HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Recent News

Netwalker Ransomware Affiliate Sentenced to 20 Years in Jail

An affiliate of the infamous Netwalker ransomware gang has been sentenced to serve 20 years in jail for his role in ransomware attacks on entities in the United States. Netwalker is a ransomware-as-a-service (RaaS) operation where affiliates are recruited to conduct attacks and deploy ransomware in...

Mon Health Faces Class Action Lawsuit Over 493K Record Data Breach

Mon Health is facing a class action lawsuit over a hacking incident that allowed unauthorized individuals to gain access to its network for an 11-day period in December 2021. Mon Health said it detected the breach on December 30, 2021, with the forensic investigation determining hackers accessed...

LifeBridge Health Agrees to $9.5 Million Settlement to Resolve 2016 Data Breach Claims

LifeBridge Health Inc. has agreed to settle a class action lawsuit to resolve claims from patients affected by a data breach that was discovered in 2018. The total value of the settlement is $9.475 million, which includes an $800,000 fund to cover claims from class members. In March 2018,...

CommonSpirit Health Experiencing Widespread Outage Due to Cyberattack

CommonSpirit Health is experiencing a data security incident that has affected many of its healthcare facilities. According to a statement issued by the health system on October 4, 2022, IT systems have been taken offline as a precautionary step while the incident is investigated, and the exact...

Advisory Issued About BD Totalys MultiProcessor Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a medical advisory about a recently discovered vulnerability that affects the BD Totalys MultiProcessor, which is used by hospitals and labs for processing clinical tissue specimens. The vulnerability is due to the use of...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

California Governor Signs Package of Bills to Improve Protections for Individuals Seeking Abortion Care

California has taken further steps to improve protections for individuals seeking abortion care and birth control. A package of bills has recently been signed into law by state governor Gavin Newsom, including new data privacy legislation that prohibits healthcare providers from releasing...

GAO: HHS Should Strengthen Oversight of Medicare Telehealth and Help Providers Communicate Privacy Risks

The Government Accountability Office (GAO) recently conducted a review of Medicare telehealth services provided during the COVID-19 pandemic, when a waiver was in place that greatly expanded access to telehealth and virtual visits. The review covered the utilization of telehealth services, how the...

August 2022 Healthcare Data Breach Report

For the third successive month, the number of healthcare data breaches reported to the Department of Health and Human Services’ Office for Civil Rights has fallen, with 49 breaches of 500 or more records reported in August– well below the 12-month average of 58 breaches per month. The 25.75%...

NIST Urged to Make HIPAA Security Rule Implementation Guidance More Usable by Small Providers

The Health Sector Coordinating Council (HSCC) has urged the National Institute for Standards & Technology to provide tailored guidance for smaller and lesser-resourced healthcare organizations on implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, and...

Cybersecurity Awareness Month Focuses on 4 Key Behaviors

October is Cybersecurity Awareness Month – a 19-year collaborative effort between the government and industry to improve awareness of cybersecurity in the United States, led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA). 2022...

NIH Needs to Improve Cybersecurity Requirements for its Grant Program

The National Institutes of Health (NIH) failed to implement adequate cybersecurity measures to protect sensitive data in its pre-award risk assessment process, according to a recent audit conducted by the HHS’ Office of Inspector General (OIG). NIH invests more than $30 billion each year in...

HHS Urged to Extend Deadline for Compliance with Cures Act Information Blocking Requirements

The deadline for compliance with the information blocking requirements of the 21st Century Cures Act is October 6, 2022, after which the HHS can impose financial penalties and healthcare providers will be subject to appropriate disincentives if they are determined to have failed to facilitate the...

HIPAA Social Media Rules

HIPAA was enacted several years before social media networks such as Facebook and Instagram were launched, so there are no specific HIPAA social media rules. However, as with all healthcare-related communications, the HIPAA Privacy Rule still applies whenever covered entities or business associates...

What is the Relationship Between HITECH, HIPAA, and Electronic Health and Medical Records?

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in August 1996 and led to the development of the HIPAA Privacy Rule in 2003 and the HIPAA Security Rule in 2005, but how did the Health Information Technology for Economic and Clinical Health (HITECH) Act change...

Netwalker Ransomware Affiliate Sentenced to 20 Years in Jail

An affiliate of the infamous Netwalker ransomware gang has been sentenced to serve 20 years in jail for his role in ransomware attacks on entities in the United States. Netwalker is a ransomware-as-a-service (RaaS) operation where affiliates are recruited to conduct attacks and deploy ransomware in...

Mon Health Faces Class Action Lawsuit Over 493K Record Data Breach

Mon Health is facing a class action lawsuit over a hacking incident that allowed unauthorized individuals to gain access to its network for an 11-day period in December 2021. Mon Health said it detected the breach on December 30, 2021, with the forensic investigation determining hackers accessed...

LifeBridge Health Agrees to $9.5 Million Settlement to Resolve 2016 Data Breach Claims

LifeBridge Health Inc. has agreed to settle a class action lawsuit to resolve claims from patients affected by a data breach that was discovered in 2018. The total value of the settlement is $9.475 million, which includes an $800,000 fund to cover claims from class members. In March 2018,...

NIST Urged to Make HIPAA Security Rule Implementation Guidance More Usable by Small Providers

The Health Sector Coordinating Council (HSCC) has urged the National Institute for Standards & Technology to provide tailored guidance for smaller and lesser-resourced healthcare organizations on implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, and...

Is Google Meet HIPAA Compliant?

Google Meet is an advanced VoIP and videoconferencing service that can be used by healthcare providers to provide telehealth services, remote consultations, and virtual patient visits. But is Google Meet HIPAA compliant? Google Meet is rapidly becoming the go-to videoconferencing service for...

3 Dental Practices Fined for HIPAA Right of Access Violations

The HHS’ Office for Civil Rights (OCR) has agreed to settle three HIPAA investigations of potential HIPAA Right of Access violations by dental practices. All three of the investigations were initiated after complaints from patients about the failure of their dental practices to provide them with...

NIST Updates Guidance on HIPAA Security Rule Compliance

The National Institute of Standards and Technology (NIST) has updated its guidance for HIPAA-regulated entities on implementing the HIPAA Security Rule to help them better protect patients’ personal and protected health information. The Security Rule of the Health Insurance Portability and...

OCR Announces 11 Further Financial Penalties for HIPAA Right of Access Failures

The Department of Health and Human Services’ Office for Civil Rights has sent a warning to healthcare providers about the importance of compliance with the HIPAA Right of Access with the announcement that a further 11 financial penalties for HIPAA-covered entities that have failed to provide...

ONC and OCR Release Updated Security Risk Assessment Tool

The Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) have released a new version of the HHS Security Risk Assessment (SRA) Tool. The HIPAA Security Rule requires HIPAA-regulated entities...

OCR Issues Guidance for Providers and Individuals Following Supreme Court Decision on Roe v. Wade

President Biden and U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra recently called on HHS agencies to take action to protect access to sexual and reproductive health care, which includes abortion, pregnancy complications, and other related care, following the decision...

What is a HIPAA Violation?

To best answer the question what is a HIPAA violation, it is necessary to explain what HIPAA is, who it applies to, and what constitutes a violation; for although most people believe they know what a HIPAA violation is, evidence suggests otherwise. The evidence that there may be a misunderstanding...

HIPAA Social Media Rules

HIPAA was enacted several years before social media networks such as Facebook and Instagram were launched, so there are no specific HIPAA social media rules. However, as with all healthcare-related communications, the HIPAA Privacy Rule still applies whenever covered entities or business associates...

30 Senators Call for HIPAA Privacy Rule Update to Better Protect Women’s Privacy

A group of 30 senators is urging the Department of Health and Human Services to update the Health Insurance Portability and Accountability Act (HIPAA) to better protect the privacy of patients’ reproductive health information in the wake of the Supreme Court decision on Dobbs v. Jackson Women’s...

OCR Issues Guidance for Providers and Individuals Following Supreme Court Decision on Roe v. Wade

President Biden and U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra recently called on HHS agencies to take action to protect access to sexual and reproductive health care, which includes abortion, pregnancy complications, and other related care, following the decision...

OCR Issues Guidance on Audio-Only Telehealth for When the COVID Public Health Emergency Ends

Start preparing now and get your telehealth services HIPAA compliant as when the COVID-19 Public Health Emergency (PHE) ends, the telehealth HIPAA flexibilities stop. That is the advice of the Department of Health and Human Services’ Office for Civil Rights, which released new guidance this week...