Summing up the results of the previous year, regulatory experts have noted that more than half of the businesses punished for HIPAA lapses in 2018 involved well-known big business entities making it a notable theme of the...more
1/18/2019
/ Data-Sharing ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
OCR ,
Patient Privacy Rights ,
PHI ,
Proposed Amendments ,
Public Comment ,
Request For Information
Last spring the WannaCry ransomware cyber-attack crippled the global economy, impacting over 100,000 organizations throughout 150 countries and generating an estimated $4 billion in losses. The National Health Information...more
Hurricane Harvey has been pummeling the Gulf Coast since Monday, with nearly 52 inches of rainfall in parts of Texas. The storm has displaced thousands of people from their homes and has resulted in over 30 reported deaths....more
Earlier this month a massive ransomware attack spread throughout 150 countries, infecting 300,000 computers and crippling businesses across the globe. The ransomware, called “Wannacry,” infiltrated a variety of institutions,...more
Could a lost cell phone or laptop cost your organization millions of dollars?
Mobile devices have enabled vast improvements in the efficiency and quality of healthcare delivery. ...more
Imagine this: Dr. Primary is treating Patty Patient for substance abuse and emails Patty Patient’s protected health information (PHI) to a treatment clinic. Before the email arrives at the clinic, it is intercepted by a third...more
The failure to timely report a breach of unsecured protected health information (PHI) has cost Presence Health (one of the largest health systems in Illinois) almost half of a million dollars.
Earlier this month,...more
This month marked the largest HIPAA settlement to-date for a single entity. Advocate Health Care Network (“Advocate”) agreed to pay $5.5 million and adopt a corrective action plan after an investigation by the Department of...more
One of the fastest growing areas of cybercrime is ransomware. Ransomware is a type of malicious software that encrypts data and makes it inaccessible to authorized users. The hackers who orchestrate ransomware attacks demand...more
Oregon Health & Science University (“OHSU”) has paid $2.7 million to the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) to settle allegations that it violated the Health Insurance Portability...more
7/20/2016
/ Business Associates ,
Corrective Actions ,
Data Security ,
Electronically Stored Information ,
Encryption ,
Fines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Internet Service Providers (ISPs) ,
OCR ,
PHI ,
Settlement Agreements
OCR has announced several recent settlement agreements to resolve violations of the Health Insurance Portability and Accountability Act (“HIPAA”). These settlement amounts range from $25,000 to $3.9 million dollars and...more
Amidst criticism that the Health Insurance Portability and Accountability Act (“HIPAA”) lags behind technological innovation, the Office for Civil Rights (“OCR”) released new guidance to aid app developers in determining how...more
For the second time in history, the Office for Civil Rights (“OCR”) has imposed a civil monetary penalty (“CMP”) against a covered entity for violations of the Health Insurance and Portability Act (“HIPAA”). Lincare, Inc., a...more
Triple-S Management Corporation (“Triple-S”), on behalf of its wholly-owned subsidiaries, Triple-S Salud, Inc., Triple-C, Inc., and Triple-S Advantage, Inc., has agreed to pay $3.5 million as part of a Resolution Agreement...more
Just before Thanksgiving, Lahey Hospital and Medical Center (“Lahey”), a non-profit teaching hospital located in Burlington, Massachusetts, agreed to pay $850,000 for a breach of unsecured electronic protected health...more
Cancer Care Group, P.C. (“CCG”), a radiation oncology physician group practice in Indiana, agreed to pay $750,000 for a breach of unsecured electronic protected health information (“ePHI”). CCG will also implement a...more
St. Elizabeth’s Medical Center (“SEMC”), a tertiary care hospital in Brighton, Massachusetts, has agreed to pay $218,400 to the Office for Civil Rights (“OCR”) to settle alleged violations of the Health Insurance Portability...more
The Office of the National Coordinator for Health Information Technology (“ONC”) has released a revised Guide to Privacy and Security of Electronic Health Information (the “Guide”), which is intended to be a resource for...more
Mobile health apps (also known as mHealth apps) are increasingly popular with consumers. As of 2014, there were more than 100,000 mobile health apps available on iOS and Android platforms, and total revenue from mobile health...more
The New Year is here. It is time to make those 2015 resolutions, and not just those for getting fit and healthy. Resolve now to improve your organization’s compliance with the Health Insurance Portability and Accountability...more
1/6/2015
/ Best Management Practices ,
Business Associates ,
Chief Compliance Officers ,
Covered Entities ,
Cybersecurity ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
PHI ,
Risk Assessment ,
Risk Mitigation ,
Year-End Planning
Patient Medical Records Stolen from New Jersey Storage Facility – Tribeca Medical Center is notifying patients that their protected health information may be compromised. According to a privacy notice posted on Tribeca...more
Anchorage Community Mental Health Services, Inc. (“ACMHS”) will pay $125,000 to the United States Department of Health and Human Services, Office for Civil Rights (“OCR”) to settle alleged violations of the Health Insurance...more
News from the Health Law Gurus™ is a weekly summary of notable health law news from around the country with helpful links to related content. Check back every week for the latest health law news stories.
HIPAA in the...more
Ebola has recently been the source of much concern, and health care providers and hospitals are taking steps to prepare themselves for the possibility of treating patients with Ebola. In addition to all of the medical...more
All business associate agreements (“BAAs”) must be updated and compliant with current Health Insurance Accountability and Portability Act (“HIPAA”) regulations by September 22, 2014. Failure to meet this deadline could result...more