Recent News

Brooklyn Emergency Room Worker Accused of Stealing and Selling Patients’ PHI

A former employee of the emergency department of Brooklyn’s Kings County Hospital is alleged to have stolen the protected health information of at least 100 individuals while working at the hospital and disclosed that information to another individual using an encrypted smartphone app. Orlando...

Mailing Vendor Blamed for Blue Cross and Blue Shield of Rhode Island Privacy Breach

Blue Cross and Blue Shield of Rhode Island (BCBSRI) is alerting 1,567 plan members that some of their protected health information has been impermissibly disclosed by one of its business associates. A BCBSRI vendor was contracted to sent explanation of benefits statements to plan members which...

California Consumer Privacy Act Amendment Confirms HIPAA-Covered Entities Exempt

In June 2018, the legislature in California passed the California Consumer Privacy Act (CCPA) which introduced major changes to state law to protect the privacy of consumers. CCPA introduced new privacy protections and rights for consumers, several of which are similar to those introduced in Europe...

FDA to Increase Scrutiny of Medical Device Cybersecurity

The Department of Health and Human Services’ Office of Inspector General (OIG) has released a report which recommends the Food and Drug Administration (FDA) should scrutinize medical device cybersecurity controls more closely and more fully integrate cybersecurity into the premarket review...

Independence Blue Cross Notifies 17,000 Members of Online Exposure of Their PHI

Independence Blue Cross is notifying thousands of plan members that some of their protected health information has been exposed online and has potentially been accessed by unauthorized individuals. The Independence Blue Cross privacy office was informed about the exposed information on July 19 and...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

California Consumer Privacy Act Amendment Confirms HIPAA-Covered Entities Exempt

In June 2018, the legislature in California passed the California Consumer Privacy Act (CCPA) which introduced major changes to state law to protect the privacy of consumers. CCPA introduced new privacy protections and rights for consumers, several of which are similar to those introduced in Europe...

CMS: Fairview Southdale Hospital Videotaped Patients Without Knowledge or Consent

The HHS’ Centers for Medicare and Medicaid Services (CMS) has investigated Fairview Southdale Hospital in Edina, MN over an alleged violation of patient privacy and discovered that some patients were videotaped during psychiatric evaluations in the emergency department without their knowledge or...

Texas Nurse Fired for Social Media HIPAA Violation

A nurse at a Texas children’s hospital has been fired for violating Health Insurance Portability and Accountability Act (HIPAA) Rules by posting protected health information on a social media website. The pediatric ICU/ER nurse worked at Texas Children’s Hospital and posted a series of comments...

California Consumer Privacy Act Amendment Confirms HIPAA-Covered Entities Exempt

In June 2018, the legislature in California passed the California Consumer Privacy Act (CCPA) which introduced major changes to state law to protect the privacy of consumers. CCPA introduced new privacy protections and rights for consumers, several of which are similar to those introduced in Europe...

FDA to Increase Scrutiny of Medical Device Cybersecurity

The Department of Health and Human Services’ Office of Inspector General (OIG) has released a report which recommends the Food and Drug Administration (FDA) should scrutinize medical device cybersecurity controls more closely and more fully integrate cybersecurity into the premarket review...

Healthcare Organizations Reminded of Importance of Securing Electronic Media and Devices Containing ePHI

In its August 2018 cybersecurity newsletter, the Department of Health and Human Services’ Office for Civil Rights has reminded HIPAA-covered entities of the importance of implementing physical, technical, and administrative safeguards to ensure the confidentiality, integrity, and availability of...

Final Participation Request: Emergency Preparedness Survey

Do you want to help determine the state of emergency preparedness in healthcare? Over 100 HIPAA Journal readers have already participated in this survey and this is the last chance to contribute by completing this short anonymous survey on emergency preparedness and security communications...

Healthcare Organizations Reminded of Importance of Securing Electronic Media and Devices Containing ePHI

In its August 2018 cybersecurity newsletter, the Department of Health and Human Services’ Office for Civil Rights has reminded HIPAA-covered entities of the importance of implementing physical, technical, and administrative safeguards to ensure the confidentiality, integrity, and availability of...

NIST Finalizes Guidance on Securing Wireless Infusion Pumps in Healthcare Delivery Organizations

The National Cybersecurity Center of Excellence (NCCoE) and the National Institute of Standards and Technology (NIST) have released the final version of the NIST Cybersecurity Practice Guide for Securing Wireless Infusion Pumps in healthcare delivery organizations. Wireless infusion pumps are no...

Brooklyn Emergency Room Worker Accused of Stealing and Selling Patients’ PHI

A former employee of the emergency department of Brooklyn’s Kings County Hospital is alleged to have stolen the protected health information of at least 100 individuals while working at the hospital and disclosed that information to another individual using an encrypted smartphone app. Orlando...

Mailing Vendor Blamed for Blue Cross and Blue Shield of Rhode Island Privacy Breach

Blue Cross and Blue Shield of Rhode Island (BCBSRI) is alerting 1,567 plan members that some of their protected health information has been impermissibly disclosed by one of its business associates. A BCBSRI vendor was contracted to sent explanation of benefits statements to plan members which...

Independence Blue Cross Notifies 17,000 Members of Online Exposure of Their PHI

Independence Blue Cross is notifying thousands of plan members that some of their protected health information has been exposed online and has potentially been accessed by unauthorized individuals. The Independence Blue Cross privacy office was informed about the exposed information on July 19 and...

CMS: Fairview Southdale Hospital Videotaped Patients Without Knowledge or Consent

The HHS’ Centers for Medicare and Medicaid Services (CMS) has investigated Fairview Southdale Hospital in Edina, MN over an alleged violation of patient privacy and discovered that some patients were videotaped during psychiatric evaluations in the emergency department without their knowledge or...

Texas Nurse Fired for Social Media HIPAA Violation

A nurse at a Texas children’s hospital has been fired for violating Health Insurance Portability and Accountability Act (HIPAA) Rules by posting protected health information on a social media website. The pediatric ICU/ER nurse worked at Texas Children’s Hospital and posted a series of comments...

Hurricane Florence: OCR Issues Guidance on Appropriate Sharing of Health Information

On Wednesday, September 12, 2018, President Trump approved a request for a federal emergency declaration in the state of Virginia and made FEMA resources available for the state. The Secretary of the U.S. Department of Health and Human Services, Alex Azar, has also declared a Public Health...

California Consumer Privacy Act Amendment Confirms HIPAA-Covered Entities Exempt

In June 2018, the legislature in California passed the California Consumer Privacy Act (CCPA) which introduced major changes to state law to protect the privacy of consumers. CCPA introduced new privacy protections and rights for consumers, several of which are similar to those introduced in Europe...

Hurricane Florence: OCR Issues Guidance on Appropriate Sharing of Health Information

On Wednesday, September 12, 2018, President Trump approved a request for a federal emergency declaration in the state of Virginia and made FEMA resources available for the state. The Secretary of the U.S. Department of Health and Human Services, Alex Azar, has also declared a Public Health...

HHS Secretary Alex Azar Promises Reforms to Federal Health Privacy Rules

At a July 27 address at The Heritage Foundation, Secretary of the Department of Health and Human Services (HHS), Alex Azar, explained that the HHS will be undertaking several updates to health privacy regulations over the coming months, including updates to the Health Insurance Portability and...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

How to Defend Against Insider Threats in Healthcare

One of the biggest data security challenges is how to defend against insider threats in healthcare. Insiders are responsible for more healthcare data breaches than hackers, making the industry unique. Verizon’s Protected Health Information Data Breach Report highlights the extent of the problem....

Former Berkeley Medical Center Worker Gets 5 Years’ Probation for Identity Theft

In federal court on Monday, Chief U.S. District Judge Gina M. Groh sentenced a former Berkeley Medical Center worker to 5 years’ probation for her role in an identity theft scam. In addition to probation, Angela Dawn Roberts, 42, of Stephenson, VA, must pay $22,000 in restitution. Angela Dawn...

HHS Secretary Alex Azar Promises Reforms to Federal Health Privacy Rules

At a July 27 address at The Heritage Foundation, Secretary of the Department of Health and Human Services (HHS), Alex Azar, explained that the HHS will be undertaking several updates to health privacy regulations over the coming months, including updates to the Health Insurance Portability and...

Legislation Changes and New HIPAA Regulations in 2018

The policy of two out for every new regulation introduced means there are likely to be few, if any, new HIPAA regulations in 2018. However, that does not mean it will be all quiet on the HIPAA front. HHS’ Office for Civil Rights (OCR) director Roger Severino has indicated there are some HIPAA...

OCR Launches New Tools to Help Address the Opioid Crisis

OCR has launched new tools and initiatives as part of its efforts to help address the opioid crisis in the U.S., and fulfil its obligations under the 21st Century Cures Act. Two new webpages have been released – one for consumers and one for healthcare professionals – that make information...