Protected Health Information Data Breach

News & Analysis as of

New Hampshire Psychiatric Hospital Patient Records Posted Online by Former Patient

The New Hampshire Department of Health and Human Services has notified up to 15,000 patients of its psychiatric hospital (New Hampshire Hospital) that their names, addresses, Social Security numbers, Medicaid ID numbers and...more

Failure to Timely Notify Results in Enforcement Action and Significant Settlement

For the first time, on January 9, 2017, the Department of Health and Human Services, Office for Civil Rights (HHS/OCR) settled a HIPAA enforcement action based on the untimely reporting of a breach of unsecured protected...more

Breach of Privacy Prompts Breach of Etiquette: DHHS Sets New Precedent in Privacy Breach Enforcement

On January 9, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) took action against a health system for non-timely reporting of a breach of protected health information. It was the first...more

Time is of the Essence When Reporting a Breach of PHI

The failure to timely report a breach of unsecured protected health information (PHI) has cost Presence Health (one of the largest health systems in Illinois) almost half of a million dollars. Earlier this month,...more

Three-Month Delay Means Health Network Must Pay

A delay in reporting a HIPAA violation can result in a significant monetary penalty. That was the message sent by the Office for Civil Rights (OCR), which recently announced the first HIPAA settlement based on the untimely...more

5 Information Governance Predictions for 2017

Information is every organization’s greatest asset. It makes up intellectual property, trade secrets and many other vital corporate assets. It’s how we in corporate America conduct business. With that said, governing and...more

Looking Back at the HIPAA Resolution Agreements in 2016

In 2016, Health and Human Services’ (HHS) Office for Civil Rights (OCR), the enforcement arm for HIPAA, continued robust enforcement efforts. There were 12 reported resolution agreements (RA) in 2016. An RA is a settlement...more

November the Worst Month Yet for Healthcare Breaches

We have repeatedly reiterated numerous warnings to the healthcare industry about malware and ransomware [see related posts here and here]. Our predictions have unfortunately become true, as November was the worst month ever...more

Quest Diagnostics Announces Breach of 34,000 Records

Quest Diagnostics, which operates medical laboratories, has announced that 34,000 customer records were exposed during a hacking incident that occurred on November 26th. The hacker obtained access to the information through...more

Over 3.1 Billion Records Breached So Far in 2016

The tally of records breached in 2016 (through November) globally was over 2.1 billion, according to IT Governance. With the announcement yesterday of Yahoo’s breach of another 1 billion records, that tally is now up to 3.1...more

HHS OCR Levies Significant HIPAA Penalties in a Series of Recent Settlements: Covered Entities and Business Associates Alike...

Between June and November 2016, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has announced seven high-dollar settlements to resolve alleged violations of the HIPAA privacy, security, and breach...more

2016 Health Care Year in Review

Since I began writing this year-end review in 2013, there have been some common themes – a shift to pay for quality and away from fee-for service, much of which has been brought about by the Affordable Care Act (ACA): efforts...more

UMass Amherst Settles HIPAA Violations with OCR for $650,000

The Office for Civil Rights (OCR) has announced that the University of Massachusetts Amherst (UMass) has agreed to settle an investigation against it as a result of a malware infection for $650,000, along with implementing a...more

HHS Issues Warning About Phishing Campaign Disguised As Official Communication

As part of its efforts to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) engages in audits of covered...more

New FTC Data Breach Response Guidelines

Cybersecurity should always be at the top of any retailer’s priority list—and even more so as the holiday shopping season gets underway. To that end, the Federal Trade Commission’s newly-released Data Breach Response...more

OCR Alerts Listservs About Fake Phishing Email to Covered Entities and Business Associates

On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels”...more

FTC Announces New Guidance on Ransomware

On November 10, 2016, the U.S. Federal Trade Commission (FTC) released new guidance for businesses and consumers on the impact of, and how to respond to ransomware. Ransomware is a form of malicious software that infiltrates...more

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more

OCR Stresses Importance of Authentication in Newsletter

In a recent newsletter, the Office for Civil Rights (OCR) encourages health care organizations to review their procedures around authentication and “ensure that they have the appropriate safeguards in place.”...more

Critical Cyber-Attack on Hospitals Now A Reality- A View From ‘Across the Pond’

Serious trouble for all health and care providers looms large. High risk women in labour and major trauma cases are being diverted to other hospitals after a cyber-attack recently shut down services at a hospital in the...more

Confusing Joint Guidance published by OCR and FTC on HIPAA Authorization Forms

There are arguments that there is a dearth of guidance by both the Office for Civil Rights (OCR) and Federal Trade Commission (FTC), so when guidance comes out, we listen. But the most recent guidance jointly issued by the...more

Recent HIPAA Settlements Highlight Importance Of Business Associate Agreements

Two related healthcare companies were forced to pay settlements with the federal government totaling over $500,000 over allegations relating to a data breach involving patient health information. Much of the negative...more

Malware Attacks Against Healthcare Sector Rose 67 percent in Q3 of 2016

The NTT Security Q3 Quarterly Threat Intelligence Report states that the healthcare industry is the fifth most targeted industry for ransomware (behind financial services, retail, manufacturing and technology) for all cyber...more

Recent CyberSecurity Incidents Emphasize Importance of Cyberinsurance

As the threat of cyberattacks continues to pose daily threats to businesses large and small, more companies have turned to cyber insurance products to shore up protection against these disruptive threats. A spate of recent...more

Health Care System’s HIPAA Security Risk Results in $2.14 Million Fine

On October 18, 2016, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced that St. Joseph Health (SJH) agreed to settle allegations relating to the HIPAA Privacy and Security Rules,...more

364 Results
|
View per page
Page: of 15
Popular Topics

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×