Healthcare Information Security

HITECH Breach Notification Rule

Senator Urges Prompt Data Breach Disclosure in Recent Bill

December 5, 2017 - Florida Senator Bill Nelson introduced legislation toward the end of November 2017 that would require organizations to adhere to a more prompt data breach disclosure process. Companies that do not follow the requirements and attempt to deliberately conceal a data breach would face criminal penalties. Nelson introduced a similar version of the Data Security and Breach Notification Act in 2016...

More Articles

HHS Updates HIPAA Breach Reporting Tool, Empowers Consumers

by Elizabeth Snell

The recently updated HIPAA Breach Reporting Tool (HBRT) will highlight recent healthcare data breaches and help consumers learn how such incidents are investigated, according to OCR. The agency explained in a statement that the new HBRT “features...

$130K NY State Settlement from Late Data Breach Notification

by Elizabeth Snell

CoPilot Provider Support Services, Inc. recently agreed to a $130,000 settlement with New York after the company was found to have violated state data breach notification law, according to the New York Attorney General’s office. CoPilot...

Breach Notification Center of Presence Health HIPAA Settlement

by Elizabeth Snell

Healthcare network Presence Health recently agreed to a $475,000 OCR HIPAA settlement following a reported data breach and a subsequent delayed breach notification process. Presence submitted a breach notification report to OCR on January 31,...

Data Breach Notification Law Passes Unanimously in Wash.

by Elizabeth Snell

The Washington state Senate unanimously passed the proposed data breach notification law last week by a 47-0 vote. HB 1078 is designed to “strengthen the data breach notification requirements to better safeguard personal information, prevent...

Healthcare Data Breaches Can Push Patients Away, Says Survey

by Elizabeth Snell

Healthcare data breaches can be devastating for patients and the healthcare facility that was attacked. The organization could face severe penalties from the Department of Health & Human Services (HHS) if it is deemed that it violated HIPAA,...

Are You Ready for the HIPAA Breach Notification Deadline?

by Elizabeth Snell

Covered entities (CEs) that experienced a data breach in 2014 that affected fewer than 500 people have an important HIPAA breach notification deadline approaching: March 1. That is the deadline that those organizations must notify the Department...

Data Breach News: Cone Health Mailing Error; New Calif. Law

by Patrick Ouellette

Cone Health of Greensboro, N.C. has alerted 2,076 Southeastern Heart and Vascular Center patients that their data was compromised as a result of a mailing error. reports that a clerical mistake led to letters, which included patient...

Touchstone Medical Imaging Posts Data Breach Notification

by Patrick Ouellette

Touchstone Medical Imaging, LLC has sent out notices to some patients treated prior to August of 2012 that it learned on May 9, 2014 that a shared folder holding sensitive data was exposed on the internet. The imaging specialist organization...

Texas HHSC sues Xerox; Tri-City Medical Center reports breach

by Patrick Ouellette

The Texas Health and Human Services Commission (HHSC) recently filed a lawsuit against Xerox for withholding patient documents that it held as state’s former primary Medicaid claims administrator. HHSC recently terminated the Xerox contract,...

Indianapolis hospital reports patient mailing data exposure

by Patrick Ouellette

St. Vincent Breast Center of Indianapolis recently alerted about 63,000 patients that their data had been potentially compromised after the organization mistakenly sent letters with patient information to the wrong addresses. As reported by,...

WEDI publishes health data breach notification tips

by Patrick Ouellette

The Workgroup for Electronic Data Interchange (WEDI) Privacy and Security Workgroup recently published its Breach Risk Assessment Issue Brief to offer reminders to healthcare organizations regarding the breach notification decision process. According...

ONC, OCR publicize HIPAA Digital Privacy Notice Challenge

by Patrick Ouellette

After providing four approved notice of privacy practices (NPP) templates in September, the Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) are focusing on digital NPPs and recently...

Healthcare attorney highlights HIPAA Omnibus changes

by Patrick Ouellette‘s recent webcast, “HIPAA Omnibus Rule compliance tips and best practices“, provided a variety of takeaways from presenter and Dunkiel¬†Saunders healthcare attorney¬†Eileen Elliott. One of the biggest developments...

Register now for Feb. 5 HIPAA Omnibus Rule webcast

by Patrick Ouellette will be holding a webcast, “HIPAA Omnibus Rule compliance tips and best practices“, on February 5 at 1 p.m. EST to help further clarify changes to the HIPAA privacy and security rules that went into effect in...

Law firm iOS app aggregates federal, state breach statutes

by Patrick Ouellette

While Fox Rothschild LLP’s new Data Breach 411 iOS application shouldn’t be the sole resource healthcare organizations and their business associates (BAs) use when responding to data breaches, the app may be useful for compliance...

Reviewing the first HITECH breach penalty dealt by HHS

by Patrick Ouellette

Last week, Department of Health and Human Services (HHS) announced that Adult & Pediatric Dermatology, P.C. (APDerm) of Concord, Mass., will pay $150,000 in data breach fines. The most interesting part of the news wasn’t the amount...

A look back at CDT HIPAA Omnibus Rule commentary

by Patrick Ouellette

The HIPAA Omnibus Rule was undoubtedly at the top of many healthcare organizations’ priority lists in 2013. Hearing industry experts offer commentary on the new HIPAA rules can add clarity to some confusing areas of the rule, as well as...

Small healthcare providers digging through HIPAA paperwork

by Patrick Ouellette

Nearly three months after the Department of Health and Human Services (HHS) and Office for Civil Rights (OCR) began enforcement of the HIPAA Omnibus Rule, compliance has been a mere formality for many large healthcare organizations. But how are...

Citrix, VMware offer software assisting HIPAA compliance

by Nicole Freeman

New Citrix ShareFile Cloud aids HIPAA compliance Citrix ShareFile Cloud for Healthcare, Citrix’s virtual private cloud offering for file sharing, is now available to healthcare organizations looking to secure and manage protected health...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks