Healthcare Information Security

HIPAA Compliance

Anthem to Pay Record $16M for HIPAA Violations Exposing 79M Records

October 16, 2018 - Anthem has agreed to pay a record $16 million, almost three times the previous highest HIPAA penalty, and to take correct actions to settle HIPAA violations that exposed the ePHI of close to 79 million people, OCR announced Oct. 15. “The largest health data breach in U.S. history fully merits the largest HIPAA settlement in history,” said OCR Director Roger Severino in...


More Articles

Azar Issues 2nd HIPAA Privacy Rule Waiver in As Many Months

by Fred Donovan

As in the case of Hurricane Florence, HHS Secretary Alex Azar has waived sanctions and penalties under certain HIPAA Privacy Rule provisions for areas impacted by Hurricane Michael. The waiver is intended to enable greater information...

Aetna Reaches Settlements with State AGs Over HIPAA Violations

by Fred Donovan

Health insurer Aetna has reached settlements with a number of state attorney generals over HIPAA violations resulting from mailings to HIV/AIDS and cardiac patients, the New Jersey attorney general announced Oct. 10. The three states and...

Hospitals Fail at HIPAA Compliance Re Medical Records Requests

by Fred Donovan

Many hospitals failed at HIPAA compliance in response to simulated patients’ requests for medical records, according to a study by Yale researchers published in the JAMA Network Open. The researchers surveyed 83 top-ranked US...

Iowa County Government Employee Alleges HIPAA Violation

by Fred Donovan

An employee of the Iowa’s Mahaska County government alleged that another employee committed a HIPAA violation when she locked a member of the public inside a building where files containing PHI were stored unsecured, the...

Congress Urged To Align 42 CFR Part 2 With HIPAA Privacy Rule

by Fred Donovan

The Partnership to Amend 42 CFR Part 2 is urging Congress to include the Overdose Prevention and Patient Safety Act (HR 6082), which would align 42 CFR Part 2 with the HIPAA Privacy Rule, in compromise opioid legislation that the House and...

UMass Memorial to Pay $230,000 for Healthcare Data Breaches

by Fred Donovan

UMass Memorial healthcare entities have agreed to pay $230,000 to the state of Massachusetts to resolve claims that two separate healthcare data breaches exposed PHI of more than 15,000 state residents. The lawsuit by the Massachusetts...

MA Physician Gets 1-Year Probation for Criminal HIPAA Violation

by Fred Donovan

Rita Luthra, a Springfield, MA-based gynecologist, was sentenced Sept. 19 to one-year probation for a criminal HIPAA violation and obstruction of a criminal healthcare investigation. In April, a jury convicted her of allowing a...

Boston Hospitals Cough Up $1M for ‘Boston Trauma’ HIPAA Violations

by Fred Donovan

OCR announced Sept. 20 that it has fined three Boston-area hospitals close to $1 million for HIPAA violations involving the filming of ABC’s TV series “Save My Life: Boston Trauma.”* OCR reached HIPAA settlements with...

Best Practices for Providers to Secure Patient Data

by Insight

The number and frequency of cyberthreats to patient data show no sign of slowing down, with hackers devoting more time and resources to stealing patient data. As a result, healthcare organizations are becoming increasingly worried about...

Azar Waives HIPAA Privacy Rule Sanctions for Hurricane Response

by Fred Donovan

HHS Secretary Alex Azar has waived sanctions and penalties under certain HIPAA Privacy Rule provisions that apply to hospitals to enable greater sharing of information in response to Hurricane Florence making landfall on the East...

Bill Would Exempt HIPAA Covered Entities from California Privacy Law

by Fred Donovan

The California legislature has passed amendments to the sweeping California Consumer Privacy Act that would, among other changes, exempt HIPAA covered entities and business associates from the state law’s requirements. It would also...

Arc of Erie County Hit With $200K Fine for HIPAA Violation

by Fred Donovan

The New York Attorney General has levied a $200,000 fine on Arc of Erie County for a HIPAA violation that exposed ePHI on 3,751 clients. The Buffalo-based nonprofit, which provides services to people with developmental disabilities,...

New PCORI Policy Has Data Rules In Line with HIPAA Regulations

by Fred Donovan

A new data sharing policy adopted by the Patient-Centered Outcomes Research Institute (PCORI) stipulates that all personally identifiable health information must be deidentified in accordance with HIPAA regulations. On Sept. 7, the PCORI...

HIPAA Privacy Rule Can Be Tool for Health Information Exchange

by Fred Donovan

Rather than being a barrier to information sharing and interoperability, the HIPAA Privacy Rule can be seen as a tool to facilitate health information exchange and flow across the health ecosystem, argued OCR and ONC in an Aug. 30 blog...

Oklahoma Hospital Sued for Alleged HIPAA Violation Over Drowning

by Fred Donovan

McAlester Regional Health Center (MRHC) in Oklahoma is being sued for an alleged HIPAA violation for sharing information on a boy’s drowning with his biological mother, reported the Pauls Valley Democrat newspaper on Aug. 23. The...

OCR Levies Close to $80M in HIPAA Privacy Rule Fines

by Fred Donovan

OCR has assessed close to $80 million in fines in 55 cases of HIPAA Privacy Rule violations since the rule took effect in April 2003, according to data on the HHS website. OCR has received 184,614 HIPAA complaints and has initiated 902...

Oklahoma Government in Row Over Alleged HIPAA Violation

by Fred Donovan

Two branches of Oklahoma’s government are embroiled in a controversy over whether the Oklahoma Department of Veterans Affairs committed a HIPAA violation when it allowed VA medical aides to access patient medical records using their...

OCR On Pace To Assess Less Money in HIPAA Violation Fines in 2018

by Fred Donovan

OCR is on pace to conclude fewer HIPAA settlements and assess less money in HIPAA violation fines this year than in previous years, according to a report from the law firm Gibson Dunn. For the first half of this year, OCR has reported...

HHS Pushes for Changes to HIPAA Privacy Rule, 42 CFR Part 2

by Fred Donovan

In the next few months, HHS plans to issue requests for information (RFIs) about changing the HIPAA Privacy Rule and 42 CFR Part 2 to make it easier for doctors, hospitals, and payers to coordinate in delivering value-based care and...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks