Healthcare Information Security

HIPAA and Compliance News

HIPAA Compliance Gap Between Compliance Officers, Regulators

April 20, 2018 - There is a large gap between the priorities of healthcare compliance officers and regulators when it comes to HIPAA compliance, according to a survey of 388 healthcare organizations by SAI Global and Strategic Management Services. Healthcare compliance pros said that compliance with the HIPAA Security and Privacy rules is their highest priority, while the regulators at the HHS Office of the...


FTC ‘Misconduct’ Charges Loom as Uber Health Service Launches


Uber is being hit with additional federal penalties for “misconduct” in not reporting a major 2016 data breach at a time when it is launching its Uber Health service, which the ride-sharing company pledges will be HIPAA compliant....

Virtua To Pay NJ $418,000 for HIPAA Violation


Virtua Medical Group has agreed to pay a $418,000 fine and to beef up its data security in a settlement with the New Jersey government over allegations that it failed to protect patient data of more than 1,650 individuals, resulting in a HIPAA...

Proper Paper Records Disposal Necessary for PHI Data Security


Even as healthcare providers are increasingly implementing EHRs and patient data is being transferred to electronic form, organizations cannot overlook PHI data security measures with their paper records. Researchers at Toronto's St. Michael's...

Top Reminders for Implementing a HIPAA Contingency Plan


Healthcare organizations must ensure they have a current HIPAA contingency plan in place to prepare for all types of adverse events, including natural disasters and cybersecurity attacks, according to the latest OCR Cybersecurity Newsletter....

Banner Health Data Breach Part of OCR Investigation


The 2016 Banner Health data breach is reportedly being investigated by OCR, although it is currently not possible to estimate the range of potential fines from the agency, according to consolidated financial statements. An Ernst & Young year-end...

Physical Safeguard Need Underlined in Recent VA Privacy Protocols


A recent data breach involving old records from hospital patients, employees, and job applicants has led a VA medical center to launch new data privacy protocols. The John J. Pershing VA Medical Center said that it will be improving its...

Stakeholders Desire Clarification on Secure Data Exchange in TEFCA


ONC must further clarify secure data exchange aspects in its Trusted Exchange Framework and Common Agreement (TEFCA) draft, and also explain how HIPAA regulations will apply, according to industry stakeholders. One of the TEFCA principles discusses...

Amended Data Privacy Law Proposed in Colorado Legislature


The Colorado House Committee on State, Veterans, and Military Affairs unanimously approved an amended data privacy law that would require entities to implement “reasonable security procedures” to protect consumers’ personal...

How the FTC Act, HIPAA Privacy Rule Impact Healthcare Orgs


Collecting and sharing consumer health information is fairly standard practice for covered entities and their business associates. Organizations must ensure that they remain in compliance with the HIPAA Privacy Rule throughout that entire process,...

Filefax PHI Disclosure Leads to $100K OCR HIPAA Settlement


Filefax, Inc. went out of business in 2017, but that does not mean that an OCR HIPAA settlement can be avoided due to an earlier PHI disclosure, according to OCR. A company that was appointed as a receiver to liquidate Filefax’s assets...

5 HIPAA Data Breaches Lead to $3.5M OCR Settlement


Fresenius Medical Care North America (FMCNA) recently agreed to a $3.5 million OCR settlement following allegations that it committed HIPAA violations on five different occasions at separate FMCNA covered entities. FMCNA provides product and...

Why Providers Need a Disaster Recovery Plan for EHR Security


Whether healthcare providers are working to prepare for potential natural disasters like hurricanes or manmade cybersecurity issues (i.e., ransomware attacks, insider data breaches) having a disaster recovery plan is essential. Entities of all...

What Precedent Will Be Set in CareFirst Data Breach Case?


The flood gates could potentially be opened for “no-injury class actions arising from virtually every data breach” if the US Supreme Court does not reaffirm the Washington DC circuit court’s decision with the CareFirst data...

Amazon HIPAA Compliance Lead Search Indicates Healthcare Focus


An Amazon job posting for a HIPAA Compliance Lead potentially indicates that the technology company is looking to expand into the healthcare space. The individual hired for the healthcare privacy and security position will help Amazon in a “new...

CT Supreme Court Rules Patients Can Sue Over PHI Disclosure


There is a duty of confidentiality between a physician and patient, and patients have the right to sue should unauthorized PHI disclosure take place, according to the Connecticut Supreme Court. In Byrne v. Avery Center for Obstetrics & Gynecology,...

Secure Data Exchange Part of ONC Trusted Exchange Framework Draft


ONC issued a Trusted Exchange Framework and Common Agreement draft last week, which is part of the requirements under the 21st Century Cures Act. Ensuring secure data exchange is a key aspect to nationwide interoperability, along with building...

Maintain HIPAA Safeguards, Healthcare Cybersecurity on Vacation


Healthcare organizations must ensure their staff members take proper cybersecurity precautions, including maintaining HIPAA safeguards, when they are gone for extended periods of time, according to the OCR December 2017 Cybersecurity Newsletter....

OCR Reiterates HIPAA Guidance for Opioid Crisis Response


OCR recently discussed its current tools and initiatives in place to help organizations face the opioid crisis, touching on HIPAA guidance and how the agency is implementing the 21st Century Cures Act. OCR launched two new webpages focused on...

$2.3M OCR Settlement Reached for 21st Century Oncology Data Breach


Cancer care services provider 21st Century Oncology (21CO) recently agreed to a $2.3 million OCR settlement, following a 2015 data breach. OCR found in its investigation that 21CO impermissibly disclosed the PHI of 2,213,597 of its patients and...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...