The HIPAA Timeline

The Health Insurance Portability and Accountability Act was passed on August 21, 1996, during the re-election campaign of President Bill Clinton. The law was the end-product of twin concerns of Congress as America entered into the 21st century. One of these twin principal concerns was, of course, a fear that as new technologies were developing, existing laws - mostly a patchwork of laws on the state level - were [...]

2020-02-18T11:42:45-05:00February 18th, 2020|

January 2020 Healthcare Breaches Affect Almost 500,000 Patients

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reported 32 January healthcare breaches, affecting 462,856 patients. Of the reported incidents, there were 19 breaches due to hacking/IT incidents, 9 breaches from the unauthorized access/disclosure of protected health information (PHI), 2 breaches due to theft, and 2 breaches due to improper disposal of PHI. Do you have an effective HIPAA compliance program? Find out now [...]

2020-02-18T14:59:21-05:00February 17th, 2020|

Criminal Investigation for Alleged HIPAA Violations

A former employee of ACM Global Laboratories, part of Rochester Regional Health, is being accused of continuously accessing a co-worker’s protected health information (PHI) without authorization. Kristina Ciaccia, the victim of the potential HIPAA violation, claims that Jessica Meier accessed her medical records hundreds of times over the course of two years. Ciaccia believes that her records were accessed in the hopes of finding embarrassing information to be used [...]

2020-02-14T11:17:28-05:00February 14th, 2020|

The HIPAA Security Rule and Vulnerability Scans

Under the HIPAA Security Rule, covered entities must implement safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. To this end, the HIPAA Security Rule requires covered entities to perform a security risk analysis (also known as security risk assessment), which the Security Rule defines as an [...]

2020-02-13T12:03:14-05:00February 13th, 2020|

Security Breaches in Healthcare Skyrocket

At the end of 2019, Black Book Market Research conducted a study, surveying 2,876 security professionals from 733 healthcare provider organizations, to determine trends in security breaches in healthcare. The data they discovered indicated that healthcare is the most targeted sector in the U.S. economy, with 4 out of 5 breaches occurring in the healthcare sector. Since 2015, 300 million healthcare records have been stolen, affecting 1 in 10 [...]

2020-02-12T10:43:26-05:00February 12th, 2020|

What is a HIPAA Limited Data Set?

Under HIPAA, a limited data set is protected health information (PHI) that excludes certain direct identifiers of an individual, or certain direct identifiers of relatives, employers, or household members of the individual.  What is a Direct Identifier? Under HIPAA, a direct identifier is Information that relates specifically to an individual. HIPAA designates the following information as direct identifiers: Names Postal address information, other than town or city, State, and [...]

2020-02-11T17:04:22-05:00February 11th, 2020|

What are the Results of OCR’s HIPAA Enforcement Efforts?  

OCR has conducted HIPAA enforcement by investigating and resolving over 27,109 cases by requiring changes in privacy practices and corrective actions by, or providing technical assistance to, HIPAA covered entities and their business associates.  Corrective actions obtained by OCR from these entities have resulted in change that is systemic and that affects all the individuals they serve.  OCR has successfully conducted HIPAA enforcement under the HIPAA Rules by applying [...]

2020-02-10T15:14:27-05:00February 10th, 2020|

HIPAA Patient Right to Amend PHI

It seems hard to imagine this now, but three decades ago, before HIPAA was signed into law, a patient’s legal right to amend or correct a mistake in his or her records was severely limited. Only patients who were treated at healthcare organizations operated by the federal government, and patients who resided in states that had passed legislation granting patients this specific right, had the legal right to amend [...]

2020-02-07T09:45:33-05:00February 7th, 2020|

Leap Year Law and the HIPAA Breach Notification Deadline

Is there such a thing as a leap year law? Once every four years (e.g., 2000, 2004, 2008, 2012), there is a February 29th. Years with this extra calendar date are, of course, called leap years. The existence of an extra day in a year can change a legal deadline. This year, because there is an extra day, February 29, the breach notification deadline for reporting certain breaches to [...]

2020-02-05T17:16:29-05:00February 5th, 2020|

MSP Ransomware Attack Hits Over 100 Dental Practices

Complete Technology Solutions (CTS) is a managed service provider located in Colorado. It provides services to over 100 dental practices. On November 25, 2019, CTW suffered a MSP ransomware attack. The cyberattackers issued a ransomware demand of $700,000 to provide decryption keys. CTS decided not to pay the ransom. The details of this latest MSP ransomware attack are discussed below. How did this MSP Ransomware Attack Occur? This MSP [...]

2020-02-05T12:35:05-05:00February 5th, 2020|