A settlement finalized this past week in a class action lawsuit filed in 1997 against Tenet Healthcare for a privacy breach involving thousands of patients' paper records offers important lessons for healthcare providers today.
Sophisticated threats require advanced threat protection. A threat-focused next-generation firewall must adhere to three strategic imperatives. Learn how these imperatives improve defense against advanced threats.
One year after HIPAA Omnibus Rule enforcement began, why do so many healthcare entities and business associates continue to struggle with even the most basic requirements? Security expert Andrew Hicks offers insights.
Once the now-delayed HIPAA compliance audits resume, federal regulators will be conducting more on-site audits and fewer remote desk audits of covered entities and business associates than originally planned.
The federal tally of major health data breaches has grown substantially in recent weeks. Incidents added over the last month provide examples of the variety of risks that healthcare entities continue to battle.
The Massachusetts attorney general has reached a $150,000 HIPAA settlement with a Rhode Island hospital in the wake of a 2012 data breach that affected 14,000 patients, most of whom were from Massachusetts.
Johns Hopkins Health System has agreed to a $190 million settlement in a privacy violation case that involved a physician using a pen-like camera to secretly photograph female patients. Learn what the organization is doing to prevent other privacy incidents.
Prosecutors in Texas have taken the rare move of pursuing criminal charges against an individual for alleged HIPAA violations. The case is a reminder that health workers can face prison time and hefty monetary fines for wrongful disclosures of PHI.
Recent dismissals of two class action lawsuits related to an Advocate Health Care data breach spotlight how difficult it can be for plaintiffs to prevail in cases where there is no evidence of damages. But some changes might be on the way.
A Florida law that takes effect July 1 toughens the state's data breach notification statute by, in part, broadening the term "personal information" to include individuals' usernames and e-mail addresses under certain circumstances.