Recent News

Data Access and Sharing Risks Identified at National Institutes of Health

The Department of Health and Human Services’ Office of Inspector General (OIG) has published a report of the findings of an audit of the National institutes of Health (NIH). The NIH is the primary government biomedical and public health research agency in the United States and one of the foremost...

16-Month Malware Infection at Florida Pulmonary & Sleep Medicine Center Impacts 42,000 Patients

AdventHealth Medical Group’s Pulmonary & Sleep Medicine in Tavares, FL, formerly known as Lake Pulmonary Critical Care, has discovered hackers gained access to its systems and may have viewed or obtained the protected health information of up to 42,161 patients. Hackers first gained access to...

Healthcare Email Fraud Attacks Have Increased 473% in 2 Years

A recent report from Proofpoint has revealed healthcare email fraud attacks have increased 473% in the past two years. Email fraud, also known as business email compromise (BEC), is one of the biggest cyber threats faced by businesses. Successful attacks can result in losses of hundreds of...

March 1, 2019: Deadline for Reporting Small Healthcare Data Breaches

The deadline for reporting 2018 data breaches of fewer than 500 records is fast approaching. HIPAA covered entities and their business associates must ensure that the Department of Health and Human Services’ Office for Civil Rights (OCR) is notified of all 2018 data breaches of fewer than 500...

Anesthesia Associates of Kansas City Discovers Theft of Patient Schedules

Paperwork containing patient information has been stolen from an employee of Anesthesia Associates of Kansas City. The incident occurred on December 14, 2018. The employee had left a bag containing patient schedules in his vehicle. Thieves broke into the vehicle and stole the bag and...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

2019 Data Breach Barometer Report Shows Massive Increase in Exposed Healthcare Records

Protenus has released its 2019 Breach Barometer report: An analysis of healthcare data breaches reported in 2018. The data for the report came from Databreaches.net, which tracks data breaches reported in the media as well as breach notifications sent to the Department of Health and Human...

OCR Settles Cottage Health HIPAA Violation Case for $3 Million

The Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to settle a HIPAA violation case with the Santa Barbara, CA-based healthcare provider Cottage Health for $3,000,000. Cottage Health operates four hospitals in California – Santa Barbara Cottage Hospital,...

Wyoming Considers Repealing Hospital Records Act

Wyoming is considering repealing the Hospital Records Act of 1991, an act that was introduced to ensure the privacy of patient information was protected. The law was enacted before the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and provided protections that did not...

Data Access and Sharing Risks Identified at National Institutes of Health

The Department of Health and Human Services’ Office of Inspector General (OIG) has published a report of the findings of an audit of the National institutes of Health (NIH). The NIH is the primary government biomedical and public health research agency in the United States and one of the foremost...

2019 Data Breach Barometer Report Shows Massive Increase in Exposed Healthcare Records

Protenus has released its 2019 Breach Barometer report: An analysis of healthcare data breaches reported in 2018. The data for the report came from Databreaches.net, which tracks data breaches reported in the media as well as breach notifications sent to the Department of Health and Human...

HIMSS Cybersecurity Survey: Phishing and Legacy Systems Raise Grave Concerns

Each year, HIMSS conducts a survey to gather information about security experiences and cybersecurity practices at healthcare organizations. The survey provides insights into the state of cybersecurity in healthcare and identifies attack trends and common security gaps. 166 health information...

ONC and CMS Propose New Rules on Patient Access and Information Blocking

On Monday, February 11, 2019, the HHS’ Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare and Medicaid Services (CMS) released new rules covering patient data access and information blocking. The aim of the new rules is to advance...

HIMSS Cybersecurity Survey: Phishing and Legacy Systems Raise Grave Concerns

Each year, HIMSS conducts a survey to gather information about security experiences and cybersecurity practices at healthcare organizations. The survey provides insights into the state of cybersecurity in healthcare and identifies attack trends and common security gaps. 166 health information...

EHR Vendor False Claims Act Violation Case Settled for $57.25 Million

The Tampa, FL-based electronic health record (EHR) software developer Greenway Health LLC has agreed to settle violations of the False Claims Act with the Department of Justice for $57.25 million. The case concerns Greenway Health’s EHR product Prime Suite. The DOJ alleged that by misrepresenting...

16-Month Malware Infection at Florida Pulmonary & Sleep Medicine Center Impacts 42,000 Patients

AdventHealth Medical Group’s Pulmonary & Sleep Medicine in Tavares, FL, formerly known as Lake Pulmonary Critical Care, has discovered hackers gained access to its systems and may have viewed or obtained the protected health information of up to 42,161 patients. Hackers first gained access to...

Anesthesia Associates of Kansas City Discovers Theft of Patient Schedules

Paperwork containing patient information has been stolen from an employee of Anesthesia Associates of Kansas City. The incident occurred on December 14, 2018. The employee had left a bag containing patient schedules in his vehicle. Thieves broke into the vehicle and stole the bag and...

United Hospital District Phishing Attack Impacts 2,143 Patients

Blue Earth, MN-based United Hospital District has discovered patient information was exposed and potentially accessed by an unauthorized individual as a result of a June 2018 phishing attack. The phishing incident resulted in the compromise of a single email account, the credentials to which were...

March 1, 2019: Deadline for Reporting Small Healthcare Data Breaches

The deadline for reporting 2018 data breaches of fewer than 500 records is fast approaching. HIPAA covered entities and their business associates must ensure that the Department of Health and Human Services’ Office for Civil Rights (OCR) is notified of all 2018 data breaches of fewer than 500...

OCR Settles Cottage Health HIPAA Violation Case for $3 Million

The Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to settle a HIPAA violation case with the Santa Barbara, CA-based healthcare provider Cottage Health for $3,000,000. Cottage Health operates four hospitals in California – Santa Barbara Cottage Hospital,...

Is Slack HIPAA Compliant?

Slack is a powerful communication tool for improving collaboration, but is Slack HIPAA compliant? Can Slack be used by healthcare organizations for sharing protected health information without risking a HIPAA violation? Is Slack HIPAA Compliant? There has been considerable confusion about the use...

Aetna Settles HIV Status Breach Case with California AG for $935,000

Hartford, CT-based health insurer Aetna has agreed to pay the California Attorney General $935,000 to resolve alleged violations of state laws related to a 2017 privacy breach that exposed state residents’ HIV status. On July 28, 2017, Aetna’s mailing vendor sent letters to plan members who...

Oregon Health Information Property Act Proposes Paying Patients to Share Their Healthcare Data

The Oregon Health Information Property Act proposes patients should be allowed to authorize their healthcare providers to sell their health data and for them to be financially compensated if their health information is sold to a third party. Currently, the Health Insurance Portability and...

Analysis of 2018 Healthcare Data Breaches

Our 2018 healthcare data breach report reveals healthcare data breach trends, details the main causes of 2018 healthcare data breaches, the largest healthcare data breaches of the year, and 2018 healthcare data breach fines. The report was compiled using data from the Department of Health and Human...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

How to Defend Against Insider Threats in Healthcare

One of the biggest data security challenges is how to defend against insider threats in healthcare. Insiders are responsible for more healthcare data breaches than hackers, making the industry unique. Verizon’s Protected Health Information Data Breach Report highlights the extent of the problem....

Former Berkeley Medical Center Worker Gets 5 Years’ Probation for Identity Theft

In federal court on Monday, Chief U.S. District Judge Gina M. Groh sentenced a former Berkeley Medical Center worker to 5 years’ probation for her role in an identity theft scam. In addition to probation, Angela Dawn Roberts, 42, of Stephenson, VA, must pay $22,000 in restitution. Angela Dawn...

OCR Issues Request for Information on Potential Updates to HIPAA Rules to Improve Data Sharing

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a request for information (RFI) seeking comments from the public on potential modifications to Health Insurance Portability and Accountability Act (HIPAA) Rules to promote coordinated, value-based...

AMIA and AHIMA Call for Changes to HIPAA to Improve Access and Portability of Health Data

The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have called for changes to HIPAA to be made to improve patients’ access to their health information, make health data more portable, and to better protect health data in the app...

Do HIPAA Rules Create Barriers That Prevent Information Sharing?

The HHS has drafted a Request for Information (RFI) to discover how HIPAA Rules are hampering patient information sharing and are making it difficult for healthcare providers to coordinate patient care. HHS wants comments from the public and healthcare industry stakeholders on any provisions of...