Patient Data Exposed in Philadelphia Department of Public Health Breach

Patient protected health information (PHI) is extremely sensitive, especially diagnostic information. On Friday, Philadelphia Department of Public Health was informed that the PHI of individuals diagnosed with hepatitis B and C from 2013 to 2018, was available to the public on their website. A reporter discovered the incidents and informed the government agency. The exposed patient data was removed immediately upon the Department’s notification.  The [...]

2020-11-20T12:06:53-05:00October 16th, 2019|

Content Requirements for a HIPAA Breach Notification

Under the HIPAA Breach Notification Rule, covered entities, following a breach of unsecured protected health information (PHI), must provide notification of the breach to affected individuals. HIPAA breach reporting content requirements for patient notification is discussed below. How Must Covered Entities Provide Individual Breach Notification? HIPAA breach reporting requirements dictate that covered entities must provide individual breach notification by providing notice of a breach of unsecured PHI [...]

2022-08-04T18:32:12-04:00October 7th, 2019|

AMCA HIPAA Data Breach Claims Another Victim: Clinical Pathology Laboratories

The HIPAA data breach that won’t go away has claimed another victim. In June of 2019, business associate (BA) and vendor America Medical Collection Agency (AMCA), which provides billing services to healthcare organizations, notified millions of patients that their protected health information (PHI)  - financial data, Social Security numbers, and medical information - was potentially breached, in violation of the HIPAA Privacy Rule and the [...]

2020-12-10T12:32:37-05:00August 1st, 2019|

Unsecured Marketing Database Leaves 5 Million Exposed in Massive Breach

On May 13, 2019, security researcher Bob Diachenko discovered the database for on the internet, and informed the company of the data breach. Although he never received a response from the company, the database has since been secured and is no longer available., is a platform that allows consumers to find affordable insurance plans to supplement their existing insurance. To customize insurance offerings and provide quotes, the [...]

2019-12-17T09:53:02-05:00July 15th, 2019|

D.C. Attorney General Proposes Stricter Breach Notification Law

Washington D.C. Attorney General Karl A. Racine is pushing to strengthen the data breach notification laws for D.C. residents. If protected health information (PHI) is released without their knowledge, Attorney General Racine wants his residents notified more quickly and he wants to expand the circumstances when patients must be notified under the HIPAA breach notification rule. On March 21, 2019, A.G. Racine introduced the Security Breach Protection Amendment Act, [...]

2021-08-25T13:59:21-04:00April 9th, 2019|

$7.5 MM Class-Action Lawsuit Filed After UCLA Health Data Breach

Patients have filed suit against UCLA Health with a class-action settlement for $7.5 million after a data breach exposed their protected health information (PHI). UCLA first discovered suspicious activity on its network in October 2014 and turned to the FBI for help. During that time, it was determined that no medical records were compromised. Yet in May 2015, hackers broke through the system and gained [...]

2021-08-25T13:59:21-04:00April 4th, 2019|

CoPilot Settles $130K for Breach Notification with New York AG

CoPilot Provider Services has reached a $130,000 settlement with New York state for delaying its HIPAA breach notification process. NY Attorney General, Eric Schneiderman, determined that CoPilot unlawfully delayed HIPAA breach notification to 221,178 customers a full year after the initial breach took place. Schneiderman's office found that the data breach occurred in October of 2015 due to access by an unauthorized user. CoPilot stores confidential reimbursement data on [...]

2021-08-25T13:59:26-04:00June 21st, 2017|

March 1st HIPAA Breach Report Deadline to HHS Approaching

The March 1st HIPAA breach report deadline is fast approaching. HIPAA regulation mandates that healthcare providers must report breaches of unsecured protected health information (PHI) to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). All HIPAA breaches that occurred in 2015 must be reported no later than 60 days from the end of the calendar year. The rule here applies [...]

2021-08-25T13:59:29-04:00February 16th, 2017|

First Settlement for Violating the HIPAA Breach Notification Rule

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced its first settlement for violating the HIPAA Breach Notification Rule with Presence Health for $475,000. This settlement is the first in the history of HIPAA enforcement to be levied for failure to properly notify patients of a breach of unsecured protected health information (PHI). The breach first occurred in October 2013. Under the HIPAA Breach [...]

2021-08-25T13:59:29-04:00January 12th, 2017|

Covered Entities Must Ensure Policies Account for Federal and State Laws

Understanding the regulatory requirements that govern the use and disclosure of protected health information (PHI) is essential for healthcare professionals operating across the country. However, federal HIPAA regulation only accounts for a portion of those requirements. State laws and regulations regarding PHI are equally important, especially when it comes to how healthcare professionals are expected to respond in the event of a breach. Fewer than half of states currently [...]

2019-10-30T10:17:03-04:00April 18th, 2016|