9 08, 2018

1.4 Million Patient Records Breached in Phishing Attack

2018-08-09T16:16:35+00:00August 9th, 2018|

The largest data breach of 2018 (so far) has been claimed by a Midwestern health network. UnityPoint Health (UPH) has reported its second data breach of 2018, this time affecting 1.4 million patient records. On July 30, 2018, UnityPoint Health reported that the protected health information (PHI) of 1.4 million patients was compromised after a phishing attack infiltrated their email servers. The exposed PHI included patient names, addresses, [...]

3 08, 2018

Average HIPAA Fine is Now $1.5 Million

2018-08-10T14:07:58+00:00August 3rd, 2018|

With so many HIPAA fines making headlines over the 20+ years since HIPAA regulation was first enacted, it's hard to keep track of some of the more significant fines and figures. Even though there have been landmark fines for HIPAA compliance--especially over the past four years--the fact of the matter remains that there are standard trends to HIPAA enforcement that all health care professionals should be aware of. When [...]

10 07, 2018

Medical Center Employee Indicted on Criminal HIPAA Violations

2018-07-17T11:17:34+00:00July 10th, 2018|

A former University of Pittsburgh Medical Center (UPMC) employee was indicted by a federal grand jury for criminal HIPAA violations. The Pittsburgh federal grand jury charged the former patient information coordinator with six counts of wrongfully obtaining and disclosing protected health information (PHI). HIPAA regulation defines PHI as any demographic information that can be used to identify a patient. The UPMC employee used her position to illegally obtain [...]

27 06, 2018

Cancer Center Hit with $4.3 Million Texas HIPAA Fine

2018-06-27T13:12:06+00:00June 27th, 2018|

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that The University of Texas MD Anderson Cancer Center (MD Anderson) has been issued a $4.3 million Texas HIPAA fine for three different security breaches that occurred between 2012 and 2013. In an uncharacteristic enforcement action, the case was put before the HHS Administrative Law Judge (ALJ). The ALJ ruled in favor of OCR, stating [...]

20 06, 2018

Will New Laws Allow Patients to Cash-In on HIPAA Fines?

2018-06-22T15:24:35+00:00June 20th, 2018|

This coming November, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) is slated to discuss an “advance notice of proposed rulemaking” that is requesting for public input on how OCR could share HIPAA fines with the victims of security breaches. This is not the first time OCR has called this action, as this is the 13th time since fall of 2012 that they [...]

7 06, 2018

Connecticut HIPAA Lawsuit, Patients May Now Sue over HIPAA Violations

2018-06-07T15:56:11+00:00June 7th, 2018|

2018 marks the year that Connecticut citizens are now allowed to file HIPAA lawsuits against providers for unwarranted release of their protected health information (PHI). This ruling was issued for a case between the Avery Center for Obstetrics and Gynecology in Westport, Connecticut, and one of their patients, Emily Byrne. Byrne sued Avery Center for negligence and breach of contract after the Center sent Byrne’s medical records to the [...]

22 05, 2018

Do Email Subject Lines Need to Be HIPAA Compliant?

2018-07-24T13:53:25+00:00May 22nd, 2018|

If you are a healthcare organization, business associate or covered entity that uses email, you know that any form of communication containing protected health information (PHI) needs to be encrypted to be HIPAA compliant. For some secure messaging solutions, that means sending an email portal to an end-recipient to access the encrypted message. Typically, the subject line will indicate that the contents inside include sensitive information as a reasonable [...]

17 05, 2018

Security and Compliance for Health IT: The Route to New Business?

2018-05-17T10:46:53+00:00May 17th, 2018|

Understanding security and compliance is essential for health care providers and health care IT professionals alike. Security and compliance go hand-in-hand to keep sensitive health care data safe. Managed service providers (MSPs) and IT service providers are posed particularly well to take advantage of this interrelationship and grow new business in health care. Health care is currently one of the fastest growing sectors of the US economy--and with the [...]

8 05, 2018

The CIA Triad: Confidentiality, Integrity, Availability for HIPAA

2018-05-09T13:33:30+00:00May 8th, 2018|

Confidentiality, integrity, and availability are essential components of any effective information security program. Sometimes referred to as the 'CIA triad,' confidentiality, integrity, and availability are guiding principles for health care organizations to tailor their compliance with the HIPAA Security Rule. HIPAA regulation sets specific guidelines for maintaining the privacy and security of protected health information (PHI). These guidelines are organized into a collection of HIPAA Rules. The HIPAA [...]

3 05, 2018

Another Criminal HIPAA Violation, Possible Jail Time

2018-05-31T16:51:58+00:00May 3rd, 2018|

Criminal HIPAA violations are becoming more and more commonplace--and this recent example proves that the risks may be growing. A gynecologist based out of Springfield, Massachusetts was convicted of a criminal violation of HIPAA, relating to the illegal distribution of protected health information (PHI) with pharmaceutical sales representatives. The physician received kick-backs from pharmaceuticals company, Warner Chilcott, amounting to $23,500. The physician purportedly shared confidential PHI with Warner [...]