Recent News

AMCA Parent Company Files for Chapter 11 Protection

Following the massive data breach at American Medical Collection Agency (AMCA) which saw more than 20 million records compromised, AMCA’s parent company, Retrieval-Masters Creditors Bureau Inc., has filed for Chapter 11 protection. The data breach affected individuals who had received medical...

Shingle Springs Health and Wellness Center Ransomware Attack Impacts 21,000 Patients

Shingle Springs Health and Wellness Center (SSHWC) in Placerville, CA, is notifying 21,513 patients that protected health information (PHI) was potentially compromised as a result of a recent ransomware attack. SSHWC learned on April 7, 2019 that its server infrastructure had been compromised and...

Statewide Collection Service Confirmed HIPAA Compliant by Compliancy Group

Statewide Collection Service is a full-service accounts receivable management firm and risk assessment provider serving the healthcare industry. The firm has recently completed the Compliancy Group’s Six Stage implementation process and has been awarded its HIPAA Seal of Compliance. Companies...

Webinar: June 18, 2019: Addressing Mental Health for Improved Community Safety

On Tuesday, June 18, 2019, Rave Mobile Safety will be hosting a webinar that aims to improve understanding of mental health issues, the challenges community members face dealing with individuals with mental health disorders, and how to account for mental health in day to day operations. Many...

Estes Park Health Ransomware Attack Highlights Risks of Paying Ransoms

Estes Park Health (EPH) in Colorado has suffered a ransomware attack that resulted in widespread file encryption across the network. The attack was noticed by employees on Sunday June 2, 2019 who reported that their computers were behaving strangely. EPH contacted its on-call IT technician who...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

Alabama Jury Awards Woman $300,000 Damages over HIPAA Breach

A woman in Alabama has been awarded $300,000 in damages after a doctor illegally accessed and disclosed her protected health information to a third party. Plaintiff Amy Pertuit filed a lawsuit against Medical Center Enterprise (MCE) in Alabama, a former MCE physician, and an attorney over the...

Nurse Fired over Alleged Theft and Impermissible Disclosure of PHI

A former employee of a Germantown, MD-based healthcare provider is suspected of accessing the protected health information of up to 16,542 patients and providing that information to a third party for use in fraudulent activities. On April 10, 2019, Takai, Hoover & Hsu, P.A., which runs THH...

AMCA Breach Sparks Flurry of Lawsuits and Investigations

The dust has barely settled after the news of the massive data breach at American Medical Collection Agency (AMCA) broke last week, but already more than a dozen lawsuits have been filed by victims of the breach. The breach was officially announced by Quest Diagnostics on June 3, 2019 through a 8-K...

Coffey Health System Agrees to $250,000 Settlement to Resolve Alleged Violations of False Claims and HITECH Acts

Coffey Health System has agreed to a $250,000 settlement with the U.S. Department of Justice to resolve alleged violations of the False Claims and HITECH Acts. The Kansas-based health system attested to having met HITECH Act risk analysis requirements during the 2012 and 2013 reporting period in...

40% of Healthcare Delivery Organizations Attacked with WannaCry Ransomware in the Past 6 Months

Healthcare organizations have been slow to correct the flaw in Remote Desktop Services that was patched by Microsoft on May 14, 2019, but a new report from cybersecurity firm Armis has revealed many healthcare organizations have still not patched the Windows Server Message Block (SMB) flaw that was...

Almost 1 Million Windows Devices Still Vulnerable to Microsoft BlueKeep RDS Flaw

More than two weeks after Microsoft issued a patch for a critical, wormable flaw in Remote Desktop Services, nearly 1 million devices have yet to have the patch applied and remain vulnerable. Those devices have also not had the recommended mitigations implemented to reduce the potential for...

ONC Report Reveals Trends in Access and Viewing of Medical Records Online

Most hospitals and physicians have now adopted electronic medical records, yet only half of patients have been offered access to their medical records online, according to a new report from the HHS’ Office of the National Coordinator for Health Information Technology (ONC). Two of the aims of the...

AAN Suggests Third Party App Security Framework Must be Included in the CMS Interoperability Plan

The American Academy of Neurology (AAN) has voiced concerns about the interoperability plans of the Centers for Medicare and Medicaid Services (CMS) and the HHS’ Office of the National Coordinator for Health IT (ONC). In February, both ONC and CMS proposed new rules that aim to reduce information...

CMS and ONC Tell Senate HELP Committee Rapid Progress is Required to Advance Interoperability

The second Senate HELP Committee hearing on the proposed roles for implementing the electronic medical records provisions of the 21st Century Cures Act has taken place this week. The Committee heard from National Coordinator for Health IT, Donald Rucker, and Director and Center for Medicare And...

AMCA Parent Company Files for Chapter 11 Protection

Following the massive data breach at American Medical Collection Agency (AMCA) which saw more than 20 million records compromised, AMCA’s parent company, Retrieval-Masters Creditors Bureau Inc., has filed for Chapter 11 protection. The data breach affected individuals who had received medical...

Shingle Springs Health and Wellness Center Ransomware Attack Impacts 21,000 Patients

Shingle Springs Health and Wellness Center (SSHWC) in Placerville, CA, is notifying 21,513 patients that protected health information (PHI) was potentially compromised as a result of a recent ransomware attack. SSHWC learned on April 7, 2019 that its server infrastructure had been compromised and...

Urology Practice Pays $75,000 Ransom to Regain Access to Computer Systems

Boardman, OH-based N.E.O Urology has experienced a severe ransomware attack that has impacted its entire IT system. The ransomware caused widespread file encryption and locked the healthcare provider out of its computers and patient records. While the attack was sophisticated, the notification was...

House Overturns Ban on HHS Funding HIPAA National Patient Identifier Development

One of the requirements of the HIPAA Administrative Simplification Rules was the development of a national identifier for all patients. Such an identifier would be used by all healthcare organizations to match patients with health records from multiple sources and would improve the reliability of...

Alabama Jury Awards Woman $300,000 Damages over HIPAA Breach

A woman in Alabama has been awarded $300,000 in damages after a doctor illegally accessed and disclosed her protected health information to a third party. Plaintiff Amy Pertuit filed a lawsuit against Medical Center Enterprise (MCE) in Alabama, a former MCE physician, and an attorney over the...

How Phone.com Started as a HIPAA Business Associate

Getting started as a business associate and entering into the healthcare sphere can be a major challenge, but the potential rewards are considerable, as Phone.com discovered. Breaking into the Healthcare Industry Companies that provide services and products to healthcare clients that require...

House Overturns Ban on HHS Funding HIPAA National Patient Identifier Development

One of the requirements of the HIPAA Administrative Simplification Rules was the development of a national identifier for all patients. Such an identifier would be used by all healthcare organizations to match patients with health records from multiple sources and would improve the reliability of...

HHS Changes HITECH Act Penalties for HIPAA Violations

The Department of Health and Human Services has issued a notification of enforcement discretion regarding the civil monetary penalties that are applied when violations of HIPAA Rules are discovered. The HHS has reduced the maximum financial penalty for HIPAA violations in three of the four penalty...

Feature of DICOM Image Format Could Be Abused to Fuse Malware with PHI

The DICOM image format, which has been in use for around for 30 years, contains a design ‘flaw’ that could be exploited by hackers to embed malware in image files. Were that to happen, the malware would become permanently fused with protected health information. The DICOM file format was...

The Most Common HIPAA Violations You Should Be Aware Of

The most common HIPAA violations that have resulted in financial penalties are the failure to perform an organization-wide risk analysis to identify risks to the confidentiality, integrity, and availability of protected health information (PHI); the failure to enter into a HIPAA-compliant business...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

How to Defend Against Insider Threats in Healthcare

One of the biggest data security challenges is how to defend against insider threats in healthcare. Insiders are responsible for more healthcare data breaches than hackers, making the industry unique. Verizon’s Protected Health Information Data Breach Report highlights the extent of the problem....

HHS Confirms When HIPAA Fines Can be Issued to Business Associates

Since the Department of Health and Human Services implemented the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 in the 2013 Omnibus Final Rule, business associates of HIPAA covered entities can be directly fined for violations of HIPAA...

HHS Changes HITECH Act Penalties for HIPAA Violations

The Department of Health and Human Services has issued a notification of enforcement discretion regarding the civil monetary penalties that are applied when violations of HIPAA Rules are discovered. The HHS has reduced the maximum financial penalty for HIPAA violations in three of the four penalty...

OCR Issues Request for Information on Potential Updates to HIPAA Rules to Improve Data Sharing

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a request for information (RFI) seeking comments from the public on potential modifications to Health Insurance Portability and Accountability Act (HIPAA) Rules to promote coordinated, value-based...