Healthcare Information Security

HIPAA and Compliance News

Top Reminders for Implementing a HIPAA Contingency Plan

by

Healthcare organizations must ensure they have a current HIPAA contingency plan in place to prepare for all types of adverse events, including natural disasters and cybersecurity attacks, according to the latest OCR Cybersecurity...

Banner Health Data Breach Part of OCR Investigation

by

The 2016 Banner Health data breach is reportedly being investigated by OCR, although it is currently not possible to estimate the range of potential fines from the agency, according to consolidated financial statements. An Ernst &...

Physical Safeguard Need Underlined in Recent VA Privacy Protocols

by

A recent data breach involving old records from hospital patients, employees, and job applicants has led a VA medical center to launch new data privacy protocols. The John J. Pershing VA Medical Center said that it will be improving...

Stakeholders Desire Clarification on Secure Data Exchange in TEFCA

by

ONC must further clarify secure data exchange aspects in its Trusted Exchange Framework and Common Agreement (TEFCA) draft, and also explain how HIPAA regulations will apply, according to industry stakeholders. One of the TEFCA principles...

Amended Data Privacy Law Proposed in Colorado Legislature

by

The Colorado House Committee on State, Veterans, and Military Affairs unanimously approved an amended data privacy law that would require entities to implement “reasonable security procedures” to protect consumers’...

How the FTC Act, HIPAA Privacy Rule Impact Healthcare Orgs

by

Collecting and sharing consumer health information is fairly standard practice for covered entities and their business associates. Organizations must ensure that they remain in compliance with the HIPAA Privacy Rule throughout that entire...

Filefax PHI Disclosure Leads to $100K OCR HIPAA Settlement

by

Filefax, Inc. went out of business in 2017, but that does not mean that an OCR HIPAA settlement can be avoided due to an earlier PHI disclosure, according to OCR. A company that was appointed as a receiver to liquidate Filefax’s...

5 HIPAA Data Breaches Lead to $3.5M OCR Settlement

by

Fresenius Medical Care North America (FMCNA) recently agreed to a $3.5 million OCR settlement following allegations that it committed HIPAA violations on five different occasions at separate FMCNA covered entities. FMCNA provides product...

Why Providers Need a Disaster Recovery Plan for EHR Security

by

Whether healthcare providers are working to prepare for potential natural disasters like hurricanes or manmade cybersecurity issues (i.e., ransomware attacks, insider data breaches) having a disaster recovery plan is essential. Entities...

What Precedent Will Be Set in CareFirst Data Breach Case?

by

The flood gates could potentially be opened for “no-injury class actions arising from virtually every data breach” if the US Supreme Court does not reaffirm the Washington DC circuit court’s decision with the CareFirst...

Amazon HIPAA Compliance Lead Search Indicates Healthcare Focus

by

An Amazon job posting for a HIPAA Compliance Lead potentially indicates that the technology company is looking to expand into the healthcare space. The individual hired for the healthcare privacy and security position will help Amazon in...

CT Supreme Court Rules Patients Can Sue Over PHI Disclosure

by

There is a duty of confidentiality between a physician and patient, and patients have the right to sue should unauthorized PHI disclosure take place, according to the Connecticut Supreme Court. In Byrne v. Avery Center for Obstetrics...

Secure Data Exchange Part of ONC Trusted Exchange Framework Draft

by

ONC issued a Trusted Exchange Framework and Common Agreement draft last week, which is part of the requirements under the 21st Century Cures Act. Ensuring secure data exchange is a key aspect to nationwide interoperability, along with...

Maintain HIPAA Safeguards, Healthcare Cybersecurity on Vacation

by

Healthcare organizations must ensure their staff members take proper cybersecurity precautions, including maintaining HIPAA safeguards, when they are gone for extended periods of time, according to the OCR December 2017 Cybersecurity...

OCR Reiterates HIPAA Guidance for Opioid Crisis Response

by

OCR recently discussed its current tools and initiatives in place to help organizations face the opioid crisis, touching on HIPAA guidance and how the agency is implementing the 21st Century Cures Act. OCR launched two new webpages...

$2.3M OCR Settlement Reached for 21st Century Oncology Data Breach

by

Cancer care services provider 21st Century Oncology (21CO) recently agreed to a $2.3 million OCR settlement, following a 2015 data breach. OCR found in its investigation that 21CO impermissibly disclosed the PHI of 2,213,597 of its...

Understanding HIPAA Data Sharing Policies for Better Patient Care

by

Access to electronic health data can help public health agencies work toward improving patient care and addressing community health challenges, according to recent research. However, confusion over HIPAA data sharing policies and how...

How HIPAA Information Sharing Regulations Impact the Opioid Crisis

by

With the opioid crisis recently declared a nationwide public health emergency, OCR issued guidance on how HIPAA regulations allow providers to participate in information sharing in an effort to improve patient care. There are often...

AHIMA: Patient Data Access Through Patient Portals Increases

by

Eighty-two percent of consumers took advantage of patient data access through a patient portal in 2016, an increase from less than 5 percent who did so in 2013, according to a study from the American Health Information Management...

73 Percent of Medical Professionals Share Passwords for EHR Access

by

A recent study examined the prevalence of password sharing among healthcare providers and found nearly three-quarters of surveyed medical professionals have used another staff member’s password to obtain EHR access at work. The...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks