Oregon Health & Science University (OHSU) has agreed to settle alleged HIPAA violations involving two separate data breaches with the Office for Civil Rights (OCR) for $2.7 million.
In the span of three months in 2013,...more
The importance of physical security and the risk associated with the unauthorized access to or loss of paper records is clear from recent experiences of Pruitt Health in South Carolina.
On March 2, 2016, an intruder...more
Our predictions that the Office for Civil Rights (OCR) will become more aggressive with audits, investigations, and fines against HIPAA business associates has come true.
On June 24, 2016, the OCR announced that it has...more
7/6/2016
/ Business Associates ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Audits ,
HIPAA Breach ,
HITECH Act ,
Investigations ,
Mobile Device Management ,
Mobile Devices ,
OCR ,
PHI ,
Settlement Agreements
Patterson Dental Supply, Massachusetts General Hospital’s (MGH) vendor that provides software to the hospital to manage dental practice information, has reportedly admitted that approximately 4,300 of MGH’s patient records...more
Governor Bruce Rauner signed several new provisions into law amending Illinois’ Personal Information Privacy Act, including health insurance and medical information into the definition of personal information that triggers...more
Cloud-based electronic medical record (EMR) company Practice Fusion has agreed to settle an enforcement action with the FTC that alleges that it misled consumers when it solicited reviews of their doctors. The FTC alleges...more
A Washington Redskins trainers’ unencrypted laptop was located in a backpack that was stolen on April 15th. Unfortunately, the laptop contained medical exam results for NFL Combine attendees since 2004, which is estimated to...more
The Ponemon Institute has recently released its Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data. The study has included business associates for the past two years. The study included information received...more
We previously reported that Intermedix was sued in a class action lawsuit regarding the data breach involving millions of patient records....more
The Joint Commission, which is the national accrediting organization for health care organizations, has long banned physicians using text messages to place orders for patient care due to data security concerns. In 2011, the...more
Consistent with the settlement the OCR agreed to with North Memorial Health Care of Minnesota, the Office for Civil Rights has settled its investigation of Raleigh Orthopaedic Clinic, P.A. (Raleigh Orthopaedic) for $750,000....more
Phishing incidents in February that may have compromised the data of 3,184 patients, including their names, dates of birth, medical record and account numbers, dates of service and medical information is causing Wyoming...more
The Office for Civil Rights (OCR) has issued its revamped audit protocol for its second phase of auditing covered entities and business associates’ compliance with the HIPAA Privacy, Security and Breach Notification Rules....more
We previously reported that 21st Century Oncology suffered a data breach affecting 2.2 million patients and has been sued in at least two class action lawsuits following notification to the patient....more
While attending the International Association of Privacy Professionals annual global event, and listening to Chairwoman Edith Ramirez discuss the Federal Trade Commission’s (FTC) concerns about consumer privacy, the FTC, the...more
4/8/2016
/ App Developers ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
Mobile Health Apps ,
OCR ,
ONC ,
PHI ,
Privacy Concerns
We previously reported that 21st Century Oncology (21st Century) experienced a data breach of up to 2.2 million patient records that compromised the names, Social Security numbers and health and diagnostic information. It...more
MedStar Health has announced that it has shut down its electronic medical record system after confirming that it has been struck with malware....more
We previously reported that 21st Century Oncology had suffered a data breach and notified 2.2 million patients that it had been the victim of a hacking that exposed the names, Social Security numbers, physicians’ names,...more
Following the investigation of a self-reported data breach involving the loss of an unencrypted laptop containing the protected health information (PHI) of 13,000 individuals, the OCR slammed the New York based biomedical...more
The Office for Civil Rights (OCR) has been stating publicly that it will gear up for its second round of HIPAA audits for some time, and the time has come. The OCR has officially started the next round of audits of covered...more
The list of healthcare entities that have become (and will become) victims of ransomware is rapidly growing. The predictions from experts are that the list will grow exponentially into the future.
Last week, Methodist...more
On March 16, 2016, the Office for Civil Rights (OCR) issued a press release announcing that it has settled its investigation of North Memorial Health Care System (NMHCS), located in Minnesota, for $1.55 million saying that...more
Confirming what we are seeing in the field, the Ponemon Institute recently released a new report of a poll of 535 healthcare IT and IT security professionals that sets forth a dismal state of affairs around data security and...more
Days after hackers held Hollywood Presbyterian’s health information hostage, the Los Angeles County Health Department was hit with a ransomware attack that reportedly affected five computers. According to the Health...more
As we stated in last week’s Insider, Monday, February 29, 2016, is the last day to self-report under 500 breaches of unsecured protected health information to the Office for Civil Rights (OCR) through the online breach...more