Health Care Providers Protected Health Information

News & Analysis as of

Ransomware and Malware Continue to Plague Health Care Organizations

We continue to warn health care organizations about the real and serious risks associated with ransomware and malware, but organizations don’t prepare for it adequately and are getting hit hard. Just this past week,...more

Illinois’ Largest Health System Agrees to Stringent HIPAA Breach Settlement

The Department of Health and Human Services Office for Civil Rights (OCR) announced on August 4, 2016, a settlement agreement with Advocate Health Care Network, an integrated healthcare system with ten hospitals and a...more

HSS Issues New Guidance on Ransomware Attacks Against HIPAA-Covered Entities

Ransomware attacks at hospitals and other healthcare facilities have dramatically increased over the last several years, putting healthcare providers in the uncomfortable position of having to consider paying thousands of...more

Record HIPAA Settlement Paid by Hospital Chain

Federal regulators announced last week that Illinois’ largest hospital chain would pay $5.5 million, a record payment under the Health Insurance Portability and Accountability Act (HIPAA), in connection with three 2013 data...more

HIPAA Hat Trick: Security Violations Lead to Three Major Settlements

Look no further than the last three weeks for proof that HIPAA enforcement is on the rise. Failure to maintain the security of information systems containing patient information has cost healthcare providers over $10...more

Illinois Revises Data Privacy Statute

Earlier this year, Illinois enacted a number of changes to the Illinois Personal Information Protection Act (“PIPA”). The amendments to PIPA, among other things, expand the definition of personal information subject to...more

Ransomware Reporting Requirements & New HHS Guidance

Ransomware is malicious software that denies access to data, usually by encrypting the data with a private encryption key that is only provided once a ransom is paid. Sometimes the ransomware will actually destroy, steal, or...more

Health Alert (Australia) August 1, 2016

In This Issue: - Judgments; Legislation; and Reports. - Excerpts from Judgments: - Victoria 27 July 2016 - Hamm v South Gippsland SC [2016] VCAT 1253 - South Gippsland Shire Council issued a...more

Athens Orthopedic Clinic’s EMR compromised by hackers using vendor’s log-in credentials

Athens Orthopedic Clinic in Georgia reported on July 25, 2016, that a hacker gained access to its electronic medical record system at the end of June using the log-in credentials of a third-party vendor....more

Behavioral health provider StarCare Specialty notifies 2,900 patients of breach of PHI

StarCare Specialty Health System, located in Lubbock, Texas, is notifying 2,900 patients “who received Intellectual Developmental Disabilities program services, Behavioral Health program services, and Therapeutic Treatment...more

Health Update - July 2016

The Vulnerability of Healthcare Information - According to a report the Brookings Institute issued in May 2016, 23% of all data breaches occur in the healthcare industry. Nearly 90% of healthcare organizations had some...more

Boosts in Ransomware Attacks Spark Multiple Government Agency Responses

Following a recent U.S. government interagency report indicating that, on average, there has been an alarming 300 percent spike in daily ransomware attacks since early 2016 as compared with 2015, the U.S. Department of Health...more

Report Warns Providers of HIPAA Violations When Responding to Negative Online Reviews

ProPublica, a public interest investigative newsroom, recently identified more than 3,500 one-star medical reviews on Yelp in which patients complained about privacy issues. ProPublica determined that “in dozens of instances,...more

Protected Health Information: Providers Must Proceed with Caution

Medical records are a powerful weapon in the courtroom. They may reveal the extent of an individual’s injury in a personal injury case or substantiate the severity of an individual’s mental illness when that mental illness is...more

OCR Announces First HIPAA Enforcement Action against a Business Associate

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced an agreement with Catholic Health Services of the Archdiocese of Philadelphia (CHCS), settling allegations that CHCS violated the Health...more

Medical Malpractice and Healthcare Quarterly - Summer 2016

AFFIDAVIT OF MERIT NOT REQUIRED AS TO CLAIMS AGAINST DENTISTS - Limiting the scope of the affidavit of merit statute, the Superior Court recently held that an affidavit of merit was not required where a plaintiff filed a...more

HHS: Ransomware Attacks Likely HIPAA Breaches In Absence of Encryption

On July 11, 2016, the U.S. Department of Health & Human Services (HHS) issued a Fact Sheet that provides guidance on (i) how HIPAA Security Rule compliance can assist health care organizations combat ransomware attacks, and...more

Oregon Health & Science University pays $2.7M penalty for data breaches

Oregon Health & Science University (OHSU) has agreed to settle alleged HIPAA violations involving two separate data breaches with the Office for Civil Rights (OCR) for $2.7 million. In the span of three months in 2013,...more

CMS Finalizes Plan to Expand Medicare/Private Claims Data Available for Care Improvement

CMS has published a final rule to allow organizations approved as “qualified entities” to confidentially share or sell analyses of Medicare and private-sector claims data to providers, employers, and other groups who can use...more

Recent Enforcement Action: Business Associates Not Off the Hook

Despite the fact that Business Associates have been directly subject to and liable under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA) since February 18, 2010 the...more

OCR Sends Notification Letters to Phase 2 HIPAA Auditees

On July 12, 2016, HHS’s Office for Civil Rights (OCR) distributed an e-mail discussing recent developments in Phase II of its HIPAA audit program....more

BYOD Risks under HIPAA – Does Your HIPAA Compliance Program Adequately Address the Ever Increasing Use of Portable Electronic...

Many U.S. employers are now allowing employees to use their own personal handheld devices and laptop computers for work-related purposes. As the age of employer-provided devices is coming to an end and “bring your own device”...more

Check Your Desk: HIPAA Audits for Covered Entities Have Arrived

The Office of Civil Rights (OCR) of the Department of Health and Human Services has moved forward with Phase 2 of its Health Insurance Portability and Accountability Act of 1996 (HIPAA) audit program. On Monday, July 11,...more

Entity Fined $650,000 in First HIPAA Settlement with a Business Associate

The possibility of business associates potentially being audited, investigated, and ultimately fined is now a reality. On June 24, 2016, the United States Department of Health and Human Services’ Office of Civil Rights...more

“Your Money or Your PHI”: OCR Releases Guidance on Ransomware

On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more

176 Results
|
View per page
Page: of 8
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×