Sutter Health, Lemonaid Health, & Redeemer Health Settle Pixel Data Breach Lawsuits
Settlements have been agreed to resolve class action lawsuits against three healthcare providers – Sutter Health, Lemonaid Health, & Redeemer Health – that alleged unlawful disclosures of individually identifiable patient information to third parties via website tracking technologies. Tracking technologies such as pixels are extensively used across the Internet to identify and track user activity online. Website owners can use these tools to gather valuable information about how individuals use their websites, such as the pages they visit, the duration of site use, and the links they click while on the site. They can also be used to track visitors across the Internet for marketing purposes, such as serving personalized adverts based on the content they viewed while on a particular website. While website owners can view the data collected by these tools, the same data is usually transmitted to the third-party providers of those tools. In healthcare, there are risks associated with these tools, as they can potentially transmit information protected under HIPAA – personally...
HIPAA Compliance and Medical Billing
The phrase HIPAA compliance and medical billing relates to Part 162 transactions such as eligibility checks, authorization requests, claims, and remittances, and there are different HIPAA compliance requirements depending on whether billing is performed inhouse or outsourced. Medical billing is often described as the process of submitting a claim to a health plan in order to obtain payment for healthcare services provided to a health plan member. However, it can be far more than that, with many stages before, during, and after a claim has been submitted involving the transmission of electronic Protected Health Information (ePHI). Indeed, medical “billing” often begins with the registration of a patient at a healthcare facility. The patient provides their demographic and insurance information, and this information is checked by the billing office with the health plan to ensure the patient is eligible for benefits. The eligibility process can also include establishing copays, coinsurance, and deductibles. Thereafter, it may be necessary to generate encounter forms, record payments...
Data Breaches Confirmed by Revere Health & Health Management Systems of America
Revere Health in Utah and Health Management Systems of America in Michigan have recently confirmed that they have experienced cyberattacks in which patient data was exposed. Revere Health, Utah Revere Health, the largest independent multispecialty physician group in Utah and southeastern Nevada, has recently announced a data breach that has affected up to 10,800 patients. On August 11, 2025, an unauthorized third party gained access to a third-party payment platform that was used to process certain patient and payer payments. No evidence was found to indicate any theft of or misuse of the affected data, but unauthorized viewing of the exposed information could not be ruled out Data in the compromised system included names, dates of birth, addresses, medical account or record numbers, billing or insurance information, partial Social Security numbers, and, for certain individuals, financial account information. Revere Health said it worked with the payment system provider to secure the system and has enhanced data security safeguards to reduce the risk of similar incidents in the...
HIPAA Training for Fire Department Staff
Fire departments must comply with HIPAA when they perform HIPAA‑regulated health care functions. This most often occurs when the department provides emergency medical services and conducts electronic transactions such as electronic billing for EMS transports. In these circumstances, the department becomes a HIPAA‑covered entity, and all fire department personnel must receive HIPAA training. Note: Fire departments generally cannot designate themselves as hybrid entities because EMS and fire operations share personnel, equipment, supervision, and support functions, making it impossible to isolate a separate “health care component.” As a result, HIPAA compliance responsibilities apply across the workforce even if Protected Health Information (PHI) is created, received, stored, or transmitted by only one unit within the department. HIPAA Training for Fire Department Staff In such circumstances, HIPAA training for fire department staff is mandatory for all staff including Emergency Medical Technicians, paramedics, and Emergency Medical Dispatchers. The HIPAA training should cover HIPAA...
HIPAA Training for Healthcare Professionals
HIPAA training for healthcare professionals must consist of more than a list of policies, procedures, and regulations in order to prepare clinicians for the times in their day-to-day activities when privacy, compassion, and communication interact. Every day, healthcare professionals speak with patients, communicate with colleagues, and interact with EHRs. At these times, it is vital for clinicians to understand and apply all applicable HIPAA privacy and security principles to preserve trust in the patient-physician relationship. For this reason, HIPAA training for healthcare professionals must be more than a “check the box” exercise. The training must be grounded in the realities of clinical care to account for fast‑paced environments, emotionally charged encounters, and complex family dynamics. Training Grounded in the Realities of Clinical Care To best prepare healthcare professionals for the realities of clinical care, it is important that HIPAA training is developed by subject-matter experts and reviewed by compliance officers who understand the causes of HIPAA violations in...



