Today the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $3,000,000 settlement for a disclosure of patient protected health information (“PHI”) via its FTP server.
In 2014, HHS received an email tip that the social security numbers of Touchstone Medical Imaging (“Touchstone”) patients were accessible online via an insecure…
The U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) just announced an $111,400 settlement and substantial corrective action plan for a Colorado hospital whose former employee still had access to electronic patient protected health information (“PHI”).
In 2013, Pagosa Springs Medical Center failed to de-activate a former employee’s username and password…
The U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) just announced a $125,000 settlement for a disclosure of patient protected health information (“PHI”) to a reporter.
In 2015, a patient of Allergy Associates of Hartford, P.C. (“Allergy Associates”) contacted a local TV station about a dispute that the patient had with…
HHS has published a very brief guide, in the form of a checklist, to explain the steps for a HIPAA covered entity or business associate to take in response to a cyber related security incident. You can access the checklist at this link:
Very interesting reading for those in the privacy and security space – http://www.verizonenterprise.com/DBIR/2014/.
Community Health Systems announced today, August 18th, that hackers broke into its computers and stole data on 4.5 million patients. The information included names, Social Security numbers, physical addresses, birthdays and telephone numbers. More information on the breach is available at http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/index.html
U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced yet another enforcement action. Specifically, OCR opened a compliance review of Concentra Health Services (Concentra) upon receiving a report that an unencrypted laptop was stolen from the Springfield Missouri Physical Therapy Center. The investigation revealed that Concentra had previously recognized…
A HIPAA security risk assessment (SRA) tool was recently made available through HHS. The tool was developed as a collaborative effort between the HHS Office of the National Coordinator for Health Information Technology (ONC), the HHS Office of Civil Rights (OCR) and the HHS Office of General Counsel (OGC). This SRA tool is intended to…
OCR PREPARING FOR NEXT ROUND OF HIPAA AUDITS
In a February 24, 2014 notice published in the Federal Register, the Department of Health and Human Services announced a pre-audit survey of HIPAA covered entities and business associates. The information collected will involve a survey of up to 1,200 covered…
Microsoft recently announced that, after April 8, 2014, it will not longer provide security updates or technical support for Windows XP. Microsoft’s statement that “businesses that are governed by regulatory obligations such as HIPAA may find that they are no longer able to satisfy compliance requirements” has spurred a certain level of panic among health…
