OCR Clarifies Healthcare Permitted Uses and Disclosures
When can Healthcare organizations disclose patient information for public health purposes? The Department of Health and Human Services Office for Civil Rights (OCR) issued a guidance document to...
View ArticleTardy Breach Notification Results in $475K HIPAA Penalty
The Office for Civil Rights (OCR) is starting 2017 off strong. OCR reached its first settlement of the year with Presence Health over tardy notification of a data breach. Presence Health is one of the...
View ArticleClik here to view.
The Year In Review for Healthcare Cyber Security
For the healthcare sector, 2016 was a rigorous year with a record number of HIPAA enforcement actions, another round of intense HIPAA audits, an onslaught of ransomware attacks, and plenty of other...
View ArticleHealthcare Organizations Watch Out: TheDarkOverLord Strikes Again
A cyber attacker who goes by the moniker ‘TheDarkOverLord’ tormented several healthcare organizations last year. Now with the new year under way, TheDarkOverLord is back again, with some new tricks up...
View ArticleHIPAA Settlement: Importance of Safeguarding ePHI
The Department of Health and Human Service’s Office for Civil Rights (OCR) is staying the course in 2017 with another enforcement action for HIPAA violations. The latest settlement is with MAPFRE Life...
View ArticleOCR Penalty: Unencrypted Laptops Result in Steep Fines for Small Breaches
The Office for Civil Rights (OCR) sent a strong message to the healthcare community with their third civil monetary penalty totaling $3.2 million. Children’s Medical Center of Dallas – part of the...
View ArticleHIPAA Settlement: Memorial Healthcare Systems
The Office for Civil Rights (OCR) isn’t slowing down with its heavy fines. In the largest settlement of the year thus far, OCR settled with Memorial Healthcare Systems for a $5.5 million penalty along...
View ArticleHITRUST Releases Streamlined Cybersecurity Framework
Smaller healthcare providers can look to HITRUST for guidance on improving their cyber resilience. The Health Information Trust Alliance (HITRUST) recently released a simplified version of the HITRUST...
View ArticlePhishing Attack Results in $400,000 OCR Settlement
Phishing incidents continue to be a top cause of data breaches. A phishing incident at Metro Community Provider Network (MCPN) led to the most recent OCR settlement for $400,000. Who is Metro...
View ArticleClik here to view.
Small Healthcare Practice Gets Slapped with HIPAA Penalty
The Office for Civil Rights (OCR) settled with the Center for Children’s Digestive Health (CCDH) for $31,000 over HIPAA violations related to business associate agreements. CCDH is a small, for-profit...
View ArticleClik here to view.
HIPAA Settlement: $2.5 Million for Neglecting to Address Cyber Risks
The latest HIPAA enforcement action involves the classic theft of an unencrypted laptop, but with an added twist. The Office for Civil Rights (OCR) agreed to terms with CardioNet to settle violations...
View ArticleClik here to view.
HHS Announces a New Cybersecurity Initiative Focused on Medical App Security
It seems the Department of Health and Human Services (HHS) is stealing a page from the Homeland Security Department’s playbook with the launch of a new cybersecurity initiative. This new HHS project...
View Article$2.4 Million HIPAA Penalty for Disclosing One Patient’s Name
The Office for Civil Rights (OCR) announced a curious settlement with Memorial Hermann Health Systems (MHHS) last week after an OCR compliance review. The review found impermissible disclosure of a...
View ArticleMishandling HIV Information Costs Hospital $387,000
St. Luke’s hospital came under fire after faxing two patients’ sensitive medical information against their request. The Office for Civil Rights (OCR) reached a settlement with St. Luke’s-Roosevelt...
View ArticleOCR Publishes New Cybersecurity Materials & Guidance
The Office for Civil Rights (OCR) released new guidance materials that should prove helpful for smaller organizations working on a limited budget. The purpose of the new guidance is to help Covered...
View ArticlePatient Data Exposed on the Web for Two Years
Software development projects within the healthcare sector pose a legitimate risk for breaches of protected health information (PHI). A reported breach of PHI from the University of Iowa Health Care...
View ArticleHHS Releases Training Module for HIPAA’s Right of Access
The Department of Health and Human Services (HHS) recently addressed the concerns of many healthcare providers regarding patient access to health information. Their newly released training module and...
View ArticleClik here to view.
Siemens Device Vulnerabilities: How to Update Your Medical Devices
After the WannaCry outbreak heard ‘round the world, Siemens is working to bolster the security of its medical products. Practical TIP: If your healthcare practice is using Siemens products, review the...
View ArticleClik here to view.
Key Takeaways from the New and Improved HIPAA Breach Reporting Tool
Several issues were raised in the past about the Office for Civil Rights’ (OCR) website commonly referred to as the “Wall of Shame.” In response, OCR announced the updated version of their rebranded...
View ArticleClik here to view.
HHS Provides Guidance for Handling Patient Information During an Emergency
Hurricane’s Harvey and Irma and their devastating effects have dominated the headlines over the past month. When a natural disaster like a hurricane strikes, balancing emergency patient needs with...
View Article