Healthcare Information Security

HIPAA and Compliance News

OIG Finds Security Risks in NIH Data Sharing Processes, Controls

February 13, 2019 - The Department of Health and Human Services’ Office of the Inspector General discovered risks in the ways the National Institutes of Health shares its sensitive data, including the controls of permitted access to sensitive NIH data. OIG audited NIH to determine whether the biomedical research agency had adequate controls in place around permitting and monitoring access to...


HIPAA Needs Clarity Around Patient Data Sharing, AMIA, AHIMA say


In recommendations to the Department of Health and Human Services, the American Health Information Management Association and American Medical Informatics Association are recommending updates to HIPAA that would both clarify right to...

Email Fraud Attacks on Healthcare Jumped 473% Since 2017


Email fraud attacks on the healthcare sector increased by a whopping 473 percent between the first quarter of 2017 and the fourth quarter of 2017, according to a new report from Proofpoint. Proofpoint analyzed over 160 billion emails sent...

Slack Adds HIPAA-Compliant Features to Enterprise Grid Messaging


Slack recently added HIPAA compliance to its security features, directly related to file uploads. While the compliance is not currently related to communication channels or direct messaging between patients and providers, two sources told...

OCR Settles with Cottage Health for $3M After 2 Patient Data Breaches


California-based Cottage Health settled with the Department of Health and Human Services’ Office for Civil Rights for $3 million and the adoption of a corrective action plan, over two separate security incidents in 2013 and 2015 that...

Wyoming Seeks to Repeal Hospital Privacy Regulation for HIPAA Clarity


Wyoming state senators recently proposed a bill that would clarify regulations around patient privacy in the state. Introduced on Tuesday, the legislation would repeal the state’s Hospital Records Act of 1991, which was designed to...

Community Health Systems Reaches Settlement over 2014 Breach of 4.5M


Tennessee-based Community Health Systems reached a settlement with the 4.5 million patients impacted by its 2014 data breach. CHS operates more than 200 hospitals across the country and is one of the largest hospital networks in the U.S....

Aetna Reaches Settlement with California Over 2017 Privacy Breach


Aetna will pay California $935,000 for its 2017 privacy breach, stemming from a mailing error that inadvertently revealed the HIV-related information of 1,991 Californians and 12,000 total patients by the envelope’s clear...

Illinois Rules Actual Harm Not Required in Biometric Privacy Law


The Illinois Supreme Court ruled on Friday that an individual can bring a lawsuit against an organization that violates the state’s Biometric Information Privacy Act, without alleging actual injury or adverse event. The court ruled...

Could HIPAA be Repealed, Replaced with a Unified Federal Privacy Law?


The Information Technology and Innovation Fund is recommending a repeal of privacy regulations across the U.S., including HIPAA, to replace the patchwork of federal laws with a unified approach. Among its recommendations, ITIF is calling...

DoD Health Agency Security Flaws Put Patient Data at Risk, OIG Finds


The Department of Defense Health Agency (DHA) failed to consistently implement security measures to protect the systems that stored, processed, and transmitted electronic health record and patient information, according to a DoD...

OCR Hiring Deputy Director for Health Information Privacy


The Department of Health and Human Services’ Office for Civil Rights is looking to hire a Deputy Director of Health Information Privacy, according to a job listing posted on January 14. According to the post on USAJOBS, the senior...

Judge Approves Flowers Hospital Settlement over 2014 Data Breach


A federal judge has approved a settlement between Flowers Hospital and the 1,200 patients whose data was stolen from the hospital in 2014, according to Alabama news station WTVY. The Alabama-based provider will pay the victims up to...

Avery Center to Pay Patient $853K for Impermissible Data Disclosure


The Bridgeport Superior Court ruled the Avery Center of Obstetrics and Gynecology must pay a former Connecticut resident $853,000, for releasing the woman’s medical records to her past boyfriend without her consent. The lawsuit,...

LifeBridge Health Sued over Data Breach of 530,000 Patients


A class-action lawsuit was filed against Baltimore-based LifeBridge Health on Thursday over its 2016 health data breach, disclosed to the public in May 2018. According to the release, law firm Murphy, Falcon and Murphy filed the statewide...

McLean Hospital Pays Massachusetts $75,000 for 2015 Breach


Belmont, Massachusetts-based McLean Hospital settled with the state over its 2015 data breach, agreeing to implement new security and training and pay $75,000. The settlement will resolve claims the psychiatric hospital exposed the data...

Blockchain, HIPAA Regulation Lead Top 10 Stories of 2018


Throughout the year, healthcare privacy, security and cybersecurity have a remained a crucial part of boardroom discussions, determining how best to proceed in an ever-evolving threat landscape. Those conversations will continue to...

HHS, OCR Seek Industry Feedback on HIPAA Update for Data Sharing


The Department of Health and Human Service and the Office for Civil Rights are seeking industry feedback on how to improve HIPAA guidance, especially around care coordination. The OCR Request for Information comes in response to an...

OCR Settles with Colorado Provider for $111,000 over HIPAA Failures


The Department of Health and Human Services’ Office for Civil Rights settled with Pagosa Springs Medical Center for $111,400, for failing to terminate a former employee’s access to electronic protected health...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...