Dedicated to providing the latest
HIPAA compliance news

Recent News

Employees Sue Lincare Over W2 Phishing Attack

In February 2017, Lincare Holdings Inc., a supplier of home respiratory therapy products, experienced a breach of sensitive employee data. The W2 forms of thousands of employees were emailed to a fraudster by an employee of the human resources department. The HR department employee was fooled by a...

Beazley Publishes 2017 Healthcare Data Breach Report

Beazley, a provider of data breach insurance and response services, has published a special report on healthcare data breaches covering the first nine months of 2017. While hacking and malware attacks are common, by far the biggest cause of healthcare data breaches in 2017 was unintended...

Is Microsoft Outlook HIPAA Compliant?

The latest in our series of posts on HIPAA compliant software and email services for healthcare organizations explores whether Microsoft Outlook is HIPAA compliant. Is Microsoft Outlook HIPAA Compliant? Software or an email platform can never be fully HIPAA compliant, as compliance is not so much...

RiverMend Health Email Breach Impacts 1300 Patients

Augusta, GA-based RiverMend Health, a provider of specialty behavioral health services including services for drug and alcohol addiction, has discovered an unauthorized individual has gained access to the email account of one of its employees. The unauthorized access was detected on August 10,...

Termination for Nurse HIPAA Violation Upheld by Court

A nurse HIPAA violation alleged by a patient of Norton Audubon Hospital culminated in the termination of the registered nurse’s employment contract. The nurse, Dianna Hereford, filed an action in the Jefferson Circuit Court alleging her employer wrongfully terminated her contract on the grounds...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

Employees Sue Lincare Over W2 Phishing Attack

In February 2017, Lincare Holdings Inc., a supplier of home respiratory therapy products, experienced a breach of sensitive employee data. The W2 forms of thousands of employees were emailed to a fraudster by an employee of the human resources department. The HR department employee was fooled by a...

Beazley Publishes 2017 Healthcare Data Breach Report

Beazley, a provider of data breach insurance and response services, has published a special report on healthcare data breaches covering the first nine months of 2017. While hacking and malware attacks are common, by far the biggest cause of healthcare data breaches in 2017 was unintended...

Termination for Nurse HIPAA Violation Upheld by Court

A nurse HIPAA violation alleged by a patient of Norton Audubon Hospital culminated in the termination of the registered nurse’s employment contract. The nurse, Dianna Hereford, filed an action in the Jefferson Circuit Court alleging her employer wrongfully terminated her contract on the grounds...

Employees Sue Lincare Over W2 Phishing Attack

In February 2017, Lincare Holdings Inc., a supplier of home respiratory therapy products, experienced a breach of sensitive employee data. The W2 forms of thousands of employees were emailed to a fraudster by an employee of the human resources department. The HR department employee was fooled by a...

Beazley Publishes 2017 Healthcare Data Breach Report

Beazley, a provider of data breach insurance and response services, has published a special report on healthcare data breaches covering the first nine months of 2017. While hacking and malware attacks are common, by far the biggest cause of healthcare data breaches in 2017 was unintended...

Namaste Health Care Pays Ransom to Recover PHI

A hacker gained access to a file server used by Ashland, MI-based Namaste Health Care and installed ransomware, encrypting a wide range of data including patients’ protected health information. Access was gained to the file server over the weekend of August 12-13 and ransomware was installed;...

New AEHIS/ MDISS Partnership to Focus on Advancing Medical Device Cybersecurity

A new partnership has been announced between CHIME’s Association for Executives in Healthcare Information Security (AEHIS) and the Foundation for Innovation, Translation and Safety Science’s Medical Device Innovation, Safety and Security Consortium (MDISS). The aim of the new collaboration is...

Internet of Medical Things Resilience Partnership Act Bill Introduced

The Internet of Medical Things Resilience Partnership Act has been introduced in the U.S. House of Representatives. The main aim of the bill is to establish a public-private stakeholder partnership, which will be tasked with developing a cybersecurity framework that can be adopted by medical...

53% of Businesses Have Misconfigured Secure Cloud Storage Services

The healthcare industry has embraced the cloud. Many healthcare organizations now use secure cloud storage services to host web applications or store files containing electronic protected health information (ePHI). However, just because secure cloud storage services are used, it does not mean data...

Beazley Publishes 2017 Healthcare Data Breach Report

Beazley, a provider of data breach insurance and response services, has published a special report on healthcare data breaches covering the first nine months of 2017. While hacking and malware attacks are common, by far the biggest cause of healthcare data breaches in 2017 was unintended...

RiverMend Health Email Breach Impacts 1300 Patients

Augusta, GA-based RiverMend Health, a provider of specialty behavioral health services including services for drug and alcohol addiction, has discovered an unauthorized individual has gained access to the email account of one of its employees. The unauthorized access was detected on August 10,...

Healthcare Phishing Attack Potentially Impacts 16,500 Patients

Phishing is arguably the biggest data security threat faced by healthcare organizations. The past few weeks have seen several attacks reported by healthcare organizations, with the latest healthcare phishing attack one of the most serious, having affected as many as 16,562 patients. Chase Brexton...

Is Microsoft Outlook HIPAA Compliant?

The latest in our series of posts on HIPAA compliant software and email services for healthcare organizations explores whether Microsoft Outlook is HIPAA compliant. Is Microsoft Outlook HIPAA Compliant? Software or an email platform can never be fully HIPAA compliant, as compliance is not so much...

Termination for Nurse HIPAA Violation Upheld by Court

A nurse HIPAA violation alleged by a patient of Norton Audubon Hospital culminated in the termination of the registered nurse’s employment contract. The nurse, Dianna Hereford, filed an action in the Jefferson Circuit Court alleging her employer wrongfully terminated her contract on the grounds...

Healthcare Data Breaches in September Saw Almost 500K Records Exposed

Protenus has released its Breach Barometer report which shows there was a significant increase in healthcare data breaches in September. The report includes healthcare data breaches reported to the Department of Health and Human Services’ Office for Civil Rights and security incidents tracked by...

Q3, 2017 Healthcare Data Breach Report

In Q3, 2017, there were 99 breaches of more than 500 records reported to the Department of Health and Human Services’ Office for Civil Rights (OCR), bringing the total number of data breaches reported in 2017 up to 272 incidents. The 99 data breaches in Q3, 2017 saw 1,767,717 individuals’...

Proposed Rule for Certification of Compliance for Health Plans Withdrawn by HHS

In January 2014, the HHS proposed a new rule for certification of compliance for health plans. The rule would have required all controlling health plans (CHPs) to submit a range of documentation to HHS to demonstrate compliance with electronic transaction standards set by the HHS under HIPAA Rules....

HHS Secretary Tom Price Resigns

It has been a short stint as Secretary of the U.S. Department of Health and Human Services for Tom Price, who resigned from the post on September 29, 2017, two days shy of 8 months in the position. Spending only 231 days as Secretary, Price is the shortest serving HHS Secretary in U.S....

Employees Sue Lincare Over W2 Phishing Attack

In February 2017, Lincare Holdings Inc., a supplier of home respiratory therapy products, experienced a breach of sensitive employee data. The W2 forms of thousands of employees were emailed to a fraudster by an employee of the human resources department. The HR department employee was fooled by a...

Termination for Nurse HIPAA Violation Upheld by Court

A nurse HIPAA violation alleged by a patient of Norton Audubon Hospital culminated in the termination of the registered nurse’s employment contract. The nurse, Dianna Hereford, filed an action in the Jefferson Circuit Court alleging her employer wrongfully terminated her contract on the grounds...

De-identification of Protected Health Information: How to Anonymize PHI

Healthcare organizations and their business associates that want to share protected health information must do so in accordance with the HIPAA Privacy Rule, which limits the possible uses and disclosures of PHI, but de-identification of protected health information means HIPAA Privacy Rule...

HHS Issues Limited Waiver of HIPAA Sanctions and Penalties in California

The Secretary of the U.S. Department of Health and Human Services has issued a limited waiver of HIPAA sanctions and penalties in California. The waiver was announced following the presidential declaration of a public health emergency in northern California due to the wildfires. As was the case...

Amida Care Mailing Potentially Revealed HIV Status of its Members

The New York not-for-profit community health plan Amida Care has reported a HIPAA breach that has potentially impacted 6,231 of its members. Amida Care specializes in providing health coverage and coordinated care to Medicaid members suffering from chronic health conditions such as HIV. On July 25,...

Proposed Rule for Certification of Compliance for Health Plans Withdrawn by HHS

In January 2014, the HHS proposed a new rule for certification of compliance for health plans. The rule would have required all controlling health plans (CHPs) to submit a range of documentation to HHS to demonstrate compliance with electronic transaction standards set by the HHS under HIPAA Rules....