17 07, 2019

New Business Associate HIPAA Guidelines Released by OCR

2019-07-17T10:31:40-04:00July 17th, 2019|

The Department of Health and Human Services (HHS) Office of Civil Rights (OCR) released new business associate HIPAA guidelines in May 2019. These guidelines reinforce a business associate’s liability under HIPAA law. The HHS has identified 10 areas in which business associates (BAs) are held accountable.  Failure to provide the Secretary with records and compliance reports; cooperate with complaint investigations and compliance reviews; and permit access by the Secretary [...]

16 07, 2019

Email Phishing Scheme Results in Exposure of 15,000 Patients’ PHI

2019-07-16T16:07:59-04:00July 16th, 2019|

The personal health information (PHI) of up to 15,000 patients who received medical care through Los Angeles County’s hospitals and clinics was exposed in a March, 2019 phishing scheme. Nemadji Research Corp. is a business associate of the Los Angeles County Department of Health Services (DHS). The Department of Health Services oversees several clinics and hospitals in California, and is the second-largest health system in the nation. Nemadji assists [...]

15 07, 2019

Unsecured Marketing Database Leaves 5 Million Exposed in Massive Breach

2019-07-15T10:34:59-04:00July 15th, 2019|

On May 13, 2019, security researcher Bob Diachenko discovered the database for MedicareSupplement.com on the internet, and informed the company of the data breach. Although he never received a response from the company, the database has since been secured and is no longer available.  MedicareSupplement.com, is a platform that allows consumers to find affordable insurance plans to supplement their existing insurance. To customize insurance offerings and provide quotes, the [...]

12 07, 2019

Ransomware Attack Affects 25,000

2019-07-12T17:18:23-04:00July 12th, 2019|

Ransomware attacks are cause for concern in the healthcare industry, the wealth of sensitive information large budgets, and lack of proper safeguards, make the industry the perfect target for these types of attacks. Ransomware attacks use malicious software to gain access to a computer system, usually disabling the system, until an amount of money is paid.  The Southeastern Council on Alcoholism and Drug Dependence (SCADD) Victim of Ransomware Attack [...]

11 07, 2019

HIPAA MACRA MIPS 2019: 4 Changes Regarding Exemptions

2019-07-11T12:55:17-04:00July 11th, 2019|

The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) modernized how doctors are paid for their Medicare patients, increased efficiency, and reduced the cost for taxpayers. As part of MACRA, the Merit-Based Incentive Payment System (MIPS) was put in place. MIPS assess Medicare doctors and clinicians to give them a score, determining how much compensation the practice will receive from the government. Each year, there are modifications made [...]

10 07, 2019

HIPAA Privacy and Security Rules

2019-07-10T14:17:28-04:00July 10th, 2019|

The Health Insurance Portability and Accountability Act (HIPAA) established several rules that covered entities (CEs) and business associates (BAs) must follow in order to be compliant. A covered entity (CE) is anyone who is directly involved in the treatment, payment, or operations; while a business associate (BA) is a vendor that a CE hires to complete a service, that comes into contact with protected health information (PHI) as part [...]

9 07, 2019

California Protects Residents with the Introduction of the California Consumer Privacy Act

2019-07-09T17:29:52-04:00July 9th, 2019|

The ways in which businesses collect and use consumer data have been a cause for concern for many people. The sale of personal information has been largely unregulated, causing many states to implement their own privacy laws to better protect the personal information of their residents.  The California Consumer Privacy Act (CCPA) enacted on June 28, 2018, established four rights in regards to personal information. This includes: The [...]

5 07, 2019

Federal Class Action Suit Filed Against UChicago and Google for Alleged HIPAA Violation

2019-07-09T17:24:41-04:00July 5th, 2019|

Matt Dinerstein, a former patient at the University of Chicago Medical Center, is accusing the university, its’ medical center, and Google of violating his privacy rights. From 2009 to 2016, UChicago and Google partnered to conduct medical research. Through the partnership, the university shared patient records with Google for research purposes.  HIPAA law dictates that before protected health information (PHI) can be shared for research purposes, the data needs [...]

3 07, 2019

OCR Provides New FAQs to Clarify How PHI Should be Shared Between Covered Entities

2019-07-03T13:26:28-04:00July 3rd, 2019|

The Health Insurance Portability and Accountability Act (HIPAA) dictates how and when protected health information (PHI) can be shared. There has been some confusion around sharing PHI amongst covered entities (CEs). As such the Office of Civil Rights (OCR) released two new FAQs to further clarify the law.  FAQ 1: Health Care Operations Disclosure  The first FAQ relates to when CEs should be sharing PHI in relation to [...]

1 07, 2019

Data Breach Lasting 7 Months Exposed the PHI of 501 Individuals

2019-07-01T13:42:15-04:00July 1st, 2019|

Communities Connected for Kids (CCK), a Florida-based organization that provides coordination and oversight of the child-welfare system, recently discovered a hack that lasted 7 months. In March 2019, one of CCK’s vendor’s noticed suspicious activity in one of its databases, and reported the incident to CCK. Subsequently, the CCK hired a third-party forensic investigation team to look into the matter. Through the investigation, it was discovered that an [...]