Tag Archives: HIPAA

HHS Releases HPH Sector Cybersecurity Framework Implementation Guide to Help Healthcare Organizations Leverage NIST Cybersecurity Framework

On March 8, 2023, the U.S. Department of Health and Human Services (HHS) released its HPH Sector Cybersecurity Framework Implementation Guide (the Guide) to help healthcare organizations leverage the NIST Cybersecurity Framework. This Guide is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for …

Continue reading “HHS Releases HPH Sector Cybersecurity Framework Implementation Guide to Help Healthcare Organizations Leverage NIST Cybersecurity Framework”

Dental Practice Responses to Online Reviews Cost $23,000 Settlement with OCR for Impermissible Disclosure of PHI

On December 14, 2022, the U.S. Department of Health and Human Services Office of Civil Rights published a notice of a settlement with a dental practice over disclosures of patients’ protected health information over social media. Here is the full version reproduced below: Date: Wed, 14 Dec 2022Subject: HHS Civil Rights Office Enters Settlement with …

Continue reading “Dental Practice Responses to Online Reviews Cost $23,000 Settlement with OCR for Impermissible Disclosure of PHI”

OCR Releases Video Guidance on Recognized Security Practices for National Cybersecurity Awareness Month

On October 31, 2022, the U.S. Department of Health and Human Services Office of Civil Rights provided guidance titled OCR Releases New Recognized Security Practices Video. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for all organizations — healthcare and non-healthcare …

Continue reading “OCR Releases Video Guidance on Recognized Security Practices for National Cybersecurity Awareness Month”

OCR Guidance on HIPAA Security Rule Security Incident Procedures for National Cybersecurity Awareness Month

On October 25, 2022, the U.S. Department of Health and Human Services Office of Civil Rights in its October 2022 OCR Cybersecurity Newsletter provided guidance titled HIPAA Security Rule Security Incident Procedures. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for …

Continue reading “OCR Guidance on HIPAA Security Rule Security Incident Procedures for National Cybersecurity Awareness Month”

Not all HIPAA privacy “breaches” are caused by “hackers” — dentist gets $50k penalty for responding to patient’s Google review

When thinking of HIPAA data breaches, most of us tend to think of situations where the hackers engage in malicious activities against hospitals and steal troves of patients’ protected health information (PHI). There are, however, other much simpler kinds of HIPAA privacy breaches that are easily avoidable and can be quite costly to the healthcare …

Continue reading “Not all HIPAA privacy “breaches” are caused by “hackers” — dentist gets $50k penalty for responding to patient’s Google review”

Simple Mistakes – Not Always “The Hackers” – Can Cause Substantial Data Breaches

It is not always the feared and dreaded “hackers” that cause the exposure and breach of confidentiality of sensitive personal information. Sometimes it’s just simple mistakes, but the consequences can be much the same. Consider this situation: NTreatment inadvertently exposed thousands of medical records online by neglecting to add password protection to one of its …

Continue reading “Simple Mistakes – Not Always “The Hackers” – Can Cause Substantial Data Breaches”

Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? (publication)

Many thanks to HealthcareITNews for publishing my recent article Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? HHS is trying to get companies to comply with the law and, more broadly, their obligation to protect the sensitive information that people have entrusted to them. We have handled numerous cases …

Continue reading “Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? (publication)”

Key Lesson All Business Leaders Can Learn From the Anthem Data Breach Case

The 2015 Anthem data breach affected 79 million people and was the largest health-care data breach in U.S. history. The affected consumers sued Anthem in a case that settled for a record $115 million. Now the U.S. Dept. of Health and Human Services’ Office of Civil Rights has reached a settlement with Anthem for a record …

Continue reading “Key Lesson All Business Leaders Can Learn From the Anthem Data Breach Case”

FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules

Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA …

Continue reading “FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules”

Allscripts EHR Ransomware Attack is Huge–How Will it Impact Healthcare Practices?

See recommendations below On January 19, 2018, cybercriminals were successful in a ransomware attack on Allscripts, an electronic healthcare record (EHR) provider for healthcare providers across the United States. The attack encrypted some of Allscripts systems and prevented those healthcare providers who use those systems for their EHRs from being able to access their patient records. Not …

Continue reading “Allscripts EHR Ransomware Attack is Huge–How Will it Impact Healthcare Practices?”