Recent News

CMS Announces Sweeping Regulatory Changes in Response to Surge in COVID-19 Patients

The Department of Health and Human Services’ Centers for Medicare and Medicaid Services (CMS) has announced a set of sweeping regulatory changes and waivers to give healthcare providers maximum flexibility to treat patients during the 2019 Novel Coronavirus pandemic. The new changes will allow...

$1 Million Settlement Agreed to Resolve American HomePatient Data Breach Lawsuit

A $1 million settlement proposed by American HomePatient to resolve a class action lawsuit filed on behalf of victims of a 2017 data breach has received preliminary approval. The data breach that was the subject of the lawsuit occurred on January 6, 2017. The offices of American HomePatient in...

California Business Associate Reports Potential Breach of Upwards of 70,000 Records

Stephan C Dean, the co-owner of the California record storage firm Surefile, reported a hacking/IT incident to the HHS’ Office for Civil Rights (OCR) on March 4, 2020 as impacting upwards of 70,000 individuals. Stephan Dean and his wife have been engaged in a long running legal dispute with...

Hackers Target WHO, HHS, and COVID-19 Research Firm

The World Health Organization (WHO) and its partners have been targeted by a sophisticated group of hackers who attempted to steal login credentials to gain access to its network by impersonating WHO’s internal email system. Spear phishing emails were sent to several WHO staffers that included...

OCR Issues Guidance on Allowable Disclosures of PHI to First Responders During the COVID-19 Crisis

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has issued further guidance on HIPAA and COVID-19, the disease caused by the 2019 Novel Coronavirus, SARS-CoV-2. The new guidance document provides examples of allowable disclosures of protected health information...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

February 2020 Healthcare Data Breach Report

There were 39 reported healthcare data breaches of 500 or more records in February and 1,531,855 records were breached, which represents a 21.9% month-over-month increase in data breaches and a 231% increase in breached records. More records were breached in February than in the past three months...

OCR Issues Guidance on Telehealth and HIPAA During Coronavirus Pandemic

Following on from the announcement from the HHS’ Office for Civil Rights that enforcement of HIPAA compliance in relation to the good faith provision of telehealth services during the COVID-19 nationwide public health emergency has been relaxed, OCR has issued guidance on telehealth and remote...

Cybersecurity Firms Offer Free Assistance to Healthcare Organizations During the Coronavirus Pandemic

There have been several reported cases of cyberattacks on healthcare organizations that are currently working round the clock to ensure patients with COVID-19 receive the medical are they need. These attacks cause major disruption at the best of times, but during the COVID-19 outbreak the attacks...

February 2020 Healthcare Data Breach Report

There were 39 reported healthcare data breaches of 500 or more records in February and 1,531,855 records were breached, which represents a 21.9% month-over-month increase in data breaches and a 231% increase in breached records. More records were breached in February than in the past three months...

Cybersecurity Firms Offer Free Assistance to Healthcare Organizations During the Coronavirus Pandemic

There have been several reported cases of cyberattacks on healthcare organizations that are currently working round the clock to ensure patients with COVID-19 receive the medical are they need. These attacks cause major disruption at the best of times, but during the COVID-19 outbreak the attacks...

HIPAA Compliance and COVID-19 Coronavirus

HIPAA covered entities – healthcare providers, health plans, healthcare clearinghouses – and business associates of covered entities no doubt have many questions about HIPAA compliance and COVID-19 coronavirus cases. There may be confusion about the information that can be shared about...

CMS Eases Quality Payment Program Reporting Requirements in Response to COVID-19

On March 22, 2020, the HHS’ Centers for Medicare and Medicaid Services (CMS) announced it is easing the burden on clinicians, healthcare providers, and facilities that are participating in the Quality Payment Program and other reporting programs due to the 2019 Novel Coronavirus (COVID-19)...

TigerConnect Secure Communications Platform Offered to Hospitals Free of Charge During COVID-19 Pandemic

TigerConnect, the provider of the most widely used secure healthcare communications platform in the United States, has announced that U.S. health systems and hospitals can use its platform free of charge to help support COVID-19 related communications during the novel coronavirus...

HHS Releases Final Interoperability and Information Blocking Rules

On March 6, 2020, the Office of Information and Regulatory Affairs’ Office of Management and Budget announced it has completed its review of the rules proposed by two HHS agencies in February 2019 to tackle interoperability and information blocking. On March 9, 2020 the HHS’ Centers for...

California Business Associate Reports Potential Breach of Upwards of 70,000 Records

Stephan C Dean, the co-owner of the California record storage firm Surefile, reported a hacking/IT incident to the HHS’ Office for Civil Rights (OCR) on March 4, 2020 as impacting upwards of 70,000 individuals. Stephan Dean and his wife have been engaged in a long running legal dispute with...

Hawaii Pacific Health Discovers 5-Year Insider Data Breach

Hawaii Pacific Health has discovered an employee of Straub Medical Center in Honolulu has been snooping on the medical records of patients over a period of more than 5 years. Hawaii Pacific Health discovered the unauthorized access on January 17, 2020 and launched an investigation. An analysis of...

February 2020 Healthcare Data Breach Report

There were 39 reported healthcare data breaches of 500 or more records in February and 1,531,855 records were breached, which represents a 21.9% month-over-month increase in data breaches and a 231% increase in breached records. More records were breached in February than in the past three months...

CMS Announces Sweeping Regulatory Changes in Response to Surge in COVID-19 Patients

The Department of Health and Human Services’ Centers for Medicare and Medicaid Services (CMS) has announced a set of sweeping regulatory changes and waivers to give healthcare providers maximum flexibility to treat patients during the 2019 Novel Coronavirus pandemic. The new changes will allow...

OCR Issues Guidance on Allowable Disclosures of PHI to First Responders During the COVID-19 Crisis

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has issued further guidance on HIPAA and COVID-19, the disease caused by the 2019 Novel Coronavirus, SARS-CoV-2. The new guidance document provides examples of allowable disclosures of protected health information...

February 2020 Healthcare Data Breach Report

There were 39 reported healthcare data breaches of 500 or more records in February and 1,531,855 records were breached, which represents a 21.9% month-over-month increase in data breaches and a 231% increase in breached records. More records were breached in February than in the past three months...

HHS Increases Civil Monetary Penalties for HIPAA Violations in Line with Inflation

The U.S Department of Health and Human Services has increased the civil monetary penalties for HIPAA violations in accordance with the Inflation Adjustment Act. The final rule took effect on Tuesday November 5, 2019. This rule increases the civil monetary penalties for HIPAA violations that...

Texas Health and Human Services Commission Pays $1.6 Million HIPAA Penalty

The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed a $1.6 million civil monetary penalty (CMP) on Texas Health and Human Services Commission (TX HHSC) for multiple violations of Health Insurance Portability and Accountability Act (HIPAA) Rules. TX HHSC is a...

Lack of Encryption Leads to $3 Million HIPAA Penalty for New York Medical Center

The University of Rochester Medical Center (URMC) has paid a $3 million HIPAA penalty for the failure to encrypt mobile devices and other HIPAA violations. URMC is one of the largest health systems in New York State with more than 26,000 employees at the Medical Center and various other components...

Is iCloud HIPAA Compliant?

Is iCloud HIPAA compliant? Can healthcare organizations use iCloud for storing files containing electronic protected health information (ePHI) or sharing ePHI with third-parties? This article assesses whether iCloud is a HIPAA compliant cloud service. Cloud storage services are a convenient way of...

The Most Common HIPAA Violations You Should Be Aware Of

The most common HIPAA violations that have resulted in financial penalties are the failure to perform an organization-wide risk analysis to identify risks to the confidentiality, integrity, and availability of protected health information (PHI); the failure to enter into a HIPAA-compliant business...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

HHS Increases Civil Monetary Penalties for HIPAA Violations in Line with Inflation

The U.S Department of Health and Human Services has increased the civil monetary penalties for HIPAA violations in accordance with the Inflation Adjustment Act. The final rule took effect on Tuesday November 5, 2019. This rule increases the civil monetary penalties for HIPAA violations that...

Roger Severino Gives Update on OCR HIPAA Enforcement Priorities

Roger Severino, Director of the HHS’ Office for Civil Rights, has given an update on OCR’s HIPAA enforcement priorities at the OCR/NIST 11th Annual HIPAA Conference in Washington D.C. Severino confirmed that one of OCR’s top policy initiatives is still enforcing the rights of patients under...

Sen. Rand Paul Introduces National Patient Identifier Repeal Act

Sen. Rand Paul, M.D., (R-Kentucky) has introduced a new bill that attempts to have the national patient identifier provision of HIPAA permanently removed due to privacy concerns over the implementation of such a system. Today, HIPAA is best known for its healthcare data privacy and security...