Electronic Medical Records Protected Health Information

News & Analysis as of

Cardiology Group Hard Drive Stolen

Denton Heart Group, located throughout Dallas, has notified 21,665 patients that their protected health information has been compromised as a result of the theft of a hard drive from a locked closet....more

HIPAA Checkup – How Good Are Your Policies and Procedures?

Although it is not a new requirement, it is important and therefore worth a reminder: HIPAA requires covered entities to establish and implement written policies and procedures that are consistent with its Privacy and...more

Horizon BCBS of New Jersey Pays State $1.1 million for HIPAA violations

We often forget that state AG’s have jurisdiction under the HIPAA Omnibus Rule to levy fines and penalties against HIPAA covered entities for violations. This is because the Office for Civil Rights has traditionally taken the...more

Lessons Gleaned From Recent HIPAA Settlements: An Ounce of Prevention is Worth a Pound of Cure: How Recent OCR Enforcement...

HIPAA enforcement has been on the rise during the last several years, and the dollar impact of those settlements has continued to grow significantly. The Department of Health and Human Services, Office of Civil Rights (OCR)...more

Hospital pays $3.2M Resulting from HIPAA Security Rule Noncompliance

In one of the last health care related acts of President Obama’s administration, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), imposed a multimillion-dollar HIPAA civil money penalty (CMP)...more

Lack of Timely Action and Knowledge of Risk Results in $3.2 Million Civil Monetary Penalty for HIPAA Violations

Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect...more

Children’s Medical Center of Dallas Clobbered by OCR

In a rare move by the OCR, it assessed a $3.2 million fine against Children’s Medical Center of Dallas (Children’s) after it issued a Notice of Proposed Determination against Children’s and Children’s failed to request a...more

Data Breach Class Action Reinstated Against Horizon Healthcare Services Inc.

The U.S. Court of Appeals for the Third Circuit has vacated a district court's dismissal of a data breach class action filed against Horizon Healthcare Services Inc., in the wake of the 2013 theft of two computer laptops...more

New Hampshire Psychiatric Hospital Patient Records Posted Online by Former Patient

The New Hampshire Department of Health and Human Services has notified up to 15,000 patients of its psychiatric hospital (New Hampshire Hospital) that their names, addresses, Social Security numbers, Medicaid ID numbers and...more

2017 Health Information Privacy and Security New Year’s Resolutions

To start off the New Year, here are some potential health information privacy and security resolutions. You can use these Annual, Quarterly, and Monthly lists to map out your privacy and security tasks for the year, and then...more

21st Century Cures Act Includes Prohibition on Information Blocking and Mandates for Additional HIPAA Guidance

On November 30, 2016, the U.S. House of Representatives voted strongly in favor of the 21st Century Cures Act (the Act), an expansive health bill that addresses the discovery and development of new medical therapies as well...more

OCR Examines Hybrid Entity Designation in Latest HIPAA Settlement

On November 22, 2016, the University of Massachusetts Amherst (UMass) agreed to pay $650,000 and enter into a corrective action plan to settle allegations that it violated the HIPAA Privacy and Security Rules in connection...more

Beware of Phishing Email Disguised as Official OCR Audit Communication

The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has posted an alert (and a follow-up alert) warning health plans, health care providers, and their vendors of a mock communication...more

HIPAA Settlement Emphasizes Importance of Accurate Hybrid Entity Designations

On November 22, 2016, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced that University of Massachusetts Amherst (UMA) agreed to settle allegations relating to the HIPAA Privacy...more

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

Confusing Joint Guidance published by OCR and FTC on HIPAA Authorization Forms

There are arguments that there is a dearth of guidance by both the Office for Civil Rights (OCR) and Federal Trade Commission (FTC), so when guidance comes out, we listen. But the most recent guidance jointly issued by the...more

Malware Attacks Against Healthcare Sector Rose 67 percent in Q3 of 2016

The NTT Security Q3 Quarterly Threat Intelligence Report states that the healthcare industry is the fifth most targeted industry for ransomware (behind financial services, retail, manufacturing and technology) for all cyber...more

Central Ohio Urology Group Notifies 300,000 Patients of Breach

Approximately 300,000 patients of Central Ohio Urology Group have been notified that their protected health information has been stolen and posted online. Although the actual date of the hacking has not been released,...more

CryptoWall Ransomware Hits New Jersey Spine Center

The New Jersey Spine Center was hit with a variant of CryptoWall ransomware on July 27, 2016 that encrypted its electronic health record and its backup files. A double whammy....more

Small-Breach Focus Shows Growing Scope Of HIPAA Probes

Flexing yet more enforcement muscle under the Health Insurance Portability and Accountability Act, on Aug. 18, 2016, the U.S. Department of Health and Human Services Office for Civil Rights announced that it will more widely...more

Health Care E-Note - September 2016

In an article published in the September 2016 MASA Newsletter, Jim Hoover and Angie Cameron Smith discuss how physicians should properly respond to subpoenas and requests for patients’ health information. They stress how...more

Information From 700+ Patients Stolen from LAC+USC Medical Center

Los Angeles County-USC Medical Center (LAC+USC) has notified patients that the protected health information of over 700 patients seen in the LAC+USC neurosurgery clinic was stolen from an employee’s car. The information,...more

MedStar Health Cardiology Associates Employee Emails Patient Information to Personal Account and Gets Fired

MedStar Health Cardiology Associates, (“MedStar Cardiology”) affiliated with MedStar Health, which was recently in the news for a ransomware attack, discovered that an employee sent protected health information of 907...more

SCAN Health Plan Notifies Patients of Data Breach Affecting 87,000 Individuals

SCAN Health Plan of California, SCAN Health Plan Arizona, and VillageHealth are in the process of notifying certain plan members and non-plan members of a breach of protected health information, including names, addresses,...more

119 Results
|
View per page
Page: of 5
Cybersecurity

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×