Healthcare Information Security

HIPAA and Compliance News

OCR Newsletter Reviews Healthcare Cybersecurity Best Practices

by

Even the most current and comprehensive security controls cannot guarantee that PHI security will never be compromised, which is why healthcare cybersecurity best practices should be regularly reviewed. OCR’s May cybersecurity newsletter...

PHI Data Breach Leads to $387K OCR HIPAA Settlement

by

St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) settled alleged HIPAA violations from a PHI data breach by paying $387,000 in an OCR HIPAA settlement. Formerly Spencer Cox Center for Health (the Spencer Cox Center), New York-based...

Memorial Hermann Agrees to $2.4M OCR HIPAA Settlement

by

Texas-based Memorial Hermann Health System (MHHS) recently agreed to a $2.4 million OCR HIPAA settlement following multiple allegations of inappropriate PHI disclosure. OCR conducted a compliance review after numerous media reports claimed that...

NM Supreme Court to Review Alleged HIPAA Violation Case

by

A New Mexico district court mostly denied a motion to dismiss a case alleging HIPAA violations last Friday, and the state Supreme Court will now consider HIPAA’s scope in relation to the case. District Judge Judith C. Herrera denied...

NJ Psychologist to Fight HIPAA Violation Allegations

by

New Jersey-based psychologist Dr. Barry Helfmann has been accused of failing to prevent patient mental health diagnoses and treatment details from being released. The alleged HIPAA violations reportedly occurred when Helfmann’s practice...

Lack of Business Associate Agreement Equals $31K Settlement

by

The Center for Children’s Digestive Health (CCDH) recently settled potential HIPAA violations by not having a business associate agreement in place, and paid OCR $31,000. The Illinois-based healthcare provider underwent an OCR compliance...

Mobile Security at Center of $2.5M OCR HIPAA Settlement

by

The latest OCR HIPAA settlement was the first of its kind for a wireless health services provider, following allegations of ePHI disclosure due to a stolen laptop. Pennsylvania-based CardioNet provides remote mobile monitoring of and rapid response...

2017 OCR HIPAA Settlements Focus on Risk Analyses, Safeguards

by

Maintaining PHI security must remain a top priority for covered entities and business associates year-round. Lackluster safeguards and irregular risk analyses can lead to potential data security issues, and even an OCR HIPAA settlement. With...

Judge Says HIPAA Regulations Do Not Apply in Organ Donor Case

by

Patient records from the New York Organ Donor Network are not liable to HIPAA regulations, according to a recent New York Supreme Court ruling. A former network official claimed that four patients had not yet been declared legally dead before...

Health Center Agrees to $400K OCR HIPAA Settlement

by

Failing to conduct a risk analysis and not implementing a corresponding risk management plan to address found risks and vulnerabilities were part of the reasoning behind the latest OCR HIPAA settlement. Metro Community Provider Network (MCPN)...

AMIA Calls for HIPAA Clarification in mHealth Patient Data

by

While mHealth applications can help bridge the health IT gap between providers and patients, greater HIPAA clarification and even an expansion of the rules may be necessary, according to the American Medical Informatics Association (AMIA). AMIA...

Preparing for an OCR HIPAA Risk Assessment Audit

by

While healthcare organizations should not panic over the idea of a potential HIPAA audit or risk assessment, they should ensure that their privacy and security measures are comprehensive and current. This will not only keep sensitive data, such...

Administrative Safeguard Need Highlighted in PA Indictment

by

Healthcare organizations must ensure that they have comprehensive and regularly updated administrative safeguards, such as user authentication measures and proper access control. A failure to have these in place, or having outdated ones, could...

How Do HIPAA Regulations Apply to Wearable Devices?

by

Both covered entities and business associates should be well-aware of the OCR HIPAA audit program, especially as Phase 2 has been underway for several months now. However, as technology continues to evolve, there are also several areas that could...

Expanding Beyond HIPAA Audit Prep for Information Governance

by

Earlier this month, the American Health Information Management Association (AHIMA) published its newest toolkit to assist organizations in preparing for HIPAA audits. The “External HIPAA Audit Readiness Toolkit” addresses...

Audit Controls Underlined in $5.5M OCR HIPAA Settlement

by

UPDATE: Memorial Healthcare System sent comments to HealthITSecurity.com on February 17.  Florida-based Memorial Healthcare Systems (MHS) recently agreed to a $5.5 million OCR HIPAA settlement, stemming from incidents that were reported...

Lawsuit Filed to Avoid Potential Health Data Exposure Fines

by

A Wisconsin-based publishing company recently filed a lawsuit claiming that it is being exposed to potential liability for unauthorized exposure of individuals’ personal health data. The concern over possible health information exposure...

Children’s Medical Center Issued $3.2M OCR HIPAA Penalty

by

Children’s Medical Center of Dallas (Children’s) was recently given an OCR HIPAA civil money penalty due to ePHI disclosure and several years of HIPAA non-compliance, according to a Department of Health and Human Services (HHS) release....

Considering HIPAA Privacy Rule with Mental Health Data

by

The permitted uses and disclosures of PHI in the HIPAA Privacy Rule were key considerations in a recently passed bill package, which included reforms for patients being treated for mental health conditions. The Helping Families in Mental Health...

$2.2M OCR HIPAA Settlement Highlights ePHI Safeguard Need

by

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced a HIPAA settlement stemming from allegations of a lack of ePHI safeguards. MAPFRE Life Insurance Company of Puerto Rico (MAPFRE) agreed to the...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks