Recent News

Google Hit With €50 Million GDPR Violation Penalty

Google has been hit with a €50 million Euro ($56.8 million) GDPR violation penalty, the largest GDPR violation penalty issued to date. The French GDPR supervisory authority, the National Data Protection Commission (CSIL), investigated suspected GDPR violations after receiving complaints from two...

Valley Hope Association Notifies Patients of Email Account Breach

Midwest, has announced that an unauthorized individual has gained access to the email account of an employee. Valley Hope Association became aware of a potential account breach on October 10, 2018, when unusual account activity was detected. Prompt action was taken to prevent further account access...

December 2018 Healthcare Data Breach Report

November was a particularly bad month for healthcare data breaches, so it is no surprise that there was an improvement in December. November was the worst month of the year in terms of the number of healthcare records exposed (3,230,063) and the second worst for breaches (34). December was the...

Revised Common Rule Now Effective

The updated Federal Policy for the Protection of Human Subjects (45 CFR part 46), otherwise known as the Common Rule, is now in effect. The compliance date of the revised Common Rule was January 21, 2019. The Common Rule governs federally funded research on human subjects and was introduced in...

State AG Proposes Tougher Data Breach Notification Laws in North Carolina

Following an increase in data breaches affecting North Carolina residents in 2017, state Attorney General Josh Stein and state representative Jason Saine introduced a bill to update data breach notification laws in North Carolina and increase protections for state residents The bill, Act to...

  • Healthcare Data Privacy
  • Healthcare Data Security
  • Healthcare Information Technology
  • HIPAA Breach News
  • HIPAA Compliance News
  • HIPAA News
  • HIPAA News for Small and Mid-Sized Practices
  • HIPAA Updates

December 2018 Healthcare Data Breach Report

November was a particularly bad month for healthcare data breaches, so it is no surprise that there was an improvement in December. November was the worst month of the year in terms of the number of healthcare records exposed (3,230,063) and the second worst for breaches (34). December was the...

Revised Common Rule Now Effective

The updated Federal Policy for the Protection of Human Subjects (45 CFR part 46), otherwise known as the Common Rule, is now in effect. The compliance date of the revised Common Rule was January 21, 2019. The Common Rule governs federally funded research on human subjects and was introduced in...

State AG Proposes Tougher Data Breach Notification Laws in North Carolina

Following an increase in data breaches affecting North Carolina residents in 2017, state Attorney General Josh Stein and state representative Jason Saine introduced a bill to update data breach notification laws in North Carolina and increase protections for state residents The bill, Act to...

December 2018 Healthcare Data Breach Report

November was a particularly bad month for healthcare data breaches, so it is no surprise that there was an improvement in December. November was the worst month of the year in terms of the number of healthcare records exposed (3,230,063) and the second worst for breaches (34). December was the...

State AG Proposes Tougher Data Breach Notification Laws in North Carolina

Following an increase in data breaches affecting North Carolina residents in 2017, state Attorney General Josh Stein and state representative Jason Saine introduced a bill to update data breach notification laws in North Carolina and increase protections for state residents The bill, Act to...

Department of Defense Health Agency Security Failures Placed Patient Health Information at Risk

According to a recent Department of Defense (DoD) Office of Inspector General report (PDF), the Defense Health Agency (DHA) failed to consistently implement security protocols to protect against the unauthorized accessing of systems that stored, processed, and transmitted electronic health records...

IT Service Providers and Customers Warned of Increase in Chinese Malicious Cyber Activity

The Department of Homeland Security (DHS) United States Computer Emergency Readiness Team (US-CERT) has issued an alert about increased Chinese malicious cyber activity targeting IT service providers such as Managed Service Provider (MSPs), Managed Security Service Providers (MSSPs), Cloud Service...

HHS Publishes Cybersecurity Best Practices for Healthcare Organizations

The U.S. Department of Health and Human Services has issued voluntary cybersecurity best practices for healthcare organizations and guidelines for managing cyber threats and protecting patients. Healthcare technologies are essential for providing care to patients, yet those technologies introduce...

NIST Releases Draft Paper on Telehealth and Remote Monitoring Device Cybersecurity

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCoE) has released a draft paper covering the privacy and security risks of telehealth and remote monitoring devices along with best practices for securing the telehealth and remote monitoring...

Valley Hope Association Notifies Patients of Email Account Breach

Midwest, has announced that an unauthorized individual has gained access to the email account of an employee. Valley Hope Association became aware of a potential account breach on October 10, 2018, when unusual account activity was detected. Prompt action was taken to prevent further account access...

December 2018 Healthcare Data Breach Report

November was a particularly bad month for healthcare data breaches, so it is no surprise that there was an improvement in December. November was the worst month of the year in terms of the number of healthcare records exposed (3,230,063) and the second worst for breaches (34). December was the...

Physician Receives Probation for Criminal HIPAA Violation

A physician who pleaded guilty to a criminal violation of HIPAA Rules has received 6 months’ probation and has escaped a jail term and fine. The case concerned the wrongful disclosure of patients’ PHI to a pharmaceutical firm. The case was prosecuted by the Department of Justice in...

December 2018 Healthcare Data Breach Report

November was a particularly bad month for healthcare data breaches, so it is no surprise that there was an improvement in December. November was the worst month of the year in terms of the number of healthcare records exposed (3,230,063) and the second worst for breaches (34). December was the...

Department of Defense Health Agency Security Failures Placed Patient Health Information at Risk

According to a recent Department of Defense (DoD) Office of Inspector General report (PDF), the Defense Health Agency (DHA) failed to consistently implement security protocols to protect against the unauthorized accessing of systems that stored, processed, and transmitted electronic health records...

Physician Receives Probation for Criminal HIPAA Violation

A physician who pleaded guilty to a criminal violation of HIPAA Rules has received 6 months’ probation and has escaped a jail term and fine. The case concerned the wrongful disclosure of patients’ PHI to a pharmaceutical firm. The case was prosecuted by the Department of Justice in...

December 2018 Healthcare Data Breach Report

November was a particularly bad month for healthcare data breaches, so it is no surprise that there was an improvement in December. November was the worst month of the year in terms of the number of healthcare records exposed (3,230,063) and the second worst for breaches (34). December was the...

Revised Common Rule Now Effective

The updated Federal Policy for the Protection of Human Subjects (45 CFR part 46), otherwise known as the Common Rule, is now in effect. The compliance date of the revised Common Rule was January 21, 2019. The Common Rule governs federally funded research on human subjects and was introduced in...

OCR Seeks Permanent Deputy Director for Health Information Privacy

The U.S. Department of Health and Human Services’ Office for Civil Rights has advertised for a permanent Deputy Director for Health Information Privacy. The position was posted on USAJOBS on January 14, 2019. The last permanent Deputy Director was Deven McGraw, who left OCR in October 2017 for...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to a risk analysis. The latter is required to identify risks and vulnerabilities that could potentially be exploited to gain access to ePHI, while a gap analysis helps healthcare...

How to Defend Against Insider Threats in Healthcare

One of the biggest data security challenges is how to defend against insider threats in healthcare. Insiders are responsible for more healthcare data breaches than hackers, making the industry unique. Verizon’s Protected Health Information Data Breach Report highlights the extent of the problem....

Former Berkeley Medical Center Worker Gets 5 Years’ Probation for Identity Theft

In federal court on Monday, Chief U.S. District Judge Gina M. Groh sentenced a former Berkeley Medical Center worker to 5 years’ probation for her role in an identity theft scam. In addition to probation, Angela Dawn Roberts, 42, of Stephenson, VA, must pay $22,000 in restitution. Angela Dawn...

OCR Issues Request for Information on Potential Updates to HIPAA Rules to Improve Data Sharing

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a request for information (RFI) seeking comments from the public on potential modifications to Health Insurance Portability and Accountability Act (HIPAA) Rules to promote coordinated, value-based...

AMIA and AHIMA Call for Changes to HIPAA to Improve Access and Portability of Health Data

The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have called for changes to HIPAA to be made to improve patients’ access to their health information, make health data more portable, and to better protect health data in the app...

Do HIPAA Rules Create Barriers That Prevent Information Sharing?

The HHS has drafted a Request for Information (RFI) to discover how HIPAA Rules are hampering patient information sharing and are making it difficult for healthcare providers to coordinate patient care. HHS wants comments from the public and healthcare industry stakeholders on any provisions of...