Healthcare Information Security

HIPAA Compliance

OCR Levies Close to $80M in HIPAA Privacy Rule Fines

August 14, 2018 - OCR has assessed close to $80 million in fines in 55 cases of HIPAA Privacy Rule violations since the rule took effect in April 2003, according to data on the HHS website. OCR has received 184,614 HIPAA complaints and has initiated 902 compliance reviews. It has resolved 96 percent of these complaints. The data includes HIPAA complaints through June 30, 2018. The office has...


More Articles

Oklahoma Government in Row Over Alleged HIPAA Violation

by Fred Donovan

Two branches of Oklahoma’s government are embroiled in a controversy over whether the Oklahoma Department of Veterans Affairs committed a HIPAA violation when it allowed VA medical aides to access patient medical records using their...

OCR On Pace To Assess Less Money in HIPAA Violation Fines in 2018

by Fred Donovan

OCR is on pace to conclude fewer HIPAA settlements and assess less money in HIPAA violation fines this year than in previous years, according to a report from the law firm Gibson Dunn. For the first half of this year, OCR has reported...

HHS Pushes for Changes to HIPAA Privacy Rule, 42 CFR Part 2

by Fred Donovan

In the next few months, HHS plans to issue requests for information (RFIs) about changing the HIPAA Privacy Rule and 42 CFR Part 2 to make it easier for doctors, hospitals, and payers to coordinate in delivering value-based care and...

HATA Says PMS Vendors Want to Remain HIPAA Business Associates

by Fred Donovan

Currently, practice management software (PMS) vendors are considered HIPAA business associates  and therefore subject to the HIPAA Privacy and Security Rules, but not the HIPAA transactions and codes set requirements. The Healthcare...

How Does HIPAA Apply to Wearable Health Technology?

by Fred Donovan

The use of wearable health technology is expected to expand substantially within the next few years. Wearable devices offer many health tracking capabilities, including measuring heart rate, number of steps taken per day, and glucose and...

Amazon’s Healthcare Push Could Run into HIPAA Compliance Issues

by Fred Donovan

Amazon has been expanding rapidly into the healthcare field, but its approach to patient privacy could use a lot of tweaking if the company doesn’t want to run into HIPAA compliance problems down the road. Amazon has set up a health...

Secure Healthcare Data Sharing Not a Priority for Some Workers

by Fred Donovan

Some healthcare workers don’t follow best practices for secure healthcare data sharing, according to a survey of 1,000 US workers by Igloo Software. Thirty percent of healthcare workers use non-approved apps in the workplace because...

Federal Court Sides with Main Line Health in HIPAA Violation Case

by Fred Donovan

A federal court in Pennsylvania recently ruled against a Main Line Health employee who argued that her dismissal was due to age discrimination, not a HIPAA violation as the company claimed. Philadelphia-based Main Line Health Inc....

Software Patching Integral to PHI Data Security, HIPAA Compliance

by Fred Donovan

Healthcare organizations and vendors are responsible for identifying and mitigating the risks unpatched software poses to ePHI as part of their HIPAA compliance, OCR advised in its June Cybersecurity Newsletter. As part of their risk...

April Was the Cruelest Month for Healthcare Data Breaches

by Fred Donovan

April brings rain and HIPAA breaches, with April being the worst month for healthcare data breaches so far this year, according to the data posted on the OCR’s Breach Portal. For the month of April, 42 cyber incidents were reported...

Former UPMC Worker Indicted for HIPAA Violations

by Fred Donovan

Linda Sue Kalina, a former patient information coordinator at University of Pittsburgh Medical Center (UPMC), was indicted by a federal grand jury in Pittsburgh for HIPAA violations. The Butler County resident was charged on six counts of...

AHA Urges Consumer Education on HIPAA Privacy Rule and Health Apps

by Fred Donovan

The American Hospital Association (AHA) is calling on the US federal government to develop a consumer education program to make it clear that commercial providers of health apps may not be subject to the HIPAA Privacy...

Judge Dismisses Lawsuit Charging LabCorp with HIPAA Violation

by Fred Donovan

US District Court Judge Rudolph Contreras dismissed a lawsuit by Hope Lee-Thomas accusing LabCorp of a HIPAA violation for not providing adequate privacy protections at its Providence Hospital computer intake station. Lee-Thomas argued in...

Hospital Faxes Records to Wrong Person in Apparent HIPAA Violation

by Fred Donovan

OhioHealth’s Grant Medical Center has been sending faxes with patient information to the wrong person for months in an apparent HIPAA violation, reported ABC6 in Columbus, Ohio, on June 18. The information in the faxes...

House Passes Bill to Align SUD Rules with HIPAA Privacy Rule

by Fred Donovan

By a vote of 357-57, the US House passed the Overdose Prevention and Patient Safety Act (HR 6082) on June 20, which would align privacy protections for substance use disorder (SUD) patients with the HIPAA Privacy Rule. HR 6082 would...

Common Rule’s Final Version Exempts Certain HIPAA Covered Entities

by Fred Donovan

The federal government has issued the final rule for the Federal Policy for the Protection of Human Subjects, known as the Common Rule, that allows, among other things, more secondary research of EHR data by exempting low-risk studies...

WHS Suspends Dozen Employees for Alleged HIPAA Violations

by Fred Donovan

Pennsylvania-based Washington Health System (WHS) has suspended around a dozen employees for alleged HIPAA violations involving inappropriately accessing patient records in a high-profile case, the Observer-Reporter newspaper reported June...

Judge Upholds $4.3M Fines against MD Anderson for HIPAA Violations

by Fred Donovan

An HHS Administrative Law Judge (ALJ) ruled that the University of Texas MD Anderson Cancer Center (MD Anderson) must pay $4.3 million in civil money penalties for HIPAA violations. The judge backed OCR in its proposed determination,...

OCR Guidance Tackles PHI Research Use Under HIPAA Privacy Rule

by Fred Donovan

OCR has issued new guidance on the HIPAA Privacy Rule that explains certain requirements for an authorization to use or disclose PHI for research and clarifies aspects of the individual’s right to revoke an authorization. The...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks