PHI Breaches Affect 9,466 Patients

PHI breaches happen for a number of reasons, whether from human error or phishing attacks, PHI breaches should be a cause for concern for anyone working in the healthcare industry. Under the Health Insurance Portability and Accountability Act (HIPAA) protected health information (PHI) must be safeguarded.  PHI is any individually identifying health information that the Department of Health and Human Services (HHS) classifies into 18 identifiers including names, email [...]

2019-08-28T08:35:36-04:00August 28th, 2019|

New Hampshire Insurance Data Security Law

Recently, the Governor of New Hampshire approved Senate Bill 194 (SB 194), an insurance data security law that requires insurers who handle nonpublic information (including health information) to implement a series of cybersecurity measures. The data security law goes into effect on January 1, 2020.  To Whom Does the Data Security Law Apply? The law regulates “licensees” - insurers. Licensees must implement measures that anticipate, and that remedy, breaches [...]

2019-09-03T17:05:10-04:00August 27th, 2019|

Healthcare Breach Caused by Database Misconfiguration Affected Thousands

Two incidents of database misconfiguration caused data breaches that affected 90,000 patients. Health vendor Medico and Amarin Pharma’s databases were exposed to the public, risking patients’ protected health information (PHI).  Medico Healthcare Breach UpGuard, a data breach research team, discovered the Medico healthcare breach and reported it to the vendor. Medico removed public access to the database within a few hours of the discovery. Medica was using Amazon S3 [...]

2019-08-26T10:10:44-04:00August 26th, 2019|

HIPAA Security Risk Analysis Element 2: Identifying and Documenting Potential Threats and Vulnerabilities

The HIPAA Security Rule requires covered entities (health plans, health care clearinghouses, and health care providers who electronically transmit any health information in connection with a HIPAA-related transaction) and business associates to implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. Performing [...]

2019-08-23T08:40:47-04:00August 23rd, 2019|

The HIPAA Whistleblower Exception to the Privacy Rule

The HIPAA Privacy Rule restricts the ability of covered entities and business associates to use and disclose individuals’ protected health information. For example, employees of covered entities are not at liberty to disclose individual protected health information (PHI) to whomever they please. What if, however, disclosure of PHI is necessary to demonstrate that a covered entity has, say, engaged in criminal conduct, has violated professional or clinical standards, or [...]

2019-08-22T08:11:47-04:00August 22nd, 2019|

Ransomware Attack at Harbor Medical Group

Harbor Medical Group, a multi-clinic covered entity in Washington State, was the target of a ransomware attack on Saturday, June 15, 2019. Two days later the attackers had already gained access to entity-wide services and systems. The hackers have demanded $1,000,000.00 in “ransom” money to unencrypt the systems encrypted by the ransomware attack. It is not clear whether the ransom has been paid. As of August 15, 2019, electronic [...]

2019-08-21T16:09:45-04:00August 21st, 2019|

HIPAA and HITRUST: What’s the Difference?

HIPAA and HITRUST are acronyms that sound alike, and are related. However, the two terms, HIPAA and HITRUST, embody different things. So what is the difference between HIPAA and HITRUST? HIPAA is a law and HITRUST is an organization. Under the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA), covered entities and business associates must develop administrative, physical, and technical safeguards, to maintain the confidentiality, availability, [...]

2019-08-28T16:34:55-04:00August 20th, 2019|

Nevada Consumer Privacy Law Allows for Opt-Out of Sale of Covered Information

In May of 2019, the Governor of Nevada approved Senate Bill 220 (SB 220), an updated Nevada consumer privacy law. This legislation, which becomes effective on October 1, 2019, strengthens existing Nevada consumer privacy protections. It does so  by making it easier for consumers to opt-out of the sale, by operators of websites, of certain of their personal information. How is Online Privacy Protected Under Current Nevada Law? Before [...]

2019-09-12T09:13:32-04:00August 19th, 2019|

HIPAA Security Rule Technical Safeguards and Employee Logins

Under the HIPAA Security Rule, covered entities must implement security safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. One type of security safeguard that must be implemented is known as a “technical safeguard.”  What are HIPAA Security Rule Technical Safeguards? HIPAA Security Rule technical safeguards are [...]

2019-08-16T08:50:24-04:00August 16th, 2019|

What is the “Integrity of ePHI” under the HIPAA Security Rule?

The HIPAA Security Rule requires that covered entities (health plans, health care clearinghouses, and health care providers who electronically transmit any health information in connection with a HIPAA-related transaction), and business associates (read more about business associates here), implement reasonable and appropriate technical safeguards. These safeguards must protect (among other things) the integrity of ePHI, electronic protected health information (ePHI). ePHI is any protected health information that is created, [...]

2019-08-15T11:26:54-04:00August 15th, 2019|

Want Visitors to Know Your

Organization is HIPAA Compliant?

NO THANKS,
I DON'T WANT TO BE HIPAA COMPLIANT.

Are you HIPAA compliant?  Download our checklist to find out!