In an unusual twist, a missing unencrypted laptop containing data on nearly 206,000 patients has been returned by mail to Premier Healthcare, a physician group practice in Indiana. But some experts say the organization might have violated the HIPAA Security Rule.
The HHS Office for Civil Rights is moving too slowly in issuing HIPAA guidance related to mobile health apps, cloud storage and other emerging technologies, according to a bipartisan group of congressmen. Does OCR have too much on its plate?
This could be a record year for HIPAA enforcement actions by federal regulators, both in the number of resolution agreements and in the size of financial settlements resulting from breach investigations, predicts privacy attorney Adam Greene.
The HHS Office for Civil Rights is making progress toward launching the long awaited next round of HIPAA compliance audits, which will consist mostly of desk audits. In a critical step, it plans to release its proposed new audit protocol in April, says Deven McGraw, OCR's deputy director of health information privacy.
Despite the pervasiveness of data breaches, healthcare organizations are still playing catch-up on implementing strong, risk-based security programs, rather than focusing solely on HIPAA compliance, says David Finn of Symantec. He offers a preview of his session at the HIMSS 2016 Conference about a new survey.
Federal regulators have issued new guidance to clarify scenarios where HIPAA privacy and security regulation might apply, including for mobile health applications and electronic data exchange. Why are some organizations still so confused?
For only the second time, federal regulators have slapped a healthcare entity with a civil monetary penalty in a case involving egregious HIPAA violations. Find out why Lincare Inc. was fined after a privacy incident affecting just 278 patients.
Healthcare organizations face an ongoing compliance burden involving the protection
of sensitive patient data. The task of safeguarding data grows increasingly complex as
the organization's environment adapts to advancing threats and shifting technology
trends. Once simply in record rooms and on desktops, now...
Securing sensitive emails isn't just a best practice - it's often the law. Compliance with
regulations is a priority for healthcare, financial services and government organizations; it may
also need to be a priority for companies that work with these organizations or practice business
in specific...
If federal regulators pull the plug on the HITECH Act's "meaningful use" incentive program for electronic health records, they must devise bold new ways to help ensure that data stored in EHR systems is secure.
Is the agency that enforces HIPAA doing enough to make sure that organizations that have had multiple smaller health data breaches are taking steps to improve security?
The year 2015 will be remembered for the surge in massive hacker attacks in healthcare. But what lessons can healthcare organizations and their business associates learn from these data breaches?
To guard against health data breaches, healthcare organizations must demand more proof that their business associates are safeguarding patient data and mitigating related risks, says privacy and security expert Daniel Schroeder.
In its sixth HIPAA resolution agreement so far in 2015, the HHS Office for Civil Rights has announced a settlement with the University of Washington Medicine that includes a $750,000 penalty. It's the first HIPAA enforcement case stemming from the investigation of a phishing-related breach.
In the year ahead, federal regulators need to ramp up their efforts to enforce HIPAA compliance among business associates because so many lack mature security controls, argues security expert Mac McMillan of the consultancy CynergisTek.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.