Suggestion to Pay Patients to Share Their Healthcare Data Included in Oregon Health Information Property Act

February 24, 2019

February 15, 2019   The Oregon Health Information Property Act suggests that healthcare patients must be allowed to legally allow their healthcare providers to sell their health data and for them to pay if their health information is sold to a third party. Presently, the Health Insurance Portability and Accountability Act (HIPAA) Secrecy Rule limits the permissible uses and disclosures of ‘Protected Health Information.’ HIPAA-protected bodies are only permitted to use or disclose PHI for purposes linked to the provision of cure, payment for healthcare, or healthcare operations. Though there are some exclusions, other uses and disclosures are not permitted unless approval is first received from patients. The HIPAA Privacy Rule includes PHI, which is recognizable patient information. If PHI Read More

Community Health Systems Data Breach Settlement Agreed

February 24, 2019

February 9, 2019   Patients of Community Health Systems’ (CHS), who had their protected health information (PHI) unlawfully obtained in a  hacking attack in 2014 have been offered reimbursement in relation to the breach of their Private Health Information (PHI). Tennessee-based Community Health Systems administers over 200 hospitals, meaning it is one of the largest healthcare systems in the United States. In 2014, CHS noted that malware had been downloaded to its network. The malware allowed illegal actors to get access to patient information between April and June 2014. The cyberattack is supposed to have been carried out by hackers located in China. An advanced malware variation was wielded in the attack, which had the only aim of getting confidential Read More

$3m HIPAA Settlement Agreed between Cottage Health and OCR

February 23, 2019

February 9, 2019   A HIPAA fine settlement of $3,000,000 has been agreed between the Division of Health and Human Services’ Office for Civil Rights and the Santa Barbara, CA-based healthcare provider Cottage Health in relation to a HIPAA breach. Cottage Health manages four different hospitals in California, including Santa Barbara Cottage Hospital, Santa Ynez Cottage Hospital, Goleta Valley Cottage Hospital, and Cottage Rehabilitation Hospital. In 2013 and 2015, Cottage Health suffered two safety incidents that led to the disclosure of the electronic protected health information (ePHI) of 62,500 clients. In 2013, Cottage Health noticed a server having patients’ ePHI had not been correctly protected. Files containing patients’ ePHI might be obtained over the internet without the requirement for a Read More

Business Associate Ransomware Attack Reported at Blue Cross Blue Shield of Michigan

January 18, 2019

January 12, 2019   A ransomware attack that has probably led to the thievery of plan subscriber’ protected health information has been reported by a business associate of Blue Cross Blue Shield of Michigan. This is the second current data breach affecting Blue Cross Blue Shield of Michigan plan subscriber that experienced in December 2018. Some plan subscribers’ PHI was saved on a laptop computer that was thieved from another business associate at a different time. The latest breach was informed by Austin, TX-based Wolverine Solutions Group, a dealer that supplies business facilities to Blue Cross Blue Shield of Michigan and several other healthcare groups. On September 23, 2018, ransomware was placed on its network that led to the encryption of files Read More

Thousands of Choice Rehabilitation Inhabitants Affected by Email Account Breach

January 18, 2019

January 10, 2019 After a worker organized a mail forwarder to transmit electronic mails to a private electronic mail account, Choice Restoration of Creve Coeur, MO has found an illegal person unlawfully logged into that company electronic mail account. The breach happened on July 1, 2018 and the post forwarder was permitted until September 30, 2018. A detailed evaluation of the electronic mail account demonstrated the protected health information of some inhabitants was included in invoicing papers attached to electronic mails that had been transmitted to its allied skilled nursing centers. Extremely confidential information including fiscal data, Social Security numbers, Medicare and Medicaid numbers, birth dates and contact information remained continuously protected. The breach was limited to invoicing data related to Read More

AMIA and AHIMA Demand Changes to HIPAA to Improve Access and Movability of Health Data

December 14, 2018

Dec 8, 2018   The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have required modifications to HIPAA to be made to improve patients’ access to their health information, make health data more moveable, and to better safeguard health data in the app ecosystem. At a Wednesday, December 5, 2018, Capitol Hill briefing gathering, named “Unlocking Patient Data – Pulling the Linchpin of Data Exchange and Patient Empowerment,” leaders from AMIA and AHIMA met other industry specialists in a conversation about the effect federal policies are having on the capability of patients to access and use their health information. Presently, users have access to their private information and add and use that information to reserve Read More

12 State Attorneys General File HIPAA Breach Complaint Versus Medical Informatics Engineering

December 11, 2018

Dec 7, 2018   A multi-state federal litigation has been filed versus Medical Informatics Engineering and NoMoreClipboard over the 2015 data breach that displayed the data of 3.9 million people. Indiana Attorney General Curtis Hill is heading the litigation and 11 other states are partaking – Arizona, Nebraska, Minnesota, Louisiana, Kentucky, Kansas, Iowa, Florida, Arkansas, North Carolina, and Wisconsin. This is the first time that state attorneys general have combined forces in a central litigation over a data breach caused by violations of the Health Insurance Portability and Accountability Act. The litigation seeks a financial verdict, civil fines, and the adoption of a remedial action plan to tackle all compliance failures. A Failure to Implement Sufficient Security Controls The complaint Read More

OCR Penalizes Florida Contractor Doctors’ Group $500,000 for Several HIPAA Compliance Failures

December 11, 2018

Dec 6, 2018   An HHS’ Office for Civil Rights (OCR) inquiry into an impermissible revelation of PHI by a business associate of a HIPAA-covered entity revealed grave HIPAA compliance failures. Advanced Care Hospitalists (ACH) is a Lakeland, FL-based contractor doctors’ group that supplies internal medicine doctors to nursing homes and hospitals in West Florida. ACH falls under the description of a HIPAA-covered unit and is required to abide by the HIPAA Secrecy, Safety, and Breach Notification Laws. ACH serves roughly 20,000 patients a year and hired between 39 and 46 staff members per year during the time frame under inquiry. Between November 2011 and June 2012, ACH hired the services of a person who declared to be a representative Read More

OCR Penalizes Allergy Practice $125,000 for Impermissible PHI Disclosure

December 11, 2018

Nov 28, 2018   The Division of Health and Human Services’ Office for Civil Rights (OCR) has penalized a Hartford allergy practice $125,000 over suspected violations of the HIPAA Secrecy Law. On October 6, 2015, OCR got a copy of a civil rights grievance that had been filed with the Department of Justice (DOJ). The plaintiff suspected Allergy Associates of Hartford – A Connecticut healthcare supplier that specializes in treating patients with allergies – had impermissibly divulged her protected health information to a TV correspondent. The plaintiff had earlier got in touch with a local TV station after she had been turned away from the allergy practice due to her service animal. The TV correspondent subsequently contacted the practice requesting Read More

October 2018 Healthcare Data Breach Statement

December 11, 2018

Nov 23, 2018   Our October 2018 healthcare data breach report demonstrates there has been a month-over-month rise in healthcare data breaches with October seeing more than one healthcare data breach reported daily. 31 healthcare data breaches were informed by HIPAA-covered units and their business partners in October – 6 occurrences more than the preceding month. It must be noted that one breach at a business associate was informed to OCR as three separate breaches. The number of breached records in September (134,006) was the lowest total for 6 months, however, the descending tendency didn’t continue in October. There was a huge rise in disclosed protected health information (PHI) in October. 2,109,730 records were disclosed, stolen or impermissibly disclosed – Read More

AMIA Requires Greater Alignment of Federal Data Secrecy Laws

November 28, 2018

November 22, 2018   The American Medical Informatics Association (AMIA) is requesting for the Trump Administration to tighten up data secrecy laws through better alignment of HIPAA and the Common Law and adoption of a more integrated approach to secrecy that includes both the healthcare sector as well as consumer sector. The call follows a request for remark by the NTIA to start a talk concerning consumer secrecy. In a letter to the National Telecommunications and Information Administration (NTIA), a branch of the Division of Commerce, AMIA clarified that its remarks are informed by the wide experience of dealing with both the Health Insurance Portability and Accountability Act and the Central Protections for Human Subjects Research (Common Rule). Presently, there is a Read More

Do HIPAA Laws Create Blockades That Avoid Information Sharing?

November 28, 2018

November 21, 2018   The HHS has prepared a Request for Information (RFI) to find out how HIPAA Laws are obstructing patient information sharing and are making it tough for healthcare suppliers to organize patient care. HHS desires remarks from the public and healthcare industry sponsors on any provisions of HIPAA Laws which are discouraging or restraining organized care and case management among hospitals, doctors, patients, and payers. The RFI is part of a new initiative, called Regulatory Sprint to Coordinated Care, the purpose of which is to get rid of barricades that are avoiding healthcare companies from sharing patient information while retaining safeguards to make sure patient and data secrecy are safeguarded. The remarks received through the RFI will Read More

OCR Starts Campaign to Increase Consciousness of Civil Rights Protections for Patients Being Treated for Opioid Use Disorder

November 28, 2018

October 31, 2018   On October 26, 2017, President Donald Trump announced the opioid disaster a national public health disaster. The one-year anniversary of that announcement has seen a new opioid bill initialed into law. On October 24, 2018, President Donald Trump added his signature to the Substance Use–Disorder Prevention that Encourages Opioid Recovery and Treatment for Patients and Communities Act – or “SUPPORT for Patients and Communities Act” for short. The Act will assist reinforce the government’s reaction to the opioid disaster, improve access to addiction treatment facilities, and increase data sharing in instances of opioid misuse. There have been calls for modifications to be made to 42 CFR Part 2 to align the law with the HIPAA Secrecy Read More

Aetna Resolves HIPAA Violation Case with State AGs

November 28, 2018

October 17, 2018   In 2017, mistakes occurred with two Aetna mailings that led to the impermissible revelation of the protected health information of plan members, including HIV conditions and AFib analyses. A class action court case was filed on behalf of the sufferers of the HIV status breach which was resolved for $17 million in January. Now Aetna has reached resolutions with the attorneys general for New Jersey, Connecticut, and the District of Columbia to settle the supposed HIPAA violations exposed during an inquiry into the secrecy breaches. The first mailing was transmitted on July 28, 2017 by an Aetna business associate. Over-sized windowed covers were used for the posting, through which it was probable to see the names Read More

Healthcare Employee Accused of Criminally Violating HIPAA Laws

September 21, 2018

July 5, 2018   A former University of Pittsburgh Medical Center patient information manager has been accused by a federal grand jury over illegal infringements of HIPAA Laws, as per a declaration by the Division of Justice on June 29, 2018. Linda Sue Kalina, 61, of Butler, Pennsylvania, has been accused in a six-count accusation that includes unlawfully acquiring and revealing the PHI of 111 patients. Kalina worked at the University of Pittsburgh Medical Center and the Allegheny Health Network between March 30, 2016 and August 14, 2017. While hired at the healthcare companies, Kalina is suspected to have retrieved the protected health information (PHI) of those patients without approval or any genuine work reason for doing so. Moreover, Kalina Read More

Crooks Avoid Exposure Using Old Campaigns

September 21, 2018

AUGUST 4, 2018   McAfee Labs has issued its Threats Report June 2018, in which it emphasizes the important analytical research and danger trend figures collected from Q1 2018. A key outcome was a substantially high spike in the total coin miner malware, which soared by 629% in Q1 to over 2.9 million samples. Additional outcomes included in this report are the complicated nation-state threat campaigns – driven by fiscally and politically inspired crooks – that had targeted users and enterprise systems all over the world. “We have noticed the constant growth of this criminal attempt during the quarter,” the report state. “The objective of the culprits is to monetize their criminal activity by applying the minimum amount of effort, using the least Read More

Bug Clears Friends for 800,000+ Facebook Users

September 21, 2018

July 6, 2018   Facebook users may have seen information in their news feeds from users that had obstructed them since a bug was allegedly unblocking people, the business announced on last Monday. On last Monday, Facebook began informing over 800,000 of its users that a virus in Facebook and Messenger had cleared some users that had earlier been obstructed. Active between 29 May and 5 June, the bug did not let a blocked user see matter within certain secrecy permissions. Nevertheless, if the post were open or visible to friends of friends, the obstructed individual might have viewed the information. Users whose secrecy setting were set to “friends only” when sharing matter would not have had any posts exposed to Read More

PHI Infringement Affecting 1,254 Patients Notified by Associated Dermatology & Skin Cancer Clinic of Helena

September 21, 2018

July 7, 2018   In the past few days, Associated Dermatology & Skin Cancer Clinic of Helena, MT, has informed a breach of physical protected health information (PHI) that might have affected as many as 1,254 patients. A journal controlled by a worker of Associate Dermatology was taken from her automobile on May 26, 2018. A thief entered the automobile and thieved the personal journal, which saved information in order to assist the person with the delivery of care to patients. The diversity of information saved in the journal included names and ages of patients, their referring doctors, patients whose protected health information has been accessed by the thief had received medical services through Associated Dermatology between September 1, 2017 Read More

Age Difference Case Over HIPAA Violation: National Court Settles in Favor of Main Line Health

September 21, 2018

July 14, 2018   In 2016, Radnor, PA-based Main Line Health Inc., dismissed a worker for breaching Health Insurance Portability and Accountability Act (HIPAA) Laws by seeing the private records of a co-worker without permission on two different times. In such cases, when staff or patient records are retrieved without formal authorization, workers face punitive action which can include sacking. Gloria Terrell was one such staff member who was fired for breaching company rules and HIPAA Laws. Main Line Health fired Terrell for “co-worker prying.” Terrell offered an internal application over her sacking and claimed she retrieved the records of a co-worker to find a contact phone number. Terrell said she had to call the co-worker to make certain a work Read More

HIPAA Certification Clarified

September 21, 2018

July 15, 2018   A lot of providers would like HIPAA accreditation to confirm they are completely conforming to HIPAA Laws and are familiar with all parts of the Health Insurance Portability and Accountability Act (HIPAA), however, can HIPAA accreditation be attained to verify HIPAA conformity? HIPAA Certification Clarified In an ideal world, HIPAA accreditation would verify that all parts of HIPAA Laws are understood and being esteemed. If a third-party seller like a transcription firm was HIPAA accredited, it would make it more candid for healthcare groups looking for such a facility to choose a suitable seller. Numerous companies state that they have been accredited as HIPAA conforming or in some cases, that they are ‘HIPAA Certified’. Nevertheless, ‘HIPAA Read More

Millions of Health Records at Risk After LabCorp Doubted Breach

September 21, 2018

July 20, 2018   LabCorp, a healthcare diagnostics firm, has closed down its systems after a doubted network breach, which might have put millions of health files at risk.  In a statement to the United States Securities and Exchange Commission, the firm declared that during the weekend of July 14, 2018 it had noticed doubtful activity on its IT network and instantly took particular systems off. The firm stated that the doubtful activity has been noticed only on LabCorp Diagnostic systems, and that “there was no sign that it affected systems utilized by Covance Drug Development.” LabCorp supplies diagnostic, drug development and technology-enabled solutions for over 115 million patients per year, as per its website. It usually handles tests on over 2.5 Read More

Inquiry Started Over Snapchat Photo Sharing at M.M. Ewing Continuing Care Center

September 21, 2018

July 21, 2018   Certain workers of a Canandaigua, NY nursing home have been using their smartphones to take photos and videos of at least one inhabitant and have shared those videos and images with others on Snapchat – a breach of HIPAA and a grave breach of patient secrecy. The secrecy breaches happened at Thompson Health’s M.M. Ewing Continuing Care Center and included several workers. Thompson Health has already taken action and has dismissed many employees over the infringements. Now the New York Division of Health and the state attorney general’s office have got involved and are carrying out inquiries. The state attorney general’s Deputy Press Secretary, Rachel Shippee verified to the Daily Messenger that an inquiry has been started, verifying Read More

New York Doctor Informs Patients of Disclosure of their PHI

September 20, 2018

July 22, 2018   A New York doctor has begun informing patients that their PHI has been exposed and has been possibly retrieved by illegal people. Ruben U. Carvajal, MD was warned of a probable secrecy breach on January 3, 2018 and informed that some of his patients’ health information was available over the Internet. An inquiry into the probable secrecy breach was initiated and the problem was reported to the New York Police Division and the Federal Bureau of Investigation (FBI). FBI detectives visited his office and checked his computer. On February 18, 2018, the FBI verified that the EMR program on his computer had been retrieved by an illegal person. A forensic detective was called in to carry Read More

Microsoft Outlook and HIPAA Conformity

September 20, 2018

July 23, 2018   Software or an electronic mail application platform can never be fully HIPAA conforming, as conformity is reliant on how the software is being used instead of the software itself. Nevertheless, software and electronic mail facilities can make it simpler to abide by HIPAA. For this to occur the software should include a range of safety features to make sure that any information uploaded to and broadcast through the facility can be done so securely, without exposing the confidential files. The platform provider should complete a business associate agreement with        HIPAA-protected bodies, saying that they will abide by the prerequisites of the HIPAA, Secrecy, Safety, and Breach Notification Laws in order to be thought conforming. Microsoft has Read More

HIPAA and Patient Telephone Calls

September 20, 2018

July 30, 2018   The Federal Communication Commission has issued a Declaratory Verdict and Order to declare the laws in relation to HIPAA and patient phone calls. Some healthcare sellers have had the problem comprehending the laws in relation to HIPAA and patient phone calls, and how the laws abide by the Telephone Consumer Protection Act (TCPA). Now, 19 years and 24 years after these Acts were passed in law, the Federal Communications Commission (FCC) has issued a Declaratory Ruling and Order to tackle any possible misunderstanding. The ruling clarifies the laws in relation to HIPAA and patient phone calls completed by protected units and their Business Associates. The ruling also pardons protected units and Business Units from specific TCPA Read More

Three Campaigns Targeted as Senate Pushes Safety

September 19, 2018

August 2, 2018   According to The Hill, during a 29 July interview on “Face the Nation,” Sen. Jeanne Shaheen (D-N.H.) voiced apprehension against the Senate and political parties over extensive phishing attacks. “I don’t know who else is on the list, however, I do know that we’ve had an experience in our office with people receiving phishing electronic mails with social media accounts,” Shaheen said in the interview. “There has been one condition that we have gone over to authorities to look into. And we are hearing that this is extensive with political parties all over the country, and with members of the Senate.” Sunday’s “Face the Nation” interview came just days after Microsoft verified that the struggle of Sen. Claire Read More

HHS Secretary Alex Azar Assures Improvements to Federal Health Secrecy Laws

September 19, 2018

August 3, 2018   At a July 27 speech at The Heritage Foundation, Secretary of the Division of Health and Human Services (HHS), Alex Azar, clarified that the HHS will be starting many updates to health secrecy rules over the next months, including upgrades to the Health Insurance Portability and Accountability Act (HIPAA) and 45 CFR Part 2 (Part 2) rules. The procedure is expected to begin in the next couple of months. Requests for information on HIPAA and Part 2 will be released, after which action will be taken to improve both sets of laws to remove problems to value-based care and support attempts to fight the opioid disaster. Law modifications are also going to be made to eliminate Read More

Nurse Who Shared Patient Data with New Firm gets 1-Year Suspension

August 12, 2018

June 13, 2018   A nurse medical practitioner who breached the secrecy of patients by sharing their interaction information with her new boss has been banned for 12 months by the New York State Education Division. In April 2015, Martha C. Smith-Lightfoot obtained a spreadsheet having the personally identifiable information of about 3,000 patients of University of Rochester Medical Center (URMC) and disclosed that information to her new boss, Greater Rochester Neurology. The secrecy breach was noted when numerous patients protested to URMC concerning being communicated by Greater Rochester Neurology regarding changing healthcare suppliers. Before leaving URMC, Smith-Lightfoot requested data on patients she has cured to guarantee continuity of treatment.  URMC provided her with a spreadsheet that contained names, dates of birth, addresses, and Read More

Ransomware Attack Might Have Affected up to 3,700 Rise Wisconsin Plan Members

August 12, 2018

June 14, 2018   3,700 plan members of Rise Wisconsin are being cautioned that some of their PHI might have been gotten by illegal people during the latest ransomware attack. It is assessed that the ransomware was placed on its IT systems around April 8, 2018. The ransomware attack was recognized quickly, even though not in time to evade the encryption of data. Rise Wisconsin (formerly called Community Partnerships Inc., and Center for Families) engaged third-party computer forensics specialists to assist with the breach inquiry and recovery procedure. Although the review didn’t find any evidence to indicate PHI was retrieved or taken in the hack, it was not possible to exclude data access and data thievery with a high level Read More

Black Book Research Survey Shows that Mobile Technology is Improving Patient Security

August 12, 2018

June 18, 2018   The outcomes of the latest survey carried out by Black Book Research indicate that 90% of hospices and 94% of doctors have applied mobile technology and trust that it is assisting to increase patient security and results. The survey was conducted on 770 hospital-based users and 1,279 doctor practices from Q4, 2017 to Q1, 2018. The survey indicated 96% of hospitals are planning on buying a new medical communications platform in 2018 or have already implemented a new, complete communications platform. 85% of scrutinized hospitals and 83% of doctor practices have already applied a safe communication platform to increase communications between care teams, patients, and their relatives. Safe text messaging platform are rapidly becoming the number one Read More

Is SendGrid HIPAA Conforming?

August 12, 2018

June 19, 2018   SendGrid is an electronic mail marketing platform that lets businesses to swiftly and easily communicate their marketing mails to clients, however, can the platform be utilized by healthcare companies? Is SendGrid HIPAA conforming? HIPAA Conforming Electronic mail Facilities Suppliers of cloud-based electronic mail facilities are not exempted from compliance with HIPAA as per the conduit exception law. If a HIPAA-protected unit desires to use an electronic mail service to connect with patients, no protected health information (PHI) can be incorporated in the messages unless the conditions of HIPAA are satisfied. If PHI must be included in electronic mails, the electronic mail facility supplier would be categorized as a business associate and a business associate agreement (BAA) Read More

Patients PHI Revealed in Two Separate HIPAA Breaches

August 12, 2018

June 22, 2018   Two HIPAA-protected companies are making their patients conscious that some of their protected health information (PHI) have been thieved by illegal people in recent times. PHI Thieved from Staff Member of Christus Spohn Hospitals The PHI of people being cured at two Christus Spohn Hospitals in Corpus Christi has been taken in a recent thievery. A Christus Spohn staff member was thieved on April 16, 2018 and PHI was gotten including data like names, ages, account numbers, medical history numbers, dates of service, birth dates, and other medical data. No financial particulars, driver’s license numbers, or Social Security numbers were gotten. Patients impacted by the thievery had earlier attended Shoreline hospitals or Christus Spohn Health System’s Read More

Effects of Veteran Matters and Sutter Health HIPAA Breaches Exposed

August 12, 2018

June 23, 2018   An ex-member of workforce at the Veteran Affairs Medical Center situated in Long Beach, CA who unlawfully thieved the protected health information (PHI) of more than 1,000 patients has been given a three-year jail punishment. Albert Torres, 51, was employed as an office worker in the Long Beach Health System-operated medical hospital – a job he held for less than 12 months. Torres was blocked over by police officers on April 12 after an examination of his license plates demonstrated an inconsistency – plates had been used on a private automobile, which were usually reserved for commercial automobiles. The police officers found prescription medicines which Torres’ didn’t have a legal medicine for and the Social Security Read More

Florida Organization for People with Incapacities Hit by Phishing Attack

August 12, 2018

June 24, 2018   A phishing attack has been suffered by the Florida Agency for Persons with Disabilities (FAPD), which delivers support facilities for people with infirmities like cerebral palsy, autism, spina bifida, and Downs’s disease. The phishing attack happened on April 10, 2018 and was limited to a single electronic mail account; nevertheless, that account contained the PHI of 1,951 guardians or customers. Although no evidence was found to indicate any PHI was viewed or copied by the attacker, PHI access might not be ruled out with 100% confidence. The undermined electronic mail account contained information like names, health information, telephone numbers, addresses, birth dates, and Social Security details. All customers have now been warned of the breach and Read More

HIMSS Survey Exposes Concerns in Relation to Mobile Device Safety

August 11, 2018

June 25, 2018   The results of a HIMSS survey has shown that medical appliance safety is a planned emphasis for most healthcare groups, however, less than 50% of healthcare suppliers have a sanctioned budget for tackling safety flaws in medical appliances. For the survey, HIMSS interrogated 101 healthcare sector doctors in the United States and Asia for IT titan Unisys. 85% of those interrogated in the survey said medical appliance safety was a planned emphasis and 58% said it was a high significance, however, just 37% of respondents had a sanctioned budget reserved to adapt their cybersecurity policy for medical appliances. Small to medium healthcare dealers were even less likely to have sufficient coffers available, with 71% of firms Read More

Is Rackspace HIPAA Conforming?

August 11, 2018

Jun 26, 2018   The Windcrest, TX-situated managed cloud computing firm Rackspace provides public cloud and electronic mail hosting facilities, but can they be used by HIPAA-protected units without breaking HIPAA Laws? Is Rackspace HIPAA conforming? Will Rackspace Initial a Business Associate Agreement with HIPAA Protected Units? Rackspace is conscious that by letting healthcare companies use its facilities, the business is classified as a HIPAA business associate and should agree to abide by the HIPAA Secrecy and Safety Laws. Rackspace has gotten HITRUST CSF and HITRUST endorsements which show the business meets the data and secrecy safety standards required by HIPAA for managed public, private, and hybrid cloud settings. The business uses comprehensive SSL encryption and meets PCR DSS data Read More

Individual Permission of Uses and Disclosures of PHI for Research Help Released by OCR

August 11, 2018

June 27, 2018   New help for HIPAA-protected organizations to streamline HIPAA approvals for uses of PHI for research purposes has been issued by the Division of Health and Human Services’ Office for Civil Rights, as needed by the 21st Century Cures Act of 2016. The HIPAA Secrecy Law does allow protected organizations to use patients’ PHI for study without requesting individual permissions under specific situations, like if documented Institutional Review Board (IRB) or Privacy Board Authorization has been received – see 45 CFR § 164.512(i)(1)(i) and (ii). Nevertheless, in most instances, before using patients’ PHI for study, separate official authorizations should be obtained from patients in writing. Without a legal permission from a patient in question, their PHI can only be Read More

Individual Permission of Uses and Disclosures of PHI for Research Help Released by OCR

August 11, 2018

June 27, 2018   New help for HIPAA-protected organizations to streamline HIPAA approvals for uses of PHI for research purposes has been issued by the Division of Health and Human Services’ Office for Civil Rights, as needed by the 21st Century Cures Act of 2016. The HIPAA Secrecy Law does allow protected organizations to use patients’ PHI for study without requesting individual permissions under specific situations, like if documented Institutional Review Board (IRB) or Privacy Board Authorization has been received – see 45 CFR § 164.512(i)(1)(i) and (ii). Nevertheless, in most instances, before using patients’ PHI for study, separate official authorizations should be obtained from patients in writing. Without a legal permission from a patient in question, their PHI can only be Read More

A number of Workers of Washington Health System Suspended for HIPAA Breaches

August 10, 2018

June 28, 2018   After what is supposed to have been incorrect retrieving of patient health files by staff members, Washington Health System has decided to suspend a number of staff members while the secrecy breach is studied. Although it has not been disclosed how many staff members have been suspended, Washington Health System VP of strategy and clinical facilities, Larry Pantuso, issued a statement to the Observer Reporter showing about a dozen staff members have been suspended, even though at this stage, no workers have been relieved of the positions for incorrect medical record access. The secrecy breaches are thought to link to the demise of a staff member of the WHS Neighbor Health Center. Kimberly Dollard, 57, was Read More

Weaknesses Found in Natus Xltek NeuroWorks Software Result in Official Warnings

August 10, 2018

June 30, 2018   ICS-CERT has issued an alert after finding eight weaknesses in version 8 of Natus Xltek NeuroWorks software applied in Natus Xltek EEG medical products. If the vulnerabilities are successfully abused they might allow a hacker to smash a weak appliance or activate a buffer overflow state that would allow distant code implementation. All eight weaknesses have been given a CVSS v3 score above 7.0 and are rated high.  Three of the vulnerabilities – traced as CVE-2017-2853, CVE-2017-2868, and CVE-2017-2869 – have been provided a CVSS v3 base score of 10, the maximum possible score. CVE-2017-2867 has been given a base ranking of 9.0, with the other four weaknesses – CVE-2017-2852, CVE-2017-2858, CVE-2017-2860, and CVE-2017-2861 – designated Read More

Colorado Governor Signs Data Safety Bill into Law

July 19, 2018

June 7, 2018   In Colorado bill HB 1128 has been initialed into law by Governor John Hickenlooper. This bill increases safety for consumer data in the state of Colorado. The two-party bill, backed by Reps. Cole Wist (R) and Jeff Bridges (D) and Sens. Kent Lambert (R) and Lois Court (D), was unanimously approved by the Colorado State Parliament. The bill will become enforceable on September 1, 2018. From that date companies carrying out business in the state of Colorado must get used to reasonable safety measures and practices to make sure the personal identifying information (PII) of state inhabitants is protected. The bill also reduces the time for making the state attorney general conscious of breaches of PII and Read More

Colorado Governor Signs Data Safety Bill into Law

July 19, 2018

June 7, 2018   In Colorado bill HB 1128 has been initialed into law by Governor John Hickenlooper. This bill increases safety for consumer data in the state of Colorado. The two-party bill, backed by Reps. Cole Wist (R) and Jeff Bridges (D) and Sens. Kent Lambert (R) and Lois Court (D), was unanimously approved by the Colorado State Parliament. The bill will become enforceable on September 1, 2018. From that date companies carrying out business in the state of Colorado must get used to reasonable safety measures and practices to make sure the personal identifying information (PII) of state inhabitants is protected. The bill also reduces the time for making the state attorney general conscious of breaches of PII and Read More

Dignity Health Report Many Data Breaches

July 18, 2018

June 3, 2018   Several different data breaches, as well as violations of HIPAA Laws, have been found by Dignity Health in the past few weeks. One occurrence implicated a staff member retrieving the PHI of patients without official consent, an error occurred that permitted a business associate to receive PHI without an existing BAA being in place, and most recently, a 55,947-record illegal access/disclosure occurrence has been submitted to the Division of Health and Human Services’ Office for Civil Rights (OCR). Dignity Health informed OCR of a data breach affecting patients of its St. Rose Dominican Hospitals at the San Martin, Siena, and Rose de Lima campuses in Nevada on May 10, 2018. The company informed that on April Read More

2,100 Chesapeake Local Healthcare Patients PHI Breached in Hard Drives Burglary

June 21, 2018

April 13, 2018    Chesapeake Regional Healthcare has noticed that two hard drives saving the protected health information (PHI) of about 2,100 patients have gone missing from the Chesapeake Local Medical Center site situated in Chesapeake, Virginia. The data saved on the appliances relates to people who took part in lessons at its Sleep Center between April 2015 and February 2018. It is presently unclear the precise time that hard drives went missing. Chesapeake Local Healthcare found that the appliances were lost on February 6, 2018. An internal analysis was started, and a complete search of the facility was finished, however, the appliances could not be located. The lost hard drives have been informed as lost/stolen to law enforcement organizations, however, Read More

Integrated Rehab Consultants Patients Not Made Conscious of PHI Breach for 18 Months

June 21, 2018

April 20, 2018   Physiatry Group Integrated Rehab Consultants located in Chicago, IL is issuing notice letters to affected patients warning them of the disclosure of a few of their protected health information in line with HIPAA conditions. Nevertheless, the breach was not first seen in the last 60 days as Integrated Rehab Consultants (IRC) became conscious of the disclosure of PHI 16 months ago on December 2, 2016. The information which included data such as patients’ full names, procedure code, treatment location, appointment visit ID, admission date, visit status, visit date, medical provider information, gender, date of birth, address, and diagnosis codes – had been printed on a publicly accessible source. The PHI was seen by a healthcare security scientist Read More

UnityPoint Health Phishing Attack Undermines Many Worker Electronic mail Accounts

June 21, 2018

April 25, 2018   It has been noticed that UnityPoint Health worker accounts have been compromised and retrieved by illegal people. The employees’ electronic mail accounts were originally retrieved on November 1, 2017 and went on for a duration of three months until February 7, 2018, when the phishing attack was noticed and access to the compromised electronic mail accounts was barred. Upon noticing the phishing attack, UnityPoint Health hired a computer forensics firm to probe the level of the breach and the number of patients that were targeted. The probe found that a broad range of protected health information had probably been obtained by the hackers, which included names together with one or more of the following data elements: Read More

Possible PHI Compromise Might Have Affected 582,000 Patients of California Dept. of Developmental Services

June 20, 2018

April 26, 2018   582,174 patients of the California Department of Developmental Services (DDS) are getting in touch with customers to inform them that their protected health information has probably been undermined. Last February 11, 2018, a few people broke into the DDS legal and audits offices in Sacramento, CA. After they broke in, the thieves possibly had access to the confidential information of about 15,000 workers, service providers, job candidates, and parents of juveniles who are cured by DDS facilities. The burglars also got away 12 government computers. It’s not yet clear if the culprits were interested in paper files and all computers robbed by the thieves were encrypted therefore data access was impossible. DDS has accepted that none Read More

1,000 Patients of es Moines Crisis Observation Center have PHI Disclosed

June 20, 2018

April 27, 2018   Throughout a period of three and a half years, 1,071 patients of Des Moines Crisis Observation Center, who received medical services, have been contacted to inform them that some of their protected health information has been “inadvertently and unintentionally disseminated”. The HIPAA violation was found on February 14, 2018, even though the inquiry indicated that information started being exposed on June 1, 2014, and continued until January 11, 2018. The kind of information retrieved includes patients’ identifications together with Social Security details, Medicaid ID numbers, admission dates, addresses, and discharge clinics. Utilizing the Crisis Observation Center, Polk County Health Facilities delivers mental health facilities for citizens of Polk County, IA and is the local administrator and Read More

AWS Costs Decreased by 60% by Tristar Medical Group

June 20, 2018

May 10, 2018   Healthcare groups are, increasingly using the cloud to meet their IT requirements, however, while there are several advantages to be had from shifting infrastructure, applications and data center operations to the cloud, handling cloud costs remains the main Problem. Several healthcare groups choose AWS EC2 instances for their servers. Although the platform meets their requirements, the high cost of handling AWS EC2 instances – or equivalent instances from other sellers – is compelling several healthcare groups to scale back their cloud migration strategies. The cost of handling AWS EC2 instances can be huge. Tristar Medical Group, the biggest privately-owned healthcare seller in Australia, operates centers all over the country, spread across several time zones. Its clinics Read More

17,639 People Alerted of Capital Digestive Care PHI Disclosure

June 20, 2018

May 12, 2018   Capital Digestive Care, a Silver Spring, MD-based gastroenterology group has disclosed that one of its business partners shared files to a commercial cloud server that did not have correct safety controls, showing the protected health information of up to 17,639 clients. This PHI was conveyed to the consideration of Capital Digestive Care on February 23, 2018 and action was swiftly taken to protect the files and remove more illegal access. An analysis into the secrecy breach was started to decide the kinds of files that had been displayed and the number of patients impacted. The analysis demonstrated that some confidential data had been displayed, even though the breach was kept to persons that had logged on Read More

10-Month Exposure of PHI at 8,300 Cerebral Palsy Research Foundation of Kansas Patients Disclosed

June 20, 2018

May 14, 2018   A mistake has caused a database used by Cerebral Palsy Research Foundation of Kansas (CPRF) to have its protection switched off for 10 months, making the protected health information (PHI) of 8,300 patients available. The demographic database that was impacted was found on March 10, 2018 and was swiftly safeguarded. The audit into the breach found that although the database had been set up on a safe subdomain in early 2000, when CPRF switched its computer networks in 2017 the database was not seen resulting in the unintentional removal of safety measures. During the period of time that the database was unprotected it is possible that private and health information was retrieved by illegal people. The Read More

LifeBridge Health Data Breach Impacts 538,000 Patients

June 20, 2018

May 25, 2018   Baltimore-based healthcare provider LifeBridge Health has disclosed, in a press release issued on May 16 that it had faced a data breach. Although the release made no mention to the number of patients affected at the time of it being issued, further information has now been issued. LifeBridge Health found on March 18, 2018 that malware had been put on a computer network that hosted the electronic medical document system used by LifeBridge Potomac Experts and LifeBridge Health’s patient enrolment and billing systems. The recognition of malware resulted in an in-depth inquiry to decide when access to the computer network was first obtained. LifeBridge Health then employed a national computer forensics company to assist with the inquiry Read More

PHI-Exposing Data Safety Incidents Discovered by Purdue University

June 20, 2018

June 02, 2018   Purdue University has discovered two security breaches that might have led to illegal people getting access to the protected health information of patients. During April Purdue University’s safety team found a file on computers used by Purdue University Pharmacy indicating that the appliances had been distantly logged onto by an illegal person. The file was installed on the appliances around September 1, 2017. The computers contained a restricted amount of safeguarded health data including patients’ names, appointment information, diagnoses, internal identification numbers, identification numbers, times of service, birth dates, and amounts invoiced. No Social Security numbers or private financial information were saved on the computer that was retrieved. A review into the data breach didn’t find Read More

Analysis Indicates Wrong Dumping of PHI is Usual

March 31, 2018

A new analysis (printed in JAMA) has emphasized just how commonly hospices are disposing of PHI in an unsafe way. Although the analysis was carried out in Canada, which isn’t protected by HIPAA, the outcomes emphasize the main area of PHI safety that is often ignored. Incorrect Dumping of PHI is More Usual than Earlier Supposed Scientists at St. Michael’s Hospice in Toronto examined reprocessed paperwork at 5 training hospices in Canada. Each of the 5 hospices had plans containing the safe removal of papers having PHI and distinct reprocessing containers were provided for usual documents and paperwork having confidential information. The latter was torn before removal. In spite of the document removal plans, documents having personal health information (PHI) Read More

Legislature Changes and Latest HIPAA Rules in 2018

March 31, 2018

The plan of two out for every latest rule introduced implies there are expected to be few, if any, fresh HIPAA rules in 2018. Nevertheless, that doesn’t imply it will be all calm on the HIPAA side. Roger Severino, HHS’ OCR director has signaled there are a few HIPAA modifications under consideration. OCR is scheduling on eliminating a few of the labor-intensive and outdated elements of HIPAA that offer little help to patients, even though before HIPAA modifications are made, OCR will request comments from healthcare sector stakeholders. Like with earlier updates, OCR will submit notifications of planned rulemaking and will request comments on the planned modifications. Those remarks will be cautiously considered prior to any HIPAA modifications are made. Read More

Legislation Changes and New HIPAA Regulations in 2018

March 29, 2018

The plan of 2 out for each new rule introduced means there are supposed to be few, if any, new HIPAA regulations in 2018. However, that doesn’t mean it will be all calm on the HIPAA front. HHS’ OCR director, Roger Severino has signaled there are some HIPAA modifications under consideration. OCR is scheduling on removing a few of the obsolete and labor-intensive features of HIPAA that provide petite assistance to patients, even though before HIPAA alterations are made, OCR will request comments from healthcare sector stakeholders. Like with previous upgrades, OCR will present notifications of planned rulemaking and will seek feedback on the proposed modifications. Those remarks will be carefully considered prior to any HIPAA changes are made. The Read More

Finger Lakes Health Ransomware Attack Influences Computers

March 29, 2018

Geneva, NY-located Finger Lakes Health has been attacked by an illegal computer software that has stuck its computer system. Workers have been compelled to work on pen and paper as the health system attempts to get rid of the malevolent program and reestablish access to electronic files. The malevolent program attack on the health organization started at about midnight on Sunday, March 18, 2018, with workers becoming conscious of the attack when a payment ultimatum was released by the hackers. Finger Lakes Health administers Geneva General Hospital as well as Soldiers & Sailors Memorial Hospital in Pen Yan and numerous specialty precaution practices, long-term health centers, main care doctor practices, and day care health centers in upstate New York. It’s Read More

Class Action Claim Requests Compensations for Sufferers of CVS Caremark Data Breach

March 28, 2018

A suspected healthcare data breach that saw the PHI of patients of CVS Caremark uncovered has led to legal action versus CVS, Caremark, as well as its posting vendor, Fiserv. The claim, which was recorded in Ohio state court of law on March 21, 2018, pertains to a suspected secrecy breach that happened as a consequence of a mistake that affected a July/August 2017 posting mailed to roughly 6,000 patients. In July last year, CVS Caremark was hired to work as the drugstore benefits administrator for the Ohio HIV Medicine Help Program and according to that plan, CVS Caremark delivers entitled sick persons with HIV medicines and talks with them regarding medicines. In July/August, last year, CSV Caremark’s posting vendor Read More

How are Personally Distinguishable Files Defined according to GDPR?

March 23, 2018

Most companies and organizations will perhaps have heard of the General Data Protection Regulation (GDPR), nevertheless, several do not think it pertains to them, or aren’t ready for its influence. Really all companies or organizations that handle the special data of folks who live in the European Union should conform to the new law. What is Exclusively Distinguishable Data? Exclusively distinguishable data is termed as any detail of files that by itself, or in union with other matters, can classify a living being. Customarily, this sort of data has included email addresses, street addresses, and phone numbers. However, the growth in the volume of accessible technology has modified the circumstances somewhat. These days, digital data, for example, an online image, Read More

HIPAA Compliance and Citrix ShareFile

February 24, 2018

Citrix Systems acquired ShareFile during 2011 and the facility is provided as a proper file sharing, data synchronize, and cooperation facility for the healthcare division. It is extremely important for anybody thinking using it to study Citrix Fileshare and HIPAA Compliance. It’s a safe data storage, file sharing and cooperation facility that allows big files to be easily transmitted within a firm, with distant employees, and with outer associates. The solution allows any approved individual to promptly get stowed documents through mobile devices and desktops. For healthcare companies, this implies the result can be utilized to transmit big files like DICOM pictures with scientists, distant healthcare workforce, and BAs. The ShareFile patient gateway can also be utilized to transmit PHI Read More

HIPAA Compliance and Amazon CloudFront

February 22, 2018

Amazon CloudFront is a network device that allows users to hasten web content distribution through the Internet. In the majority instances, when a site is visited, the visitor faces a few latencies accessing dynamic and static bits of content. This is because net visitors won’t make a direct link to the matter, in its place they will take a path to log on the computer network where the matter can be gotten. The path can contain numerous directing points, will certainly impact the swiftness at which matter can be gotten. By using a content distribution system like Amazon CloudFront, you can reduce inactivity and increase availability and reliability of web content. By transmitting content over a network of data hubs Read More

Ron’s Pharmacy Facilities Patients Get Email Account Breach Warnings

February 15, 2018

San Diego, CA-based Ron’s Pharmacy Facilities has discovered that a worker’s electronic mail account having limited PHI has been logged on by an unidentified person. Strange activity was noted on the worker’s electronic mail account on October 3, 2017, leading to an inquiry; however, it was revealed on December 21, 2017, that it was an illegal person who had gotten messages in the electronic mail account that had patient information enclosed. An examination of the worker’s electronic mail account revealed that just a negligible amount of Protected Health Information was undermined. Names, payment adjustment information, and internal account numbers, although a small number of sick persons also had information concerning their prescribed medicines accessed. Although Protected Health Information access was Read More

Western Washington Medical Group Sick Persons Revealed Because of HIPAA Break

February 14, 2018

842 sick persons of Western Washington Medical Group have had their PHI revealed when records including confidential health info were disposed of with usual garbage in the month of November 2017. The break happened when the janitorial facility used by the medical group took out the substances from shredding baskets together with usual garbage. As opposed to confidential documents being lastingly fired in accordance with HIPAA Laws, they were taken away in usual garbage baskets. Western Washington Medical Group workforce noticed the error the following day, however too late to rectify the position and retrieve the records because the garbage had already been taken away to landfill locations for extinction. The breach might have been only trivial, however, those affected have Read More

North Carolina Government Medicaid Organization Discovered to Have Data Safety Insufficiency

January 11, 2018

The Division of Health and Human Services’ Office of Inspector General (OIG) has announced the outcomes of a review of the North Carolina Government Medicaid organization. The review exposed the point that the Government organization didn’t apply adequate controls to make sure the safety of its Medicaid suitability fortitude system and the integrity, security, as well as the availability of Medicaid suitability info. HHS directs the administration of numerous national plans, amongst those Medicaid. Part of its omission of the Medicaid plan includes the checking of Government organizations to decide whether adequate system safety restraints have been applied and Government organizations are complying with the needed National prerequisites. The attention of the OIG check was to decide whether adequate information Read More

What is Considered PHI According to HIPAA?

December 30, 2017

In a healthcare setting, you are expected to hear health info referred to as protected health information or PHI, however, what is considered PHI according to HIPAA? What is Considered PHI According to HIPAA Laws? According to HIPAA Laws, PHI is thought to be any recognizable health info that is stored, maintained, used, or communicated by a HIPAA-protected unit – A healthcare supplier, health insurer or health plan, or a health care clearinghouse – or a BA of a HIPAA-protected unit, in connection to the delivery of health care or payment for healthcare facilities. According to HIPAA Laws, It’s not just current and past health info that is believed PHI, but also future info concerning medical disorders or mental and Read More

Scrub Nurse Sacked for Snapping Employee-Patient’s Genitalia

December 30, 2017

A scrub nurse who took photos of a patient’s genitalia and shared the photos with coworkers has been sacked, although the sick person, who is also a worker at the same hospice, has filed a complaint requesting harms for the damage caused by the event. The employee-patient was going through incisional hernia operation at Washington Hospital. She claims in a grievance recorded in a Washington District Law court, that although she was not conscious, a scrub nurse took photos of her genitalia on a cell phone and distributed the photographs to co-workers. Shooting sick persons without their approval is a breach of HIPAA Laws and can invite a substantial financial fine. Previous Year, New York Hospice resolved a HIPAA breach Read More

Is Google Voice HIPAA Compliant?

December 30, 2017

Google Voice is actually a trendy telecom facility, however, is Google Voice HIPAA compliant can it be utilized in a HIPAA compliant system? Is it probable for healthcare companies – or healthcare workers – to use the facility without breaching HIPAA Laws? Is Google Voice HIPAA Compliant? Google Voice is a prevalent and useful telecom facility that includes the capability to send text messages free of cost, voicemail transcript to text, voicemail, and several other useful qualities. It’s therefore expected that several healthcare experts would like to use the facility at work, and for private use. To use a facility in healthcare in connection with any PHI it should be possible to use it in a HIPAA compliant way. That Read More

Fresh Bill Plans to Modify HIPAA Laws for Healthcare Clearinghouses

December 29, 2017

A fresh bill (H.R. 4613) has been presented to the U.S House of Legislatures by a member of Congress, Cathy McMorris Rodgers (R-Washington) which suggests modifications to the Health Information Technology for Economic and Clinical Health (HITECH) Law and HIPAA Laws for health care clearinghouses. The Safeguarding Patient Entrance to Health care Records Law of 2017 is planned to update the part of health care clearinghouses in healthcare, support access to as well as the leveraging of health info, and increase cure, quality advancement, research, public health and also other jobs. Healthcare clearinghouses are units which change data from one design to another, changing non-standard information to standard information elements or the other way round. Healthcare clearinghouses are deemed HIPAA-protected Read More

What Does PHI Mean?

December 25, 2017

The word PHI is usually used regarding health data, however, what does PHI mean, and what information is contained in the meaning of PHI? What Does PHI Mean? PHI is an abbreviation of Protected Health Information. The word is usually mentioned in the Health Insurance Portability and Accountability Act (HIPAA). The term protected implies the health information is protected by the HIPAA Security and Privacy Laws, which need HIPAA-covered units – health plans, healthcare providers, and healthcare clearinghouses – as well as their business associates, to apply technical, administrative, and physical safeguards to make sure the integrity, confidentiality, and availability of recognizable health information. PHI is a general word encompassing health information in all types, whereas ePHI is particular to Read More

OCR Introduces New Tools to Assist Address the Opioid Crisis

December 21, 2017

OCR has introduced new tools and plans as part of its efforts to assist address the opioid disaster in the U.S., and comply with its obligations according to the 21st Century Treatments Act. Two new webpages have been issued – one for consumers and one for healthcare professionals – that make information pertaining to mental/behavioral health and HIPAA more easily available. OCR resources have been restructured to make the HHS site more user-friendly, and the latest webpages serve like a one-stop resource clarifying when, and under what conditions, health info can be shared with families, friends, and loved ones to assist them to deal with, and avoid, emergency situations like an opioid overdose or a psychological health crisis. OCR has also Read More

Noncompliance with HIPAA Harms Healthcare Companies Greatly

December 15, 2017

Noncompliance with HIPAA can have a substantial expenditure for healthcare companies, yet even though the fines for HIPAA breaches can be substantial, lots of healthcare companies have inferior compliance plans and are breaching several aspects of HIPAA Laws. The Division of Health and Human Services’ OCR started the much postponed second stage of HIPAA compliance checks previous year with a series of desk audits, firstly on healthcare companies and secondly on BAs of protected units. Those desk audits exposed several healthcare companies are either besieged with HIPAA compliance or are just not doing sufficient to make sure HIPAA Laws are adhered to. The initial results of the desk audits, issued by OCR in September, indicated healthcare companies’ compliance efforts were mostly insufficient. Read More

Oklahoma Health Division Re-Notifies 47,000 of 2016 Data Breach

December 13, 2017

In April 2016, the Oklahoma Division of Human Services faced a data breach, and although notices were sent to affected people and the DHS’ Office of Inspector General soon after the breach was discovered, a breach notification was not presented to the HHS’ OCR – A breach of HIPAA Laws. Now, more than 18 months following the 60-day informing window specified in the HIPAA Breach Notice Law has elapsed, OCR has been informed. OCR has ordered the Oklahoma Department of Human Services to again inform the 47,000 Provisional Help for Needy Families clients that were affected by the breach to meet the prerequisites of HIPAA. The breach in question happened during April 2016 after an illegal person accessed a computer system Read More

October 2017 Healthcare Data Breaches

November 18, 2017

In the month of October 2017, twenty seven healthcare data breaches informed to the Division of Health and Human Services’ OCR. Those data breaches led to the exposure/theft of 71,377 plan member and patient files. October saw a substantial drop in the number of reported breaches compared to September, and a substantial drop in the number of files revealed.   October saw a substantial drop in the quantity of infringed files, with the monthly total nearly 85% lesser than September and nearly 88% lesser than the average quantity of files opened over the previous 3 months.   Healthcare suppliers were the worst hit in October with 19 informed data breaches. There were 6 data breaches informed by health policies and at least Read More

5 Year Jail Sentence Endorsed for Clinic Employee Who Thieved PHI

November 17, 2017

A clinic employee who thieved the safeguarded health info of psychologically ill patients as well as sold the information to identity bandits has not succeeded to reduce his 5-year jail sentence. Jean Baptiste Alvarez, 43, of Aldan, thieved daily census pages from the Kirkbride Center, a behavioral health care service in Philadelphia. The census pages had all the information required to thieve the individualities of patients and present their fake tax returns – Names, dates of birth, Social Security numbers as well as other individually recognizable info. Alvarez had the chance to thieve the data unnoticed since the surface where the pages were kept didn’t have safety cameras. Alvarez was getting $1,000 for each census page from his co-conspirators, who Read More

What’s a Restricted Data Set According to HIPAA?

November 9, 2017

A restricted data set according to HIPAA is a set of recognizable healthcare info that the HIPAA Secrecy Law allows covered units to share with specific units for public health activities, research purposes, and healthcare operations without getting prior approval from patients if specific requirements are met. Contrary to de-identified PHI, which is no more classified as PHI as per HIPAA Laws, a restricted data set according to HIPAA is still recognizable safeguarded information. For that reason, it’s still answerable to HIPAA Secrecy Rule principles. A HIPAA restricted data set can be distributed only with units that have contracted a data use contract with the covered unit. The data use contract lets the covered unit to get satisfactory guarantees that Read More

Study Discloses Distributing EHR PINs is Common

November 4, 2017

Although information on the habit of password distribution in healthcare is restricted, one study suggests the habit of distributing Electronic health record system passwords is common, particularly with medical students, interns, and nurses. The study was carried out by Ayal Hassidim, MD of the Hadassah-Hebrew University Medical Center, Jerusalem, and additionally included scientists from Hadassah-Hebrew University Medical Center, Ben Gurion University of the Negev, Harvard Medical School, and Duke University. The research was carried out on 299 interns, medical residents, nurses, and medical students and the outcomes of the study were lately printed in Healthcare Informatics Research. The info stowed in EHRs is confidential and should be safeguarded. Rules like HIPAA manage access to that info. All people that need access Read More

Who Implements HIPAA?

October 27, 2017

The Health Insurance Portability and Accountability Act (HIPAA) launched several new laws for healthcare companies, but who implements HIPAA? Which national divisions are accountable for making sure HIPAA Laws are followed by covered units as well as their BAs? Who Implements HIPAA? The main enforcer of HIPAA Laws is the Division of Health and Human Services’ OCR. Nevertheless, since the inclusion of the Health Information Technology for Economic and Clinical Health (HITECH) Law into HIPAA in 2009, national attorneys general were also provided the authority to impose HIPAA Laws. The Centers for Medicare and Medicaid Services (CMS) also possess some powers and are mainly accountable for applying the HIPAA managerial simplification rules. The U.S. Food and Drug Administration (FDA) can Read More

Latest Device Assists Healthcare Companies Get HIPAA Conmplying Business Associates

October 27, 2017

Healthcare companies are only allowed to utilize business associates that consent to abide by HIPAA Laws and put a signature on a business associate contract, however, locating HIPAA complying BAs can be a task. Look for HIPAA complying BAs is time-consuming, even though identifying dealers willing to obey HIPAA Laws is just part of the procedure. Business associate contracts should then be evaluated, often incurring official charges, and healthcare companies should get guarantees from a new BA that proper precautions have been applied to make sure the integrity, confidentiality, and obtainability of any PHI they deliver. It’s also demanding for sellers that desire to take benefit of the openings in the healthcare trade. They should be capable to prove they Read More

Whom Should HIPAA Grievances be Addressed Inside the Protected Unit?

October 25, 2017

Whom should HIPAA grievances be addressed inside the protected unit? Any healthcare worker who thinks he has seen a HIPAA breach should inform the case internally. Usually, the individual to inform the breach is your Secrecy Officer, if your business has hired one. Informing Possible HIPAA Breaches Internally In the course of your HIPAA coaching, you must have been informed whom should HIPAA grievances be addressed to inside the protected unit, and the processes to follow for making grievances concerning possible HIPAA breaches. Commonly speaking, the HIPAA breach must be informed to the individual in your business who is accountable for HIPAA conformity, which is usually your Privacy Officer or CISO. You might feel comfier informing the case to your Read More

Healthcare Data Breaches in September Saw Nearly 500K Files Exposed

October 21, 2017

Protenus has issued its Breach Barometer report which discloses that there was a substantial surge in healthcare data breaches in September. The report contains healthcare data breaches informed to the Division of Health and Human Services’ OCR and safety cases followed by The latter has yet to show on the OCR ‘Wall of Shame.’ Altogether, Protenus/ followed 46 healthcare data breaches in September. Although the total quantity of breach victims has not yet been verified for all cases, at least 499,144 healthcare files are acknowledged to have been stolen or exposed. The number of files stolen or exposed in four of the month’s breaches has yet to be disclosed. The high number of cases makes September the 2nd worst Read More

What is the Goal of HIPAA?

October 20, 2017

The Health Insurance Portability and Accountability Act – or HIPAA as it is better recognized – is a vital parliamentary Act impacting the U.S. healthcare trade, however, what is the objective of HIPAA? Healthcare experts frequently protest concerning the limitations of HIPAA – Are the advantages of the lawmaking worth the extra load? What is the Objective of HIPAA? HIPAA was initially launched in 1996. In its original shape, the lawmaking assisted to make sure that workers would carry on to get health protection coverage when they were in the middle of jobs. The lawmaking also needed healthcare companies to apply restrictions to get patient data to avoid healthcare scam, even though it required many years for the laws for Read More

What Are Protected Units According to HIPAA?

October 20, 2017

The Health Insurance Portability and Accountability Act (HIPAA) pertains to HIPAA-protected units and their business companions, however, what are protected units according to HIPAA, and what type of businesses are categorized as business companions? Protected Units According to HIPAA Protected units according to HIPAA are persons or units that convey protected health information for dealings for which the Division of Health and Human Services has implemented criteria (see 45 CFR 160.103). Dealings include the spread of healthcare entitlements, remittance and payment advice, healthcare position, coordination of welfares, registration and deregistration, suitability checks, healthcare electronic fund transmissions, and recommendation certification as well as endorsement. Protected units according to HIPAA include healthcare providers, health plans, and healthcare clearinghouses. Health plans comprise military Read More

HHS Issues Partial Waiver of HIPAA Penalties and Sanctions within California

October 19, 2017

The Secretary of the U.S. Division of Human and Health Services has released a limited waiver of HIPAA sanctions as well as fines within California. The renunciation was announced after the presidential declaration of a public health crisis in northern California as a result of the wildfires. As was the situation with the waivers released after Hurricanes Irma and Maria, the partial renunciation of HIPAA sanctions and fines only concerns when healthcare providers have applied their disaster protocol, and then just for a period of up to 72 hours after the implementation of that procedure. In the event of the public health crisis declaration ending, healthcare companies must then abide by all provisions of the HIPAA Secrecy Rule for all Read More

What National Department Controls HIPAA?

October 18, 2017

Healthcare suppliers, healthcare clearinghouses, health policies, and business associates of those companies should abide by HIPAA, however, what national division controls HIPAA and takes action versus companies that do not abide by HIPAA Laws? What National Division Controls HIPAA? HIPAA is controlled by the Division of Health and Human Services’ OCR. Since the launch of the HIPAA Implementation Law in March 2006, OCR was given the authority to probe grievances concerning HIPAA breaches. OCR was also provided the permission to issue civil monetary fines if HIPAA-covered units were found to have breached HIPAA Laws. Although OCR had the authority to issue monetary fines, it is comparatively unusual for HIPAA breaches to lead to monetary fines. During the years since the Read More

Amida Care Dispatching Possibly Disclosed HIV Position of its Associates

October 15, 2017

Amida Care, the New York situated not-for-profit communal health plan has informed a HIPAA breach that has possibly affected 6,231 of its associates. Amida Care is a specialist in supplying health coverage as well as synchronized care to Medicaid associates suffering from protracted health situations like HIV. Amida Care sent a leaflet on July 25, 2017, to a few of its associates who had become infected with HIV, counseling them of a chance to participate in an HIV research assignment. The double-sided leaflets had details of the HIV research assignment on one side, and info on an Amida Care Summer Lifetime Festival occasion on the other. The decision had initially been made to dispatch the flyer in windowless covers, and Read More

Why is HIPAA Essential?

October 14, 2017

The Health Insurance Portability and Accountability Act (HIPAA) is an innovative part of lawmaking, however, why is HIPAA essential? What modifications did HIPAA launch and what are the advantages to the healthcare trade and patients? HIPAA was launched in 1996, mainly to tackle one specific concern: Insurance coverage for people who are in the middle of jobs. Deprived of HIPAA, workers confronted a loss of insurance protection while they were between jobs. An additional objective of HIPAA was to avoid healthcare scam and make sure that all ‘secure health information’ was properly protected and to limit access to health files to approved people. Why is HIPAA Essential for Healthcare Companies? HIPAA launched several essential advantages for the healthcare business to Read More

Suggested Law for Certification of Conformity for Health Plans Revoked by HHS

October 12, 2017

During January 2014, the Health and Human Services suggested a new law for accreditation of conformity for health strategies. The law would have needed all controlling health plans to present a variety of documents to HHS to show conformity with electronic deal criteria set by the HHS according to HIPAA Laws. The key objective of the suggested rule – Administrative Simplification: Accreditation of Conformity for Health Strategies – was to encourage more constant testing procedures for controlling health plans. The Health and Human Services has declared that the suggested law has now been revoked. Had the suggested law made it to the final law stage, CHPs would have been needed to show conformity with HIPAA administration simplification criteria for 3 Read More

HHS Withdrew Suggested Law for Accreditation of Conformity for Health Policies

October 12, 2017

The HHS suggested a new law for accreditation of conformity for health policies in the month of January 2014. The law would have needed all of controlling health plans (CHPs) to surrender a variety of documents to Health and Human Services to prove conformity with electronic deal standards established by the HHS according to HIPAA Laws. The main purpose of the suggested law – Administrative Simplification: Accreditation of Conformity for Health Policies – was to support more constant checking procedures for CHPs. Now the HHS has declared that the suggested law has been revoked. Had the suggested law made it to the final law phase, CHPs would have been needed to prove conformity with HIPAA management simplification requirements for three Read More

Do Medical Practices Require to Check Business Associates for HIPAA Compliance?

October 11, 2017

Should protected entities check business associates for HIPAA compliance or is it enough just get a signed, HIPAA-compliant business associate contract? If a business associate offers reasonable assurances to a protected unit that HIPAA Laws are being followed, and mistakes are made by the BA that lead to the theft, exposure, or accidental disclosure of PHI, the protected unit will not be answerable for the BA’s HIPAA breaches – if the protected unit has entered into a business associate agreement with its BA. It’s the duty of the BA to make sure compliance with HIPAA Laws. The failure of a BA to abide by HIPAA Laws can lead to financial penalties for HIPAA violations for the BA, not the protected unit. A protected unit Read More

What Does HIPAA Imply?

October 3, 2017

What does HIPAA imply? HIPAA is an abbreviation of the Health Insurance Portability and Accountability Act – A parliamentary law which was contracted into law in the U.S. on August 21, 1996, by Bill Clinton. Originally, HIPAA was introduced to modernize the healthcare trade and had 2 main objectives: To make sure that when workers were between jobs, they would yet be capable to keep healthcare protection – The P in HIPAA – Portability. The 2nd purpose was to make sure the confidentiality and security of health info – The 1st A in HIPAA – Accountability. HIPAA comprises criteria that were expected to make healthcare dealings easier, in particular, with regard to electronic data transfer. These comprised the use of Read More

HITRUST/AMA Introduce Project to Assist Small Healthcare Suppliers with HIPAA Compliance

September 29, 2017

HITRUST has declared it has associated with the American Medical Association (AMA) for a fresh project that will assist small healthcare suppliers with cyber risk management, cybersecurity, and HIPAA conformity. Small healthcare suppliers can be mainly susceptible to cyberattacks because they usually are short of the resources to allocate to cybersecurity and don’t have the funds available to employ trained cybersecurity team. Current week has highlighted the requirement for small practices to increase their cybersecurity fortifications, with the declaration of 2 cyberattacks on minor healthcare suppliers by the hacking gang TheDarkOverlord. Latest ransomware attacks have also demonstrated that healthcare companies of all dimensions are likely to be attacked. Companies of all dimensions should perform good cyber cleanliness as well as have the Read More

OCR Introduces Information is Strong Medicine Promotion to Inspire Patients to Access Their Health Files

September 15, 2017

The Division of Health and Human Services’ OCR has introduced a new promotion to raise the consciousness of patients’ entitlement to access their health info and the advantages of doing this. The “Information is Strong Medicine” promotion tells patients that they have the entitlement to get copies of their health files and informs them to “Obtain it. Verify it. Utilize it.” The advantages to patients are obvious. If they get copies of the health info they can verify their medical files for mistakes and rectify any errors. Having access to health files assists patients to make better choices concerning their health care and talk about their health more completely with their suppliers. Equipped with their health files, patients can do Read More

Partial HIPAA Renunciation Granted to Hospices in Irma Tragedy Zone

September 14, 2017

A public health tragedy has been proclaimed in regions of Puerto Rico, the U.S. Virgin Islands, and Florida affected by Hurricane Irma. Similar to the situation in Louisiana and Texas following Storm Harvey, the United States Division of Health and Human Services’ OCR has proclaimed a partial renunciation of HIPAA Secrecy Rule approvals as well as fines for hospices impacted by Irma. OCR has emphasized that the HIPAA Secrecy and Safety Rules haven’t been suspended and covered units must carry on to obey HIPAA Rules; however, specific provisions of the Secrecy Rule have been waived according to the Project Bioshield Act of 2014 as well as Section 1135(b) of the Social Security Act. In the event that a hospice in Read More

Partial HIPAA Waiver Allowed to Hospices in Irma Tragedy Region

September 14, 2017

A public health crisis has been announced in regions of Florida, Puerto Rico, and the U.S. Virgin Islands, affected by Storm Irma. As was the case in Louisiana and Texas after Storm Harvey, the U.S. Division of Health and Human Services’ OCR has declared a partial renunciation of HIPAA Secrecy Law sanctions and fines for hospices impacted by Irma. OCR has emphasized that the HIPAA Secrecy and Safety Laws haven’t been suspended and protected units should carry on to abide by HIPAA Laws; nevertheless, specific conditions of the Secrecy Law have been waived according to the Project Bioshield Law of 2014 as well as Section 1135(b) of the Social Safety Law. In case a hospice in the calamity zone doesn’t Read More

HHS Issues Partial Renunciation of Sanctions and Fines for Privacy Law Violations in Storm Harvey Disaster Zone

September 2, 2017

During emergencies like natural disasters, complying with all HIPAA Privacy Law provisions can be a task for hospitals and can possibly have a negative effect on patient care and calamity relief efforts. In emergency conditions, HIPAA Rules still relate. The HIPAA Privacy Law allows patient info to be shared to assist with disaster relief attempts and make certain patients get the attention they need. The Privacy Law allows protected entities to communicate patient information for cure purposes, for public health interests, to disclose patient info to friends, family and others engaged in a patient’s care, to lessen or prevent a serious and impending threat to the health and security of an individual or the public and, under specific circumstances, lets Read More

HHS Issues Part Relinquishment of Restrictions and Fines for Secrecy Law Breaches in Storm Harvey Disaster Area

September 2, 2017

During disasters such as natural calamities, complying with all HIPAA Secrecy Law prerequisites can be a task for hospices and can possibly have an adverse effect on patient treatment and calamity relief attempts. In emergency circumstances, HIPAA Laws still relate. The HIPAA Secrecy Law lets patient info to be distributed to assist with calamity relief attempts and make sure patients receive the attention they require. The Secrecy Law lets protected units to communicate patient info for cure intentions, for public health interests, to reveal patient info to friends, family and other people engaged in a patient’s treatment, to lessen or prevent a grave and impending danger to the safety and health of an individual or the general public and, under Read More

Just One Third of Patients Utilize Patient Portals to See Health Files

July 29, 2017

The Health Insurance Portability and Accountability Act (HIPAA) Secrecy Law allows patients to read the health information stored by their suppliers, however, comparatively a small number of patients are using that privilege, at least via patient portals, as per a latest U.S. Government Accountability Office (GAO) statement. The Medicare EHR Encouragement Program inspired healthcare suppliers to switch from paper to EMRs and now nearly 90% of patients of partaking suppliers have approach to patient gateways where they can see their health files. Although patients have been offered access, less than a third of patients are utilizing patient gateways to see their health data. GAO observed patient health data access from the patients’ point of view, carrying out discussions with patients to Read More

OCR Data Breach Portal Update Stresses Breaches Under Scrutiny

July 27, 2017

The previous month, the Division of HHS verified it was pondering revising its data breach portal – usually known as the OCR’s ‘Wall of Shame’. Article 13402(e) (4) of the HITECH Law needs OCR to preserve a shared list of breaches of safeguarded health info that have affected over 500 people. All, more than 500 record data breaches informed to OCR since 2009 are recorded on the breach portal. The data breach list contacts a wide range of breaches, several of which happened through no fault of the protected unit and involved no infringements of HIPAA Laws. OCR has been criticized for its breach portal for this very cause, most lately from Rep. Michael Burgess (R-Texas) who stated the breach Read More

Are You Obstructing Ex-Employees’ PHI Access Swiftly?

July 21, 2017

The latest analysis contracted by OneLogin has exposed that several organizations aren’t doing sufficient to avoid data breaches by ex-workers. Access to applications and computer systems is a necessity while hiring, but several companies are not blocking access to systems swiftly when workers leave the firm, even though ex-workers pose a substantial data safety risk. When a worker is fired or else leaves the firm, obstructing access to email accounts and networks is among the most basic safety measures, however, all too often the procedure is postponed. 600 IT workers who had some duty for security in their company were questioned for the analysis and roughly half of respondents stated they didn’t instantly end ex-workers’ network access privileges. 58% stated Read More

Financing for ONC Office of the Chief Secrecy Officer to be Revoked in 2018

July 20, 2017

The reductions to the financial plan of the Organization of the National Coordinator for Health Info Technology (ONC) imply the agency should make some big alterations, among which will be the revocation of financing for the Office of the Chief Secrecy Officer. Don Rucker, M.D. of ONC National Coordinator has verified that the office will be shut down in the financial year 2018. The Deputy Director for Health Information Privacy, Deven McGraw, has been helping as Temporary Chief Secrecy Officer until a long-lasting substitution for Lucia Savage is located, after her exit in January. It’s now looking extremely unlikely that a long-lasting substitution will be pursued. Among the main tasks of the Chief Secrecy Officer is to make sure that Read More

1 2