Tag: HIPAA

Simple Mistakes – Not Always “The Hackers” – Can Cause Substantial Data Breaches

It is not always the feared and dreaded “hackers” that cause the exposure and breach of confidentiality of sensitive personal information. Sometimes it’s just simple mistakes, but the consequences can be much the same. Consider this situation: NTreatment inadvertently exposed thousands of medical records online by neglecting to add password protection to one of its…

Read More

Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? (publication)

Many thanks to HealthcareITNews for publishing my recent article Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? HHS is trying to get companies to comply with the law and, more broadly, their obligation to protect the sensitive information that people have entrusted to them. We have handled numerous cases…

Read More

Key Lesson All Business Leaders Can Learn From the Anthem Data Breach Case

The 2015 Anthem data breach affected 79 million people and was the largest health-care data breach in U.S. history. The affected consumers sued Anthem in a case that settled for a record $115 million. Now the U.S. Dept. of Health and Human Services’ Office of Civil Rights has reached a settlement with Anthem for a record…

Read More

FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules

Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA…

Read More

Allscripts EHR Ransomware Attack is Huge–How Will it Impact Healthcare Practices?

See recommendations below On January 19, 2018, cybercriminals were successful in a ransomware attack on Allscripts, an electronic healthcare record (EHR) provider for healthcare providers across the United States. The attack encrypted some of Allscripts systems and prevented those healthcare providers who use those systems for their EHRs from being able to access their patient records. Not…

Read More

Are Smaller Healthcare Practices Required to Report a #Ransomware or Potential Data Breach?

Does the HIPAA Breach Notification Rule apply to all Covered Entities and Business Associates, Even Smaller Ones? To many of you reading this post this question seems ridiculous. You know the answer. However, I get asked this question so frequently that I decided to answer it with a blog post to save time next time…

Read More

Does Data Security Have Your Healthcare Practice “On the Hook”?

I recently had the pleasure of presenting in a webinar series titled Is Your Practice “On the Hook?” to members of the Texas Dental Association and the Oklahoma Dental Association. Key points of the presentation, which focused on cyber security and data breaches in the healthcare industry, explained why protected health information (PHI) and electronic healthcare…

Read More

Why do cyber criminals want your healthcare data?

During a recent presentation a member of the audience asked me why cyber criminals would want to steal a person’s healthcare data. It is easy to understand why they would want to steal payment card data — but healthcare data — not so obvious. Here is a great answer: A crook would love [healthcare data] because, “in the world…

Read More
%d bloggers like this: