Healthcare Information Security

Office for Civil Rights

41% of Health Data Breaches Stem from Unintended Disclosure

October 17, 2017 - Unintended data disclosure, such as emails containing PHI sent to the wrong recipient or servers left publicly accessible, accounted for 41 percent of reported health data breaches the first nine months in 2017, according to research from Beazley. The second most common issue was from hacking or malware incidents (19 percent), followed by insider incidents (15 percent), and physical loss (8...


More Articles

Reviewing OCR HIPAA Guidance to Maintain Compliance

by Elizabeth Snell

Covered entities should not be afraid to regularly review OCR HIPAA guidance and ensure that they remain compliant, even as they add new technologies into the daily workflow, according to OCR Senior Advisor for HIPAA Compliance and Enforcement...

Mount Sinai St. Luke’s Sued Following HIPAA Violation

by Elizabeth Snell

New York-based Mount Sinai St. Luke’s Hospital is being sued for faxing patient PHI to the patient’s employer, a reported HIPAA violation that has already resulted in an OCR HIPAA settlement. The Law Offices of Jeffrey Lichtman represent...

OCR Stresses Employee Training Need in PHI Security

by Elizabeth Snell

The need for strong employee training only increases as the healthcare risk landscape grows and threatens PHI security, according to the recent OCR cybersecurity newsletter. Data security training is necessary for combatting threats such as ransomware...

5 Lessons Learned in OCR HIPAA Settlements

by Elizabeth Snell

Healthcare organizations cannot assume that they will never experience a data breach or data security incident. Failure to update safeguards or audit controls could also lead to an OCR HIPAA settlement, which could be paired with a high fine...

OCR Highlights Proper Healthcare Cyberattack Response

by Elizabeth Snell

HIPAA covered entities and business associates must know the necessary steps to take following a healthcare cyberattack. Failing to either notify overseeing agencies or properly alert patients could lead to numerous issues for an organization....

PHI Data Breach Leads to $387K OCR HIPAA Settlement

by Elizabeth Snell

St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) settled alleged HIPAA violations from a PHI data breach by paying $387,000 in an OCR HIPAA settlement. Formerly Spencer Cox Center for Health (the Spencer Cox Center), New York-based...

HHS Reiterates OCR Ransomware Guidance after Recent Attack

by Elizabeth Snell

The WannaCry ransomware attack should serve as a strong reminder to healthcare organizations to maintain necessary data security measures, including proper employee training. Adhering to the OCR ransomware guidance will also help covered entities...

Memorial Hermann Agrees to $2.4M OCR HIPAA Settlement

by Elizabeth Snell

Texas-based Memorial Hermann Health System (MHHS) recently agreed to a $2.4 million OCR HIPAA settlement following multiple allegations of inappropriate PHI disclosure. OCR conducted a compliance review after numerous media reports claimed that...

Lack of Business Associate Agreement Equals $31K Settlement

by Elizabeth Snell

The Center for Children’s Digestive Health (CCDH) recently settled potential HIPAA violations by not having a business associate agreement in place, and paid OCR $31,000. The Illinois-based healthcare provider underwent an OCR compliance...

Mobile Security at Center of $2.5M OCR HIPAA Settlement

by Elizabeth Snell

The latest OCR HIPAA settlement was the first of its kind for a wireless health services provider, following allegations of ePHI disclosure due to a stolen laptop. Pennsylvania-based CardioNet provides remote mobile monitoring of and rapid response...

2017 OCR HIPAA Settlements Focus on Risk Analyses, Safeguards

by Elizabeth Snell

Maintaining PHI security must remain a top priority for covered entities and business associates year-round. Lackluster safeguards and irregular risk analyses can lead to potential data security issues, and even an OCR HIPAA settlement. With...

Health Center Agrees to $400K OCR HIPAA Settlement

by Elizabeth Snell

Failing to conduct a risk analysis and not implementing a corresponding risk management plan to address found risks and vulnerabilities were part of the reasoning behind the latest OCR HIPAA settlement. Metro Community Provider Network (MCPN)...

OCR Urges End-to-End Security, Verified HTTPS to Protect PHI

by Elizabeth Snell

Implementing end-to-end connection security on internet transactions using Secure Hypertext Transport Protocol (HTTPS) can help healthcare organizations better protect PHI and even detect malware, according to OCR’s latest cybersecurity...

Roger Severino Appointed Office for Civil Rights Director

by Elizabeth Snell

Roger Severino was recently appointed as the new OCR Director. At the time of publication, OCR had not yet released a statement on the move. Previously, Severino served as Director of the DeVos Center for Religion and Civil Society...

OCR Calls for Healthcare Cybersecurity Collaboration

by Elizabeth Snell

The government, private sector, and international network defense communities all need to work toward stronger collaboration and information sharing to combat the increasing amount of healthcare cybersecurity threats, the Office for Civil Rights...

Audit Controls Underlined in $5.5M OCR HIPAA Settlement

by Elizabeth Snell

UPDATE: Memorial Healthcare System sent comments to HealthITSecurity.com on February 17.  Florida-based Memorial Healthcare Systems (MHS) recently agreed to a $5.5 million OCR HIPAA settlement, stemming from incidents that were reported...

$2.2M OCR HIPAA Settlement Highlights ePHI Safeguard Need

by Elizabeth Snell

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced a HIPAA settlement stemming from allegations of a lack of ePHI safeguards. MAPFRE Life Insurance Company of Puerto Rico (MAPFRE) agreed to the...

OCR Clarifies PHI Disclosure Guidance in HIPAA Privacy Rule

by Elizabeth Snell

Partially due to legal confusion following the 2016 Orlando nightclub shooting, the Office for Civil Rights (OCR) has released an FAQ clarifying certain aspects of PHI disclosure policies with patients’ loved ones under the HIPAA Privacy...

Breach Notification Center of Presence Health HIPAA Settlement

by Elizabeth Snell

Healthcare network Presence Health recently agreed to a $475,000 OCR HIPAA settlement following a reported data breach and a subsequent delayed breach notification process. Presence submitted a breach notification report to OCR on January 31,...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks