HIPAA Compliance News

The purpose of HIPAA was originally to ensure more employees could continue to receive health insurance coverage when they were...

How you should respond to an accidental HIPAA violation depends on the nature of the accidental violation and the potential...

The HIPAA photography rules vary according to the nature of the photograph, its purpose, and whether it is part of...

A HIPAA violation is any failure to comply with the HIPAA regulations – which can include the unauthorized access, use,...

Under HIPAA PHI is considered to be an individual’s health, treatment, and payment information, and any related information maintained in...

HIPAA violations occur when covered entities, business associates, or members of either’s workforces fail to comply with a standard of...

Health, treatment, or payment information, and any identifiers maintained with this information, is considered Protected Health Information under HIPAA if...

HIPAA updates and changes happen more frequently than many people are aware of because of the nature of the update...

What happens if you break HIPAA Rules depends on whether you are a covered entity or business associate, or a...

A patient can sue for a HIPAA violation – and there are an increasing number of class action suits for...

The penalties for HIPAA violations include civil monetary penalties ranging from $145 to $2,190,294 per violation, depending on the level...

The HIPAA Conduit Exception Rule applies to organizations that would normally be considered business associates, but who are exempted from...

New HIPAA regulations may be implemented in 2026, such as the proposed update to the HIPAA Privacy Rule,  a final...

Orthopedics NY LLP (aka OrthoNY; OrthopedicsNY), a New York orthopedic medicine practice, has been fined $500,000 by the New York...

Concentra Inc. has agreed to settle an alleged violation of the HIPAA Right of Access with the U.S. Department of...

State privacy law supersedes HIPAA when a state law provides greater privacy protections for individually identifiable health information than HIPAA...

A bipartisan quartet of Senators has reintroduced the Health Care Cybersecurity and Resiliency Act of 2025 in another attempt to...

The College of Healthcare Information Management Executives (CHIME) and more than 100 U.S. hospital systems, healthcare provider organizations, and provider...

A HIPAA confidentiality agreement for employees is similar to a non-disclosure agreement inasmuch as members of the workforce agree not...

Children’s Hospital of Philadelphia (CHOP) has won a legal challenge against the Department of Justice (DOJ) over a request for...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued a “Dear Colleague” letter reminding...

Texas Attorney General Ken Paxton has filed a joint stipulation of dismissal without prejudice, seeking to dismiss all claims in...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is working on a video presentation to...

Doctors can share patient information with other doctors provided the disclosure complies with the HIPAA Privacy Rule – and a...

AI tools create new privacy and security risks because they can receive, transform, and produce information about patients in ways...

Outdated systems are causing healthcare professionals to lose hours each week, impacting patient care, organizational performance, efficiency, and security, according...

As of December 18, 2025, OCR has added 41 data breaches affecting 500 or more individuals to its data breach...

An Iowa nurse has been terminated for a HIPAA violation and has lost her unemployment benefits after disclosing the pregnancy...

A $182,000 settlement has been agreed between the HHS’ Office for Civil Rights and five Delaware healthcare providers to resolve...

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) and the Assistant Secretary for Technology Policy...

U.S. healthcare data breaches are down 34.1% month-over-month, and 44.5% fewer individuals had their healthcare data exposed. HIPAA-regulated entities reported...

A New York business associate has chosen to settle an alleged violation of the Health Insurance Portability and Accountability Act...

Healthplex, one of the largest providers of dental health insurance programs in New York State, has agreed to a settlement...

Back in February, The HIPAA Journal reported on the efforts of the non-profit watchdog organizations the Campaign for Accountability and...

Fifteen nurses at Providence Sacred Heart Medical Center & Children’s Hospital in Spokane, Washington, have been terminated for alleged HIPAA...

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has published new and updated guidance...

This week, the Trump Administration announced a new initiative aimed at improving interoperability and the exchange of healthcare data, and...

Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Director, Paula M. Stannard, has announced OCR’s 18th...

When individuals and entities violate Health and Human Services (HHS) regulations, HHS may choose to make a criminal referral to...

On July 8, 2025, HHS Secretary Robert F. Kennedy Jr. declared a Public Health Emergency exists in the State of...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has agreed to settle alleged violations of...

In May, 60 data breaches affecting 500 or more individuals were reported to the HHS’ Office for Civil Rights (OCR),...

A Texas Judge has ruled that the HIPAA Privacy Rule update issued by the U.S. Department of Health and Human...

Getting started as a business associate and entering into the healthcare sphere can be a major challenge, but the potential...

Paula M. Stannard, former Chief Legal Counsel of the Montana Department of Public Health and Human Services, has been appointed...

A registered practical nurse who livestreamed a med pass on TikTok has been terminated from her position and now faces...

The maximum penalty for violating HIPAA is currently $71,162 (June 2025) for a violation that is attributable to willful neglect...

The HHS’ Office for Civil Rights (OCR) has announced another settlement to resolve an alleged violation of the risk analysis...

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its 9th financial penalty of...

April saw a 17.9% month-over-month increase in healthcare data breaches, with 66 data breaches of 500 or more records reported...

Whether or not a HIPAA violation will show up on a background check depends on the nature of the violation,...

The HHS’ Office for Civil Rights has announced its 8th financial penalty under the Trump administration, with the latest financial...

Research conducted by the cybersecurity company Netskope indicates healthcare workers routinely expose sensitive data such as protected health information (PHI)...

The kind of lawyer that deals with HIPAA violations will most likely be a personal injury lawyer depending on the...

A breach of HIPAA is considered to be any acquisition, access, use, or disclosure of protected health information which compromises...

The HHS’ Office for Civil Rights (OCR) has announced another settlement to resolve an alleged violation of the risk analysis...

The HHS’ Office for Civil Rights (OCR) has announced its 6th financial penalty of the year to resolve alleged violations...

Breach reporting data from the HHS’ Office for Civil Rights (OCR) is starting to show a reduction in healthcare data...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its 7th HIPAA enforcement action under...

HIPAA policies and procedures are “work rules” healthcare organizations must implement and regularly update to ensure the confidentiality, integrity, and...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its fourth financial penalty for...

On January 6, 2025, OCR published a notice of proposed rulemaking (NPRM) in the Federal Register detailing proposed changes to...

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has confirmed that the long-awaited third...

Health Fitness Corporation, an Illinois business associate, has agreed to settle an alleged HIPAA risk analysis failure with the HHS’...

A New York woman has avoided a jail term for a criminal violation of the Health Insurance Portability and Accountability...

There has been a 36% month-over-month reduction in healthcare data breaches, with 46 large healthcare data breaches reported to the...

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has imposed its second financial penalty...

HIPAA – via the Administrative Simplification Regulations – covers the privacy of individually identifiable health information when it is created,...

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has imposed its first financial penalty...

Following President Trump’s Executive Order 14187 – Protecting Children from Chemical and Surgical Mutilation – the Department of Health and...

Robert F. Kennedy Jr. has been sworn in as the 26th Secretary of the Department of Health and Human Services...

iCloud is not HIPAA compliant and cannot be used to store, sync, or share media containing Protected Health Information (PHI)...

A HIPAA subpoena is a legal document that compels HIPAA-regulated entities to release information such as patient medical records that...

In December 2024, the Department of Health and Human Services published a final rule in the Federal Register modifying the...

A HIPAA security incident is an event that threatens the confidentiality, integrity, or availability of electronic Protected Health Information (PHI)...

Webex is HIPAA compliant and, provided policies relating to disclosures are complied with, can be used to disclose PHI during...

Robert F Kennedy Jr. has taken a big step toward being confirmed as the new Secretary of the U.S. Department...

The deadline for submitting reports of 2024 data breaches affecting fewer than 500 individuals to the HHS’ Office for Civil...

Large healthcare data breaches continue to be reported to the Department of Health and Human Services (HHS) Office for Civil...

On January 20, 2025, President Trump appointed Dr. Dorothy Fink as Acting Secretary of the Department of Health and Human...

A complaint has been filed in the U.S. District Court for the Eastern District of Tennessee in Knoxville led by...

An Iowa doctor who accessed the medical records of current and former romantic partners without authorization, and shared an unauthorized...

It was a relatively quiet end to the year in terms of healthcare data breaches, with only 46 data breaches...

Another ransomware investigation has been settled by the HHS’ Office for Civil Rights (OCR) with a financial penalty. Northeast Surgical...

South Broward Hospital District, a Florida health system that does business as Memorial Healthcare System, has agreed to settle an...

Jail terms for HIPAA violations by employees are relatively rare, but there have been several cases where employee HIPAA violations...

The HHS’ Office for Civil Rights (OCR) has announced that a settlement has been reached with a direct-to-patient distributor of...

It has been a busy end to the year for the HHS’ Office for Civil Rights (OCR) concerning HIPAA enforcement....

The HHS’ Office for Civil Rights (OCR) has announced another settlement to resolve an investigation of a ransomware attack. Virtual...

The HHS’ Office for Civil Rights (OCR) has announced its first HIPAA enforcement of the year to resolve alleged violations...

An Indianapolis dental practice has agreed to pay a financial penalty of $350,000 to the Office of the Indiana Attorney...

The White House has cleared the HIPAA Security Rule update proposed by the U.S. Department of Health and Human Services....

There has been a 15.3% month-over-month increase in healthcare data breaches, with 68 data breaches of 500 or more healthcare...

In April 2024, the HHS Office for Civil Rights (OCR) published the HIPAA Privacy Rule to Support Reproductive Healthcare Privacy...

The Health Insurance Portability and Accountability Act of 1996 is one of the most important pieces of legislation to affect...

The U.S. Department of Health and Human Services has published a final rule modifying the Health Insurance Portability and Accountability...

Dropbox is HIPAA compliant and can be used to store, sync, and share Protected Health Information provided organizations subscribe to...

The U.S. Department of  Health and Human Services (HHS) Office for Civil Rights (OCR) has agreed to settle alleged HIPAA...

Although HIPAA cannot be waived in its entirety, some provisions of the Privacy Rule can be waived in certain circumstances...

The HHS’ Office for Civil Rights (OCR) has announced another civil monetary penalty for a HIPAA-regulated entity to address non-compliance...

Who you report HIPAA violations to can vary depending on whether – for example – you are a patient reporting...

PHI stands for Protected Health Information – a term is commonly referred to in connection with the Health Insurance Portability...

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has imposed a $1.19 million civil...

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its first enforcement action...

Recently, we invited subscribers to The HIPAA Journal newsletter to take our new free HIPAA Compliance Assessment for HIPAA Covered...

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) has conducted an audit of the HHS...

In October, 57 healthcare data breaches of 500 or more records were reported to the U.S. Department of Health and...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has imposed a $100,000 civil monetary penalty...

President-elect Donald Trump has moved quickly in the first week after winning a second term and has already announced several...

In July this year, a federal jury convicted a former resident of Arlington, VA, for illegally accessing the medical records...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) currently has an enforcement initiative focused on...

The HHS Office for Civil Rights (OCR) has confirmed that another settlement has been agreed to resolve a ransomware-related HIPAA...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has agreed to settle an investigation of...

Last week, the Department of Health and Human Services (HHS) and the National Institute for Standards and Technology (NIST) hosted...

In December 2023, the Department of Health and Human Services published its Healthcare Sector Cybersecurity Strategy which outlined the steps...

Apart from a blip in August, the number of healthcare data breaches reported each month has fallen from an annual...

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its 9th financial penalty...

HIPAA stands for the Health Insurance Portability and Accountability Act – an Act passed by Congress in 1996 with the...

Two Democratic senators have announced new legislation to update XI and XVIII of the Social Security Act to strengthen, increase...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has settled alleged HIPAA violations with the...

Texas Attorney General Ken Paxton (R) has filed a lawsuit against the Department of Health and Human Services (HHS), HHS...

The Federal Trade Commission (FTC) has proposed a $2.95 million financial penalty for the Californian security camera vendor Verkada to...

In its August 2024 cybersecurity newsletter, OCR reminded HIPAA-regulated entities that physical security measures such as facility access controls are...

New York Attorney General Letitia James has announced that a settlement has been agreed with the New York-based biotechnology company...

Indiana Attorney General Todd Rokita has dropped a privacy lawsuit against IU Health and IU Health Associates that alleged violations...

American Medical Response (AMR), a private ambulance company, has paid a $115,200 civil monetary penalty to the HHS’ Office for...

Senator Elizabeth Warren (D-MA) has introduced the Stop Corporate Capture Act (SCCA) in response to the recent decision of the...

Zapier is not HIPAA compliant due to the number of applications that integrate with the online automation platform and the...

The HHS’ Office for Civil Rights (OCR) has agreed to settle alleged HIPAA Security Rule violations with Heritage Valley Health...

The prosecution of two doctors accused of criminal HIPAA violations and conspiring with the Russian government has ended in a...

Healthcare data breaches fell 43% month-over-month, with 54 data breaches of 500 or more records reported to the HHS’ Office...

March was a particularly bad month for healthcare data breaches with 93 breaches of 500 or more records reported to...

HIPAA is a Federal law that was passed in 1996 with the objective of reforming the health insurance industry in...

The HHS’ Office for Civil Rights has announced another financial penalty has been imposed for a violation of the HIPAA...

The Department of Health and Human Services (HHS) has written to the nation’s teaching hospitals and medical schools to clarify...

Uber Health is HIPAA compliant and can be used by healthcare providers to organize transport for patients or to arrange...

The HealthSec: Cyber Security for Healthcare Summit returns for its 2nd edition in Boston, Massachusetts on June 12th – 13th!...

There has been a fall in the number of reported healthcare data breaches for the second consecutive month, with 59...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued updated guidance for entities regulated by...

The HHS’ Office for Civil Rights has opened an investigation of Change Healthcare following its February 21, 2024, cyberattack, just...

Indiana Attorney General Todd Rokita has filed a lawsuit against Apria Healthcare alleging violations of the Health Insurance Portability and...

The Department of Health and Human Services (HHS) Office for Civil Rights has submitted its annual reports to Congress on...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has settled alleged violations of the Health...

The Centers for Medicare and Medicaid Services (CMS) at the Department of Health and Human Services (HHS) has updated its...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is conducting a HIPAA Audit Review Survey...

The U.S. Department of Health and Human Services (HHS) has finalized the proposed modifications to the Confidentiality of Substance Use...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its first financial penalty of...

  Report: Security Breaches in Healthcare (Direct Download PDF, 1.9MB, 16 pages)   An unwanted record was set in 2023...

There was no letup in healthcare data breaches as the year drew to a close, with December seeing the second-highest...

New York Attorney General Letitia James has announced that an agreement has been reached with Refuah Health Center Inc. to...

Google Slides is HIPAA compliant and can be used to create slides and presentations containing Protected Health Information provided the...

New York Presbyterian Hospital has agreed to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy...

The Texas Attorney General sent a civil investigative demand to Seattle Children’s Hospital seeking access to the medical records of...

HIPAA gives individuals the right to file a HIPAA complaint against Covered Entities and Business Associates if they believe their...

After two months of declining healthcare data breaches, there was a 45% increase in reported breaches of 500 or more...

The process for HIPAA violation reporting varies according to who is reporting a HIPAA violation, the nature of the HIPAA...

The New York Attorney General has agreed to settle alleged violations of New York’s data security and consumer protection laws...

Trello is not HIPAA compliant and the platform cannot be used to receive, store, or share Protected Health Information due...

HIPAA awareness should be promoted whenever possible by integrating HIPAA-related tasks into daily routines and sharing responsibilities for events such...

Privacy complaints should be handled in such a manner to ensure patient concerns are resolved before they might be escalated...

Google Keep is HIPAA compliant and can be used to create notes containing Protected Health Information and share them via...

The HHS’ Office for Civil Rights (OCR) has agreed to settle a landmark cyber investigation and has imposed its first...

AWS supports HIPAA compliance for customers required to comply with the Health Insurance Portability and Accountability Act and will enter...

HIPAA complaints made to a covered entity should be directed to the organization’s Privacy Officer regardless of whether the complaint...

On Wednesday, the U.S. Department of Health and Human Services published a concept paper that outlines the HHS’s cybersecurity strategy...

In late September 2023, Indiana Attorney General Todd Rokita filed a lawsuit against CarePointe ENT over a ransomware attack and...

On paper, doxy.me is HIPAA compliant and – subject to an organization subscribing to a business plan that supports HIPAA...

HIPAA was enacted at various stages following the passage of the Health Insurance Portability and Accountability Act in 1996, with...

Microsoft OneNote is HIPAA compliant and can be used to create, store, and share Protected Health Information (PHI) when an...

The key to success for HIPAA compliance is developing an effective compliance program and then maintaining it through ongoing training,...

Although the Ohio Personal Privacy Act (HB 376) is still to pass the House, and although no companion bill has...

Evernote is not HIPAA compliant and cannot be used to save, store, sync, or share documents and images containing Protected...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its 11th HIPAA penalty of...

For the second consecutive month, the number of reported data breaches of 500 or more healthcare records has fallen, with...

New York has proposed tighter cybersecurity regulations for hospitals throughout New York State in response to a series of crippling...

New York Attorney General, Letitia James, has announced a $450,000 settlement with U.S. Radiology Specialists Inc. to resolve allegations it...

The American Hospital Association (AHA), Texas Hospital Association, United Regional Health Care System, and Texas Health Resources have filed a...

The HHS’ Office for Civil (OCR) has agreed to a $100,000 settlement with Doctors’ Management Services to resolve an investigation...

The HHS’ Office for Civil Rights has released a video in recognition of National Cybersecurity Awareness Month that explains how...

The Centers for Medicare and Medicaid Services (CMS) at the Department of Health and Human Services (HHS) has published a...

New York Attorney General Letitia James has announced that a settlement has been reached with Personal Touch Holding Corp. over...

September was a much better month for healthcare data privacy, with the lowest number of reported healthcare data breaches since...

The HHS’ Office for Civil Rights has issued new guidance for healthcare providers to help them educate patients about privacy...

Inmediata has agreed to a $1.4 million settlement to resolve a multi-state investigation of potential violations of the Health Insurance...

The Health Sector Cybersecurity Coordination Center (HC3) has published a threat brief that highlights the importance of developing an effective...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) maintains a Known Exploited Vulnerabilities (KEV) Catalog, which includes a list of...

Healthcare organizations in Minnesota are permitted to use patient data for fundraising purposes without obtaining patient consent, according to Minnesota...

On October 6, 2023, the U.S. Department of Health and Human Services (HHS) published its long-expected annual inflation adjustments in...

A $49.5 million settlement has been reached between Blackbaud and 49 states and the District of Columbia to resolve allegations...

The Indiana Attorney General, Todd Rokita, has filed a lawsuit against CarePointe over its June 2021 ransomware attack and the...

The American Hospital Association (AHA) has called for Congress to urge the Department of Health and Human Services to withdraw...

A settlement has been reached between the Colorado Attorney General and Broomfield Skilled Nursing and Rehabilitation Center that resolves alleged...

There was a 21.4% month-over-month increase in healthcare data breaches in August. 68 data breaches of 500 or more records...

A nurse can be fired for a HIPAA violation if the nature of the violation is sufficiently serious to warrant...

On Friday, Indiana Attorney General, Todd Rokita, filed a lawsuit in the U.S. District Court for the Southern District of...

The HHS’ Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have...

Seymour, IN-based Schneck Medical Center has settled a lawsuit with the Indiana attorney general, Todd Rokita, over a 2021 ransomware...

The Local Initiative Health Authority for Los Angeles County, operating as L.A. Care Health Plan, has settled multiple violations of...

California Attorney General Rob Bonta has announced a $49 million settlement has been reached with Kaiser Foundation Health Plan Foundation...

The Department of Health and Human Services’ Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) have published...

The HHS’ Office for Civil Rights released guidance in 2022 on HIPAA and website tracking technologies and confirmed disclosures of...

The Joint Commission has issued a Sentinel Event Alert offering guidance on preserving patient safety following a cyberattack. Healthcare cyberattacks...

There was a 15.2% fall in reported data breaches in July with 56 breaches of 500 or more records reported...

At 11.59 pm on August 9, 2023, the transition period for ensuring telehealth services are fully HIPAA-compliant came to an...

The HHS’ Centers for Medicare and Medicaid Services (CMS) is being urged not to implement the proposed standards for prior...

The Department of Health and Human Services’ Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) have written...

The Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal shows a 12% month-over-month reduction in...

Lawmakers and state Attorneys General have written to the U.S. Department of Health and Human Services Secretary, Xavier Becerra, criticizing...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has agreed to settle potential HIPAA violations...

Two Democratic senators have demanded answers from Amazon about how it uses the data of customers of Amazon Clinic after...

May 2023 was a particularly bad month for healthcare data breaches. 75 data breaches of 500 or more healthcare records...

A coalition of 24 state attorneys general has written to the Department of Health and Human Services (HHS) to confirm...

The HHS’ Office for Civil Rights (OCR) investigates all reported breaches of the protected health information of 500 or more...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to settle a HIPAA violation case...

An Arizona man has been sentenced to 54 months in jail for aggravated identity theft and criminal violations of the...

Dr. Caitlin Bernard, an Indianapolis, IN-based obstetrician-gynecologist has been fined $3,000 by the Medical Licensing Board of Indiana and issued...

A medical management company has been fined $550,000 by the New York Attorney General for failing to prevent a cyberattack...

There was a 17.5% month-over-month fall in the number of reported healthcare data HIPAA compliance breaches with 52 breaches of...

In June 2020, the Luxottica Group PIVA-owned vision insurance company, EyeMed Vision Care, experienced a data breach involving the protected...

The HHS’ Office for Civil Rights (OCR) has agreed to settle a HIPAA investigation of an Arkansas business associate that...

The HHS’ Office for Civil Rights has announced its 44th enforcement action under its HIPAA Right of Access initiative with...

Healthcare hacking incidents are increasing, there are new regulatory requirements and compliance initiatives due to Dobbs and Pixel use, and...

The U.S. Department of Education has issued new guidance for schools and postsecondary educational institutions reminding them of their obligations...

Five former Methodist Hospital employees have pleaded guilty to criminal violations of HIPAA for accessing and disclosing the information of...

If you are a HIPAA-covered entity and use tracking technologies on your websites or apps, you must ensure that they...

Our monthly data breach reports are based on data breaches of 500 or more records that have been reported to...

The HHS’ Office for Civil Rights has published a Notice of Proposed Rulemaking (NPRM) about an update to the HIPAA...

The Secretary of the Department of Health and Human Services (HHS) has announced that he does not plan to renew...

New research indicates virtually all U.S. hospitals have been using tracking software on their websites that captures visitor data, including...

A New York law firm that suffered a LockBit ransomware attack has agreed to pay a financial penalty of $200,000...

The number of healthcare data breaches reported over the past three months has remained fairly flat, with only a small...

The United States Department of Justice has agreed to settle alleged False Claims Act violations with Jelly Bean Communications Design...

The Department of Health and Human Services has requested an additional $38 million in federal funding for the Office for...

The U.S. Department of Health and Human Services (HHS) has restructured its Office for Civil Rights (OCR) and has created...

January is usually one of the quietest months of the year for healthcare data breaches and last month was no...

The Biden Administration is considering new rulemaking to update HIPAA to better protect reproductive health information, following the Supreme Court...

The deadline for reporting healthcare data breaches of fewer than 500 records is fast approaching. HIPAA-regulated entities must ensure these...

The HHS’ Office for Civil Rights (OCR) has published a report it sent to Congress that details its HIPAA enforcement...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has publicly released two reports that were submitted...

Medical identity theft is the theft or misuse of an individual’s health information to fraudulently obtain treatment, prescription drugs, or...

The HHS’ Office for Civil Rights has announced its second financial penalty of 2023 to resolve alleged violations of the...

The question of how long is PHI protected after death is often answered with “fifty years”, but that answer refers...

For the first time since 2015, there was a year-over-year decline in the number of data breaches reported to the...

Washington Attorney General Bob Ferguson is suing a plastic surgery provider for falsely inflating online ratings, bribing, and threatening patients,...

The HHS’ Office for Civil Rights (OCR) has announced its first HIPAA enforcement action of 2023, which serves as a...

The information risk management, standards, and certification body, HITRUST, has announced that it will be releasing a new version of...

November was a relatively quiet month for healthcare data breaches with 31% fewer breaches reported than the previous month. November’s...

The Secretary of the Department of Health and Human Services (HHS) has proposed a new rule that will require the...

The Orlando, FL-based primary care provider, Health Specialists of Central Florida Inc. (HSCF), has paid a $20,000 financial penalty to...

The HHS’ Office for Civil Rights (OCR) has announced a settlement has been reached with a Californian dental practice to...

The private information of visitors to telehealth websites is being shared with big tech companies without user consent due to...

Amazon has announced that it will stop support for third-party HIPAA-eligible skills for its Alexa devices, which means developers will...

The HHS’ Office for Civil Rights has issued a bulletin confirming that the use of third-party tracking technologies on websites,...

The Department of Health and Human Services (HHS) and the Substance Abuse and Mental Health Services Administration (SAMHSA) have issued...

Michigan HIPAA laws are the regulations that Michigan-based HIPAA Covered Entities and Business Associates have to comply with when the...

Senator Mark Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, has recently published a white paper – Cybersecurity...

Two class action lawsuits have been filed on behalf of patients whose protected health information (PHI) was impermissibly disclosed to...

Aveanna Healthcare has agreed to pay a $425,000 financial penalty to the Office of the Attorney General of Massachusetts for...

There are two answers to the question OSHA was created in what year because the acronym OSHA has two meanings...

The Department of Health and Human Services (HHS)’ Office for Civil Rights (OCR) has released a video presentation on its...

The College of Healthcare Information Management Executives (CHIME) has recently provided feedback to the Federal Trade Commission (FTC) on its...

In its October 2022 cybersecurity newsletter, OCR has reminded HIPAA-regulated entities of their obligations with respect to security incidents, including...

63 data breaches of 500 or more records were reported to the HHS’ Office for Civil Rights in September, bringing...

Most sources of information answering the question when can PHI be disclosed refer to the standards of the HIPAA Privacy...

A pharmaceutical sales rep has pleaded guilty to conspiring to commit healthcare fraud and wrongfully disclosing and obtaining patients’ protected...

Healthcare providers, health plans, healthcare clearinghouses, and business associates of those organizations must comply with the Health Insurance Portability and...

The Secretary of the Department of Health and Human Services, Xavier Becerra, extended the COVID-19 Public Health Emergency (PHE) today...

A former physician with practices in New Jersey, New York, and Florida has pleaded guilty to criminal violations of HIPAA...

The Health Sector Coordinating Council (HSCC) has urged the National Institute for Standards & Technology to provide tailored guidance for...

The deadline for compliance with the information blocking requirements of the 21st Century Cures Act is October 6, 2022, after...

The HHS’ Office for Civil Rights (OCR) has agreed to settle three HIPAA investigations of potential HIPAA Right of Access...

One of the capabilities of many business password managers is the ability to send encrypted messages to any recipient. Often...

A group of 30 senators is urging the Department of Health and Human Services to update the Health Insurance Portability...

U.S Department of Health and Human Services Director Xavier Becerra has formally sworn in Melanie Fontes Rainer as the new...

Massachusetts-based New England Dermatology P.C., dba New England Dermatology and Laser Center (NDELC) has agreed to settle a HIPAA violation...

Cloud computing has revolutionized the way healthcare organizations operate, but ensuring cloud computing is HIPAA compliant can be a challenge....

Ransomware attacks are rife, hacking incidents are being reported at high levels, and there have been several very large healthcare...

Cyber actors are increasingly targeting business associates of HIPAA-covered entities as they provide an easy way to gain access to...

The National Institute of Standards and Technology (NIST) has updated its guidance for HIPAA-regulated entities on implementing the HIPAA Security...

June 2022 saw 70 HIPAA compliance data breaches of 500 or more records reported to the Department of Health and...

The Department of Health and Human Services’ Office for Civil Rights has sent a warning to healthcare providers about the...

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has announced that Oklahoma State University –...

The HHS’ Office for Civil Rights has recently issued guidance to healthcare organizations following the overturning of Roe v. Wade...

President Biden and U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra recently called on HHS agencies to...

The Government Accountability Office (GAO) has recommended that the Department of Health and Human Services (HHS) establish a feedback mechanism...

May 2022 saw a 25% increase in healthcare data breaches of 500 or more records. 70 data breaches of 500...

An analysis of hospitals’ websites has revealed one-third of the top 100 hospitals in the United States are sending patient...

The Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) and the...

Start preparing now and get your telehealth services HIPAA compliant as when the COVID-19 Public Health Emergency (PHE) ends, the...

The HHS’ Office for Civil Rights (OCR) is producing a video presentation to help HIPAA-regulated entities implement “Recognized Security Practices.”...

Earlier this year, the HHS’ Office for Civil Rights issued a request for information (RFI) on how the financial penalties...

After four successive months of declining numbers of data breaches, there was a 30.2% increase in reported data breaches. In...

Since 1991, the Office of the Inspector General (OIG) at the Department of Health and Human Services has promulgated more...

The HIPAA Enforcement Rule of 2006 – and subsequent amendments attributable to the passage of HITECH – details the procedures...

For the fourth successive month, the number of reported healthcare data breaches has fallen. In March 2022, 43 HIPAA compliance...

Immediate intervention following an instance of unauthorized access to protected health information (PHI) by a healthcare employee is 95% effective...

The Department of Health and Human Services’ Office for Civil Rights has released a Request for information (RFI) related to...

An audit of Connecticut’s Health Insurance Exchange, Access Health CT, by the state auditor has revealed Access Health CT suffered...

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is an important legislative Act that requires healthcare organizations that...

Articles discussing the 3 major things addressed in the HIPAA law often tend to focus on the Administrative, Physical, and...