Many thanks to HealthcareITNews for publishing my recent article Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? HHS is trying to get companies to comply with the law and, more broadly, their obligation to protect the sensitive information that people have entrusted to them. We have handled numerous cases … Continue reading Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? (publication)
The 2015 Anthem data breach affected 79 million people and was the largest health-care data breach in U.S. history. The affected consumers sued Anthem in a case that settled for a record $115 million. Now the U.S. Dept. of Health and Human Services' Office of Civil Rights has reached a settlement with Anthem for a record … Continue reading Key Lesson All Business Leaders Can Learn From the Anthem Data Breach Case
Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA … Continue reading FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules
See recommendations below On January 19, 2018, cybercriminals were successful in a ransomware attack on Allscripts, an electronic healthcare record (EHR) provider for healthcare providers across the United States. The attack encrypted some of Allscripts systems and prevented those healthcare providers who use those systems for their EHRs from being able to access their patient records. Not … Continue reading Allscripts EHR Ransomware Attack is Huge–How Will it Impact Healthcare Practices?
The United States Department of Health and Human Services' Office for Civil Rights has just issued a checklist and infographic to aid healthcare organizations and their vendors in quickly responding to cyberattacks in compliance with HIPAA requirements.