HIPAA Compliance

Indiana AG Sues Healthcare Organization Over Data Breach

March 5, 2024 - Indiana Attorney General Todd Rokita filed a lawsuit against Apria Healthcare over a data breach that unfolded between April 2019 and October 2021. Apria is a leading provider of home medical equipment delivery and clinical support and serves more than two million patients across 270 locations. In September 2021, the Federal Bureau of Investigation...


More Articles

Quest Diagnostics Settles Unlawful PHI Disposal Allegations For $5M

by Jill McKeon

Quest Diagnostics reached a $5 million settlement to resolve allegations that the company illegally disposed of hazardous waste, medical waste, and protected health information (PHI) at its California...

NY AG Reaches $400K Settlement With Healthplex Over Data Breach

by Jill McKeon

New York Attorney General (NYAG) Letitia James reached a settlement with Healthplex, a large dental insurance provider, following a data breach that occurred in November 2021. Healthplex agreed to pay...

Inmediata Health Resolves Multi-State Data Breach Investigation With $1.4M Settlement

by Jill McKeon

Puerto Rico-based healthcare clearinghouse Inmediata Health agreed to a $1.4 million settlement to resolve a multi-state data breach investigation backed by 33 state attorneys general. Inmediata...

Communicating With a Patient’s Family Under the HIPAA Privacy Rule

by Jill McKeon

When disclosing protected health information (PHI) to a provider at a HIPAA-covered entity, patients likely want to ensure that their information is not being shared with everyone in the hospital waiting room. But they may want to keep...

AHA: OCR Tracking Technology Rule Violates HIPAA Regulations

by Victoria Bailey

The American Hospital Association (AHA) has urged Congress and the HHS Office for Civil Rights (OCR) to withdraw the rule related to online tracking technologies, arguing that it violates HIPAA...

Indiana AG Sues IU Health For Violating Patient Privacy of 10-Year-Old Rape Victim

by Jill McKeon

Indiana Attorney General Todd Rokita filed a lawsuit against the University of Indiana Health (IU Health) and IU Healthcare Associates over their alleged failure to safeguard patient privacy and abide...

ONC, OCR Release Security Risk Assessment Tool Version 3.4

by Jill McKeon

The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) announced the release of version 3.4 of the Security Risk Assessment (SRA) Tool,...

HHS, FTC Publish Warning Letters Sent to Healthcare Entities Over Third-Party Tracking Tech

by Jill McKeon

In a document that spans hundreds of pages, HHS and the Federal Trade Commission (FTC) published letters sent to 130 healthcare organizations regarding the security and privacy risks of third-party...

HHS, FTC Warn Hospitals and Telehealth Providers About Third-Party Tracking Tech

by Jill McKeon

The HHS Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) sent a joint letter to 130 hospitals and telehealth providers to emphasize the security and privacy risks of third-party...

Lawmakers Ask HHS to Expand Proposed HIPAA Rule, Require Warrant For PHI

by Jill McKeon

Spearheaded by United States Senators Ron Wyden (D-OR) and Patty Murray (D-WA), and US Representative Sara Jacobs (D-CA), lawmakers sent a letter to HHS Secretary Xavier Beccera urging the...

Examining Health Data Privacy, HIPAA Compliance Risks of AI Chatbots

by Jill McKeon

AI chatbots, such as Google’s Bard and OpenAI’s ChatGPT, have sparked continuous conversation and controversy since they became available to the public. In the healthcare arena, patients...

HHS Settles HIPAA Investigation With Healthcare Business Associate

by Jill McKeon

The HHS Office for Civil Rights (OCR) settled a HIPAA investigation involving iHealth Solutions (also known as Advantum Health), a healthcare business associate that provides coding, billing, and IT...

Medical Record Snooping Case Leads to $240K HIPAA Settlement

by Jill McKeon

The HHS Office for Civil Rights (OCR) reached a HIPAA settlement with Yakima Valley Memorial Hospital to resolve a medical record snooping case involving 23 security guards. Yakima Valley Memorial...

Arizona Man Pleads Guilty to Criminal HIPAA Violation

by Jill McKeon

United States District Court Senior Judge James T. Moody sentenced Rico Prunty, a 41-year-old resident of Sierra Vista, Arizona, to 54 months in prison for a criminal HIPAA violation. Prunty pleaded...

SuperCare Health Reaches $2.25M Data Breach Settlement Over Alleged Negligence

by Sarai Rodriguez

SuperCare Health has agreed to a data breach settlement totaling $2.25 million in a class-action lawsuit filed by plaintiff Vickey Angulo and class members, who alleged the organization’s...

Data Breach Lawsuits Tied to Tracking Pixel Use On the Rise In Healthcare

by Jill McKeon

As data breach notifications tied to the use of tracking pixels continue to surface, experts have observed a wave of lawsuits following close behind. BakerHostetler observed more than 50 lawsuits being...

Ex-Methodist Staff Plead Guilty to Illegal PHI Exposure in HIPAA Violation Case

by Sarai Rodriguez

Six individuals, including five former Methodist Hospital employees, face sentencing for HIPAA violations after pleading guilty to the unauthorized disclosure of personal health information (PHI)...

Pandemic-Era Telehealth Rules Set to Expire in May, Shifting HIPAA Compliance Obligations

by Jill McKeon

The COVID-19 public health emergency (PHE) is set to end on May 11, marking the expiration of many pandemic-era support programs and lighter compliance obligations. As such, the HHS Office for Civil...

Aligning Substance Abuse Confidentiality Regulations With HIPAA to Enhance Compliance

by Jill McKeon

Since 1975, the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations under 42 CFR part 2 (Part 2) have protected the confidentiality of individuals suffering from substance use disorder. These key protections aim to...