HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than...more
2/11/2022
/ Cyber Attacks ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Regulatory Requirements ,
Reporting Requirements
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for...more
12/23/2021
/ Data Breach ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Email ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Violations ,
OCR ,
Penalties ,
PHI ,
Phishing Scams ,
Policies and Procedures ,
State Attorneys General
CYBERSECURITY -
Joint CISA/FBI Alert on Vulnerability in Zoho ManageEngine ServiceDesk Plus -
On December 6, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI)...more
12/13/2021
/ Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
FBI ,
Gift-Cards ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Infectious Diseases ,
Information Governance ,
Personally Identifiable Information ,
Popular ,
Scams ,
Vaccine Passports ,
Vulnerability Assessments
A federal district court in Montana has confirmed that HIPAA precludes a private right of action for patients to claim an unauthorized access, use, or disclosure of protected health information. ...more
CYBERSECURITY -
Tulsa, OK Refuses to Pay Ransom to Attackers -
The City of Tulsa, Oklahoma, announced on May 9, 2021, that it had been hit with a ransomware attack, but the Mayor is resolute in not paying the demanded...more
The Office for Civil Rights (OCR) this week announced a settlement with Peachstate Health Management LLC (aka AEON Clinical Laboratories) following a compliance review that uncovered alleged violations of HIPAA....more
CYBERSECURITY -
GAO Report Identifies Need for DOE to Address Risks to Electrical Distribution System -
The United States Government Accountability Office (GAO) recently completed and published a study on electricity...more
4/2/2021
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Drones ,
Email ,
FBI ,
GAO ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Infrastructure ,
OCR ,
Personal Data ,
Personally Identifiable Information ,
Right of Access ,
Vulnerability Assessments ,
Wal-Mart
Continuing its serious march against covered entities not allowing patients access to their records, the Office for Civil Rights (OCR) has settled two more cases in two days in its Right of Access Initiative. This brings the...more
Some of those who are fortunate enough to have received the COVID-19 vaccine are so excited that they have been posting their vaccine card on social media accounts. ...more
CYBERSECURITY -
Free Ransomware Service Offered to U.S. Hospitals -
The Center for Internet Security (CIS) announced last week that it has launched the Malicious Domain Blocking and Reporting (MDBR) service to assist...more
2/26/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Driverless Cars ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Regulatory Agenda ,
Right of Access ,
WhatsApp
CYBERSECURITY -
Health and Personal Information of N.C. Residents Posted Online by Ransomware Group -
Becker’s Health IT reports that two batches of sensitive information of Chatham County, N.C. residents have been posted...more
2/19/2021
/ Article III ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Right of Access ,
Standing
The Office for Civil Rights (OCR) recently announced another settlement involving investigations under its Right of Access Initiative. This settlement, the sixteenth such agreement under the Initiative (and one of the most...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced that it had entered into a Resolution Agreement, Corrective Action Plan, and settlement with Lifetime Healthcare, Inc., the...more
1/21/2021
/ Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
Malware ,
OCR ,
Personally Identifiable Information ,
PHI
CYBERSECURITY -
Greater Baltimore Medical Center Hit with Ransomware -
The Greater Baltimore Medical Center (GBMC) was hit with a ransomware attack over the weekend (December 5-6) that potentially delayed procedures planned...more
12/11/2020
/ Cybersecurity ,
Dark Web ,
Data Breach ,
Data Privacy ,
Driverless Cars ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
Phishing Scams ,
Popular ,
Ransomware ,
Spoofing
The Office for Civil Rights (OCR) issued a press release on November 12, 2020, announcing that it had settled its eleventh enforcement action in its HIPAA Right-of-Access Initiative. The settlement with Dr. Rajendra Bhayani,...more
The Office for Civil Rights (OCR) recently settled a tenth case under its right-to-access initiative with California-based Riverside Psychiatric Medical Group (RPMG), for $25,000....more
New Jersey Attorney General (AG) Gurbir S. Grewal announced on November 2, 2020, that his office has settled with ShopRite’s parent company, Wakefern Food Corp. (Wakefern) and two of its supermarket entities for $235,000 for...more
Continuing its enforcement priority of assisting patients with obtaining access to their health records, the Office for Civil Rights (OCR) recently settled its ninth case with a covered entity that it alleged failed to...more
On October 8, 2020, New Jersey Attorney General Gurbir Grewal (AG) announced that his office has entered into a multi-state settlement agreement with Community Health Systems, Inc. (CHS) stemming from an investigation of a...more
10/16/2020
/ Cyber Attacks ,
Electronic Medical Records ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Settlement Agreements
Continuing with its previous enforcement actions centered on covered entities’ failure to provide patients with access to their health records, the Office for Civil Rights (OCR) announced on October 9, 2020 that it entered...more
Regulatory bodies are upping the ante when it comes to settling with companies that have suffered data breaches. In addition to the below settlements, see also the settlement between the OCR and Dignity Health....more
10/16/2020
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCC ,
Personally Identifiable Information ,
PHI
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that it has settled potential violations of HIPAA with Athens Orthopedic Clinic PA (Athens) for $1.5 million, following an...more
10/5/2020
/ Data Breach ,
Electronic Medical Records ,
Enforcement Actions ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Settlement Agreements
CYBERSECURITY -
VA Alerting 46,000 Veterans of Compromise -
The U.S. Department of Veterans Affairs Office of Management (VA) has announced that it is notifying approximately 46,000 veterans that their personal...more
9/18/2020
/ Cyber Insurance ,
Data Breach ,
Data Protection ,
Deep Fake ,
Department of Veterans Affairs ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
Right of Access ,
Social Media ,
Veterans
The Office for Civil Rights (OCR) announced yesterday that it has settled five investigations in its HIPAA Rights to Access Initiative (Initiative), which it announced would be an enforcement priority for it starting in 2019....more
Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion....more