Popular, Electronic Protected Health Information (ePHI), Hospitals

OCR Announces $800,000 HIPAA Settlement with Florida Health System

Rivkin Radler LLP on 7/3/2025

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced another settlement for alleged violations of HIPAA. OCR investigated BayCare Health System, which serves central Florida, after a...more

HIPAA on the Horizon in the New Year: Important Lessons from an Active 2023 and Regulatory Initiatives to Watch for in 2024

Dorsey & Whitney LLP on 1/4/2024

2023 marked 20 years since the first compliance deadline under the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy rule. Despite the two decades of experience with HIPAA, compliance continues to remain...more

Privacy Briefs: November 2023

Health Care Compliance Association (HCCA) on 11/10/2023

Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more

Report on Patient Privacy Volume 22, Number 10. Privacy Briefs: October 2022

Health Care Compliance Association (HCCA) on 10/11/2022

Report on Patient Privacy 22, no. 10 (October, 2022) - Thirty Democratic senators led by Sen. Patty Murray, D-Wash., have called on HHS to strengthen federal privacy protections under HIPAA to broadly restrict providers...more

Report on Patient Privacy Volume 22, Number 9. Privacy Briefs: September 2022

Health Care Compliance Association (HCCA) on 9/13/2022

Report on Patient Privacy 22, no. 9 (September, 2022) - More than 92% of patients believe privacy is a right and their health data should not be available for purchase, according to a survey from the American Medical...more

'Ecosystem' of Connected Devices Heightens Cybersecurity Risk

Health Care Compliance Association (HCCA) on 5/17/2022

Report on Medicare Compliance 31 no. 18 (May 16, 2022) - In a version of the future that hopefully never comes, malware is able to remove malignant-looking tumors from CT or MRI scans before they were reviewed by...more

Report on Patient Privacy Volume 22, Number 3. Privacy Briefs: March 2022

Health Care Compliance Association (HCCA) on 3/14/2022

Report on Patient Privacy 22, no. 3 (March, 2022) - HHS said in early March that it was not aware of any specific threat to U.S. health care organizations stemming from the Russian invasion of Ukraine. “However, in the...more

Securing Problematic 'Legacy' Devices: Be Part of Procurement, Push for Info

Health Care Compliance Association (HCCA) on 3/14/2022

Report on Patient Privacy 22, no. 3 (March, 2022) - Typically a “legacy” describes the lasting impact of an influential person or movement, most often in a positive sense. Not so with medical devices. When legacy is applied...more

Report on Patient Privacy Volume 22, Number 2. Privacy Briefs: February 2022

Health Care Compliance Association (HCCA) on 2/15/2022

Report on Patient Privacy 22, no. 2 (February, 2022) - Tensions between the U.S. and Russia could lead to a heightened risk of Russian state-sponsored cyberattacks on U.S. interests, including health care organizations,...more

Report on Patient Privacy Volume 22, Number 1. Privacy Briefs: January 2022

Health Care Compliance Association (HCCA) on 1/18/2022

Report on Patient Privacy 22, no. 1 (January, 2022) - New Jersey issued its third settlement in three months on state-level health care privacy and security laws, announcing that three cancer care providers would adopt new...more

2022 Outlook: More Dangerous Ransomware Coupled With Inadequate Security Practices

Health Care Compliance Association (HCCA) on 1/17/2022

Report on Patient Privacy 22, no. 1 (January, 2022) - As the COVID-19 pandemic enters its third year, real “security fatigue” with pandemic-related issues will combine with cybercriminals’ increasingly sophisticated...more

Report on Patient Privacy Volume 21, Number 12. Privacy Briefs: December 2021

Health Care Compliance Association (HCCA) on 12/13/2021

Report on Patient Privacy 21, no. 12 (December, 2021) - Huntington Hospital in New York has sent notices to approximately 13,000 patients about an incident that happened in late 2018 and early 2019 involving a night shift...more

Report on Patient Privacy Volume 21, Number 10. Privacy Briefs: October 2021

Health Care Compliance Association (HCCA) on 10/18/2021

Report on Patient Privacy 21, no. 10 (October, 2021) - A massive data breach at University of New Mexico (UNM) Health may have allowed a third party to obtain medical records from more than 600,000 patients—more than a...more

Report on Patient Privacy Volume 21, Number 9. Privacy Briefs: September 2021

Health Care Compliance Association (HCCA) on 9/15/2021

Report on Patient Privacy 21 no. 9 (September, 2021) - DuPage Medical Group in Chicago said that the personal information of more than 600,000 patients may have been compromised in a July cyberattack. The medical group,...more

AGG Talks: Technology - In the Balance: Interoperability and Security

Arnall Golden Gregory LLP on 8/26/2021

Our podcast series features AGG attorneys and guests discussing challenges they’ve encountered when assisting clients on business and legal issues related to the Technology industry. While all topics will have a legal...more

Report on Patient Privacy Volume 21, Number 8. Privacy Briefs: August 2021

Health Care Compliance Association (HCCA) on 8/16/2021

Report on Patient Privacy 21, no. 8 (August, 2021) - IBM Security reported that the total cost of a data breach increased by nearly 10% year-over-year in 2021, the largest single-year cost increase in the last seven years....more

Nick Culbertson on Compliance Breaches in Healthcare

Health Care Compliance Association (HCCA) on 7/15/2021

Preventing data breaches is a critical task for all businesses these days, but it’s especially so in healthcare. No one wants to see health information disclosed, and the risks of a ransomware attack are enormous, literally...more

Report on Patient Privacy Volume 21, Number 7. Privacy Briefs: July 2021

Health Care Compliance Association (HCCA) on 7/12/2021

Report on Patient Privacy 21, no. 7 (July, 2021) - Mayo Clinic is facing three lawsuits from patients who say a former surgery resident, Ahmad Alsughayer, viewed hundreds of their nude photographs in electronic health...more

Report on Patient Privacy Volume 21, Number 6. Privacy Briefs: June 2021

Health Care Compliance Association (HCCA) on 6/14/2021

Report on Patient Privacy 21, no. 6 (June 2021) - Scripps Health in San Diego experienced what it called “an information technology security incident” from ransomware that was detected May 1, forcing some of its operations...more

Report on Patient Privacy Volume 21, Number 3. Privacy Briefs: March 2021

Health Care Compliance Association (HCCA) on 3/26/2021

Report on Patient Privacy 21, no. 3 (March 2021) - The Cybersecurity & Infrastructure Security Agency (CISA) has issued an emergency directive addressing critical vulnerabilities in Microsoft Exchange products. Successful...more

Report on Patient Privacy Volume 20, Number 12. Privacy Briefs: December 2020

Health Care Compliance Association (HCCA) on 12/21/2020

Report on Patient Privacy 20, no. 12 (December 10, 2020) - Suspected North Korean hackers have tried to break into the systems of British drugmaker AstraZeneca in recent weeks as the company races to deploy its COVID-19...more

Report on Patient Privacy Volume 20, Number 11. Privacy Briefs: November 2020

Health Care Compliance Association (HCCA) on 11/11/2020

Report on Patient Privacy 20, no. 11 (November 2020) - HHS Office of the National Coordinator (ONC) for Health Information Technology (ONC) is giving health care organizations more time to meet new rules on information...more

Report on Patient Privacy Volume 20, Number 6. Privacy Briefs: June 2020

Health Care Compliance Association (HCCA) on 6/16/2020

Report on Patient Privacy 20, no. 6 (June 2020): A divided Indiana Court of Appeals has reinstated a patient’s claim that a hospital is vicariously liable for the actions of a medical assistant who accessed the patient’s...more

Interpol Issues Alert on Increased Risk of Ransomware Attacks Against COVID-19 Medical Organizations

Robinson+Cole Data Privacy + Security Insider on 4/18/2020

Interpol has issued an alert to global law enforcement agencies about the increased risk of ransomware attacks on hospitals, health care providers and other organizations on the front line of response to the COVID-19...more

To DPO or Not to DPO: Revised Guidance Issued on Data Protection Officers Under GDPR

Ballard Spahr LLP on 5/4/2017

If you are a hospital processing European Union (EU) patient data, if you maintain EU customer loyalty programs, or if you engage in behavioral advertising of EU citizens, you may be required to appoint a data protection...more

Today's Popular Updates › Electronic Protected Health Information (ePHI) › Hospitals

"My best business intelligence, in one easy email…"