Exploit Released for ‘PrintNightmare’ Zero-Day Windows Print Spooler RCE Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert following the publication of a proof of concept (PoC)…
Our HIPAA compliance news section keeps you up to date with HIPAA breaches, OCR updates and HITECH and GDPR compliance issues. Make sure you remain up to date with the latest HIPAA compliance news by subscribing to our newsletter or follow us on Twitter @HIPAAJournal.
March was a particularly bad month for healthcare data breaches with 93 branches of 500 or more records reported to...
The HHS’ Office for Civil Rights has announced another financial penalty has been imposed for a violation of the HIPAA...
The Department of Health and Human Services (HHS) has written to the nation’s teaching hospitals and medical schools to clarify...
The HealthSec: Cyber Security for Healthcare Summit returns for its 2nd edition in Boston, Massachusetts on June 12th – 13th!...
There has been a fall in the number of reported healthcare data breaches for the second consecutive month, with 59...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued updated guidance for entities regulated by...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert following the publication of a proof of concept (PoC)…
President Biden’s Cybersecurity Executive Order requires all federal agencies to reevaluate their approach to cybersecurity, develop new methods of evaluating…
The HHS’ Office for Civil Rights has opened an investigation of Change Healthcare following its February 21, 2024, cyberattack, just...
Microsoft Office is not HIPAA compliant by default and it is not sufficient to simply agree to the terms of...
Indiana Attorney General Todd Rokita has filed a lawsuit against Apria Healthcare alleging violations of the Health Insurance Portability and...
The Department of Health and Human Services (HHS) Office for Civil Rights has submitted its annual reports to Congress on...
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has settled alleged violations of the Health...
The Centers for Medicare and Medicaid Services (CMS) at the Department of Health and Human Services (HHS) has updated its...
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its first financial penalty of...
The penalties for HIPAA violations include civil monetary penalties ranging from $137 to $68,928 per violation, depending on the level...
Report: Security Breaches in Healthcare (Direct Download PDF, 1.9MB, 16 pages) An unwanted record was set in 2023...
There was no letup in healthcare data breaches as the year drew to a close, with December seeing the second-highest...
New York Attorney General Letitia James has announced that an agreement has been reached with Refuah Health Center Inc. to...
There are multiple new HIPAA regulations currently under consideration, and while some may be introduced as individual regulations, many could...
Google Slides is HIPAA compliant and can be used to create slides and presentations containing Protected Health Information provided the...
The Department of Health and Human Services’ Office for Civil Rights is the main enforcer of HIPAA compliance; however, state...
What happens if you violate HIPAA depends on the nature and consequences of the violation, the motive for the violation,...
HIPAA updates and HIPAA changes happen more frequently than many people are aware of because of the nature of the...
New York Presbyterian Hospital has agreed to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy...
The Texas Attorney General sent a civil investigative demand to Seattle Children’s Hospital seeking access to the medical records of...
HIPAA gives individuals the right to file a HIPAA complaint against Covered Entities and Business Associates if they believe their...
After two months of declining healthcare data breaches, there was a 45% increase in reported breaches of 500 or more...
The cost of HIPAA certification can be divided into the direct cost of obtaining a certification (i.e., the cost of...
The term HIPAA Covered Entities is most often defined as health plans, healthcare clearinghouses, and healthcare providers that create, receive,...
iCloud is not HIPAA compliant and cannot be used to store, sync, or share media containing Protected Health Information (PHI)...
A HIPAA subpoena is a legal document that compels HIPAA-regulated entities to release information such as patient medical records that...
The New York Attorney General has agreed to settle alleged violations of New York’s data security and consumer protection laws...
Trello is not HIPAA compliant and the platform cannot be used to receive, store, or share Protected Health Information due...
HIPAA awareness should be promoted whenever possible by integrating HIPAA-related tasks into daily routines and sharing responsibilities for events such...
State privacy law supersedes HIPAA when a state law provides greater privacy protections for individually identifiable health information than HIPAA...
Dropbox is HIPAA compliant and can be used to store, sync, and share Protected Health Information provided organizations subscribe to...
Privacy complaints should be handled in such a manner to ensure patient concerns are resolved before they might be escalated...
A breach of HIPAA is considered to be any acquisition, access, use, or disclosure of protected health information which compromises...
Google Keep is HIPAA compliant and can be used to create notes containing Protected Health Information and share them via...
The HHS’ Office for Civil Rights (OCR) has agreed to settle a landmark cyber investigation and has imposed its first...
AWS supports HIPAA compliance for customers required to comply with the Health Insurance Portability and Accountability Act and will enter...
When discussing HIPAA for therapists, it is important to be aware that a therapist can be a solo Covered Entity,...
HIPAA complaints made to a covered entity should be directed to the organization’s Privacy Officer regardless of whether the complaint...
On Wednesday, the U.S. Department of Health and Human Services published a concept paper that outlines the HHS’s cybersecurity strategy...
In late September 2023, Indiana Attorney General Todd Rokita filed a lawsuit against CarePointe ENT over a ransomware attack and...
On paper, doxy.me is HIPAA compliant and – subject to an organization subscribing to a business plan that supports HIPAA...
Webex is HIPAA compliant and, provided policies relating to disclosures are complied with, can be used to disclose PHI during...
Who you report HIPAA violations to can vary depending on whether – for example – you are a patient reporting...
HIPAA was enacted at various stages following the passage of the Health Insurance Portability and Accountability Act in 1996, with...
Microsoft OneNote is HIPAA compliant and can be used to create, store, and share Protected Health Information (PHI) when an...
PHI stands for Protected Health Information – a term is commonly referred to in connection with the Health Insurance Portability...
The key to success for HIPAA compliance is developing an effective compliance program and then maintaining it through ongoing training,...
Although the Ohio Personal Privacy Act (HB 376) is still to pass the House, and although no companion bill has...
Evernote is not HIPAA compliant and cannot be used to save, store, sync, or share documents and images containing Protected...
The civil penalty for knowingly violating HIPAA falls within the range of $13,785 and $68,928 per violation depending on whether...
Employees can help prevent HIPAA violations by fully understanding what PHI is, knowing when PHI can permissibly be used and...
HIPAA violations most often occur when covered entities, business associates, or members of either’s workforces fail to comply with the...
Health, treatment, or payment information, and any identifiers maintained with this information, is considered Protected Health Information under HIPAA if...
HIPAA – via the Administrative Simplification Regulations – covers the privacy of individually identifiable health information when it is created,...
The National HIPAA Summit is a leading forum on healthcare EDI, privacy, cybersecurity, and HIPAA compliance. The Virtual 41st National...
A HIPAA violation refers to the failure to comply with HIPAA rules, which can include unauthorized access, use, or disclosure...
The information protected under HIPAA law is known as Protected Health Information – a subset of individually identifiable health information...
E-signatures can be used under HIPAA Rules provided mechanisms are put in place to ensure the authenticity of the signatory,...
There are ways you can report a HIPAA violation anonymously but, due to the risk your anonymous report may be...
Yes, a patient can sue for a HIPAA violation and there are an increasing number of class action suits for...
The HIPAA Conduit Exception Rule applies to organizations that would normally be considered business associates, but who are exempted from...
The relationship between HITECH, HIPAA, and electronic health and medical records is primarily that certain provisions of the HITECH Act...
The purpose of HIPAA was originally to ensure more employees could continue to receive health insurance coverage when they were...
Protected Health Information is an individual’s health, treatment, or payment for treatment information – and any information maintained in the...
Under HIPAA PHI is considered to be an individual’s health, treatment, and payment information, and any further information maintained in...
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its 11th HIPAA penalty of...
For the second consecutive month, the number of reported data breaches of 500 or more healthcare records has fallen, with...
New York has proposed tighter cybersecurity regulations for hospitals throughout New York State in response to a series of crippling...
The maximum penalty for violating HIPAA is currently $68,928 (December 2023) for a violation that is attributable to willful neglect...
New York Attorney General, Letitia James, has announced a $450,000 settlement with U.S. Radiology Specialists Inc. to resolve allegations it...
The kind of lawyer that deals with HIPAA violations will most likely be a personal injury lawyer depending on the...
A HIPAA confidentiality agreement for employees is similar to a non-disclosure agreement inasmuch as members of the workforce agree not...
HIPAA policies and procedures are comprehensive guidelines that healthcare organizations must implement and regularly update to ensure the confidentiality, integrity,...
Although HIPAA cannot be waived in its entirety, some provisions of the Privacy Rule can be waived in certain circumstances...
The American Hospital Association (AHA), Texas Hospital Association, United Regional Health Care System, and Texas Health Resources have filed a...
The HHS’ Office for Civil (OCR) has agreed to a $100,000 settlement with Doctors’ Management Services to resolve an investigation...
The HHS’ Office for Civil Rights has released a video in recognition of National Cybersecurity Awareness Month that explains how...
The Centers for Medicare and Medicaid Services (CMS) at the Department of Health and Human Services (HHS) has published a...
The HIPAA photography rules vary according to the nature of the photograph, its purpose, and whether it is part of...
New York Attorney General Letitia James has announced that a settlement has been reached with Personal Touch Holding Corp. over...
How you should respond to an accidental HIPAA violation depends on the nature of the accidental violation and the potential...
September was a much better month for healthcare data privacy, with the lowest number of reported healthcare data breaches since...
The HHS’ Office for Civil Rights has issued new guidance for healthcare providers to help them educate patients about privacy...
Jail terms for HIPAA violations by employees are relatively rare, but there have been several cases where employee HIPAA violations...
Inmediata has agreed to a $1.4 million settlement to resolve a multi-state investigation of potential violations of the Health Insurance...
The Health Sector Cybersecurity Coordination Center (HC3) has published a threat brief that highlights the importance of developing an effective...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) maintains a Known Exploited Vulnerabilities (KEV) Catalog, which includes a list of...
Healthcare organizations in Minnesota are permitted to use patient data for fundraising purposes without obtaining patient consent, according to Minnesota...
On October 6, 2023, the U.S. Department of Health and Human Services (HHS) published its long-expected annual inflation adjustments in...
A $49.5 million settlement has been reached between Blackbaud and 49 states and the District of Columbia to resolve allegations...
The Indiana Attorney General, Todd Rokita, has filed a lawsuit against CarePointe over its June 2021 ransomware attack and the...
The American Hospital Association (AHA) has called for Congress to urge the Department of Health and Human Services to withdraw...
A settlement has been reached between the Colorado Attorney General and Broomfield Skilled Nursing and Rehabilitation Center that resolves alleged...
There was a 21.4% month-over-month increase in healthcare data breaches in August. 68 data breaches of 500 or more records...
A nurse can be fired for a HIPAA violation if the nature of the violation is sufficiently serious to warrant...
On Friday, Indiana Attorney General, Todd Rokita, filed a lawsuit in the U.S. District Court for the Southern District of...
The HHS’ Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have...
Seymour, IN-based Schneck Medical Center has settled a lawsuit with the Indiana attorney general, Todd Rokita, over a 2021 ransomware...
The Local Initiative Health Authority for Los Angeles County, operating as L.A. Care Health Plan, has settled multiple violations of...
California Attorney General Rob Bonta has announced a $49 million settlement has been reached with Kaiser Foundation Health Plan Foundation...
The Department of Health and Human Services’ Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) have published...
Doctors can share patient information with other doctors provided the disclosure complies with the Privacy Rule – and a BAA...
The HHS’ Office for Civil Rights released guidance in 2022 on HIPAA and website tracking technologies and confirmed disclosures of...
The Joint Commission has issued a Sentinel Event Alert offering guidance on preserving patient safety following a cyberattack. Healthcare cyberattacks...
There was a 15.2% fall in reported data breaches in July with 56 breaches of 500 or more records reported...
At 11.59 pm on August 9, 2023, the transition period for ensuring telehealth services are fully HIPAA-compliant came to an...
The HHS’ Centers for Medicare and Medicaid Services (CMS) is being urged not to implement the proposed standards for prior...
The Department of Health and Human Services’ Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) have written...
The Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal shows a 12% month-over-month reduction in...
Lawmakers and state Attorneys General have written to the U.S. Department of Health and Human Services Secretary, Xavier Becerra, criticizing...
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has agreed to settle potential HIPAA violations...
Two Democratic senators have demanded answers from Amazon about how it uses the data of customers of Amazon Clinic after...
May 2023 was a particularly bad month for healthcare data breaches. 75 data breaches of 500 or more healthcare records...
A coalition of 24 state attorneys general has written to the Department of Health and Human Services (HHS) to confirm...
The HHS’ Office for Civil Rights (OCR) investigates all reported breaches of the protected health information of 500 or more...
The prosecution of two doctors accused of criminal HIPAA violations and conspiring with the Russian government has ended in a...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to settle a HIPAA violation case...
An Arizona man has been sentenced to 54 months in jail for aggravated identity theft and criminal violations of the...
Dr. Caitlin Bernard, an Indianapolis, IN-based obstetrician-gynecologist has been fined $3,000 by the Medical Licensing Board of Indiana and issued...
A medical management company has been fined $550,000 by the New York Attorney General for failing to prevent a cyberattack...
There was a 17.5% month-over-month fall in the number of reported healthcare data HIPAA compliance breaches with 52 breaches of...
Whether or not a HIPAA violation will show up on a background check depends on the nature of the violation,...
In June 2020, the Luxottica Group PIVA-owned vision insurance company, EyeMed Vision Care, experienced a data breach involving the protected...
The HHS’ Office for Civil Rights (OCR) has agreed to settle a HIPAA investigation of an Arkansas business associate that...
The HHS’ Office for Civil Rights has announced its 44th enforcement action under its HIPAA Right of Access initiative with...
Healthcare hacking incidents are increasing, there are new regulatory requirements and compliance initiatives due to Dobbs and Pixel use, and...
The U.S. Department of Education has issued new guidance for schools and postsecondary educational institutions reminding them of their obligations...
Five former Methodist Hospital employees have pleaded guilty to criminal violations of HIPAA for accessing and disclosing the information of...
If you are a HIPAA-covered entity and use tracking technologies on your websites or apps, you must ensure that they...
Our monthly data breach reports are based on data breaches of 500 or more records that have been reported to...
The HHS’ Office for Civil Rights has published a Notice of Proposed Rulemaking (NPRM) about an update to the HIPAA...
The Secretary of the Department of Health and Human Services (HHS) has announced that he does not plan to renew...
New research indicates virtually all U.S. hospitals have been using tracking software on their websites that captures visitor data, including...
A New York law firm that suffered a LockBit ransomware attack has agreed to pay a financial penalty of $200,000...
The number of healthcare data breaches reported over the past three months has remained fairly flat, with only a small...
The United States Department of Justice has agreed to settle alleged False Claims Act violations with Jelly Bean Communications Design...
The Department of Health and Human Services has requested an additional $38 million in federal funding for the Office for...
The U.S. Department of Health and Human Services (HHS) has restructured its Office for Civil Rights (OCR) and has created...
January is usually one of the quietest months of the year for healthcare data breaches and last month was no...
What happens if you break HIPAA Rules depends on whether you are a covered entity or business associate, or a...
The Biden Administration is considering new rulemaking to update HIPAA to better protect reproductive health information, following the Supreme Court...
The deadline for reporting healthcare data breaches of fewer than 500 records is fast approaching. HIPAA-regulated entities must ensure these...
The HHS’ Office for Civil Rights (OCR) has published a report it sent to Congress that details its HIPAA enforcement...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has publicly released two reports that were submitted...
Misunderstandings can sometimes exist with the distinction between a HIPAA security incident and the definition of a HIPAA breach. Although...
Medical identity theft is the theft or misuse of an individual’s health information to fraudulently obtain treatment, prescription drugs, or...
The HHS’ Office for Civil Rights has announced its second financial penalty of 2023 to resolve alleged violations of the...
The question of how long is PHI protected after death is often answered with “fifty years”, but that answer refers...
For the first time since 2015, there was a year-over-year decline in the number of data breaches reported to the...
Washington Attorney General Bob Ferguson is suing a plastic surgery provider for falsely inflating online ratings, bribing, and threatening patients,...
The HHS’ Office for Civil Rights (OCR) has announced its first HIPAA enforcement action of 2023, which serves as a...
The information risk management, standards, and certification body, HITRUST, has announced that it will be releasing a new version of...
November was a relatively quiet month for healthcare data breaches with 31% fewer breaches reported than the previous month. November’s...
The Health Insurance Portability and Accountability Act of 1996 is one of the most important pieces of legislation to affect...
The Secretary of the Department of Health and Human Services (HHS) has proposed a new rule that will require the...
The Orlando, FL-based primary care provider, Health Specialists of Central Florida Inc. (HSCF), has paid a $20,000 financial penalty to...
The HHS’ Office for Civil Rights (OCR) has announced a settlement has been reached with a Californian dental practice to...
The private information of visitors to telehealth websites is being shared with big tech companies without user consent due to...
Amazon has announced that it will stop support for third-party HIPAA-eligible skills for its Alexa devices, which means developers will...
The HHS’ Office for Civil Rights has issued a bulletin confirming that the use of third-party tracking technologies on websites,...
The Department of Health and Human Services (HHS) and the Substance Abuse and Mental Health Services Administration (SAMHSA) have issued...
The HIPAA laws in Texas are the same as they are anywhere else in the country. However, because state law...
Michigan HIPAA laws are the regulations that Michigan-based HIPAA Covered Entities and Business Associates have to comply with when the...
In answer to the question is saying someone died a HIPAA violation, it depends on who is making the statement,...
Senator Mark Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, has recently published a white paper – Cybersecurity...
Two class action lawsuits have been filed on behalf of patients whose protected health information (PHI) was impermissibly disclosed to...
Aveanna Healthcare has agreed to pay a $425,000 financial penalty to the Office of the Attorney General of Massachusetts for...
There are two answers to the question OSHA was created in what year because the acronym OSHA has two meanings...
The Department of Health and Human Services (HHS)’ Office for Civil Rights (OCR) has released a video presentation on its...
In its October 2022 cybersecurity newsletter, OCR has reminded HIPAA-regulated entities of their obligations with respect to security incidents, including...
63 data breaches of 500 or more records were reported to the HHS’ Office for Civil Rights in September, bringing...
Most sources of information answering the question when can PHI be disclosed refer to the standards of the HIPAA Privacy...
A pharmaceutical sales rep has pleaded guilty to conspiring to commit healthcare fraud and wrongfully disclosing and obtaining patients’ protected...
Healthcare providers, health plans, healthcare clearinghouses, and business associates of those organizations must comply with the Health Insurance Portability and...
The Secretary of the Department of Health and Human Services, Xavier Becerra, extended the COVID-19 Public Health Emergency (PHE) today...
A former physician with practices in New Jersey, New York, and Florida has pleaded guilty to criminal violations of HIPAA...
The Health Sector Coordinating Council (HSCC) has urged the National Institute for Standards & Technology to provide tailored guidance for...
The deadline for compliance with the information blocking requirements of the 21st Century Cures Act is October 6, 2022, after...
HIPAA stands for the Health Insurance Portability and Accountability Act – an Act passed by Congress in 1996 with the...
The HHS’ Office for Civil Rights (OCR) has agreed to settle three HIPAA investigations of potential HIPAA Right of Access...
One of the capabilities of many business password managers is the ability to send encrypted messages to any recipient. Often...
A group of 30 senators is urging the Department of Health and Human Services to update the Health Insurance Portability...
U.S Department of Health and Human Services Director Xavier Becerra has formally sworn in Melanie Fontes Rainer as the new...
Massachusetts-based New England Dermatology P.C., dba New England Dermatology and Laser Center (NDELC) has agreed to settle a HIPAA violation...
Cloud computing has revolutionized the way healthcare organizations operate, but ensuring cloud computing is HIPAA compliant can be a challenge....
Ransomware attacks are rife, hacking incidents are being reported at high levels, and there have been several very large healthcare...
Cyber actors are increasingly targeting business associates of HIPAA-covered entities as they provide an easy way to gain access to...
The National Institute of Standards and Technology (NIST) has updated its guidance for HIPAA-regulated entities on implementing the HIPAA Security...
June 2022 saw 70 HIPAA compliance data breaches of 500 or more records reported to the Department of Health and...
The Department of Health and Human Services’ Office for Civil Rights has sent a warning to healthcare providers about the...
The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has announced that Oklahoma State University –...
The HHS’ Office for Civil Rights has recently issued guidance to healthcare organizations following the overturning of Roe v. Wade...
President Biden and U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra recently called on HHS agencies to...
The Government Accountability Office (GAO) has recommended that the Department of Health and Human Services (HHS) establish a feedback mechanism...
May 2022 saw a 25% increase in healthcare data breaches of 500 or more records. 70 data breaches of 500...
Healthcare providers, health plans, healthcare clearinghouses, and business associates of those entities that come into contact with protected health information...
An analysis of hospitals’ websites has revealed one-third of the top 100 hospitals in the United States are sending patient...
The Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) and the...
Start preparing now and get your telehealth services HIPAA compliant as when the COVID-19 Public Health Emergency (PHE) ends, the...
The HHS’ Office for Civil Rights (OCR) is producing a video presentation to help HIPAA-regulated entities implement “Recognized Security Practices.”...
Earlier this year, the HHS’ Office for Civil Rights issued a request for information (RFI) on how the financial penalties...
One of the challenges when discussing the benefits of HIPAA compliance for medical practices is proving the benefits are directly...
After four successive months of declining numbers of data breaches, there was a 30.2% increase in reported data breaches. In...
Since 1991, the Office of the Inspector General (OIG) at the Department of Health and Human Services has promulgated more...
The HIPAA Enforcement Rule of 2006 – and subsequent amendments attributable to the passage of HITECH – details the procedures...
For the fourth successive month, the number of reported healthcare data breaches has fallen. In March 2022, 43 HIPAA compliance...
Immediate intervention following an instance of unauthorized access to protected health information (PHI) by a healthcare employee is 95% effective...
The Department of Health and Human Services’ Office for Civil Rights has released a Request for information (RFI) related to...
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is an important legislative Act that requires healthcare organizations that...
Articles discussing the 3 major things addressed in the HIPAA law often tend to focus on the Administrative, Physical, and...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first financial penalties of 2022...
For the third successive month, the number of data breaches reported to the HHS’ Office for Civil Rights (OCR) has...
Healthcare hacking incidents have been steadily rising for a number of years. There was a 45% increase in hacking/IT incidents...
Although the answer to the question is HIPAA is federal law is yes, there are occasions when HIPAA is pre-empted...
There have been calls for healthcare organizations to take steps to improve security due to a major rise in hacking...
In a recent blog post, Director of the HHS’ Office for Civil Rights, Lisa J. Pino, urged HIPAA-regulated entities to...
50 healthcare data breaches of 500 or more records were reported to the HHS’ Office for Civil Rights (OCR) in...
Healthcare privacy laws in the United States are due an update to bring them into the modern age to ensure...
The Government Accountability Office (GAO) has launched a rapid response survey of healthcare organizations and business associates covered by the...
The Rhode Island Attorney General is investigating UnitedHealthcare and the Rhode Island Public Transit Authority (RIPTA) over a cyberattack and...
The HIPAA Breach Notification Rule calls for data breach notifications to be issued to the Secretary of the HHS “without...
The first settlement of 2022 to resolve a healthcare data breach has been announced by New York Attorney General Letitia...
Some 56 HIPAA compliance data breaches of 500 or more healthcare records were reported to the HHS’ Office for Civil...
The Department of Health and Human Services’ Office for Civil Rights (OCR) settled 19 HIPAA compliance violation cases in 2020....
Avalon Healthcare has agreed to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws...
According to several media sources, there appears to be a degree of confusion about the purpose of HIPAA and HIPAA...
The number of reported healthcare data breaches has increased for the third successive month, with November seeing 68 data breaches...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has published new guidance to explain how the...
The New Jersey Division of Consumer Affairs has agreed to settle a data breach investigation that uncovered violations of the...
The Health Information Sharing and Analysis Center (Health-ISAC) has released guidance for Chief Information Security Officers (CISOs) on adopting an...
The Department of Health and Human Services has launched a new website that offers advice and resources to help the...
Health Care Compliance Association (HCCA) will be hosting the 26th Annual Compliance Institute at the Phoenix Convention Center, Phoenix, AZ,...
The HHS’ Office for Civil Rights (OCR) is continuing with its enforcement of compliance with the HIPAA Right of Access...
October saw 59 healthcare data breaches of 500 or more records reported to the Department of Health and Human Services’...
Under the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015*, the Office of the Assistant Secretary for Financial...
The New Jersey Attorney General has approved a $130,000 settlement with two printing firms to resolve alleged violations of the...
The Department of Health and Human Services’ Office for Civil Rights has advised HIPAA-covered entities to assess the protections they...
A new study has revealed widespread security failures at healthcare organizations, including poor access controls, few restrictions on access to...
There was a 23.7% month-over-month increase in reported healthcare data breaches in September, which saw 47 data breaches of 500...
A New Jersey infertility clinic accused of violating HIPAA and New Jersey laws by failing to implement appropriate cybersecurity measures...
The Department of Health and Human Services’ Office for Civil Rights has issued guidance to educate the public on how...
Lisa J. Pino has been named Director of the Department of Health and Human Services’ Office for Civil Rights (OCR)...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed its 20th financial penalty under the...
The Breach Notification Rule of the Health Insurance Portability and Accountability Act (HIPAA) requires covered entities and business associates to...
High numbers of healthcare data breaches continued to be reported by HIPAA-covered entities and their business associates. In July, there...
The Health Insurance Portability and Accountability Act is now 25 years old. How effective has this healthcare law been and...
The Department of Justice has announced nine San Diego residents have been charged in two separate indictments in connection with...
The U.S. Court of Appeals for the Fourth Circuit has ruled that there is no private cause of action in the...
In October 2020, Mayo Clinic announced a former employee was discovered to have impermissibly accessed the medical records of approximately...
A former Cedar Rapids Hospital employee has been sentenced to 5 years’ probation for wrongfully accessing and distributing the protected...
May was the worst month of 2021 to date for healthcare data breaches. There were 63 breaches of 500 or...
The National Institute of Standards and Technology (NIST) has published a new report on the use of biometric authentication on...
The HHS’ Office for Civil Rights has announced a settlement has been reached with The Diabetes, Endocrinology & Lipidology Center,...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced a settlement has been reached with...
Several healthcare groups have expressed concern about the HIPAA Privacy Rule changes proposed by the Department of Health and Human...
The National Institute of Standards and Technology (NIST) is planning on revising and updating its guidance on implementing the HIPAA...
There was a 38.8% increase in reported healthcare data breaches in March. 62 breaches of 500 or more records reported...
The new information blocking and interoperability regulations developed by the Department of Health and Human Services as part of the...
The HHS’ Office for Civil Rights has announced a settlement has been reached with Ridgewood, NJ-based Village Plastic Surgery to...
Arbour Hospital, a mental health clinic in Boston, MA, has settled a HIPAA Right of Action investigation with the HHS’...
A coalition of 41 state Attorneys General has agreed to settle an investigation into Retrieval-Masters Creditors Bureau dba American Medical...
Changes to the HIPAA Rules are infrequent, so when updates are proposed they tend to include a slew of new...
This week, the Arizona Supreme Court revived a HIPAA violation lawsuit filed by a Phoenix man over a privacy violation...
Humana has discovered an employee of a subcontractor of a business associate impermissibly disclosed the protected health information of 62,950...
The deadline for reporting healthcare data breaches of fewer than 500 records that were discovered in 2020 is fast approaching....
A Georgia man who falsely claimed a former acquaintance had violated patient privacy and breached the HIPAA Rules has been...
January saw a 48% month-over-month reduction in the number of healthcare data breaches of 500 or more records, falling from...
Following President Joseph R. Biden’s declaration of an emergency in the State of Texas, Norris Cochran, Acting Secretary of the...
The HHS’ Office for Civil Rights (OCR) has fined Sharp HealthCare $70,000 for failing to provide a patient with timely...
The Department of Health and Human Services’ Office for Civil Rights (OCR) is continuing to crackdown on noncompliance with the...
Public safety is always an important issue, but the pandemic saw public safety take on a new meaning. State, local,...
More large healthcare data breaches were reported in 2020 than in any other year since the HITECH Act called for...
Information blocking by electronic health record (EHR) vendors is still highly prevalent, despite recent policymaking that prohibits information blocking practices,...
The Biden administration has appointed Micky Tripathi as the National Coordinator for Health IT at the Department of Health and...
The Department of Health and Human Services has adopted new minimum and maximum penalties for HIPAA violations for 2020 to...
The U.S. Department of Health and Human Services has made $20 million available to improve data sharing between health information...
The Department of Health and Human Services’ Office for Civil Rights has announced it will be exercising enforcement discretion and...
2020 ended with healthcare data breaches being reported at a rate of 2 per day, which is twice the rate...
The Department of Health and Human Services’ Office for Civil Rights has announced the health insurer Excellus Health Plan has...
The U.S. Court of Appeals for the Fifth Circuit has overturned a $4,348,000 HIPAA violation penalty imposed on University of...
The HHS’ Office for Civil Rights (OCR) is continuing to crackdown on healthcare providers that are not providing patients with...
On January 5, 2020, President Trump added his signature to a bill (HR 7898) that amends the Health Information Technology...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has settled a HIPAA Right of Access compliance...
For the second successive month, the number of reported healthcare data breaches has fallen; however, it should be noted that...
The Department of Health and Human Services’ Office for Civil Rights has published new guidance on the Health Insurance Portability...
The Department of Health and Human Services’ Office for Civil Rights has published its 2016-2017 HIPAA Audits Industry Report, highlighting...
The Nevada-based emergency services provider SkyMed has reached a settlement with the Federal Trade Commission (FTC) following an audit of...
A new bill (HR 7898) has been passed by the House Energy and Commerce Committee which seeks to amend the...
Can Google Home and Google Assistant be used in medical practices? Is Google Assistant HIPAA compliant or would using it...
The Department of Health and Human Services has issued a notice of proposed rulemaking detailing multiple HIPAA Privacy Rule changes...
October saw well above average numbers of data breaches reported the HHS’ Office for Civil Rights. There were 63 reported...
The HHS’ Office for Civil Rights has announced its 18th HIPAA financial penalty of the year with the 12th fine...
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its 11th financial penalty under...
The U.S. Department of Health and Human Services’ Office for Civil Rights has announced its 10th financial penalty under its...
Wakefern Food Corporation has agreed to pay $235,000 in civil financial penalties to resolve allegations of violations of federal and...
The deadline for compliance with the information blocking and health IT certification requirements of the 21st Century Cures Act have...
The City of New Haven, Connecticut has agreed to pay a $202,400 financial penalty to the Department of Health and...
Aetna Life Insurance Company and the affiliated covered entity (Aetna) has agreed to settle multiple potential HIPAA violations with the...
The HHS’ Office for Civil Rights (OCR) is continuing its crackdown on healthcare providers that are not fully complying with...
Franklin, TN-based Community Health Systems and its subsidiary CHSPCS LLC have settled a multi-state action with 28 state attorneys general...
The Department of Health and Human Services’ Office for Civil Rights has announced its 12th HIPAA penalty of 2020 and...
A healthcare worker who was accused of violating Health Insurance Portability and Accountability Act (HIPAA) Rules and patient privacy by...
The Indianapolis, IN-based health insurer Anthem Inc. has settled a multi-state investigation by state attorneys general over its 78.8 million...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed a $6.85 million HIPAA penalty on...
The Department of Health and Human Services’ Office for Civil Rights has announced its 10th HIPAA violation fine of 2020....
The HHS’ Office for Civil Rights has announced a $1.5 million settlement has been reached with Athens Orthopedic Clinic PA...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that a new version of its...
The Department of Health and Human Services’ Office for Civil Rights has announced five settlements have been reached to resolve...
The Department of Health and Human Services’ Office for Civil Rights has announced it has published additional resources for mobile...
The American College of Radiology, the Society for Imaging Informatics in Medicine, and the Radiological Society of North America have...
The Secretary of the HHS, Alex Azar, has declared a public health emergency exists in the states of Louisiana and...
The risk analysis is one of the most important requirements of the HIPAA Security Rule, yet it is one of...
The Department of Veteran Affairs (VA) Office of Inspector General (OIG) has conducted a review of VA facilities and community...
The House of Representatives has voted to lift the ban on the Department of Health and Human Services using federal...
The HHS’ Office for Civil Rights has imposed a $1,040,000 HIPAA penalty on Lifespan Health System Affiliated Covered Entity (Lifespan...
The HHS’ Office for Civil Rights (OCR) has announced a $25,000 settlement has been reached with Metropolitan Community Health Services...
If you are a healthcare organization in the United States that is required to comply wit the Health Insurance Portability...
When patients contract an infectious respiratory disease such as COVID-19, the immune system develops antibodies that provide protection if the...
Compliancy Group has announced that Safe Partner Inc. has demonstrated it has implemented an effective HIPAA compliance program and has...
Ann & Robert H. Lurie Children’s Hospital of Chicago has terminated an employee for improperly accessing the medical records of...
The HHS’ Office for Civil Rights (OCR) has issued guidance to healthcare providers to remind them that the HIPAA Privacy...
There has been a significant improvement in compliance with the HIPAA Right of Access, according to the latest Patient Record...
The HHS will be exercising enforcement discretion in relation to compliance with the new interoperability and information sharing rules that...
Is Your Organization HIPAA Compliant?
Find Out With Our Free HIPAA Compliance Checklist
Get Free Checklist