Remote Workers and HIPAA: How You Can Keep Your Healthcare Business Secure

With more and more remote workers in the healthcare space, PHI security should be a top concern. A recent survey determined that 44% of employees are currently working from home, with several employers expecting workers to continue to work remotely permanently. So what does this mean for cybersecurity and HIPAA compliance? To provide healthcare organizations with guidance, remote workers and HIPAA is discussed. Remote Workers and HIPAA: Data [...]

2023-07-31T12:08:59-04:00February 1st, 2021|

Vaccine Privacy Violations Under Investigation

Philly Fighting COVID, a private startup company tasked with vaccine distribution for the city, is under investigation. The Philadelphia Department of Public Health has ceased their relationship with the startup after allegations that the company’s privacy policies allowed for the sale of private information. More details on the alleged vaccine privacy violations are discussed. Vaccine Privacy Violations: What Do We Know? On [...]

2023-07-31T12:10:02-04:00January 29th, 2021|

2020 Right of Access Enforcement

2020 has been an unenviable year of firsts and of worsts. Add to this another undesirable record-breaker. In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. 11 of the fines issued were for a failure to comply with the HIPAA Privacy Rule’s right of access. The message of OCR 2020 [...]

2023-07-31T13:43:00-04:00January 11th, 2021|

EHR Vendor Breach Inadvertently Exposed Patient Files

NTreatment, an electronic medical record vendor, accidentally exposed thousands of patient files by failing to password protect one of its cloud servers. The details of the EHR vendor breach are discussed further. NTreatment EHR Vendor Breach It was recently reported that NTreatment inadvertently left one of their cloud storage servers exposed to the public when they failed to password protect the server. The cloud server, hosted by Microsoft [...]

2023-07-31T14:17:33-04:00December 8th, 2020|

Mayo Clinic Breach Leads to Healthcare Class Action Lawsuits

Back in August, Mayo Clinic announced that one of their former employees inappropriately accessed the medical records of 1,600 patients. This insider breach led several affected patients to file class action lawsuits against Mayo. The details of the breach and healthcare class action lawsuits are discussed below. Mayo Clinic Insider Breach On August 5, Mayo Clinic discovered that a former employee accessed patient files without authorization. The employee [...]

2023-07-31T14:19:06-04:00December 4th, 2020|

Does HIPAA Prohibit the Sharing of President Trump’s Health Information?

In light of President Trump's positive COVID diagnosis, a lot of people are wondering if it is permitted to share his health information with the public. Generally under HIPAA, healthcare organizations are prohibited from sharing a patient's health information without authorization from the patient. However, as the President of the United States, Trump’s health condition is a matter of national security, so do the general rules [...]

2023-07-31T15:14:48-04:00October 5th, 2020|

September OCR Fines Reach $10.7 Million

The OCR seems to be on a fines spree, with a record number of fines issued in September. There were eight September OCR fines issued, amounting to $10,736,500. More details on September OCR fines are discussed below. September OCR Fines: Violating HIPAA Right of Access The HIPAA Right of Access gives patients the right to request copies of their medical records from their healthcare provider. Requested records must [...]

2023-07-31T15:16:04-04:00October 1st, 2020|

Insider Breach Affects 700 Patients

On June 3, 2020, Geisinger was notified by an employee that a Geisinger Clinic employee was accessing patient records without the need to do so. The employee in question accessed 700 patients’ records over a year-long period. More details about the insider breach are discussed below. Insider Breach: What Happened Upon discovery of the insider breach, Geisinger launched an investigation into the [...]

2023-07-31T15:22:55-04:00September 25th, 2020|

When Can You Disclose PHI Without Authorization? Refusal to Disclose COVID Data Results in Nurse Firing

A nurse at Clinton County Health Department claims she was recently fired for refusing to disclose the names and addresses of patients that had tested positive for COVID to the Clinton County Sheriff's Department. The reason the nurse refused to provide the information stemmed from HIPAA law which states that PHI cannot be disclosed outside of treatment, payment, or healthcare operations, without patient authorization. [...]

2023-07-31T15:31:28-04:00September 15th, 2020|

Employees Involved in Unauthorized Access to Patient Medical Records of George Floyd

Hennepin County Medical Center (HCMC), the facility that treated George Floyd, fired 13 employees for unauthorized access to patient medical records. More details are discussed below. Unauthorized Access to Patient Medical Records: What Happened HCMC recently discovered that the medical records of George Floyd were illegally accessed by employees of the organization. HCMC first discovered the breach during its routine [...]

2023-07-31T15:38:58-04:00September 11th, 2020|