Therapy Practice Management Software
Therapy practice management software is an administrative and clinical operations system used by behavioral health providers to manage scheduling, documentation, communications, telehealth, and billing while maintaining safeguards for protected health information under the HIPAA Privacy Rule and HIPAA Security Rule. Therapy practice management software supports end to end operational workflows for behavioral health services. Common functions include appointment scheduling, intake and consent handling, clinical documentation, patient communications, telehealth delivery, billing and payments, and reporting. When the software creates, receives, maintains, or transmits electronic protected health information, the vendor role and contract terms determine whether the vendor is a Business Associate and whether a Business Associate Agreement is required. HIPAA Compliance for Therapy Practice Management Software HIPAA compliance obligations apply when electronic protected health information is handled by a HIPAA Covered Entity or by a Business Associate performing functions or activities on...
83,000 Clients Affected by Cyberattack on Ohio Counseling Center
The Counseling Center of Wayne and Holmes Counties has experienced a cyberattack affecting 83,350 individuals. Data breaches have also been announced by Neurological Associates of Washington and Pecan Tree Dental. Counseling Center of Wayne and Holmes Counties The Counseling Center of Wayne and Holmes Counties (CCWHC) in Wooster, Ohio, has experienced a data security incident affecting 83,354 individuals. On March 3, 2025, CCWHC’s third-party service provider notified CCWHC about a cybersecurity incident, which caused disruption to its IT systems. An investigation was launched, and steps were taken to contain and remediate the incident. All impacted systems and accounts were removed, credentials were reset, and leading data privacy and security experts were engaged to assist with the investigation. The forensic investigation determined that an unauthorized third party gained access to a single CCWHC server on March 2, 2025, and exfiltrated files on March 3, 2025. Based on the initial findings of the investigation, the general types of information compromised in the incident include...
Staten Island University Hospital Settles Lawsuit Over Business Associate Data Breach
Staten Island University Hospital (SIUH) in New York has agreed to settle a class action lawsuit over a 2024 data breach involving one of its business associates. The data breach occurred in January 2024 at The Medibase Group Inc., a vendor that provides healthcare solutions, technical assistance, and business office solutions. On or around May 8, 2024, The Medibase Group notified SIUH that an unauthorized third party had gained access to Medibase systems, which contained the protected health information of 35,106 individuals. Data compromised in the incident included names, Social Security numbers, dates of birth, medical information, and health insurance information. Notification letters were mailed to the affected individuals on July 5, 2024. A class action lawsuit was filed by plaintiffs Belle De Santiago and Elena Girenko over the data breach – Santiago et al. v. Staten Island University Hospital – in the Superior Court of Cherokee County for the State of Georgia. The lawsuit alleged the data breach was the result of the defendant’s failure to implement reasonable...
Precipio; Pit River Health Service; Tulane University Medical Group Confirm Data Breaches
Data breaches have been announced by the Connecticut diagnostic laboratory Precipio, Pit River Health Service in California, and Tulane University Medical Group in Louisiana. Precipio, Inc. Precipio, Inc., a Connecticut-based laboratory specializing in advanced hematopathology diagnostics, has discovered unauthorized access to an employee’s cloud-based storage account. Suspicious activity was identified within the email account on or around November 25, 2025, and the investigation confirmed that an unauthorized third party accessed the employee’s account from November 23, 2025, to November 25, 2025, during which time, files were copied from the account. The affected files are currently being reviewed to determine the information involved, and that process is currently ongoing. Precipio has yet to disclose a final list of the affected data, but said that, based on its investigation so far, information compromised in the incident includes names, addresses, dates of birth, medical record numbers, clinical/treatment information, medical procedure information, medical provider names,...
Is Paubox HIPAA Compliant?
Paubox is HIPAA compliant and as an email encryption solution supports HIPAA compliance and can be used by Covered Entities and Business Associates to communicate Protected Health Information in emails without violating the standards of the HIPAA Privacy or Security Rules. Contents What is Paubox? What are the HIPAA Email Requirements? Privacy Rule Challenges to HIPAA Email Compliance Security Rule Challenges to HIPAA Email Compliance How Paubox Can Help Overcome the Challenges Making Paubox HIPAA Compliant Conclusion: Paubox is HIPAA Compliant What is Paubox? Paubox Inc. is a Californian provider of email encryption products with varying levels of capabilities and is the market lead in HIPAA-compliant email. At the entry level, Paubox works in the background to encrypt outbound emails to prevent Protected Health Information (PHI) from being impermissibly disclosed during the transit of emails. Further up the product suite, Paubox offers AI-powered inbound email security to stop phishing attacks, business email compromise attacks and email spoofing. Along with standard email...



