By Matt Fisher, Esq Twitter: @matt_r_fisher Host of Healthcare de Jure – #HCdeJure The HHS Office for Civil Rights (OCR) announced a $3.5 million settlement with Fresenius Medical Care Holdings, Inc. and five of its subsidiaries (collectively, Fresenius) following the report and investigation of five separate breach notifications. Of note, the five breaches in total impacted 521 individuals with no…

By Art Gross, President and CEO, HIPAA Secure Now! Twitter: @HIPAASecureNow Billion-dollar electronic health record (EHR) company Allscripts has fallen victim to a ransomware attack, which began on Thursday, January 18 around 2:00 a.m. EST. By 6:00 a.m. EST, the ransomware attack was full-blown requiring Microsoft and Cisco’s incident response teams to be called upon for assistance. An article on CSO explores the…

By Matt Fisher, Esq Twitter: @matt_r_fisher Host of Healthcare de Jure – #HCdeJure A $2.3 million HIPAA settlement by 21st Century Oncology from mid-December 2017 seemed to mostly fly under the radar. A combination of events seems to have helped push the low profile, namely lack of an announcement by the Office for Civil Rights and an unfamiliar venue for…

By Matt Fisher, Esq Twitter: @matt_r_fisher Host of Healthcare de Jure – #HCdeJure Video recording has been as simple as turning on a smartphone and videos appear on the internet all of the time. Police body cameras are another growing area where a video is taken every day and in all sorts of locations. When those videos record activities in…

By Art Gross Twitter: @HIPAASecureNow The topic of ransomware, especially ransomware hitting healthcare organizations, is making headlines daily. Dan Munro has a very good article over at Forbes that asks an important question: Is Ransomware Considered A Health Data Breach Under HIPAA? David Harlow (@healthblawg), Principal – The Harlow Group, LLC, whose insight into HIPAA law I respect greatly, states:…

By Matt Fisher, Esq Twitter: @matt_r_fisher Another HIPAA breach settlement announcement and another lesson from the Department of Health and Human Services Office for Civil Rights (“OCR”). Cornell Prescription Pharmacy (“Cornell”) is a single location pharmacy located in Colorado that will pay OCR $125,000 to resolve allegations of a variety of HIPAA violations. When the facts of the circumstances are…

Two Articles Shine the Spotlight on the Subject By Edward Jones III, Author and President of HIPAA, LLC. Twitter: @HIPAAsafeguards On July 13, Politico published online an article entitled “Electronic heath records ripe for theft,” which is available online.  This article makes several important points and we commend it to your attention.  First, the article states: “[w]hile a stolen credit…

By Tom Sullivan, Editor, Government Health IT Twitter: @GovHITEditor If the healthcare providers that have been operating under HIPAA for nearly two decades were the only ones required to comply with the new rule on privacy and security, that would be challenging enough. But they’re not. Instead, the business associates deemed covered entities beginning September 23 are entirely new to the law…

Affects 1.84 Million U.S. Victims Medical identity theft is a national healthcare issue with life-threatening and hefty financial consequences. According to the 2013 Survey on Medical Identity Theft conducted by Ponemon Institute, medical identity theft and “family fraud” are on the rise; with the number of victims affected by medical identity theft up nearly 20 percent within the last year.…

Health plan pays $ 1.2 million for failure to recognize HIPAA risk Remember when copiers were simple—just paper in, copies out? Once they began scanning and faxing, copiers evolved not just in capability, but as a HIPAA risk. A health plan just paid a $ 1.2 million penalty because a copier it discarded ended up on the TV news. Buried…

How would Your Practice Protect Kim’s Information? By Ron Sterling Sterling Solutions Recently, several employees of Cedars Sinai Medical Center were fired for improperly accessing the Protected Health Information (PHI) of Kim Kardashian (a reality TV personality) who went through her entire pregnancy with cameras in tow.  You can be pretty confident that Kim will lament this invasion of her…

Experts Highlight Top Hidden Exposures That Can Lead to Data Breach It’s not a plot on a TV show. Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker. Every transaction and health record is now collected, categorized, sorted, and analyzed—and can be…

400,000 reasons to check your network security. Mike Semel Semel Consulting Want to avoid a HIPAA penalty? Do you know... what a firewall is? the difference between a firewall and the simple network routers most of us use at home? how to properly set up network perimeter security, monitor it, and understand its reports? how to monitor your Information System…

Don’t Join the HIPAA Data Breach ‘Wall of Shame’ Mike Semel Semel Consulting In compliance with the HIPAA Data Breach Notification Rule, more than 570 HIPAA data breaches of over 500 records have been reported since 2010, with over 21 million patient records lost. This information is posted on a federal website known informally as the HIPAA ‘Wall of Shame.’ All HIPAA data breaches are…

Data Encryption Saves Millions in HIPAA Breach Penalties Mike Semel, HIT Security Every time there is a HIPAA data breach penalty for a lost laptop or hard drive, Office for Civil Rights (OCR) Director Leon Rodriguez says that the penalty would have been avoided if the data was encrypted. The HITECH Act of 2009 modified the HIPAA data breach rule by stating that if a device is lost or stolen,…