently conducting an internal investigation into a data breach that exposed 3,000 patients’ data. There are conflicting reports on the scope, in terms of the involvement of a business associate (BA), and...

Duke Health System notifies patients of data breach

by Patrick Ouellette

Duke University Health System recently announced that it experienced a patient data breach on July 1 when an unauthorized person stole an unencrypted thumb drive from an administrative building. According to the patient notice on the Duke website,...

Children’s Mercy Hospital notifies employees of data breach

by Patrick Ouellette

Children’s Mercy Hospital of Kansas City, Mo. recently alerted 4,076 employees’ data may have been exposed in a breach involving its online scheduling application. According to the Kansas City Star, Children’s Mercy Hospital...

St. Joseph Health sends patient breach notification letters

by Patrick Ouellette

Among the items that can be lost in the mix when one healthcare organization takes over another is security and compliance. St. Joseph Health recently took over the former Redwood Regional Medical Group’s imaging center and has taken responsibility...

Access Health CT announces patient data breach

by Patrick Ouellette

The Connecticut state health insurance exchange, Access Health CT, is handling a patient data breach that occurred when its vendor Maximus’s employee lost a backpack containing 413 patients’ information in a deli. According to the...

Data breach may affect all 62,000 UPMC employees

by Patrick Ouellette

Another healthcare data breach involving employees continues to grow, as the range of employees affected by the University of Pittsburgh Medical Center (UPMC) breach has grown from a reported 27,000 to potentially all 62,000 employees, according...

Hurley Medical Center notifies employees of data breach

by Patrick Ouellette

Hurley Medical Center is in the process of dealing with an employee data breach that was a result of an error made while the organization was working to resolve payment errors with its health plan. According to, an email attachment...

ProMedica Bay Park Hospital announces data breach

by Patrick Ouellette

ProMedica Bay Park Hospital of Oregon, OH is in the process of alerting more than 500 patients that their protected health information (PHI) had been breached after an internal employee inappropriately gained access to the information. According...

L.A. County boosts encryption policies after data breach

by Patrick Ouellette

Most often out of necessity, a healthcare organization that has just endured a data breach will comprehensively review its privacy and security procedures. The most recent example of these ramped-up efforts is the ongoing Los Angeles County Department...

Elliot Hospital notifies more than 1,200 patients of breach

by Patrick Ouellette

After an Elliot Hospital employee’s car was broken into and four computer workstations were stolen from the vehicle on March 27, the hospital alerted more than 1,200 patients that their data had been exposed. Though, according to,...

Medical center not liable for breach; Humana reports breach

by Patrick Ouellette

Unencrypted devices continue to plague healthcare organizations, as healthcare insurance provider Humana is in the process of notifying 2,962 patients that an unencrypted USB drive and encrypted laptop with patient data stored on them were stolen...

HIPAA Security Rule compliance needs: Administrative safeguards

by Patrick Ouellette

The HIPAA Security Rule focuses on securing electronic protected health information (ePHI) and is essentially split into administrative, technical and physical safeguards. Seeing as New York and Presbyterian Hospital (NYP) and Columbia University...

L.A. County tacks on 3,497 patients to Sutherland data breach

by Patrick Ouellette

The patient data breach that involved Sutherland Healthcare seems to be a never-ending saga for the Los Angeles County Department of Health Services (DHS). After adding 170,200 patients to the list of those affected back in April, DHS has tacked...

Boulder Community Health reviews paper PHI record exposure

by Patrick Ouellette

After a reported HIPAA violation, Boulder Community Health (BCH) of Colorado is in the process of investigating its third patient data breach since 2008, according to The Daily Camera. The context of the breach is a bit bizarre in that, unknown...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks