18 10, 2018

UMass to Pay $230,000 in Attorney General HIPAA Fines

2018-10-18T12:21:53+00:00October 18th, 2018|

Another Attorney General HIPAA fine has been levied, this time for data breaches that have left thousands of Massachusetts residents' personal data exposed. UMass Memorial Medical Group Inc. and UMass Memorial Medical Center Inc. will pay a total of $230,000 to the state of Massachusetts to resolve claims that two separate healthcare data breaches exposed the protected health information (PHI) of more than 15,000 Massachusetts residents. According to [...]

21 09, 2018

$1 Million Boston HIPAA Fine Levied for Illegally Filming Patients

2018-09-21T15:50:20+00:00September 21st, 2018|

Close to $1 million in HIPAA fines have been levied against three Boston-area hospitals for serious HIPAA violations after illegally filming patients for a local TV series. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued HIPAA settlements to three different hospitals for HIPAA violations stemming from the filming of a TV series on their premises. ABC's "Boston Med" was filmed at [...]

9 08, 2018

1.4 Million Patient Records Breached in Phishing Attack

2018-08-27T14:39:40+00:00August 9th, 2018|

The largest data breach of 2018 (so far) has been claimed by a Midwestern health network. UnityPoint Health (UPH) has reported its second data breach of 2018, this time affecting 1.4 million patient records. On July 30, 2018, UnityPoint Health reported that the protected health information (PHI) of 1.4 million patients was compromised after a recent phishing attack infiltrated their email servers. The exposed PHI included patient info [...]

3 08, 2018

Average HIPAA Fine is Now $1.5 Million

2018-09-17T16:36:20+00:00August 3rd, 2018|

With so many HIPAA fines making headlines over the 20+ years since HIPAA regulation was first enacted, it's hard to keep track of some of the more significant fines and figures. Even though there have been landmark fines for HIPAA compliance--especially over the past four years--the fact of the matter remains that there are standard trends to HIPAA enforcement that all health care professionals should be aware of. When [...]

10 07, 2018

Medical Center Employee Indicted on Criminal HIPAA Violations

2018-09-10T14:46:18+00:00July 10th, 2018|

A former University of Pittsburgh Medical Center (UPMC) employee was indicted by a federal grand jury for criminal HIPAA violations. The Pittsburgh federal grand jury charged the former patient information coordinator with six counts of wrongfully obtaining and disclosing protected health information (PHI). HIPAA regulation defines PHI as any demographic information that can be used to identify a patient. The UPMC employee used her position to illegally obtain [...]

27 06, 2018

Cancer Center Hit with $4.3 Million Texas HIPAA Fine

2018-09-17T16:31:11+00:00June 27th, 2018|

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that The University of Texas MD Anderson Cancer Center (MD Anderson) issued a $4.3 million Texas HIPAA violation fine for three different security breaches that occurred between 2012 and 2013. In an uncharacteristic enforcement action, the case was put before the HHS Administrative Law Judge (ALJ). The ALJ ruled in favor of OCR, stating that [...]

20 06, 2018

Will New Laws Allow Patients to Cash-In on HIPAA Fines?

2018-06-22T15:24:35+00:00June 20th, 2018|

This coming November, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) is slated to discuss an “advance notice of proposed rulemaking” that is requesting for public input on how OCR could share HIPAA fines with the victims of security breaches. This is not the first time OCR has called this action, as this is the 13th time since fall of 2012 that they [...]

7 06, 2018

Connecticut HIPAA Lawsuit, Patients May Now Sue over HIPAA Violations

2018-10-02T14:28:49+00:00June 7th, 2018|

2018 marks the year that Connecticut citizens are now allowed to file HIPAA lawsuits against providers for unwarranted release of their protected health information (PHI). This ruling was issued for a HIPAA violation case between the Avery Center for Obstetrics and Gynecology in Westport, Connecticut, and one of their patients, Emily Byrne. Byrne sued Avery Center for negligence and breach of contract after the Center sent Byrne’s medical records [...]

22 05, 2018

Do Email Subject Lines Need to Be HIPAA Compliant?

2018-07-24T13:53:25+00:00May 22nd, 2018|

If you are a healthcare organization, business associate or covered entity that uses email, you know that any form of communication containing protected health information (PHI) needs to be encrypted to be HIPAA compliant. For some secure messaging solutions, that means sending an email portal to an end-recipient to access the encrypted message. Typically, the subject line will indicate that the contents inside include sensitive information as a reasonable [...]

17 05, 2018

Security and Compliance for Health IT: The Route to New Business?

2018-05-17T10:46:53+00:00May 17th, 2018|

Understanding security and compliance is essential for health care providers and health care IT professionals alike. Security and compliance go hand-in-hand to keep sensitive health care data safe. Managed service providers (MSPs) and IT service providers are posed particularly well to take advantage of this interrelationship and grow new business in health care. Health care is currently one of the fastest growing sectors of the US economy--and with the [...]