Healthcare Information Security

Office for Civil Rights

$2.3M OCR Settlement Reached for 21st Century Oncology Data Breach

December 14, 2017 - Cancer care services provider 21st Century Oncology (21CO) recently agreed to a $2.3 million OCR settlement, following a 2015 data breach. OCR found in its investigation that 21CO impermissibly disclosed the PHI of 2,213,597 of its patients and “failed to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability...


More Articles

Reducing Insider Data Breach Risk with Strong IAM Policies

by Elizabeth Snell

Implementing effective identity and access management (IAM) policies and controls is essential for healthcare organizations that are looking to reduce the potential of insider data breach risk, according to the OCR November 2017 Cybersecurity...

What Should Entities Expect with OCR HIPAA Enforcement?

by Elizabeth Snell

There have been nine OCR HIPAA enforcement settlements so far in 2017, highlighting the need for covered entities and business associates to focus on audit controls, risk management, and business associate agreements. While there has been a new...

What Are Basic, Essential Healthcare Cybersecurity Measures?

by Elizabeth Snell

With October being National Cybersecurity Awareness Month (NCAM), OCR highlighted top healthcare cybersecurity measures that all covered entities and business associates should keep in mind. NCAM is an ideal time for organizations to review basic...

41% of Health Data Breaches Stem from Unintended Disclosure

by Elizabeth Snell

Unintended data disclosure, such as emails containing PHI sent to the wrong recipient or servers left publicly accessible, accounted for 41 percent of reported health data breaches the first nine months in 2017, according to research from Beazley....

Reviewing OCR HIPAA Guidance to Maintain Compliance

by Elizabeth Snell

Covered entities should not be afraid to regularly review OCR HIPAA guidance and ensure that they remain compliant, even as they add new technologies into the daily workflow, according to OCR Senior Advisor for HIPAA Compliance and Enforcement...

Mount Sinai St. Luke’s Sued Following HIPAA Violation

by Elizabeth Snell

New York-based Mount Sinai St. Luke’s Hospital is being sued for faxing patient PHI to the patient’s employer, a reported HIPAA violation that has already resulted in an OCR HIPAA settlement. The Law Offices of Jeffrey Lichtman represent...

OCR Stresses Employee Training Need in PHI Security

by Elizabeth Snell

The need for strong employee training only increases as the healthcare risk landscape grows and threatens PHI security, according to the recent OCR cybersecurity newsletter. Data security training is necessary for combatting threats such as ransomware...

5 Lessons Learned in OCR HIPAA Settlements

by Elizabeth Snell

Healthcare organizations cannot assume that they will never experience a data breach or data security incident. Failure to update safeguards or audit controls could also lead to an OCR HIPAA settlement, which could be paired with a high fine...

OCR Highlights Proper Healthcare Cyberattack Response

by Elizabeth Snell

HIPAA covered entities and business associates must know the necessary steps to take following a healthcare cyberattack. Failing to either notify overseeing agencies or properly alert patients could lead to numerous issues for an organization....

PHI Data Breach Leads to $387K OCR HIPAA Settlement

by Elizabeth Snell

St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) settled alleged HIPAA violations from a PHI data breach by paying $387,000 in an OCR HIPAA settlement. Formerly Spencer Cox Center for Health (the Spencer Cox Center), New York-based...

HHS Reiterates OCR Ransomware Guidance after Recent Attack

by Elizabeth Snell

The WannaCry ransomware attack should serve as a strong reminder to healthcare organizations to maintain necessary data security measures, including proper employee training. Adhering to the OCR ransomware guidance will also help covered entities...

Memorial Hermann Agrees to $2.4M OCR HIPAA Settlement

by Elizabeth Snell

Texas-based Memorial Hermann Health System (MHHS) recently agreed to a $2.4 million OCR HIPAA settlement following multiple allegations of inappropriate PHI disclosure. OCR conducted a compliance review after numerous media reports claimed that...

Lack of Business Associate Agreement Equals $31K Settlement

by Elizabeth Snell

The Center for Children’s Digestive Health (CCDH) recently settled potential HIPAA violations by not having a business associate agreement in place, and paid OCR $31,000. The Illinois-based healthcare provider underwent an OCR compliance...

Mobile Security at Center of $2.5M OCR HIPAA Settlement

by Elizabeth Snell

The latest OCR HIPAA settlement was the first of its kind for a wireless health services provider, following allegations of ePHI disclosure due to a stolen laptop. Pennsylvania-based CardioNet provides remote mobile monitoring of and rapid response...

2017 OCR HIPAA Settlements Focus on Risk Analyses, Safeguards

by Elizabeth Snell

Maintaining PHI security must remain a top priority for covered entities and business associates year-round. Lackluster safeguards and irregular risk analyses can lead to potential data security issues, and even an OCR HIPAA settlement. With...

Health Center Agrees to $400K OCR HIPAA Settlement

by Elizabeth Snell

Failing to conduct a risk analysis and not implementing a corresponding risk management plan to address found risks and vulnerabilities were part of the reasoning behind the latest OCR HIPAA settlement. Metro Community Provider Network (MCPN)...

OCR Urges End-to-End Security, Verified HTTPS to Protect PHI

by Elizabeth Snell

Implementing end-to-end connection security on internet transactions using Secure Hypertext Transport Protocol (HTTPS) can help healthcare organizations better protect PHI and even detect malware, according to OCR’s latest cybersecurity...

Roger Severino Appointed Office for Civil Rights Director

by Elizabeth Snell

Roger Severino was recently appointed as the new OCR Director. At the time of publication, OCR had not yet released a statement on the move. Previously, Severino served as Director of the DeVos Center for Religion and Civil Society...

OCR Calls for Healthcare Cybersecurity Collaboration

by Elizabeth Snell

The government, private sector, and international network defense communities all need to work toward stronger collaboration and information sharing to combat the increasing amount of healthcare cybersecurity threats, the Office for Civil Rights...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks