Healthcare Information Security

PHI Security

Primary Health Care PHI Data Security Incident Affects 10K

March 22, 2018 - Unauthorized access to employee email accounts may have led to a PHI data security incident at Primary Health Care Inc. (PHC), according to an organization statement. PHC discovered the access to four employee accounts and the related Google Drives on March 1, 2017, and said the accounts had been accessed on February 28, 2017. The unauthorized access was “immediately terminated. An investigation...

More Articles

AHIMA Continues Push for Balance in Patient Data Access, Security

by Elizabeth Snell

Healthcare professionals should have access to their patients’ entire medical history, but patient data access and data security measures must also be considered, AHIMA members said in meetings with Congress today. Access to substance abuse...

134K Possibly Affected in St. Peter’s Server Data Breach

by Elizabeth Snell

An unauthorized third party gained access to St. Peter’s Surgery & Endoscopy Center (the Center) servers on January 8, 2018, according to an online statement. The potential data breach was discovered on the same day of the infiltration,...

70K Notified in Tufts Health Plan Data Breach in Vendor Error

by Elizabeth Snell

A vendor that handles the mailing of member identification (ID) cards reportedly sent out envelopes with patient information visible in the mailing window, which created a Tufts Health Plan data breach. Tufts Medicare Preferred ID cards were...

Physical Safeguard Need Underlined in Recent VA Privacy Protocols

by Elizabeth Snell

A recent data breach involving old records from hospital patients, employees, and job applicants has led a VA medical center to launch new data privacy protocols. The John J. Pershing VA Medical Center said that it will be improving its...

How the FTC Act, HIPAA Privacy Rule Impact Healthcare Orgs

by Elizabeth Snell

Collecting and sharing consumer health information is fairly standard practice for covered entities and their business associates. Organizations must ensure that they remain in compliance with the HIPAA Privacy Rule throughout that entire process,...

Hospital Data Breaches Most Common, Affect the Most Patients

by Elizabeth Snell

Hospital data breaches accounted for approximately 30 percent of large data security incidents reported to OCR from 2009 to 2016, according to a study published in the American Journal of Managed Care (AJMC). The largest number of individuals...

Filefax PHI Disclosure Leads to $100K OCR HIPAA Settlement

by Elizabeth Snell

Filefax, Inc. went out of business in 2017, but that does not mean that an OCR HIPAA settlement can be avoided due to an earlier PHI disclosure, according to OCR. A company that was appointed as a receiver to liquidate Filefax’s assets...

Smiths Medical Releases Firmware Update for Medical Device Security

by Elizabeth Snell

Smiths Medical recently released a firmware update to eliminate potential medical device security vulnerabilities that had been discovered by an independent researcher earlier in 2017. The vulnerabilities may have allowed remote attackers to...

New York Reaches $1.15M Settlement over Aetna Data Breach

by Elizabeth Snell

New York Attorney General Eric Schneiderman announced that a $1.15 million settlement has been reached following the Aetna data breach that occurred in 2017. Aetna sent letters to patients in the mail back in July 2017. Information about ordering...

KS Healthcare Organization Fined over Unsecured Patient Data

by Elizabeth Snell

Topeka, Kansas-based Pearlie Mae’s Compassion and Care LLC recently agreed to pay an $8,750 civil penalty after allegations that it had unsecured patient data in one of its office locations. Defendants Ann Marie Kaiser and Jenell Jones...

$17M Settlement Agreement Reached in Aetna Data Breach Case

by Elizabeth Snell

Aetna has reached a $17 million settlement following a reported data breach from 2017 where 12,000 individuals were impacted. The healthcare company Aetna sent letters in the mail where information about ordering prescription HIV drugs was clearly...

Allscripts Ransomware Attack Impacts Limited Number of Applications

by Elizabeth Snell

UPDATE: An Allscripts spokesperson emailed an additional update to on January 26, 2018 about the ransomware attack.  An Allscripts ransomware attack was reported on January 18, 2018, with certain applications made inaccessible....

VA Patient Data Disclosure to HIEs Permitted in Proposed Rule

by Elizabeth Snell

The Department of Veterans Affairs (VA) published a proposed rule that would amend its current regulations on allowing patient data disclosure to health information exchanges (HIEs). The updated rule would permit VA to release a patient’s...

HCCIC Releases Update on Spectre, Meltdown Cybersecurity Threats

by Elizabeth Snell

The Healthcare Cybersecurity and Communications Integration Center (HCCIC) released an update on previously discovered Spectre and Meltdown vulnerabilities that could create healthcare cybersecurity threats for organizations. The National Health...

CT Supreme Court Rules Patients Can Sue Over PHI Disclosure

by Elizabeth Snell

There is a duty of confidentiality between a physician and patient, and patients have the right to sue should unauthorized PHI disclosure take place, according to the Connecticut Supreme Court. In Byrne v. Avery Center for Obstetrics & Gynecology,...

OCR Reiterates HIPAA Guidance for Opioid Crisis Response

by Elizabeth Snell

OCR recently discussed its current tools and initiatives in place to help organizations face the opioid crisis, touching on HIPAA guidance and how the agency is implementing the 21st Century Cures Act. OCR launched two new webpages focused on...

Understanding HIPAA Data Sharing Policies for Better Patient Care

by Elizabeth Snell

Access to electronic health data can help public health agencies work toward improving patient care and addressing community health challenges, according to recent research. However, confusion over HIPAA data sharing policies and how electronic...

Health Data Privacy Concerns Key Influence in PHI Data Sharing

by Elizabeth Snell

Patients might be more willing to participate in PHI data sharing when their health data privacy concerns have been properly addressed, according to a recent study published in the Journal of Medical Internet Research. Providers must understand...

How an Ohio Hospital Avoided a Widespread Ransomware Attack

by Elizabeth Snell

Having the necessary and applicable data security tools in place, along with comprehensive employee education, are critical for ransomware attack prevention measures. Organizations of all sizes need to be aware of the potential threats and be...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks