Each month, we review healthcare breaches posted on the Office for Civil Rights (OCR) online breach portal to determine the leading causes and how the incidents could have been prevented. The OCR publicly posts healthcare breaches that affected 500 or more individuals to ensure that all affected patients know their information could have been potentially compromised. Covered entities, like healthcare providers and [...]
It’s a HIPAA violation that occurs every day but seldom makes the headlines. It has the potential to destroy an organization’s reputation, but it comes from within. Medical record snooping by employees may seem like a victimless offense, but the costs and consequences of EHR snooping are real. What the Law Says About EHR Snooping HIPAA regulations are unambiguous when it comes [...]
In early December of 2021, Eye Care Leaders (Eye Care), an electronic medical record vendor supplying business associate services to eye care providers across the country, discovered it had incurred a data breach. The breach quickly disabled systems. The intruder accessed compromised information, including name, address, phone numbers, health insurance information, and medical information related to eye care services - protected health [...]
Almost as surely as summer follows spring, lawsuits follow breaches of protected health information. Here’s a roundup of recent HIPAA breach lawsuits and settlements. Lawsuits Increasing Following HIPAA Breaches - Facts and Figures The law firm BakerHostetler published its annual Data Security Incident Response Report based on findings from 1,270 data security incidents managed by the firm in 2021. Highlights included: 23% [...]
On April 29, 2022, Salusive Health, doing business as myNurse, alerted patients of a cyberattack – and that it was closing its doors. The cyberattack in question allowed unauthorized access to patient data, although there is no evidence that the information has been shared, posted, or misused. Details of the Salusive Health Breach According to the breach notice received by patients affected [...]
In one of the largest breaches reported in 2022 so far, SuperCare Health suffered a hacking incident affecting 318,379 patients. The network intrusion was initially detected on July 27, 2021. However, it took SuperCare Health until February 2022 to discover the incident had potentially compromised that patient information. More details regarding the SuperCare Health hack are discussed below. What Do We Know [...]
Each month, we review healthcare breaches to determine the leading cause and how the incidents could have been prevented. We do so by examining the Office for Civil Rights (OCR) online breach portal. The OCR publicly posts healthcare breaches that affected 500 or more patients to ensure that all affected patients know their information could have been potentially compromised. Cybercriminals hit a [...]
You may have been hearing a lot about HIPAA breach notification reporting lately and for a good reason. The deadline to report small-scale breaches to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is March 1st. When reporting breaches to the HHS OCR, they require you to submit a HIPAA Breach Notification Form. Before completing the form, [...]
A recent policy statement by the Federal Trade Commission (FTC) has dramatically expanded coverage and penalties under the FTC Breach Notification Rule for companies that develop and offer mobile health applications and services for consumers. History of the FTC Breach Notification Rule As issued by the FTC in 2009, the Breach Notification Rule required PHR vendors to notify the Federal Trade Commission and any affected individuals upon: [...]
Hopefully, you’ve been keeping a list of your minor breaches that occurred in 2021 because now is the time to report them to the Department of Health and Human Services. As the 2022 HIPAA breach notification rule deadline approaches, it is important that you know the deadline and understand what incidents need to be reported. When is the 2022 HIPAA Breach Notification [...]
