Healthcare Information Security


Bronx RHIO implements direct secure messaging

by Elizabeth Snell

Maintaining security standards as Health Information Exchange (HIE) expansion continues is critical for any healthcare provider. It’s also essential that patient data stays secure as it is transported from one organization to the next. Those...

Dorn VA medical center faces class action lawsuit

by Elizabeth Snell

William Jennings Bryan Dorn Veterans Affairs (VA) medical center has been hit with yet another lawsuit following a health data breach. On July 14, staff members first noticed that four boxes with patients’ information had gone missing....

AltaMed Health Services alerts 2,995 patients of data breach

by Patrick Ouellette

AltaMed Health Services announced last week that 2,995 patients’ data were potentially compromised when an employee stole patient records in an apparent identity theft ring. AltaMed, which offers a variety of healthcare services, posted...

OCR investigating Idaho Medicaid contractor data disclosures

by Patrick Ouellette

Idaho Medicaid is on the receiving end of more federal scrutiny for vendor management practices, as state agencies and the Department of Health and Human Services (HHS) are investigating patient data disclosures at Optum Idaho. Optum Idaho was...

Updating HIPAA BAAs before Sept. 23, 2014: Compliance tips

by Patrick Ouellette

With fall quickly approaching, the last compliance piece to the HIPAA Omnibus Rule is coming up quick as well. As of September 23, 2014, all HIPAA business associate agreements (BAAs) must be up to date and in line with the regulations set forth...

Boston judge refuses hospital PHI disclosure waiver request

by Patrick Ouellette

A Boston judge provided a reminder this week that a healthcare organization’s and a patient’s rights to release medical records under HIPAA are very different and a bid for a court order wouldn’t help a provider sidestep record...

Managing security risk in the new age of integrated care

by Jim Campbell

Almost 20 years after HIPAA was enacted, the healthcare industry is facing unprecedented risks to patient privacy and security, and it’s only going to get worse. To take control, providers need to act now and manage security and compliance...

Where do ACOs fit into the HIPAA compliance landscape?

by Patrick Ouellette

Most stakeholders in the healthcare industry have a different take on HIPAA. Regulators see privacy and security laws as fair and necessary to patient care. Many covered entities view HIPAA compliance enforcement as inconsistent and, at times,...

House Committee hears new FTC v. LabMD arguments

by Patrick Ouellette

Though the FTC v. LabMD trial has been temporarily put on hold, there is still a war of words going on between the two sides. The House Committee on Oversight and Government Reform governed a three-hour meeting to help determine whether the Federal...

S.C. hospital reports laptop theft, patient data breach

by Patrick Ouellette

Self Regional Healthcare of Greenwood, S.C. is alerting patients of a data breach that occurred over Memorial Day weekend when two men stole an unencrypted laptop containing an unknown number of patient records. The Index Journal reports...

Johns Hopkins reaches preliminary privacy breach agreement

by Patrick Ouellette

More than a year after patients filed a potential class action lawsuit against Johns Hopkins Medicine following a privacy breach, the hospital has reached a preliminary $190 million settlement. For background, former Johns Hopkins gynecologist...

VA accused of using HIPAA to block waiting list disclosures

by Patrick Ouellette

Are there instances where federal privacy laws are misused and actually end up being detrimental to the patient? According to a recent Washington Post report, some believe the Department of Veterans Affairs (VA) is using HIPAA as a mechanism...

Do third parties regularly access consumer health data?

by Patrick Ouellette

Consumer-generated healthcare data privacy doesn’t appear to have caused too many ripples in the general public’s consciousness to this point. But a recent California Healthcare Foundation report looks at how personal health information...

Blue Shield, DMHC of Calif. release Social Security numbers

by Patrick Ouellette

Blue Shield of California and the California Department of Managed Health Care (DMHC) announced that they inadvertently distributed 18,000 doctors’ Social Security numbers. Blue Shield mistakenly sent rosters to DMHC that mistakenly included...

Indianapolis hospital reports patient mailing data exposure

by Patrick Ouellette

St. Vincent Breast Center of Indianapolis recently alerted about 63,000 patients that their data had been potentially compromised after the organization mistakenly sent letters with patient information to the wrong addresses. As reported by,...

NRAD Medical Associates notifies 97,000 patients of breach

by Patrick Ouellette

NRAD Medical Associates of Garden City, New York has informed 97,000 patients that an internal employee inappropriately accessed protected health information (PHI) and patient billing data back in April 2014. According to,...

Securing a healthcare mobile environment during EHR transition

by Frank Baer

As evidenced by all of the recent healthcare regulation news, our industry is in a state of evolution. While government, healthcare professionals and patients are the ones actually driving change, it is technology that is helping to power and...

Penn State Hershey Medical Center alerts 1,801 patients of breach

by Patrick Ouellette

Penn State Milton S. Hershey Medical Center began alerting 1,801 patients last week that an employee had accessed clinical data without having proper IT security protections in place. According to the Penn State statement, the employee, a clinical...

Healthcare data breach trends: Areas of needed improvement

by Patrick Ouellette

Recent news that a Montana Department of Public Health and Human Services server had been hacked into served as a reminder that there are a number of different ways in which HIPAA covered entities can endure data breaches. With that in mind,...

Server hack leads to Montana Health Department investigation

by Patrick Ouellette

Just less than a year after a Montana Department of Public Health and Human Services server was hacked into, the department is alerting both public program clients and employees that their data was inappropriately accessed. After seeing some...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks