Recent News

Florida Agency for Persons with Disabilities and Black River Medical Center Report Phishing Incidents

Two HIPAA-covered entities have recently disclosed they have been victims of phishing attacks that have potentially resulted in the exposure of patients’ protected health information (PHI).   Further Phishing Attack Reported by Florida Agency for Persons with Disabilities The Florida Agency...

270,000 Patients Potentially Affected by Med Associates Hacking Incident

The Latham, NY-based health billing company Med Associates, which provides claims services to more than 70 healthcare providers, has discovered an employee’s computer has been accessed by an unauthorized individual. It is possible that the attacker gained access to the protected health...

May 2018 Healthcare Data Breach Report

April was a particularly bad month for healthcare data breaches with 41 reported incidents. While it is certainly good news that there has been a month-over-month reduction in healthcare data breaches, the severity of some of the breaches reported last month puts May on a par with April. There...

OCR Announces $4.3 Million Civil Monetary Penalty for University of Texas MD Anderson Cancer Center

The Department of Health and Human Services’ Office for Civil Rights has announced its fourth largest HIPAA violation penalty has been issued to The University of Texas MD Anderson Cancer Center (MD Anderson). MD Anderson has been ordered to pay $4,348,000 in civil monetary penalties to resolve...

3-Year Jail Term for VA Employee Who Stole Patient Data

A former employee of the Veteran Affairs Medical Center in Long Beach, CA who stole the protected health information (PHI) of more than 1,000 patients has been sentenced to three years in jail. Albert Torres, 51, was employed as a clerk in the Long Beach Health System-run medical center – a...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

May 2018 Healthcare Data Breach Report

April was a particularly bad month for healthcare data breaches with 41 reported incidents. While it is certainly good news that there has been a month-over-month reduction in healthcare data breaches, the severity of some of the breaches reported last month puts May on a par with April. There...

OCR Announces $4.3 Million Civil Monetary Penalty for University of Texas MD Anderson Cancer Center

The Department of Health and Human Services’ Office for Civil Rights has announced its fourth largest HIPAA violation penalty has been issued to The University of Texas MD Anderson Cancer Center (MD Anderson). MD Anderson has been ordered to pay $4,348,000 in civil monetary penalties to resolve...

More than 90% of Hospitals and Physicians Say Mobile Technology is Improving Patient Safety and Outcomes

90% of hospitals and 94% of physicians have adopted mobile technology and say it is helping to improve patient safety and outcomes, according to a recent survey conducted by Black Book Research. The survey was conduced on 770 hospital-based users and 1,279 physician practices between Q4, 2017 and...

May 2018 Healthcare Data Breach Report

April was a particularly bad month for healthcare data breaches with 41 reported incidents. While it is certainly good news that there has been a month-over-month reduction in healthcare data breaches, the severity of some of the breaches reported last month puts May on a par with April. There...

OCR Announces $4.3 Million Civil Monetary Penalty for University of Texas MD Anderson Cancer Center

The Department of Health and Human Services’ Office for Civil Rights has announced its fourth largest HIPAA violation penalty has been issued to The University of Texas MD Anderson Cancer Center (MD Anderson). MD Anderson has been ordered to pay $4,348,000 in civil monetary penalties to resolve...

Advisory Issued About Vulnerabilities in Siemens RAPIDLab and RAPIDPoint Blood Gas Analyzers

Siemens has proactively issued an advisory over two recently discovered vulnerabilities in its RAPIDLab and RAPIDPoint Blood Gas Analyzers. No reports have been received to data to suggest either vulnerability has been exploited in the wild, although users of the devices are being encouraged to...

Medical Device Security a Major Concern, Yet Funds Not Available to Improve Security

A recent HIMSS survey has confirmed that medical device security is a strategic priority for most healthcare organizations, yet fewer than half of healthcare providers have an approved budget for tackling security flaws in medical devices. For the study, HIMSS surveyed 101 healthcare industry...

More than 90% of Hospitals and Physicians Say Mobile Technology is Improving Patient Safety and Outcomes

90% of hospitals and 94% of physicians have adopted mobile technology and say it is helping to improve patient safety and outcomes, according to a recent survey conducted by Black Book Research. The survey was conduced on 770 hospital-based users and 1,279 physician practices between Q4, 2017 and...

Apple Launches API for Developers to Allow EHR Data to be Used in Care Management Apps

Apple has launched a new application programming interface (API) for developers that will allow them to create health apps that incorporate patients’ EHR data. Patients who load their EHR data into the Apple Health Records app will be able to pass the information directly to third party apps. The...

Florida Agency for Persons with Disabilities and Black River Medical Center Report Phishing Incidents

Two HIPAA-covered entities have recently disclosed they have been victims of phishing attacks that have potentially resulted in the exposure of patients’ protected health information (PHI).   Further Phishing Attack Reported by Florida Agency for Persons with Disabilities The Florida Agency...

May 2018 Healthcare Data Breach Report

April was a particularly bad month for healthcare data breaches with 41 reported incidents. While it is certainly good news that there has been a month-over-month reduction in healthcare data breaches, the severity of some of the breaches reported last month puts May on a par with April. There...

3-Year Jail Term for VA Employee Who Stole Patient Data

A former employee of the Veteran Affairs Medical Center in Long Beach, CA who stole the protected health information (PHI) of more than 1,000 patients has been sentenced to three years in jail. Albert Torres, 51, was employed as a clerk in the Long Beach Health System-run medical center – a...

May 2018 Healthcare Data Breach Report

April was a particularly bad month for healthcare data breaches with 41 reported incidents. While it is certainly good news that there has been a month-over-month reduction in healthcare data breaches, the severity of some of the breaches reported last month puts May on a par with April. There...

OCR Announces $4.3 Million Civil Monetary Penalty for University of Texas MD Anderson Cancer Center

The Department of Health and Human Services’ Office for Civil Rights has announced its fourth largest HIPAA violation penalty has been issued to The University of Texas MD Anderson Cancer Center (MD Anderson). MD Anderson has been ordered to pay $4,348,000 in civil monetary penalties to resolve...

3-Year Jail Term for VA Employee Who Stole Patient Data

A former employee of the Veteran Affairs Medical Center in Long Beach, CA who stole the protected health information (PHI) of more than 1,000 patients has been sentenced to three years in jail. Albert Torres, 51, was employed as a clerk in the Long Beach Health System-run medical center – a...

OCR Announces $4.3 Million Civil Monetary Penalty for University of Texas MD Anderson Cancer Center

The Department of Health and Human Services’ Office for Civil Rights has announced its fourth largest HIPAA violation penalty has been issued to The University of Texas MD Anderson Cancer Center (MD Anderson). MD Anderson has been ordered to pay $4,348,000 in civil monetary penalties to resolve...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

Former Berkeley Medical Center Worker Gets 5 Years’ Probation for Identity Theft

In federal court on Monday, Chief U.S. District Judge Gina M. Groh sentenced a former Berkeley Medical Center worker to 5 years’ probation for her role in an identity theft scam. In addition to probation, Angela Dawn Roberts, 42, of Stephenson, VA, must pay $22,000 in restitution. Angela Dawn...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

How to Defend Against Insider Threats in Healthcare

One of the biggest data security challenges is how to defend against insider threats in healthcare. Insiders are responsible for more healthcare data breaches than hackers, making the industry unique. Verizon’s Protected Health Information Data Breach Report highlights the extent of the problem....

Former Berkeley Medical Center Worker Gets 5 Years’ Probation for Identity Theft

In federal court on Monday, Chief U.S. District Judge Gina M. Groh sentenced a former Berkeley Medical Center worker to 5 years’ probation for her role in an identity theft scam. In addition to probation, Angela Dawn Roberts, 42, of Stephenson, VA, must pay $22,000 in restitution. Angela Dawn...

Legislation Changes and New HIPAA Regulations in 2018

The policy of two out for every new regulation introduced means there are likely to be few, if any, new HIPAA regulations in 2018. However, that does not mean it will be all quiet on the HIPAA front. HHS’ Office for Civil Rights (OCR) director Roger Severino has indicated there are some HIPAA...

OCR Launches New Tools to Help Address the Opioid Crisis

OCR has launched new tools and initiatives as part of its efforts to help address the opioid crisis in the U.S., and fulfil its obligations under the 21st Century Cures Act. Two new webpages have been released – one for consumers and one for healthcare professionals – that make information...

HHS Seeks Volunteers for HIPAA Administrative Simplification Optimization Project Pilot

The Department of Health and Human Services is running a HIPAA Administrative Simplification Optimization Project Pilot and is currently seeking volunteers to have compliance reviews. The aim of the pilot is to streamline HIPAA compliance reviews for health plans and healthcare...