Federal regulators have slapped a Boston area hospital with a $218,000 HIPAA penalty after an investigation following two security incidents. Experts analyze the lessons that the settlement agreement offers.
Covered entities find it difficult to prevent unauthorized access to patient data by members of their staffs. Preventing breaches involving insiders at business associates can be even trickier, as an incident affecting Meritus Health illustrates.
As federal lawmakers return this week from their Independence Day recess, Congress picks up where it left off before the break: holding hearings on the Office of Personnel Management breach that exposed the personal records of millions of government workers.
President Obama proposes spending more money on cybersecurity, replacing government agencies' antiquated, unsecured systems. But what really needs to be done to thwart breaches, like the hack attack against the Office of Personnel Management?
Recent breaches and regulatory audits have sharpened the focus on third-party risks. How are healthcare entities tackling this critical topic of business associate management? Attorney David Szabo shares insights.
Well-known health data privacy expert and federal adviser Deven McGraw is joining the Department of Health and Human Services' Office for Civil Rights as its new deputy director for health information privacy, heading its HIPAA enforcement efforts.
Forget attributions of the German parliament malware outbreak to Russia, or Chancellor Angela Merkel's office being "ground zero." The real takeaway is the Bundestag's apparent lack of effective defenses or a breach-response plan.
When it comes to health data breaches, business associates are again grabbing headlines, calling attention to the importance of scrutinizing vendors. The latest incident involves a breach that wasn't reported to a covered entity for eight months.
Data security expert Kate Borten, a former CISO who's a featured speaker at the June 11 Healthcare Information Security Summit in Boston, warns healthcare organizations against overlooking key data protection steps.
Healthcare organizations' disaster recovery plans typically don't include steps to deal with looting incidents. But the April riots in Baltimore serve as a reminder that unexpected violence can result in health data breaches.
During a time of significant change for corporations, when today's modern network extends far beyond the company's physical walls, it's disturbing that companies face such well-organized and pervasive threats.
In a case also involving kidnapping and drug conspiracy, two individuals - a former hospital worker and a convicted drug trafficker - have been sentenced to prison for HIPAA privacy violations. Learn who received the maximum sentence.
A new breach reported by Heartland Payment Systems won't get much attention. But this incident could be more damaging to the undisclosed number of consumers affected than was Heartland's 2008 payment card breach.