By Matt Fisher – Healthcare organizations are learning tough lessons that actions of employees can come back with serious consequences to the organization. When it comes to maintaining the privacy and security of patient data, no action comes without a consequence.

We regularly publish resources on cybersecurity to help physician practices, hospitals and business associates understand how to best thwart attacks and minimize exposure if there is a breach.

By Matt Fisher – The HHS Office for Civil Rights announced a $3.5 million settlement with Fresenius Medical Care Holdings, Inc. and five of its subsidiaries (collectively, Fresenius) following the report and investigation of five separate breach notifications.

By Art Gross – Billion-dollar EHR company Allscripts has fallen victim to a ransomware attack, which began on Thursday, January 18 around 2:00 am EST. By 6:00 am EST, the ransomware attack was full-blown requiring Microsoft and Cisco’s incident response teams to be called upon for assistance.

By Matt Fisher – A $2.3 million HIPAA settlement by 21st Century Oncology from mid-December 2017 seemed to mostly fly under the radar. A combination of events seems to have helped push the low profile.

By Matt Fisher – Video recording has been as simple as turning on a smartphone and videos appear on the internet all of the time. Police body cameras are another growing area where a video is taken every day and in all sorts of locations.

By Art Gross – The topic of ransomware, especially ransomware hitting healthcare organizations, is making headlines daily. Dan Munro has a very good article over at Forbes that asks an important question: Is Ransomware Considered A Health Data Breach Under HIPAA?

By Matt Fisher – Another HIPAA breach settlement announcement and another lesson from the Department of Health and Human Services Office for Civil Rights (“OCR”). Cornell Prescription Pharmacy (“Cornell”) is a single location pharmacy located in Colorado that will pay OCR $125,000 to resolve allegations of a variety of HIPAA violations. When the facts of the circumstances are described, it will likely raise questions as to why the settlement was so low.

Two Articles Shine the Spotlight on the Subject By Edward Jones III, Author and President of HIPAA, LLC. Twitter: @HIPAAsafeguards On July 13, Politico published online an article entitled “Electronic heath records ripe for theft,” which is available online.  This article makes several important points and we commend it to your attention.  First, the article […]

By Tom Sullivan, Editor, Government Health IT Twitter: @GovHITEditor If the healthcare providers that have been operating under HIPAA for nearly two decades were the only ones required to comply with the new rule on privacy and security, that would be challenging enough. But they’re not. Instead, the business associates deemed covered entities beginning September 23 are […]

Affects 1.84 Million U.S. Victims Medical identity theft is a national healthcare issue with life-threatening and hefty financial consequences. According to the 2013 Survey on Medical Identity Theft conducted by Ponemon Institute, medical identity theft and “family fraud” are on the rise; with the number of victims affected by medical identity theft up nearly 20 […]

Health plan pays $ 1.2 million for failure to recognize HIPAA risk Remember when copiers were simple—just paper in, copies out? Once they began scanning and faxing, copiers evolved not just in capability, but as a HIPAA risk. A health plan just paid a $ 1.2 million penalty because a copier it discarded ended up […]