Data Breach Protected Health Information

News & Analysis as of

St. Joseph Health Settles with OCR for $2.14 Million

The Office for Civil Rights (OCR) has announced that it has entered into a settlement with St. Joseph Health, which operates hospitals and nursing homes in California, Texas and New Mexico, for $2.14 million for alleged HIPAA...more

HHS-OCR Announces Guidance On HIPAA Compliance And Cloud Computing

On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued guidance on complying with HIPAA privacy, security, and breach notification rules when using cloud computing technology...more

Central Ohio Urology Group Notifies 300,000 Patients of Breach

Approximately 300,000 patients of Central Ohio Urology Group have been notified that their protected health information has been stolen and posted online. Although the actual date of the hacking has not been released,...more

CryptoWall Ransomware Hits New Jersey Spine Center

The New Jersey Spine Center was hit with a variant of CryptoWall ransomware on July 27, 2016 that encrypted its electronic health record and its backup files. A double whammy....more

Best Practices for Safeguarding Protected Health Information in Inclement Weather

As the East Coast prepares for the arrival of Hurricane Matthew, covered entities and business associates should take the opportunity to remind their workforce members to safeguard protected health information (PHI) that is...more

Blog: GAO Criticizes HHS In Health Information Cybersecurity Report

On Monday, the Government Accountability Office (“GAO”) released a report (the “Report”) criticizing the U.S. Department of Health and Human Services (“HHS”) security and privacy guidance and oversight in protecting...more

Small-Breach Focus Shows Growing Scope Of HIPAA Probes

Flexing yet more enforcement muscle under the Health Insurance Portability and Accountability Act, on Aug. 18, 2016, the U.S. Department of Health and Human Services Office for Civil Rights announced that it will more widely...more

Yuba Sutter Medical Center Hit With Ransomware

Yuba Sutter Medical Center in California (Yuba Sutter) has notified its patients that it has suffered a recent ransomware attack that caused parts of its network to be incapacitated. As a result, patient files were unable to...more

Hackers Post Athletes’ Medical and Drug Testing Records Online

Hacking group Fancy Bear, reportedly a Russian group, who allegedly hacked into the Democratic National Committee emails which made headlines, has posted U.S. Olympians’ medical and drug testing records online. Although it...more

Causes of Healthcare Data Breaches

Pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), covered entities (e.g. healthcare providers and health plans) must notify the Department of Health and Human Services (“HHS”) of breaches...more

Don’t Ignore Ransomware Vulnerabilities; You Could Be Violating FTC Act

Last week, the Federal Trade Commission convened a ransomware workshop to discuss the rising epidemic of attacks against U.S. businesses and individuals. In a ransomware attack, a malicious actor tricks a user into...more

Banner Health Suits Raise Significant Questions for Data Breach Class Actions

Banner Health recently announced that hackers may have gained “unauthorized access to patient information” and “payment card data” from approximately 3.7 million patients, health plan members, food and beverage customers, and...more

OCR Continues to Strengthen HIPAA Enforcement Efforts

The United States Department of Health and Human Services Office for Civil Rights ("OCR") sent a strong HIPAA enforcement message this summer, entering four resolution agreements, including the highest financial settlement to...more

Information From 700+ Patients Stolen from LAC+USC Medical Center

Los Angeles County-USC Medical Center (LAC+USC) has notified patients that the protected health information of over 700 patients seen in the LAC+USC neurosurgery clinic was stolen from an employee’s car. The information,...more

MedStar Health Cardiology Associates Employee Emails Patient Information to Personal Account and Gets Fired

MedStar Health Cardiology Associates, (“MedStar Cardiology”) affiliated with MedStar Health, which was recently in the news for a ransomware attack, discovered that an employee sent protected health information of 907...more

SCAN Health Plan Notifies Patients of Data Breach Affecting 87,000 Individuals

SCAN Health Plan of California, SCAN Health Plan Arizona, and VillageHealth are in the process of notifying certain plan members and non-plan members of a breach of protected health information, including names, addresses,...more

OCR Sets Sights on Smaller HIPAA Breaches

Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human...more

Orleans Medical Clinic Notifies 6,890 Patients of Data Breach

Orleans Medical Clinic (Orleans) in Indiana has notified the Office for Civil Rights that the protected health information of 6,890 patients was compromised as a result of an upgrade to its server. Orleans is in the process...more

Outer Banks Hospital Reports Breach of PHI In Loss of Two Thumb Drives

Everybody knows how much I hate USB and thumb drives. The latest scheme is for hackers to leave thumb drives in coffee shops, airports, office buildings, libraries and other public places. These USB and thumb drives contain...more

OCR Announces Initiative to Amplify Investigations of Breaches Affecting Fewer than 500 Individuals

Taking another step toward more aggressive enforcement under the Health Insurance Portability and Accountability Act (“HIPAA”), on August 18, 2016, the U.S. Department of Health & Human Services (“HHS”) Office for Civil...more

LabMD Seeks Stay of FTC’s Final Order Pending Appeal

Not surprisingly, on August 30, 2016, LabMD filed its Application for a Stay of the Final Order of the Federal Trade Commission (FTC) pending review of the order by the appellate court. But since the matter is still pending...more

OCR: No privacy breach is too small

The Office for Civil Rights (OCR) HIPAA enforcement efforts are continuing to increase. This year, the OCR has already announced 10 HIPAA enforcement actions involving fines, which is a 67 percent increase from last year and...more

HIPAA Breaches: Size Doesn't Necessarily Matter

The U.S. Department of Health and Human Services Office of Civil Rights (OCR) made headlines this month with a record $5.55 million HIPAA settlement reached with Advocate Health Care System, Illinois’ largest health care...more

OCR to Increase Investigations Of Smaller PHI Breaches

Healthcare providers and other covered entities must report breaches of unsecured protected health information (“PHI”) to the Secretary of Health and Human Services in accordance with the Breach Notification Rule of the...more

Small Breaches Matter Too: OCR Broadens HIPAA Breach Investigations

The Regional Offices of the Department of Health and Human Services Office for Civil Rights (OCR) already investigate every reported Health Insurance Portability and Accountability Act (HIPAA) breach affecting 500 or more...more

340 Results
View per page
Page: of 14
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.