Recent News

30K Integrated Regional Laboratories Patients Impacted by AMCA Breach

Integrated Regional Laboratories (IRL) in Florida is notifying approximately 30,000 patients that their protected health information (PHI) was potentially compromised in the American Medical Collection Agency (AMCA) data breach discovered on March 20, 2019. On June 3, 2019, AMCA notified IRL about...

FINAL CALL to Take Part in Emergency Preparedness and Security Trends in Healthcare Survey

Each year, Rave Mobile Safety conducts a survey to identify healthcare security trends and determine the state of emergency preparedness in the healthcare industry. For the 2020 Emergency Preparedness and Security Trends in Healthcare report, insight is being sought from leaders in the healthcare...

PHI Exposed in Phishing Attacks on Michigan Medicine and Virginia Gay Hospital

Approximately 5,500 patients of Michigan Medicine are being notified that some of their protected health information has been exposed in a recent phishing attack. In July, Michigan Medicine employees were targeted in large scale phishing campaign. 3,200 Michigan Medicine employees received phishing...

Insights into Recent HIPAA Enforcement Activity

The Department of Health and Human Services’ Office for Civil Rights is the main enforcer of HIPAA compliance. Up until 2016, financial penalties for HIPAA violations were rare. Then there was a doubling of financial penalties in 2016 and enforcement actions continued at an elevated level in...

Study Reveals Widespread Noncompliance with HIPAA Right of Access

A recent study conducted by the health manuscript archiving company medRxiv has revealed widespread noncompliance with the HIPAA right of access. For the study, the researchers sent medical record requests to 51 healthcare providers and assessed the experience of obtaining those records. The...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

State Attorneys General Urge Congress to Align Part 2 Regulations with HIPAA

The National Association of Attorneys General (NAAG) has urged leaders of the House and Senate to make changes to the Confidentiality of Substance Use Disorder Patient Records regulations, known as 42 CFR Part 2. The regulations in question, which NAAG called “cumbersome [and] out-of-date,”...

VA OIG Report Highlights Risk of Medical Device Workarounds

A recent inspection of a California VA medical center by the Department of Veteran Affairs Office of Inspector General (VA OIG) has revealed security vulnerabilities related to medical device workarounds and multiple areas of non-adherence with Veterans Health Administration (VHA) and VA...

Judge Approves $74 Million Premera Blue Cross Data Breach Settlement

A Federal District Judge has given preliminary approval to a proposed $74 million settlement to resolve a consolidated class action lawsuit against Premera Blue Cross for its 2014 data breach of more than 10.6 million records. US District Judge Michael Simon determined that the proposed settlement...

NIST Releases New Guidance on Securing IoT Devices

The National Institute of Standards and Technology (NIST) has released a new guide for manufacturers of Internet of Things (IoT) devices to help them incorporate appropriate cybersecurity controls to ensure the devices are protected against threats when users connect them to the Internet. The guide...

GAO Discovers Widespread Cybersecurity Risk Management Failures at Federal Agencies

The Government Accountability Office (GAO) conducted a study of 23 federal agencies and found widespread cybersecurity risk management failures. Federal agencies are targeted by cybercriminals, so it is essential for safeguards to be implemented to protect against those threats. Federal law...

VA OIG Report Highlights Risk of Medical Device Workarounds

A recent inspection of a California VA medical center by the Department of Veteran Affairs Office of Inspector General (VA OIG) has revealed security vulnerabilities related to medical device workarounds and multiple areas of non-adherence with Veterans Health Administration (VHA) and VA...

NIST Releases Draft Mobile Device Security Guidance for Corporately-Owned Personally-Enabled Devices

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) has issued draft mobile device security guidance to help organizations improve the security of corporately-owned personally-enabled (COPE) mobile devices and reduce the risk the devices...

How to Choose the Right Healthcare Cloud Provider

Healthcare organizations often turn to a HIPAA compliant cloud vendor or Managed Service Provider to help them ensure electronic patient records are secured and they are in compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA contains an extensive set of rules for...

Vulnerabilities in Servers Behind Majority of Healthcare Data Breaches

Cybercriminals are managing to find and exploit vulnerabilities to gain access to healthcare networks and patient data with increasing regularity. The past two months have been the worst and second worst ever months for healthcare data breaches in terms of the number of breaches reported. Phishing...

30K Integrated Regional Laboratories Patients Impacted by AMCA Breach

Integrated Regional Laboratories (IRL) in Florida is notifying approximately 30,000 patients that their protected health information (PHI) was potentially compromised in the American Medical Collection Agency (AMCA) data breach discovered on March 20, 2019. On June 3, 2019, AMCA notified IRL about...

PHI Exposed in Phishing Attacks on Michigan Medicine and Virginia Gay Hospital

Approximately 5,500 patients of Michigan Medicine are being notified that some of their protected health information has been exposed in a recent phishing attack. In July, Michigan Medicine employees were targeted in large scale phishing campaign. 3,200 Michigan Medicine employees received phishing...

Ohio Eye Care Provider Suffers Ransomware Attack

Eye Care Associates, a fully integrated regional eye care provider in northeast Ohio, experienced a ransomware attack in late July which took its computer systems out of action. Two weeks after the attack occurred, its computer systems remain locked. According to Director of Operations, Mary Jo...

Insights into Recent HIPAA Enforcement Activity

The Department of Health and Human Services’ Office for Civil Rights is the main enforcer of HIPAA compliance. Up until 2016, financial penalties for HIPAA violations were rare. Then there was a doubling of financial penalties in 2016 and enforcement actions continued at an elevated level in...

Study Reveals Widespread Noncompliance with HIPAA Right of Access

A recent study conducted by the health manuscript archiving company medRxiv has revealed widespread noncompliance with the HIPAA right of access. For the study, the researchers sent medical record requests to 51 healthcare providers and assessed the experience of obtaining those records. The...

Direct Connect Computer Systems Inc. Recognized as HIPAA Compliant

The Cleveland, OH-based technology solution provider, Direct Connect Computer Systems, Inc., has demonstrated the company is fully compliant with Health Insurance Portability and Accountability Act (HIPAA) Rules. Companies that provide technology solutions and services to healthcare clients that...

Allscripts Proposes $145 Million Settlement to Resolve DOJ HIPAA and HITECH Act Case

A preliminary settlement has been proposed by Allscripts Healthcare Solutions to resolve alleged violations of HIPAA, the HITECH Act’s electronic health record (EHR) incentive program, and the Anti-Kickback Statute related to the electronic health record (EHR) company Practice Fusion, which was...

HHS Declares Limited Waiver of HIPAA Sanctions and Penalties in Louisiana

The Secretary of the U.S. Department of Health and Human Services (HHS) has issued a limited waiver of HIPAA sanctions and penalties in Louisiana due to the devastation likely to be caused by Tropical Storm Barry as it made landfall on July 13 as a hurricane. The HHS announced the public health...

Webinar: Ransomware, Malware, Phishing, and HIPAA Compliance

Compliancy Group is offering healthcare professionals an opportunity to take part in a webinar covering the main threats facing the healthcare industry. Threats such as ransomware, malware, and phishing will be discussed by compliance experts in relation to HIPAA and the privacy and security of...

Is iCloud HIPAA Compliant?

Is iCloud HIPAA compliant? Can healthcare organizations use iCloud for storing files containing electronic protected health information (ePHI) or sharing ePHI with third-parties? This article assesses whether iCloud is a HIPAA compliant cloud service. Cloud storage services are a convenient way of...

The Most Common HIPAA Violations You Should Be Aware Of

The most common HIPAA violations that have resulted in financial penalties are the failure to perform an organization-wide risk analysis to identify risks to the confidentiality, integrity, and availability of protected health information (PHI); the failure to enter into a HIPAA-compliant business...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

HHS Declares Limited Waiver of HIPAA Sanctions and Penalties in Louisiana

The Secretary of the U.S. Department of Health and Human Services (HHS) has issued a limited waiver of HIPAA sanctions and penalties in Louisiana due to the devastation likely to be caused by Tropical Storm Barry as it made landfall on July 13 as a hurricane. The HHS announced the public health...

HHS Confirms When HIPAA Fines Can be Issued to Business Associates

Since the Department of Health and Human Services implemented the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 in the 2013 Omnibus Final Rule, business associates of HIPAA covered entities can be directly fined for violations of HIPAA...

HHS Changes HITECH Act Penalties for HIPAA Violations

The Department of Health and Human Services has issued a notification of enforcement discretion regarding the civil monetary penalties that are applied when violations of HIPAA Rules are discovered. The HHS has reduced the maximum financial penalty for HIPAA violations in three of the four penalty...