Recent News

American Osteopathic Association Notifies 27,500 Individuals About June 2020 Data Theft Incident

Approximately 27,500 individuals are being notified that some of their personal information has been stolen in a cyberattack on the American Osteopathic Association (AOA). AOA is a Chicago-based professional organization that represents around 151,000 osteopathic physicians and medical students...

MITRE Launches Centers to Protect Critical Infrastructure and Public Health

MITRE has launched two new organizations which have been tasked with addressing critical healthcare challenges and improving cybersecurity to better protect critical infrastructure. MITRE is a nonprofit organization that manages federally funded research and development centers to support...

New Jersey Infertility Clinic Settles Data Breach Investigation with State and Pays $495,000 Penalty

A New Jersey infertility clinic accused of violating HIPAA and New Jersey laws by failing to implement appropriate cybersecurity measures has settled the investigation with the state and will pay a $495,000 penalty. Millburn, NJ-based Diamond Institute for Infertility and Menopause, LLC (Diamond)...

350,000 Patients of ReproSource Fertility Diagnostics Affected by Ransomware Attack

Malborough, MA-based ReproSource Fertility Diagnostics has suffered a ransomware attack in which hackers gained access to systems containing the protected health information of approximately 350,000 patients. ReproSource is a leading laboratory for reproductive health that is owned by Quest...

Premier Patient Health Care Alerts Patients About Insider Data Breach

Carrollton, TX-based Premier Patient Health Care has discovered the protected health information of 37,636 patients has been obtained by an unauthorized individual in an insider wrongdoing incident. Premier Patient Health Care is an Accountable Care Organization (ACO) that works with physicians to...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

American Osteopathic Association Notifies 27,500 Individuals About June 2020 Data Theft Incident

Approximately 27,500 individuals are being notified that some of their personal information has been stolen in a cyberattack on the American Osteopathic Association (AOA). AOA is a Chicago-based professional organization that represents around 151,000 osteopathic physicians and medical students...

New Jersey Infertility Clinic Settles Data Breach Investigation with State and Pays $495,000 Penalty

A New Jersey infertility clinic accused of violating HIPAA and New Jersey laws by failing to implement appropriate cybersecurity measures has settled the investigation with the state and will pay a $495,000 penalty. Millburn, NJ-based Diamond Institute for Infertility and Menopause, LLC (Diamond)...

Cybersecurity Awareness Month: Fight the Phish!

According to the Verizon Data Breach Investigations Report, phishing accounted for around 80% of all reported phishing attacks in 2019 and since the pandemic began in 2020 phishing attacks and associated scams have been thriving. In 2020, 74% of US organizations experienced a successful phishing...

MITRE Launches Centers to Protect Critical Infrastructure and Public Health

MITRE has launched two new organizations which have been tasked with addressing critical healthcare challenges and improving cybersecurity to better protect critical infrastructure. MITRE is a nonprofit organization that manages federally funded research and development centers to support...

New Jersey Infertility Clinic Settles Data Breach Investigation with State and Pays $495,000 Penalty

A New Jersey infertility clinic accused of violating HIPAA and New Jersey laws by failing to implement appropriate cybersecurity measures has settled the investigation with the state and will pay a $495,000 penalty. Millburn, NJ-based Diamond Institute for Infertility and Menopause, LLC (Diamond)...

Insider Threat Self-Assessment Tool Released by CISA

Public and private sector organizations have a new tool to help them assess their level of vulnerability to insider threats. The new Insider Threat Risk Mitigation Self-Assessment Tool has been created by the Cybersecurity and Infrastructure Security Agency (CISA) to help users further their...

KLAS Research: Clinical Communication Platforms Improve Efficiency in Healthcare

The recently published 2021 KLAS Clinical Communication Platform Report has confirmed clinical communication platforms improve efficiency in healthcare, streamline communication across most areas of hospitals, and lead to concrete outcomes, with improvements to clinical communication the biggest...

NSA/CISA Issue Guidance on Selecting Secure VPN Solutions and Hardening Security

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued new guidance on selecting and improving the security of Virtual Private Networks (VPN) solutions. VPN solutions allow remote workers to securely connect to business networks. Data traffic...

FTC Tells Developers of Health Apps and Wearable Devices to Notify Individuals About Data Breaches

Developers of health apps and wearable devices such as fitness trackers that collect health data have been warned by the Federal Trade Commission (FTC) that they are required to comply with the FTC Health Breach Notification Rule and must notify consumers about data breaches. The FTC Health Breach...

350,000 Patients of ReproSource Fertility Diagnostics Affected by Ransomware Attack

Malborough, MA-based ReproSource Fertility Diagnostics has suffered a ransomware attack in which hackers gained access to systems containing the protected health information of approximately 350,000 patients. ReproSource is a leading laboratory for reproductive health that is owned by Quest...

Premier Patient Health Care Alerts Patients About Insider Data Breach

Carrollton, TX-based Premier Patient Health Care has discovered the protected health information of 37,636 patients has been obtained by an unauthorized individual in an insider wrongdoing incident. Premier Patient Health Care is an Accountable Care Organization (ACO) that works with physicians to...

Elekta Faces Class Action Lawsuit over Ransomware Attack and Data Breach

A lawsuit has been filed on behalf of a former patient of Northwestern Memorial HealthCare (NMHC) against Elekta Inc. over its April 2021 ransomware attack and data breach. Elekta, a Swedish provider of radiation medical therapies and related equipment data services, is a business associate of many...

New Jersey Infertility Clinic Settles Data Breach Investigation with State and Pays $495,000 Penalty

A New Jersey infertility clinic accused of violating HIPAA and New Jersey laws by failing to implement appropriate cybersecurity measures has settled the investigation with the state and will pay a $495,000 penalty. Millburn, NJ-based Diamond Institute for Infertility and Menopause, LLC (Diamond)...

OCR Issues Guidance on HIPAA and COVID-19 Vaccination Status Disclosures

The Department of Health and Human Services’ Office for Civil Rights has issued guidance to educate the public on how the Health Insurance Portability and Accountability Act (HIPAA) Rules apply to disclosures of COVID-19 vaccination status information and requests from individuals about whether a...

What is a HIPAA Subpoena?

The U.S. Department of Justice has recently been cracking down on healthcare offenses, with investigations often involving a HIPAA subpoena being issued. The subpoena compels HIPAA-regulated entities to release information such as patient medical records that they would otherwise not be permitted...

HIPAA Social Media Rules

HIPAA was enacted several years before social media networks such as Facebook and Instagram were launched, so there are no specific HIPAA social media rules. However, as with all healthcare-related communications, the HIPAA Privacy Rule still applies whenever covered entities or business associates...

What are the Penalties for HIPAA Violations?

Penalties for HIPAA violations can be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. In addition to financial penalties, covered entities are required to adopt a corrective action plan to bring policies and procedures up to...

New HIPAA Regulations in 2021

Tt has been several years since new HIPAA regulations have been introduced but that is likely to change very soon. The last update to the HIPAA Rules was the HIPAA Omnibus Rule changes in 2013, which introduced new requirements mandated by the Health Information Technology for Economic and Clinical...

What is HIPAA Certification?

A frequently asked question in the healthcare industry is what is HIPAA certification; for although there is no standard or implementation specification within HIPAA that requires Covered Entities or Business Associate to certify compliance, several third-party organizations offer HIPAA...

Survey Reveals Sharing EHR Passwords is Commonplace

While data on the practice of password sharing in healthcare is limited, one survey suggests the practice of sharing EHR passwords is commonplace, especially with interns, medical students, and nurses. The research was conducted by Ayal Hassidim, MD of the Hadassah-Hebrew University Medical Center,...

What is the Civil Penalty for Knowingly Violating HIPAA?

What is the civil penalty for knowingly violating HIPAA Rules? What is the maximum financial penalty for a HIPAA violation and when are fines issued? In this post we answer these questions and explain about the penalties for violating HIPAA Rules What is HIPAA? The Health Insurance Portability and...

NIST Seeks Comment on Planned Updates to HIPAA Security Rule Implementation Guidance

The National Institute of Standards and Technology (NIST) is planning on revising and updating its guidance on implementing the HIPAA Security Rule and is seeking comment from stakeholders on aspects of the guidance that should be changed. NIST published the guidance – NIST Special...

HHS Adopts Changes to 42 CFR Part 2 Regulations to Improve Care Coordination

The Confidentiality of Substance Use Disorder Patient Records regulations (42 CFR Part 2) have been revised by the Department of Health and Human Services’ Substance Abuse and Mental Health Services (SAMHSA). The 42 CFR Part 2 regulations, first promulgated in 1975, were written at a time...

OCR Issues Guidance on Media and Film Crew Access to Healthcare Facilities

The HHS’ Office for Civil Rights (OCR) has issued guidance to healthcare providers to remind them that the HIPAA Privacy Rule does not allow the media and film crews to access healthcare facilities where patients’ protected health information is accessible unless written authorization has been...