Healthcare Information Security

HIPAA Technical Safeguards

Cedars-Sinai reports unencrypted laptop theft, data breach

by Patrick Ouellette

Despite having an organization-wide device encryption policy in place, Cedars-Sinai Medical Center in Los Angeles announced an unencrypted laptop theft that may have compromised more than 500 patients’ data. According to the...

CMS denies AP access to security records

by Patrick Ouellette

The Centers for Medicare and Medicaid Services (CMS) refused an Associated Press (AP) request for information regarding HealthCare.Gov security under the Freedom of Information Act (FOI). CMS contended that security concerns have been...

S.C. hospital reports laptop theft, patient data breach

by Patrick Ouellette

Self Regional Healthcare of Greenwood, S.C. is alerting patients of a data breach that occurred over Memorial Day weekend when two men stole an unencrypted laptop containing an unknown number of patient records. The Index Journal...

Sutter lawsuit plaintiffs plan to go to Calif. Supreme Court

by Patrick Ouellette

Despite the Third District Court of Appeal of California’s decision that Sutter Medical Foundation hadn’t violated the Confidentiality¬†of Medical Information Act (CMIA), the patient plaintiffs who filed the suit aren’t...

Appeals court: Sutter record exposure didn’t violate CMIA

by Patrick Ouellette

The Third District Court of Appeal of California again ruled in favor of Sutter Medical Foundation on Monday, as the court maintained that Sutter had not violated the Confidentiality of Medical Information Act (CMIA). This was the second...

HHS audit discovers New Mexico HIX security vulnerabilities

by Patrick Ouellette

Following a great deal of security criticism toward since its inception, there continue to be security-related issues within state healthcare insurance exchanges. A Department of Health and Human Services (HHS) Office of...

San Antonio laptop with child vaccination records stolen

by Patrick Ouellette

The San Antonio Metropolitan Health District recently alerted families of just fewer than 300 child patients that their vaccination records had been breached after a city-owned laptop was stolen, according to Apparently the...

NRAD Medical Associates notifies 97,000 patients of breach

by Patrick Ouellette

NRAD Medical Associates of Garden City, New York has informed 97,000 patients that an internal employee inappropriately accessed protected health information (PHI) and patient billing data back in April 2014. According to...

Montana DPHHS HIPAA breach affects 1.3 million patients

by Patrick Ouellette

The Montana Department of Public Health and Human Services (DPHHS) has reported more details on one of the largest HIPAA breaches in terms of number of affected patients, as up to 1.3 million records were compromised. The server hack...

St. Joseph Health sends patient breach notification letters

by Patrick Ouellette

Among the items that can be lost in the mix when one healthcare organization takes over another is security and compliance. St. Joseph Health recently took over the former Redwood Regional Medical Group’s imaging center and has taken...

Apple HealthKit privacy questions for providers, developers

by Patrick Ouellette

As referenced by Rocky Mountain Human Services (RMHS) IT Director Frank Baer, there is no turning back from the confluence of mHealth applications and healthcare privacy concerns. Instead, organizations must go head-first into mobile...

Penn State Hershey Medical Center alerts 1,801 patients of breach

by Patrick Ouellette

Penn State Milton S. Hershey Medical Center began alerting 1,801 patients last week that an employee had accessed clinical data without having proper IT security protections in place. According to the Penn State statement, the employee, a...

Healthcare data breach trends: Areas of needed improvement

by Patrick Ouellette

Recent news that a Montana Department of Public Health and Human Services server had been hacked into served as a reminder that there are a number of different ways in which HIPAA covered entities can endure data breaches. With that in...

Server hack leads to Montana Health Department investigation

by Patrick Ouellette

Just less than a year after a Montana Department of Public Health and Human Services server was hacked into, the department is alerting both public program clients and employees that their data was inappropriately accessed. After seeing...

Ensuring HIPAA compliance among inpatient, outpatient docs

by Kyle Murphy, PhD

The continuum of care continues to expand and is forcing integrated delivery networks and health systems to reconsider their health data privacy and security practices after addressing the features unique to inpatient and outpatient...

Data breach may affect all 62,000 UPMC employees

by Patrick Ouellette

Another healthcare data breach involving employees continues to grow, as the range of employees affected by the University of Pittsburgh Medical Center (UPMC) breach has grown from a reported 27,000 to potentially all 62,000 employees,...

ProMedica Bay Park Hospital announces data breach

by Patrick Ouellette

ProMedica Bay Park Hospital of Oregon, OH is in the process of alerting more than 500 patients that their protected health information (PHI) had been breached after an internal employee inappropriately gained access to the...

L.A. County boosts encryption policies after data breach

by Patrick Ouellette

Most often out of necessity, a healthcare organization that has just endured a data breach will comprehensively review its privacy and security procedures. The most recent example of these ramped-up efforts is the ongoing Los Angeles...

HIPAA Security Rule requirements: Technical safeguard review

by Patrick Ouellette

Implementing the right blend of technology and policy is easier said than done for a healthcare organization, as there are myriad complications to each side of the security equation. But having a strong understanding of what the Department...

UC Irvine alerts patients of keylogging malware incident

by Patrick Ouellette

University of California Irvine (UCI) announced last week that 1,813 students and some non-students were impacted by a data breach involving keylogging software malware. The UCI IT Security office learned that the breach had affected three...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...