Content Requirements for a HIPAA Breach Notification

Under the HIPAA Breach Notification rule, covered entities, following a breach of unsecured protected health information, must provide notification of the breach to affected individuals.  The content requirements for a HIPAA breach notification to individuals are discussed below. How Must Covered Entities Provide Individual Breach Notification? Covered entities must provide individual breach notification, by providing notice of a breach of unsecured PHI in written form, by first-class mail, or, [...]

2019-10-07T10:46:53-04:00October 7th, 2019|

How MSPs Can Break Into the Healthcare Vertical

The healthcare industry is the fastest growing industry in the U.S. economy and it is also the most vulnerable. Ransomware attacks are targeting healthcare organizations with increasing frequency, this is in part a result of the lack of knowledge surrounding cybersecurity best practices across the healthcare sector. A recent study determined that 24% of healthcare workers cannot identify malware on their computers and 18% cannot recognize phishing emails. The [...]

2019-10-04T09:48:34-04:00October 4th, 2019|

$10K HIPAA Fine Issued to Dental Practice for Disclosing PHI on Yelp

Elite Dental Associates was issued a $10,000 HIPAA fine for disclosing the protected health information (PHI) of one of its’ patients while responding to a review on Yelp. The dental practice responded to the patient’s review revealing the patient’s full name, insurance information, treatment plan, and cost information. The patient in question reported the incident to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). [...]

2019-10-18T13:44:02-04:00October 3rd, 2019|

September Healthcare Breaches Affected 1,928,433 Individuals

September healthcare breaches reported to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) affected 1,928,433 individuals. The majority of the 33 reported breaches were the result of Hacking/IT Incidents, affecting 1,889,849 patients. Unauthorized Access/Disclosures affected 18,814 while Theft/Loss affected 19,770 patients. Hacking/IT Incident Wood Ranch Medical: network server hack affecting 5,835 Magellan Healthcare: email hack affecting 55,637 National Imaging Associates: email hack affecting 589 [...]

2019-10-10T15:18:05-04:00October 3rd, 2019|

Ransomware Healthcare Attacks Continue to Strike

Ransomware healthcare attacks should be a cause for concern for anyone working in healthcare. Ransomware attacks occur when an unauthorized party accesses an organization’s network, encrypting files until a sum of money is paid for their return. The healthcare industry has become the top target for hackers in part due to the sensitive information they handle and the lack of advanced cybersecurity practices. 400 Dental Practices Affected by Ransomware [...]

2019-10-02T16:13:05-04:00October 2nd, 2019|

HIPAA Cyber Security – Advanced Persistent Threats (APTs)

Covered entities (health plans, health care clearinghouses, and health care providers who electronically transmit any health information in connection with a HIPAA-related transaction), and business associates (read more about business associates here) must comply with the HIPAA Security Rule by developing security safeguards that protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received [...]

2019-10-01T09:22:27-04:00October 1st, 2019|

HIPAA Data Retention Requirements

The HIPAA regulations impose data retention requirements on covered entities and business associates. Data retention requirements, require that covered entities and business associates maintain certain documentation for a specified time frame. If the Office of Civil Rights (OCR) of the Department of Health and Human Services audits a covered entity or business associate, OCR may demand production of these records for inspection. What Documents are Subject to Data Retention [...]

2019-09-30T11:13:22-04:00September 30th, 2019|

Is Google Drive HIPAA Compliant?

The Health Insurance Portability and Accountability Act (HIPAA) set forth industry standards for the privacy and security of protected health information (PHI). PHI is any individually identifying health information such as name, birthdate, treatment history, financial information, etc. As such, healthcare organizations must adopt safeguards to secure PHI in the form of administrative, physical, and technical safeguards. Many organizations have adopted the use of G Suite as it is [...]

2019-10-08T17:57:19-04:00September 27th, 2019|

Hundreds of Patient Files Found in NY Trash Causing HIPAA Violation

NBC New York I-Team found multiple boxes containing patient records in the trash outside of an Upper East side office building. The patient files were found on the curb outside the office of two gastroenterologists. The files included patient names, medical diagnoses, Social Security numbers, and colonoscopy photos. The careless discarding of patient files is a major HIPAA violation. The Health Insurance Portability and Accountability Act (HIPAA) established industry [...]

2019-09-26T08:55:32-04:00September 26th, 2019|

HIPAA Security Risk Analysis: Wrapping it All Up

The HIPAA Security Rule requires that covered entities (health plans, health care clearinghouses, and health care providers who electronically transmit any health information in connection with a HIPAA-related transaction), and business associates (read more about business associates here), implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or [...]

2019-09-25T09:52:51-04:00September 25th, 2019|