News & Analysis as of

Protected Health Information Health Care Providers

Hixon: Medical records and privacy

by GableGotwals on

Many people mistakenly believe that their medical files maintained by their physicians are 100 percent private. However, there are legal scenarios in which those files are under subpoena and that require physicians to comply...more

HIPAA in the Age of Ransomware

According to a recent US Government Interagency report, ransomware is the fastest growing malware threat, targeting users of all types, including health care facilities. This past spring, for example, the WannaCry ransomware...more

Princeton Community Hospital Replaces Computer Network After Petya Attack

Numerous hospitals were victims to last week’s (aka NotPetya) ransomware attack. But one hospital—Princeton Community Hospital in West Virginia–has admitted that it is going to replace its entire computer network after Petya...more

When Health Data Goes Missing: Largest Reported Ransomware Attack

In the aftermath of two powerful global ransomware attacks, a Michigan-based medical equipment provider has disclosed that hackers “encrypted our data files” and accessed more than 500,000 patient records in what is believed...more

HHS Releases Health Care Industry Cybersecurity Task Force Report

Last week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task...more

New York State Enforces Data Breach Notification Law

Earlier this month, New York Attorney General Eric Schneiderman announced his state had entered into a settlement with CoPilot Provider Support Services, Inc. (CoPilot)—a settlement resulting from CoPilot’s violation of the...more

Data Breaches Most Expensive For Health Care Industry But Precautionary Measures Can Keep Costs Down

by Murtha Cullina on

Data breaches have become commonplace in every industry. In health care, however, it costs much more to respond to a data breach than in all other industries in this country, according to the results of a recent IBM-sponsored...more

My Entity Just Experienced a Cyber-Attack! What Do We Do Now?

by Balch & Bingham LLP on

On June 9, 2017, the U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) released a cyber-attack “Quick Response” checklist (the Checklist) for the benefit of HIPAA covered entities and business...more

New HHS Cybersecurity Preparedness Checklist

by Carlton Fields on

The Department of Health and Human Services’ Office of Civil Rights (OCR) recently published a checklist to guide HIPAA-covered entities and business associates through an appropriate response to a ransomware or cybersecurity...more

OCR Issues Checklist for Responding to Cyber-Attack

The Office for Civil Rights (OCR) recently released guidance entitled “My Entity Just Experienced a Cyber-attack! What Do We Do Now?” The Checklist is a practical tool for health care entities and outlines several steps to...more

$387,200 Fine from HHS OCR for the Improper Disclosure of PHI to an Employer and a Volunteer Organization

by Arnall Golden Gregory LLP on

On May 23, 2017, the Department of Health and Human Services Office of Civil Rights (HHS OCR) announced a settlement with St. Luke’s-Roosevelt Hospital Center, part of the Mount Sinai Health System, to resolve allegations...more

OCR Publishes Checklist and Infographic for Cyber Attack Response

OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more

OCR Issues Reminder on Security Incidents

Following the frequent and varied ransomware attacks on health care entities over the past few years, the Office for Civil Rights (OCR) published guidance last summer to the health care industry reminding it that a ransomware...more

2,500 Mothers’ and Newborns’ Personal and Health Information Lost in the Mail

The Arizona Department of Health Services (ADHS) has notified 2,500 patients that their personal and health information has been lost in the mail. The affected patients were mothers and newborns enrolled in the newborn...more

Causes of Healthcare Data Breaches (Update)

by Bryan Cave on

Pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), covered entities (e.g. healthcare providers and health plans) must notify the Department of Health and Human Services (“HHS”) of breaches...more

New State Guidance Released on Health Care Privacy and Data Sharing

On May 11, 2017, the New York State Department of Health ("DOH") issued a new guidance statement ("Guidance Statement") about privacy protections and permissible data sharing under the Health Insurance Portability and...more

Health System Paid $2.4 Million Settlement After Identification in a Press Release of a Patient Who Was Engaged in Fraud

by Dickinson Wright on

The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced a $2,400,000 settlement with Memorial Hermann Health System (“MHHS”) to resolve an investigation of an unauthorized disclosure of...more

Organizations Want to Cry After WannaCry Ransomware Attacks

Earlier this month a massive ransomware attack spread throughout 150 countries, infecting 300,000 computers and crippling businesses across the globe. The ransomware, called “Wannacry,” infiltrated a variety of institutions,...more

Health Alert (Australia) 29 May 2017

by DLA Piper on

In This Issue: - Judgments; Legislation; and Reports. - Excerpts from Judgments: 12 May 2017 - White v State of Queensland (Central Queensland Hospital and Health Service) [2017] QIRC 41 - INDUSTRIAL LAW –...more

HIPAA Enforcement Update (February 2017 – April 2017)

by Locke Lord LLP on

In recent months, the Department of Health and Human Services, Office for Civil Rights (OCR) has announced four settlement agreements and one civil monetary penalty to resolve allegations of Health Insurance Portability and...more

HIPAA spring check-up: Your obligations to safeguard third-party patient health information in medical records produced in...

You’ve had your apple a day, but you can’t keep the subpoenas away… And, if your organization is facing a request seeking records or other materials that may contain patient health information (“PHI”), it bears...more

Weapons in the Cyber Defense Arsenal

by Wilson Elser on

In May 2017, the world experienced an unprecedented global cyberattack that targeted the public and private sectors, including an auto factory in France, dozens of hospitals and health care facilities in the United Kingdom,...more

Press Release Mistake Leads to $2.4 Million HIPAA Penalty for Health System

by Nossaman LLP on

On May 10, 2017, the U.S. Health and Human Services Department Office for Civil Rights (“OCR”) announced an agreement whereby Memorial Hermann Health System (“MHHS”) will pay a $2.4 million penalty for releasing a patient’s...more

OCR Settles With Texas Health System for $2.4 Million for Disclosing PHI to Media In a Press Release

The Office for Civil Rights (OCR) issued a press release today announcing that it has settled alleged HIPAA violations with Memorial Hermann Health System (MHHS) for $2.4 million. According to the Resolution Agreement it has...more

$2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk

by Fox Rothschild LLP on

In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press...more

295 Results
|
View per page
Page: of 12
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.