Exposed: The Cerebral Health Breach

Wouldn’t you think a big company like Cerebral Health wouldn’t need help being HIPAA compliant? The telehealth startup specializing in mental health, says it inadvertently shared the sensitive information of over 3.1 million patients with Google, Meta, TikTok, and other third-party advertisers, as reported earlier by TechCrunch.  In a notice posted on the company's website, Cerebral admits to exposing a laundry list [...]

2023-03-17T15:40:18-04:00March 16th, 2023|

AZ’s Banner Health to Pay $1.25 Million Following 2016 Hack

Groundhog Day 2023 means two years of following a corrective action plan and a $1.25 million settlement for Banner Health Affiliated Covered Entities (Banner Health) following the announcement of a Resolution Agreement with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). The settlement and resolution agreement follow an investigation of a 2016 hacking incident that exposed the [...]

2023-02-03T09:38:24-05:00February 3rd, 2023|

10 Most Common HIPAA Mistakes Staff Make

Everyone makes mistakes sometimes, but when healthcare staff does, it can cause significant repercussions regarding HIPAA. But by being aware of common HIPAA mistakes staff makes, you can limit your practice’s risk. Sharing login credentials with a coworker Improperly accessing medical charts Sharing patient information on social media Responding to online patient reviews Leaving portable electronic devices unattended  Failing to respond to [...]

2023-01-20T16:55:09-05:00January 18th, 2023|

Anti-Social Media – How a Post Becomes a HIPAA Violation

In a world where hundreds of millions of tweets, posts, snaps, and stories are posted on social media daily, sharing information about our lives may seem like second nature. But for those in the healthcare industry, sharing the wrong thing could result in a HIPAA violation. Here are a few examples of how a seemingly innocent social media post can go wrong [...]

2023-01-13T17:14:57-05:00January 13th, 2023|

Another HIPAA Right of Access Settlement Ends in a Hefty Fine

The HHS wasted no time in 2023, marking the new year with a fine announcement. On January 2, 2023, the HHS issued a press release announcing a $16,500 fine under the HIPAA right of access initiative. Life Hope Labs Slapped with HIPAA Fine In August 2021, the HHS received a complaint that Life Hope Labs failed to meet a medical records request. [...]

2023-01-06T17:04:57-05:00January 4th, 2023|

HIPAA Fines 2022 Review: What We Know and What Lies Ahead

At first glance, the Department of Health and Human Services’ Office for Civil Rights HIPAA enforcement for the year 2022 appears to be lax. In 2022, OCR entered into 20 resolution agreements with HIPAA-covered entities, and imposed civil monetary penalties on two more. 22 cases total.  The breakdown: four HIPAA Privacy Rule impermissible disclosure cases. 17 right-of-access cases (15 settlements, 2 cases [...]

2022-12-16T17:07:19-05:00December 16th, 2022|

OCR Settles New England Dermatology HIPAA Violations for $300,640

Springfield, Massachusetts, is home to the Naismith Memorial Basketball Hall of Fame  - a mere 90-minute ride to Boston. Springfield is also, less famously, the headquarters of New England Dermatology, P.C., d/b/a New England Dermatology and Laser Center (“NEDLC”). This HIPAA covered entity provides treatment for skin, hair, and nail diseases, including acne, eczema, psoriasis, and rashes. In late August of 2022, [...]

2023-02-27T16:19:12-05:00August 24th, 2022|

Did COVID Lead to a Lower HIPAA Fine?

On Friday afternoon, July 15, 2022, the Department of Health and Human Services Office for Civil Rights announced 11 enforcement actions against healthcare providers across the country for alleged violations of the HIPAA Privacy Rule right of access provisions. Buried within the various resolutions and corrective action plans were notices of proposed determination and final determination for ACPM Podiatry Group Ltd. and [...]

2022-08-19T13:49:26-04:00August 19th, 2022|

11 HIPAA Right of Access Violations Brings $646,000 in Fines

Demonstrating their continued focus on right of access violations, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced 11 settlements and one HIPAA fine for medical practices across a wide variety of specialties. An examination of the specifics of each incident cites several reasons by the covered entities for not providing the requested records, including: Complete failure to [...]

2022-07-18T15:05:19-04:00July 18th, 2022|

Oklahoma State University Agrees to $875k HIPAA Breach Fine

A 2016 hacking incident that hit Oklahoma State University's Center for Health Sciences has led to an $875,000 HIPAA breach fine settlement to address potential violations. Background of Oklahoma State University HIPAA Breach Hackers first gained access to a web server containing the electronic protected health information (ePHI) of as many as 279,865 individuals on March 9, 2016. The information accessed included [...]

2022-07-15T13:25:18-04:00July 15th, 2022|