Healthcare Information Security


Why Protecting PHI Must Be Top a Priority for the IRS

by Elizabeth Snell

The IRS must work harder to keep PHI protected, according to a report by the Treasury Inspector General for Tax Administration. While the Internal Revenue Service (IRS) is authorized to disclose limited tax information to the HIEs and...

Potential Health Data Breach, 40,000 Patient Records Stolen

by Elizabeth Snell

A New Jersey doctor’s storage shed was reportedly broken into and 40,000 patient records were stolen. The case of a potential health data breach in New Jersey has grown stranger throughout the week. On Tuesday, Dr. Nisar A....

Healthcare Data Breach News: Pa. Server Hacked; Records Found Dumped

by Elizabeth Snell

A Pennsylvania healthcare service said it had a potential data breach incident and medical records were also found outside a Michigan facility. A Pennsylvania healthcare service confirmed last week that it had a data breach incident...

AMA: MU Secure Messaging Criteria Should Be Optional

by Elizabeth Snell

Meaningful Use secure messaging was one of several issues discussed in a blueprint created by the American Medical Association last week. The Centers for Medicare and Medicaid Services (CMS) should make the...

‘Small Number’ Of Laptops With PHI Missing From Ambulances

by Elizabeth Snell

Over a period of approximately three years, a “small number” of laptops have gone missing from ambulances in the Dallas area. The laptops in question disappeared between January 1, 2011, and August 29, 2014, according to the Dallas...

Laptop With PHI Stolen From Ga. Health Employee’s Car

by Elizabeth Snell

The Georgia Department of Behavioral Health and Developmental Disabilities (DBHDD) announced earlier this week that a laptop containing protected health information (PHI) of approximately 3,000 patients was stolen from an employee’s car...

Will New ‘Poodle’ Web Threat Affect Health Data Security?

by Elizabeth Snell

Cyber security is crucial for many organizations, and the healthcare industry is no different. While the most recent discovery of a security bug in numerous types of web encryption technology is not seen as serious as past threats, it’s...

Protecting against Healthcare Data Breaches: Failed Physical Safeguards

by Elizabeth Snell

Data breaches are something that the healthcare industry is continuously working to prevent. However, computer hackers and malware attacks are often the first things that come to mind as being associated with healthcare data breaches....

How valuable are medical records to identity thieves?

by Elizabeth Snell

Social security numbers and credit card numbers are often thought of as key pieces of information for thieves to have in terms of identity theft, but recent reports show that there is something worth a lot more floating around in...

Johns Hopkins reaches preliminary privacy breach agreement

by Patrick Ouellette

More than a year after patients filed a potential class action lawsuit against Johns Hopkins Medicine following a privacy breach, the hospital has reached a preliminary $190 million settlement. For background, former Johns Hopkins...

Penn State Hershey Medical Center alerts 1,801 patients of breach

by Patrick Ouellette

Penn State Milton S. Hershey Medical Center began alerting 1,801 patients last week that an employee had accessed clinical data without having proper IT security protections in place. According to the Penn State statement, the employee, a...

Mitigating common healthcare cloud IT security issues

by Sal Ramanan CISSP

Cyber security threats in the healthcare industry are continually on the rise and the value of an identity data set is about $50 per patient record. So what can healthcare providers do to avoid these attacks? If you look at the recent...

FTC to define data security principles in LabMD case

by Patrick Ouellette

For good reason, healthcare organizations are weary of potential fines and audits coming from the Department of Health and Human Services (HHS) and Office for Civil Rights. But the ongoing Federal Trade Commission (FTC) v. LabMD lawsuit...

Boulder Community Health reviews paper PHI record exposure

by Patrick Ouellette

After a reported HIPAA violation, Boulder Community Health (BCH) of Colorado is in the process of investigating its third patient data breach since 2008, according to The Daily Camera. The context of the breach is a bit bizarre in that,...

Employees file class suit against UPMC following data breach

by Patrick Ouellette

Employees affected by the University of Pittsburgh Medical Center (UPMC) data breach have filed a class action lawsuit against UPMC and its payroll vendor, Ultimate Software Group. The suit says that UPMC and the vendor breached its duty...

OCR dismisses Walgreens ‘Well Experience’ HIPAA complaint

by Patrick Ouellette

The Office for Civil Rights (OCR) has officially completed its investigation into the Walgreens “Well Experience” program and dismissed the complaint filed by the activist group, Change to Win (CtW), after finding CtW’s patient...

Molina Healthcare contractor mail error exposes patient data

by Patrick Ouellette

Molina Healthcare, a multi-state healthcare organization, reported on Friday that a postcard mailing error in March had resulted in 5,261 former members’ Social Security numbers being inadvertently exposed. According to the...

UMass Memorial Medical sends out patient data breach notices

by Patrick Ouellette

After taking nearly two months to flesh out a patient data breach involving inappropriate internal access, UMass Memorial Medical Center (UMMMC) of Worcester, Mass. announced this week that it had alerted more than 2,400 affected patients...

Centura Health alerts 1,000 patients of phishing attack

by Patrick Ouellette

A data breach involving Mercy Regional Medical Center of Durango, Colo. exemplifies the stark reality that phishing attacks have become more complex and difficult for even the most shrewd of users to pick out. Mercy employees, according...

Boston Medical Center transcription service exposes PHI

by Patrick Ouellette

Once it learned that 15,000 patients’ data had been exposed on its transcription service vendor’s website, Boston Medical Center (BMC) fired MDF Transcription Services and has sent breach notification letters to patients. The...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...