Recent News

GDPR Data Breach Reporting Requirements

Healthcare organizations are required to report breaches of the personal data of GDPR data subjects, but what are the GDPR data breach reporting requirements? Breaches of the Personal Data of EU Residents Under GDPR, personal data is any information relating to an identified or identifiable data...

Golden Heart Administrative Professionals Ransomware Attack Impacts 44,600 Patients

Golden Heart Administrative Professionals, a Fairbanks, AK-based billing company and business associate of several healthcare providers in Alaska, is notifying 44,600 individuals that some of their protected health information has potentially been accessed by unauthorized individuals as a result of...

FDA Issues New Guidance on Use of EHR Data in Clinical Investigations

The U.S. Food and Drug Administration has released new guidance on the use of EHR data in clinical investigations and the requirement to ensure that appropriate controls are in place to ensure the confidentiality, integrity, and availability of data. While the guidance is non-binding, it provides...

New York Physician Notifies Patients of Exposure of their PHI

A New York physician has started notifying patients that their protected health information has been exposed and has been potentially accessed unauthorized individuals. Ruben U. Carvajal, MD was alerted to a possible privacy breach on January 3, 2018 and was informed that some of his patients’...

Investigation Launched Over Snapchat Photo Sharing at M.M. Ewing Continuing Care Center

Employees of a Canandaigua, NY nursing home have been using their smartphones to take and share images and videos of at least one resident and share the content with others via Snapchat – a violation of HIPAA and a serious violation of patient privacy. The privacy breaches occurred at Thompson...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

FDA Issues New Guidance on Use of EHR Data in Clinical Investigations

The U.S. Food and Drug Administration has released new guidance on the use of EHR data in clinical investigations and the requirement to ensure that appropriate controls are in place to ensure the confidentiality, integrity, and availability of data. While the guidance is non-binding, it provides...

New York Physician Notifies Patients of Exposure of their PHI

A New York physician has started notifying patients that their protected health information has been exposed and has been potentially accessed unauthorized individuals. Ruben U. Carvajal, MD was alerted to a possible privacy breach on January 3, 2018 and was informed that some of his patients’...

Investigation Launched Over Snapchat Photo Sharing at M.M. Ewing Continuing Care Center

Employees of a Canandaigua, NY nursing home have been using their smartphones to take and share images and videos of at least one resident and share the content with others via Snapchat – a violation of HIPAA and a serious violation of patient privacy. The privacy breaches occurred at Thompson...

FDA Issues New Guidance on Use of EHR Data in Clinical Investigations

The U.S. Food and Drug Administration has released new guidance on the use of EHR data in clinical investigations and the requirement to ensure that appropriate controls are in place to ensure the confidentiality, integrity, and availability of data. While the guidance is non-binding, it provides...

June 2018 Healthcare Breach Report

There was a 13.8% month-over-month increase in healthcare data breaches reported in June 2018, although the data breaches were far less severe in June with 42.48% fewer healthcare records exposed or stolen than the previous month. In June there were 33 healthcare data breaches reported to the...

LabCorp Cyberattack Forces Shutdown of Systems: Investigators Currently Determining Scale of Breach

LabCorp, one of the largest clinical laboratories in the United States, has experienced a cyberattack that has potentially resulted in hackers gaining access to patients’ sensitive information; however, data theft appears unlikely as the cyberattack has now been confirmed as being a ransomware...

FDA Issues New Guidance on Use of EHR Data in Clinical Investigations

The U.S. Food and Drug Administration has released new guidance on the use of EHR data in clinical investigations and the requirement to ensure that appropriate controls are in place to ensure the confidentiality, integrity, and availability of data. While the guidance is non-binding, it provides...

Coding Error by EHR Vendor Results in Impermissible Sharing of 150,000 Patients’ Health Data

The UK’s National Health Service (NHS) has announced that approximately 150,000 patients who had opted out of having their health data shared for the purposes of clinical research and planning have had their data shared against their wishes. In the UK, there are two types of opt-outs patients can...

HIMSS Warns of Exploitation of API Vulnerabilities and USB-Based Cyberattacks

HIMSS has released its June Healthcare and Cross-Sector Cybersecurity Report in which healthcare organizations are warned about the risk of exploitation of vulnerabilities in application programming interfaces, man-in the middle attacks, cookie tampering, and distributed denial of service (DDoS)...

Golden Heart Administrative Professionals Ransomware Attack Impacts 44,600 Patients

Golden Heart Administrative Professionals, a Fairbanks, AK-based billing company and business associate of several healthcare providers in Alaska, is notifying 44,600 individuals that some of their protected health information has potentially been accessed by unauthorized individuals as a result of...

New York Physician Notifies Patients of Exposure of their PHI

A New York physician has started notifying patients that their protected health information has been exposed and has been potentially accessed unauthorized individuals. Ruben U. Carvajal, MD was alerted to a possible privacy breach on January 3, 2018 and was informed that some of his patients’...

Investigation Launched Over Snapchat Photo Sharing at M.M. Ewing Continuing Care Center

Employees of a Canandaigua, NY nursing home have been using their smartphones to take and share images and videos of at least one resident and share the content with others via Snapchat – a violation of HIPAA and a serious violation of patient privacy. The privacy breaches occurred at Thompson...

Investigation Launched Over Snapchat Photo Sharing at M.M. Ewing Continuing Care Center

Employees of a Canandaigua, NY nursing home have been using their smartphones to take and share images and videos of at least one resident and share the content with others via Snapchat – a violation of HIPAA and a serious violation of patient privacy. The privacy breaches occurred at Thompson...

Federal Court Rules in Favor of Main Line Health in Age Discrimination Case Over HIPAA Violation

In 2016, Radnor, PA-based Main Line Health Inc., terminated an employee for violating Health Insurance Portability and Accountability Act (HIPAA) Rules by accessing the personal records of a co-worker without authorization on two separate occasions. In such cases, when employee or patient records...

Healthcare Worker Charged with Criminally Violating HIPAA Rules

A former University of Pittsburgh Medical Center patient information coordinator has been indicted by a federal grand jury over criminal violations of HIPAA Rules, according to an announcement by the Department of Justice on June 29, 2018. Linda Sue Kalina, 61, of Butler, Pennsylvania, has been...

Investigation Launched Over Snapchat Photo Sharing at M.M. Ewing Continuing Care Center

Employees of a Canandaigua, NY nursing home have been using their smartphones to take and share images and videos of at least one resident and share the content with others via Snapchat – a violation of HIPAA and a serious violation of patient privacy. The privacy breaches occurred at Thompson...

Unencrypted Hospital Pager Messages Intercepted and Viewed by Radio Hobbyist

Many healthcare organizations have now transitioned to secure messaging systems and have retired their outdated pager systems. Healthcare organizations that have not yet made the switch to secure text messaging platforms should take note of a recent security breach that saw pages from multiple...

Overdose Prevention and Patient Safety Act Passed by House

The Overdose Prevention and Patient Safety Act – H.R. 6082 – aims to ease restrictions on the sharing of health records of patients with addictions, aligning 42 CFR Part 2 – Confidentiality of Substance Use Disorder Patient Records – with HIPAA. Currently, 42 CFR Part 2 only permits the...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

How to Defend Against Insider Threats in Healthcare

One of the biggest data security challenges is how to defend against insider threats in healthcare. Insiders are responsible for more healthcare data breaches than hackers, making the industry unique. Verizon’s Protected Health Information Data Breach Report highlights the extent of the problem....

Former Berkeley Medical Center Worker Gets 5 Years’ Probation for Identity Theft

In federal court on Monday, Chief U.S. District Judge Gina M. Groh sentenced a former Berkeley Medical Center worker to 5 years’ probation for her role in an identity theft scam. In addition to probation, Angela Dawn Roberts, 42, of Stephenson, VA, must pay $22,000 in restitution. Angela Dawn...

Legislation Changes and New HIPAA Regulations in 2018

The policy of two out for every new regulation introduced means there are likely to be few, if any, new HIPAA regulations in 2018. However, that does not mean it will be all quiet on the HIPAA front. HHS’ Office for Civil Rights (OCR) director Roger Severino has indicated there are some HIPAA...

OCR Launches New Tools to Help Address the Opioid Crisis

OCR has launched new tools and initiatives as part of its efforts to help address the opioid crisis in the U.S., and fulfil its obligations under the 21st Century Cures Act. Two new webpages have been released – one for consumers and one for healthcare professionals – that make information...

HHS Seeks Volunteers for HIPAA Administrative Simplification Optimization Project Pilot

The Department of Health and Human Services is running a HIPAA Administrative Simplification Optimization Project Pilot and is currently seeking volunteers to have compliance reviews. The aim of the pilot is to streamline HIPAA compliance reviews for health plans and healthcare...