Healthcare Information Security

HIPAA and Compliance News

OCR Guidance Tackles PHI Research Use Under HIPAA Privacy Rule

June 15, 2018 - OCR has issued new guidance on the HIPAA Privacy Rule that explains certain requirements for an authorization to use or disclose PHI for research and clarifies aspects of the individual’s right to revoke an authorization. The guidance implements a mandate in the 21st Century Cures Act of 2016, which is designed to speed up the drug approval process and improve medical research, to streamline...


Articles

HIPAA Security Rule Risk Analysis Remains Source of Confusion

by

Widespread confusion in the healthcare industry continues to persist about OCR risk analysis requirements under the HIPAA Security Rule, according to legal experts David Gacioch and Edward Zacharias of McDermott Will & Emery. Failure to perform...

New York Suspends Nurse for HIPAA Violation Affecting 3K Patients

by

The state of New York has suspended Martha Smith-Lightfoot, a former nurse at the University of Rochester Medical Center (URMC), for a HIPAA violation. Smith-Lightfoot admitted to disclosing PHI when she took a list of more than 3,000 patients...

Did EMS Worker Commit HIPAA Violation With Facebook Post?

by

Did an emergency medical services (EMS) worker in Roane County, Tennessee, commit a HIPAA violation with a Facebook post that described the peculiar location of an emergency response—a chicken coop? The EMS worker was part of a team...

HIPAA Security Rule Requires Physical Security of Equipment

by

While most HIPAA Security Rule violations involve electronic data breaches, healthcare providers and business associates could also face a violation for failing to physically secure computers and other equipment holding PHI. The HIPAA Security...

Judge Upholds Doc’s Conviction for Criminal HIPAA Violation

by

US District Judge Mark G. Mastroianni upheld May 16 a federal jury’s earlier conviction of Rita Luthra, a Springfield, Massachusetts-based gynecologist, for a criminal HIPAA violation and obstructing a criminal healthcare investigation. ...

Steward Must Satisfy Jury Doc Got Sacked for HIPAA Violation

by

A Massachusetts federal judge ruled May 16 that Boston-based Steward Healthcare System must convince a jury that it fired a psychiatrist for an alleged HIPAA violation, not in retaliation for his taking disability leave after contracting pneumonia,...

OCR To Share HIPAA Data Breach Settlements With Victims

by

OCR is proposing to share a percentage of HIPAA data breach settlements with victims, as required by the HITECH law. In the HHS semiannual regulatory agenda, OCR said it is soliciting the public’s view on establishing a methodology for...

Does EHR Patient Access Fall Short of HIPAA Compliance?

by

Patients and healthcare organizations face numerous challenges when providing EHR patient access for HIPAA compliance, according to a report released May 14 by the Government Accountability Office (GAO). Among the challenges faced by patients...

Amazon’s Alexa Healthcare Team Bones Up on HIPAA Compliance

by

Amazon is becoming very familiar with HIPAA compliance requirements as part of its effort to expand the Alexa digital assistant’s role in providing healthcare information and advice, CNBC is reporting. Amazon has set up a health and wellness...

Navy, USAF Could Face HIPAA Violation Fines for Lax EHR Security

by

The US Navy and US Air Force have poor security practices for their electronic health record (EHR) systems and could face millions of dollars in HIPAA violation fines if action is not taken to correct these problems, warned the Department of...

House Debates Bill to Align SUD Rules with HIPAA Privacy Rule

by

Supporters and opponents of a bill that would align privacy protections for substance use disorder (SUD) patients with the HIPAA Privacy Rule faced off during a May 8 hearing of the House Energy and Commerce Committee’s health subcommittee....

Massachusetts Physician Convicted of Criminal HIPAA Violation

by

A federal jury has convicted Rita Luthra, a Springfield, Massachusetts-based gynecologist, of a criminal HIPAA violation and obstructing a criminal healthcare investigation, US Department of Justice (DoJ) announced April 30. DoJ alleged that...

Gap Analysis Not Enough for HIPAA Security Rule, Says OCR

by

A gap analysis can be used to discover where problems exist in securing electronic protected health information (ePHI), but it is not a substitute for a comprehensive risk analysis required by the HIPAA Security Rule, the Office for Civil Rights...

Employee Fired for HIPAA Violation Gets Personal Data from Agency

by

Tracy Ryans, a former employee of the Texas Health and Human Services Commission fired for an alleged HIPAA violation, recently received a box full of state assistance applications chock full of personal information from her former employer,...

Likely Ransomware Attack Exposes 85K Patient Records in CA

by

California-based Center for Orthopaedic Specialists (COS) admitted that a recent cybersecurity incident, which was described similar to a ransomware attack, succeeded in encrypting 85,000 patient records. “The patient data that was encrypted...

Senate Bill Has Version of Jessie’s Law, Not Aligned with HIPAA Privacy Rule

by

The Senate Health, Education, Labor and Pensions Committee this week passed the Opioid Crisis Response Act of 2018 (S 2680) with a broad range of measures to combat the opioid epidemic, including a version of Jessie’s Law that allows for...

HIPAA Compliance Gap Between Compliance Officers, Regulators

by

There is a large gap between the priorities of healthcare compliance officers and regulators when it comes to HIPAA compliance, according to a survey of 388 healthcare organizations by SAI Global and Strategic Management Services. Healthcare...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks