News & Analysis as of

Electronic Medical Records Data Breach

D.C. Circuit Holds Cyber-Theft of Customers’ Medical Identifying Information Created Sufficient Increased Risk of Harm to...

Earlier this month, an appellate panel of the federal DC Circuit unanimously held that individuals affected by a healthcare insurer’s data breach in 2014 could pursue claims against the insurer stemming from the cyberattack....more

Health Care Companies Find Direction to Combat Cybersecurity Threats

by Burr & Forman on

More than 27 million patient records were affected by health care data breaches in 2016, according to a health care cybersecurity company. The cost associated with these breaches is staggering: an estimated $355 per stolen...more

A Year in Review: FTC Data Privacy Actions and its Impacts on 2017 and Beyond

Whether it means taking a prominent role shaping data security for the Internet of Things, or addressing high profile breaches, the FTC has adopted an active position in policing data privacy and security. And, as data...more

Unencrypted Backup Drive of 531 EEG Patients Lost

Baptist Medical Center South, located in Jacksonville, Florida has admitted that one of its backup drives has been missing since May 18, 2017. The unencrypted backup drive contained the protected health information of 531...more

AGs Weave Themselves Into Patchwork of Digital-Health Regs

by Pepper Hamilton LLP on

There are more than 165,000 mobile health applications available for download in Apple’s App Store or Google Play. This number will likely keep rising, and a body of federal and state regulators, including state attorneys...more

HHS Releases Health Care Industry Cybersecurity Task Force Report

Last week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task...more

HHS Releases Health Care Industry Cybersecurity Task Force Report

Last week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task...more

HIPAA Enforcement Update (February 2017 – April 2017)

by Locke Lord LLP on

In recent months, the Department of Health and Human Services, Office for Civil Rights (OCR) has announced four settlement agreements and one civil monetary penalty to resolve allegations of Health Insurance Portability and...more

Misconfigured Backup Server Exposes 7,000+ Medical Records

A misconfigured backup server hosted by medical records technology vendor iHealth Solutions resulted in exposure of over 7,000 medical records, some containing sensitive information. The records, involving patients seen at...more

Wireless HealthHealthcare Services Provider’s $2.5m Settlement Demonstrates Why Understanding HIPAA Requirements Is a Must

by Dickinson Wright on

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced a $2.5 million Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement with CardioNet, which is a company that...more

OCR Settles With Texas Health System for $2.4 Million for Disclosing PHI to Media In a Press Release

The Office for Civil Rights (OCR) issued a press release today announcing that it has settled alleged HIPAA violations with Memorial Hermann Health System (MHHS) for $2.4 million. According to the Resolution Agreement it has...more

Healthcare Advisory: HHS Announces First Settlement with a Wireless Health Services Provider

by Sherman & Howard L.L.C. on

On April 24, 2017, the Department of Health and Human Services, Office of Civil Rights (“OCR”), announced its first settlement with a wireless health services provider, CardioNet, Inc., for alleged violations of the Health...more

March Sees an Uptick in Health Data Breaches

The monthly breach report issued by Protenus last week outlining data breaches that occurred in the month of March concludes that there was an “uptick in the number of health data breach incidents.”...more

$400,000 Settlement Highlights Need for Pre- and Post-Breach Safeguards

by Dickinson Wright on

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced another Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement. This one is with Metro Community Provider...more

Telecommuting Healthcare Employees Get Employers in HIPAA Compliance Hot Water

by Dickinson Wright on

As the healthcare industry has expanded to providing home healthcare services, more service providers are allowing their employees to work remotely, i.e., telecommuting. The flexibility for healthcare workers to work from...more

Cardiology Group Hard Drive Stolen

Denton Heart Group, located throughout Dallas, has notified 21,665 patients that their protected health information has been compromised as a result of the theft of a hard drive from a locked closet....more

Horizon BCBS of New Jersey Pays State $1.1 million for HIPAA violations

We often forget that state AG’s have jurisdiction under the HIPAA Omnibus Rule to levy fines and penalties against HIPAA covered entities for violations. This is because the Office for Civil Rights has traditionally taken the...more

Lack of Timely Action and Knowledge of Risk Results in $3.2 Million Civil Monetary Penalty for HIPAA Violations

Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect...more

Children’s Medical Center of Dallas Clobbered by OCR

In a rare move by the OCR, it assessed a $3.2 million fine against Children’s Medical Center of Dallas (Children’s) after it issued a Notice of Proposed Determination against Children’s and Children’s failed to request a...more

Data Breach Class Action Reinstated Against Horizon Healthcare Services Inc.

by Ballard Spahr LLP on

The U.S. Court of Appeals for the Third Circuit has vacated a district court's dismissal of a data breach class action filed against Horizon Healthcare Services Inc., in the wake of the 2013 theft of two computer laptops...more

New Hampshire Psychiatric Hospital Patient Records Posted Online by Former Patient

The New Hampshire Department of Health and Human Services has notified up to 15,000 patients of its psychiatric hospital (New Hampshire Hospital) that their names, addresses, Social Security numbers, Medicaid ID numbers and...more

The FTC Faces an Embarrassing Set-Back in its Data Security Enforcement Authority as the LabMD Saga Continues

by Moore & Van Allen PLLC on

On November 10th, the Eleventh Circuit Court of Appeals handed an embarrassing defeat to the Federal Trade Commission and an early Christmas present to LabMD, Inc. in the ongoing David and Goliath battle between the...more

Confusing Joint Guidance published by OCR and FTC on HIPAA Authorization Forms

There are arguments that there is a dearth of guidance by both the Office for Civil Rights (OCR) and Federal Trade Commission (FTC), so when guidance comes out, we listen. But the most recent guidance jointly issued by the...more

Malware Attacks Against Healthcare Sector Rose 67 percent in Q3 of 2016

The NTT Security Q3 Quarterly Threat Intelligence Report states that the healthcare industry is the fifth most targeted industry for ransomware (behind financial services, retail, manufacturing and technology) for all cyber...more

HHS Publishes New Guidance on HIPAA and Cloud Computing

by Stinson Leonard Street on

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

125 Results
|
View per page
Page: of 5
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.