Healthcare Information Security

HIPAA Physical Safeguards

Access Health CT announces patient data breach

by Patrick Ouellette

The Connecticut state health insurance exchange, Access Health CT, is handling a patient data breach that occurred when its vendor Maximus’s employee lost a backpack containing 413 patients’ information in a deli. According to the...

Ensuring HIPAA compliance among inpatient, outpatient docs

by Kyle Murphy, PhD

The continuum of care continues to expand and is forcing integrated delivery networks and health systems to reconsider their health data privacy and security practices after addressing the features unique to inpatient and outpatient clinical...

HIPAA Security Rule standards: Physical safeguards

by Patrick Ouellette

As far as the healthcare industry has come the past few years in technology innovation and development, one area that lags behind is physical safeguards. As part of the HIPAA Security Rule, physical safeguards have often been a thorn in the side...

ProMedica Bay Park Hospital announces data breach

by Patrick Ouellette

ProMedica Bay Park Hospital of Oregon, OH is in the process of alerting more than 500 patients that their protected health information (PHI) had been breached after an internal employee inappropriately gained access to the information. According...

Elliot Hospital notifies more than 1,200 patients of breach

by Patrick Ouellette

After an Elliot Hospital employee’s car was broken into and four computer workstations were stolen from the vehicle on March 27, the hospital alerted more than 1,200 patients that their data had been exposed. Though, according to unionleader.com,...

L.A. County tacks on 3,497 patients to Sutherland data breach

by Patrick Ouellette

The patient data breach that involved Sutherland Healthcare seems to be a never-ending saga for the Los Angeles County Department of Health Services (DHS). After adding 170,200 patients to the list of those affected back in April, DHS has tacked...

Boulder Community Health reviews paper PHI record exposure

by Patrick Ouellette

After a reported HIPAA violation, Boulder Community Health (BCH) of Colorado is in the process of investigating its third patient data breach since 2008, according to The Daily Camera. The context of the breach is a bit bizarre in that, unknown...

Employees file class suit against UPMC following data breach

by Patrick Ouellette

Employees affected by the University of Pittsburgh Medical Center (UPMC) data breach have filed a class action lawsuit against UPMC and its payroll vendor, Ultimate Software Group. The suit says that UPMC and the vendor breached its duty to protect...

HHS deals out largest-ever $4.8M HIPAA violation settlement

by Patrick Ouellette

The Department of Health and Human Services (HHS) announced yesterday that it had handed out $4.8 million worth of HIPAA fines to New York and Presbyterian Hospital (NYP) and Columbia University (CU) after they submitted a joint breach report...

OCR dismisses Walgreens ‘Well Experience’ HIPAA complaint

by Patrick Ouellette

The Office for Civil Rights (OCR) has officially completed its investigation into the Walgreens “Well Experience” program and dismissed the complaint filed by the activist group, Change to Win (CtW), after finding CtW’s patient privacy...

Molina Healthcare contractor mail error exposes patient data

by Patrick Ouellette

Molina Healthcare, a multi-state healthcare organization, reported on Friday that a postcard mailing error in March had resulted in 5,261 former members’ Social Security numbers being inadvertently exposed. According to the Albuquerque...

UMass Memorial Medical sends out patient data breach notices

by Patrick Ouellette

After taking nearly two months to flesh out a patient data breach involving inappropriate internal access, UMass Memorial Medical Center (UMMMC) of Worcester, Mass. announced this week that it had alerted more than 2,400 affected patients of...

Centura Health alerts 1,000 patients of phishing attack

by Patrick Ouellette

A data breach involving Mercy Regional Medical Center of Durango, Colo. exemplifies the stark reality that phishing attacks have become more complex and difficult for even the most shrewd of users to pick out. Mercy employees, according to the...

Boston Medical Center transcription service exposes PHI

by Patrick Ouellette

Once it learned that 15,000 patients’ data had been exposed on its transcription service vendor’s website, Boston Medical Center (BMC) fired MDF Transcription Services and has sent breach notification letters to patients. The website...

Health data breach roundup: Tufts Health Plan, Iowa DHS

by Patrick Ouellette

Data breaches of all different shapes, sizes and victims are being reported on an almost daily basis, so it can be difficult to stay up to date on the latest breach incidents. HealthITSecurity.com has compiled a list of the latest breaches down...

Cybersecurity hackers target Boston Children’s Hospital

by Patrick Ouellette

Hackers have made multiple attempts to infiltrate Boston Children’s Hospital within the past month, according to a Boston Globe report. The hackers’ efforts were geared toward overloading the Children’s website and potentially...

Coordinated Health data breach may impact 700 patients

by Patrick Ouellette

Coordinated Health reported this week that a data breach involving a stolen laptop belonging to an employee may have affected up to 700 patients. According to poconorecord.com, an employee in Bethlehem had left the laptop in their car and the...

Reviewing Concentra Health and QCA HIPAA breach CAPs

by Patrick Ouellette

We learned yesterday that two HIPAA covered entities, Concentra Health Services and QCA Health Plan, had come to individual monetary agreements with the Office for Civil Rights (OCR) to settle HIPAA violations. Those resolutions included corrective...

Concentra, QCA Health Plan agree to HIPAA breach settlements

by Patrick Ouellette

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) sent out a release today detailing two entities’ settlements for HIPAA Privacy and Security Rule violations involving unencrypted laptop thefts. According to...

Kentucky passes state data breach notification law

by Patrick Ouellette

Following Kentucky Auditor of Public Accounts (APA) Adam H. Edelen explaining in detail back in January why Kentucky needed a breach notification law, the state recently became the 47th to ratify data breach notification legislation. On April...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks