AMCA Data Breach Claims Another Victim

Yet another healthcare organization - Wisconsin Diagnostic Laboratories - has announced that it has been impacted by the American Medical Collection Agency (AMCA) data breach. Wisconsin Diagnostic Laboratories (WDL), a 13-site network of lab facilities in eastern Wisconsin, performs over 5 million tests annually, from simple to complex.  WDL is now notifying approximately 150,000 patients about the data breach, as it is required to do under the HIPAA Breach [...]

2019-12-06T10:25:25-05:00December 6th, 2019|

Is a Covered Entity’s Sale of PHI Permitted Under HIPAA?

Under the HIPAA Privacy Rule, sale of PHI is generally prohibited.  What Constitutes a Sale of PHI? Generally, under the HIPAA Privacy Rule, covered entities and business associates may not engage in a sale of an individual’s protected health information (PHI) without the individual’s prior written authorization to do so.  A sale of PHI takes place when a covered entity or business associate: Directly or indirectly receives remuneration, From [...]

2019-12-05T13:19:26-05:00December 5th, 2019|

What is HIPAA Penetration Testing?

Under the HIPAA Security Rule, covered entities must implement security safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. One type of security safeguard that must be implemented is known as an “administrative safeguard.” The administrative safeguard provision of the HIPAA Security Rule HIPAA is broken into [...]

2019-12-04T10:00:40-05:00December 4th, 2019|

Is Google Sheets HIPAA Compliant?

Google Sheets is a web-based spreadsheet offered by Google within its Google Drive service. It was first released in 2007. The issue of “Is Google Sheets HIPAA Compliant” is discussed below. How Can Google Sheets Become HIPAA Compliant? To determine the issue of whether “Is Google Sheets HIPAA Compliant,” the issue of how Google Sheets is regulated by HIPAA must be addressed. HIPAA regulations require covered entities to implement [...]

2019-12-03T09:12:37-05:00December 3rd, 2019|

$2.175 Million HIPAA Fine Issued for Improper Breach Notification

In its’ most recent HIPAA settlement, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued a $2.175 million HIPAA fine to Sentara Hospitals. The HIPAA settlement stemmed from a breach in April 2017 that affected 577 patients. In addition to the fine, Sentara Hospitals has agreed to adhere to corrective action plans, to be submitted to HHS for approval. Would you pass a HIPAA [...]

2019-12-02T13:31:50-05:00December 2nd, 2019|

HIPAA Power of Attorney

A power of attorney (POA) allows someone an individual designates (the person designated is known as the "agent" or "attorney-in-fact") to make decisions for him or her if he or she becomes incapacitated. This document is sometimes referred to as a health care proxy. Under the power of attorney, the patient appoints the agent, who then, by the terms of the power of attorney, may act to make medical [...]

2019-12-02T12:06:59-05:00December 2nd, 2019|

Patient PHI Discovered to be Freely Accessible

WizCase is a company that has years of experience testing and evaluating cybersecurity tools and products. Recently, WizCase researchers discovered significant database leaks from a number of websites around the globe. Patient pPHI was discovered to readily available. What Patient PHI was Leaked? The information that was leaked consists of protected health information (PHI) in the form of (among other items): Prescriptions Medical observations Lab visits  Social Security numbers [...]

2019-11-27T10:30:37-05:00November 27th, 2019|

HIPAA Compliance for Self-Insured Health Plans

HIPAA compliance for self-insured plans is not black and white. The nature and extent of a self-insured health plan’s compliance is determined by several factors, including the nature of the business of the employer sponsoring the plans, business size, and business organizational structure, among other factors. What Are Self-Insured Health Plans? Self-insured health plans (also known as self-insured group health plans, or self-funded plans) are plans in which the [...]

2019-11-26T10:26:54-05:00November 26th, 2019|

Congress Introduces the Smartwatch Data Act

Congress recently introduced the Stop Marketing and Revealing the Wearables and Trackers Consumer Health Data Act, nicknamed the Smartwatch Data Act. The legislation, introduced by Democratic Senator Jacky Rosen and Republican Senator Bill Cassidy, aims to ensure that health data collected through fitness trackers, smartwatches, and health apps, cannot be sold without consumer consent. What is the Smartwatch Data Act? The Smartwatch Data Act is aimed to fill in [...]

2019-11-25T11:17:49-05:00November 25th, 2019|

Average Ransomware Payment Amount Increases in 2019

Ransomware is a significant cybersecurity threat to healthcare organizations. Both the volume of ransomware attacks and the average ransomware payment amount have increased between December of 2018 to Q3 of 2019.  What is a Ransomware Payment? Ransomware is a form of malware that encrypts files on a victim’s computer or server, making them unusable. Cybercriminals demand a ransom in exchange for providing a key to decrypt the victim’s files. [...]

2019-11-22T16:54:20-05:00November 22nd, 2019|