2017 and HIPAA - Health Care Compliance Brief

HIPAA complaints, breaches increased from 2017 to 2021 as HHS urges more funding

Healthcare Dive

FEBRUARY 21, 2023

The HHS Office for Civil Rights is facing a “severe strain” on its staff and budget amid rising breaches and complaints, according to the agency’s annual report to Congress.

HIPAA

HIPAA Compliance in the Age of Big Data: Ensuring Patient Privacy in Healthcare Data Analytics

HIT Consultant

DECEMBER 30, 2024

Mateusz Krempa, COO, Piwik PRO As healthcare providers increasingly embrace big data, they find themselves at a crossroads: the challenge of using relevant data to improve patient care while ensuring the highest levels of privacy and compliance with regulations like the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA

HIPAA Compliance Health Insurance Hospitals

HIPAA 2024 Year in Review – Ransomware, Risk Analysis, and Right of Access Remedies

Compliancy Group

DECEMBER 20, 2024

In 2024, the Department of Health and Human Services (HHS) Office for Civil Rights announced a series of enforcement actions against entities that violated, or potentially violated, one or more HIPAA rules. This HIPAA 2024 Year in Review article discusses these actions. Monitor and safeguard its health information systems activity.

Ransomware

Ransomware HIPAA Fraud Electronic Medical Records

Webinars

Bridging Innovation & Patient Care: The Growing Role of AI

MORE WEBINARS

Modernizing Healthcare Communications with Cloud Fax

Healthcare IT Today

DECEMBER 11, 2024

Under HIPAA compliance, healthcare organizations must ensure that all communications, including fax, are secure and meet stringent standards. By modernizing these systems with cloud-based solutions, healthcare organizations can find a balance between HIPAA compliance and operational efficiency.

Compliance

Compliance HIPAA Regulatory Compliance Hospitals

Oklahoma State University Settles HIPAA Case with OCR for $875,000

HIPAA Journal

JULY 15, 2022

OCR launched a HIPAA investigation after receiving a breach report on January 5, 2018, in response to the hacking of an OSU-CHS web server. HIPAA-covered entities are vulnerable to cyber-attackers if they fail to understand where ePHI is stored in their information systems,” said OCR Director Lisa J. 164.502(a).

HIPAA

HIPAA Compliance Medicaid Medicaid

Lack of Funding Hampering OCR’s Ability to Enforce HIPAA

HIPAA Journal

FEBRUARY 20, 2023

The HHS’ Office for Civil Rights (OCR) has published a report it sent to Congress that details its HIPAA enforcement activities in 2021, which provides insights into the state of compliance with the HIPAA Privacy, Security, and Breach Notification Rules.

HIPAA

HIPAA Compliance

OCR Announces 4 Financial Penalties to Resolve HIPAA Violations

HIPAA Journal

MARCH 29, 2022

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first financial penalties of 2022 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA). Dental Practitioner Fined $30,000 for Noncompliance with the HIPAA Right of Access. Dr. Donald Brockley D.D.M,

HIPAA

HIPAA Compliance Health Insurance

Former Methodist Hospital Employees Plead Guilty to Criminal HIPAA Violations

HIPAA Journal

APRIL 25, 2023

Five former Methodist Hospital employees have pleaded guilty to criminal violations of HIPAA for accessing and disclosing the information of patients to a third party for financial gain. The former employees were terminated for the HIPAA violations, and along with Harvey, were indicted by a federal grand jury in November 2022.

HIPAA

HIPAA Hospitals Compliance

Five Former Tennessee Hospital Employees Charged with Criminal HIPAA Violations

HIPAA Journal

NOVEMBER 15, 2022

Five former employees of Methodist Hospital in Tennessee have been indicted by a federal grand jury in Memphis for criminal violations of the Health Insurance Portability and Accountability Act (HIPAA) for impermissibly accessing the protected health information of patients and providing that information to another individual for financial gain.

HIPAA

HIPAA Hospitals Health Insurance

OCR: HIPAA-Regulated Entities Need Continue to Improve HIPAA Security Rule Compliance

HIPAA Journal

FEBRUARY 20, 2023

The Department of Health and Human Services’ Office for Civil Rights (OCR) has publicly released two reports that were submitted to Congress that provide insights into data breaches, HIPAA enforcement activity, and the state of HIPAA Privacy and Security Rule compliance for calendar year 2021.

HIPAA

HIPAA Compliance

What are the Penalties for HIPAA Violations?

HIPAA Journal

DECEMBER 24, 2022

Penalties for HIPAA violations can be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. In addition to financial penalties, covered entities are required to adopt a corrective action plan to bring policies and procedures up to the standards demanded by HIPAA. .

HIPAA

HIPAA Compliance Hospitals COVID-19

HIPAA Enforcement by State Attorneys General

HIPAA Journal

MAY 18, 2023

The Department of Health and Human Services’ Office for Civil Rights is the main enforcer of HIPAA compliance; however, state Attorneys General also play a role in enforcing compliance with the Rules of the Health Insurance Portability and Accountability Act (HIPAA). million individuals and for delayed breach notifications.

HIPAA

HIPAA Compliance Ransomware Hospitals

HIPAA Business Associate Fined $75,000 for Maintaining ePHI on an Unsecured Server

HIPAA Journal

JUNE 29, 2023

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has agreed to settle potential HIPAA violations with the HIPAA business associate, iHealth Solutions, LLC, for $75,000. The HIPAA enforcement action shows that even relatively small data breaches can be investigated by OCR and result in a financial penalty.

HIPAA

HIPAA Compliance

A Brief Quantum Medicine Policy Guide

Bill of Health

DECEMBER 6, 2024

These technologies can act as privacy enhancing techniques (PET) to ensure privacy and compliance with regulations like HIPAA and GDPR. Devices must primarily comply with Regulations (EU) 2017/745 on Medical Devices and 2017/746 on In Vitro Diagnostic Medical Devices.

FDA

FDA Governance Compliance Bioethics

What are the HIPAA Breach Notification Requirements?

HIPAA Journal

DECEMBER 31, 2022

All HIPAA covered entities must familiarize themselves with the HIPAA breach notification requirements and develop a breach response plan that can be implemented as soon as a breach of unsecured protected health information (PHI) is discovered. Summary of the HIPAA Breach Notification Rule.

HIPAA

HIPAA Compliance Ransomware

HHS Announces Restructuring Effort to Trim Backlog of HIPAA and Civil Rights Complaints

HIPAA Journal

FEBRUARY 28, 2023

Department of Health and Human Services (HHS) has restructured its Office for Civil Rights (OCR) and has created new divisions that will help improve the enforcement of HIPAA and civil rights laws and clear the current backlog of complaints and investigations. Approximately 80% of all reported data breaches are due to hacking.

HIPAA

HIPAA Health Insurance Compliance

Epic enables location services with Mapquest integration

Healthcare It News

DECEMBER 15, 2021

"Our ability to step up and commit to treating data in a HIPAA-compliant manner opens up a number of new avenues for us to bring our expertise and competitive pricing to new partners," said System1 President of Commerce and Travel, Stewart Marlborough. THE LARGER TREND.

COVID-19

COVID-19 Public Health Doctors HIPAA

OCR’s Third Phase of HIPAA Compliance Audits Underway

HIPAA Journal

MARCH 26, 2025

Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has confirmed that the long-awaited third phase of its HIPAA compliance audits is underway and will involve HIPAA compliance audits of 50 covered entities and business associates. OCRs workload has increased considerably, yet its budget has remained flat.

HIPAA

HIPAA Compliance Ransomware

Oklahoma State University Agrees to $875k HIPAA Breach Fine

Compliancy Group

JULY 15, 2022

A 2016 hacking incident that hit Oklahoma State University’s Center for Health Sciences has led to an $875,000 HIPAA breach fine settlement to address potential violations. Background of Oklahoma State University HIPAA Breach. The university announced the HIPAA breach on January 5, 2018. failure to perform an evaluation .

HIPAA

HIPAA Medicaid Medicaid Compliance

The Most Common HIPAA Violations You Should Avoid

HIPAA Journal

JANUARY 2, 2023

The settlements pursued by the Department of Health and Human Services’ Office for Civil Rights (OCR) are for egregious violations of HIPAA Rules. Settlements are also pursued to highlight common HIPAA violations to raise awareness of the need to comply with specific aspects of HIPAA Rules. Are Data Breaches HIPAA Violations?

HIPAA

HIPAA Compliance Hospitals Medicare

Survey Says: Majority Missing Key Piece of HIPAA Compliance

Compliancy Group

JUNE 3, 2022

A recent poll of webinar attendees found that barely one-third may be HIPAA compliant, based upon responses to a single question. Conducting an annual Security Risk Analysis is one of the foundational requirements of HIPAA compliance. Look at the statistics of HIPAA violations and fines. × HIPAA Compliance Simplified.

HIPAA

HIPAA Compliance Doctors Governance

How Should You Respond to an Accidental HIPAA Violation?

HIPAA Journal

JANUARY 1, 2023

The majority of HIPAA-covered entities, business associates, and healthcare employees take great care to ensure HIPAA Rules are followed, but what happens when there is accidental HIPAA. How Should Employees Report an Accidental HIPAA Violation? How Should Covered Entities Respond to an Accidental HIPAA Violation?

HIPAA

HIPAA Hospitals Compliance Health Insurance

Six Compelling Reasons to Begin Your HIPAA Compliance Journey Before the Year Ends

Total HIPAA

NOVEMBER 15, 2023

As 2023 unfolds, the urgency for entities in the healthcare sector to initiate or reinforce their HIPAA compliance cannot be overstated. Prove Your Due Diligence The decision to postpone setting up comprehensive policies, procedures, and HIPAA training could be detrimental. This first impression can be pivotal in an audit scenario.

HIPAA

HIPAA Compliance Due Diligence Health Insurance

Washington Attorney General Sues Plastic Surgery Provider for HIPAA Violations and Falsely Inflating Online Ratings

HIPAA Journal

JANUARY 6, 2023

Washington Attorney General Bob Ferguson is suing a plastic surgery provider for falsely inflating online ratings, bribing, and threatening patients, and alleges the actions of the practice violated the Health Insurance Portability and Accountability Act (HIPAA) Rules. The lawsuit was filed in the U.S.

HIPAA

HIPAA Health Insurance Compliance

Healthcare Data Breach Statistics

HIPAA Journal

MARCH 20, 2025

The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. This page is regularly updated to reflect the latest healthcare data breach statistics.

HIPAA

HIPAA Ransomware Compliance Hospitals

Community Health Network reports online tracking data breach affecting 1.5 million

Healthcare It News

DECEMBER 5, 2022

Because patient data cannot be shared under HIPAA, consumer data mining practices – which are generally criticized for lacking transparency – have long elicited medical privacy concerns. ON THE RECORD.

Fraud

Fraud HIPAA Compliance Hospitals

The Rise of AI in Telemedicine: Enhancing Efficiency and Accessibility

HIT Consultant

OCTOBER 23, 2024

AI Telemedicine solution providers must understand HIPAA and other healthcare regulations to ensure patient data privacy and security. Ha was also recognized among the 50 most influential businesswomen in 2017 and the Top 20 professional female managers by Forbes Vietnam in 2022.

Telemedicine

Telemedicine Electronic Medical Records Doctors COVID-19

Pittsburgh Counselor Fined $15,000 for HIPAA Right of Access Violation

HIPAA Journal

MAY 9, 2023

The HHS’ Office for Civil Rights has announced its 44th enforcement action under its HIPAA Right of Access initiative with a $15,000 financial penalty for David Mente, MA, LPC, a licensed counselor that provides psychotherapy services in Pittsburgh, PA. The HIPAA Right of Access allows individuals to obtain a copy of their health information.

HIPAA

HIPAA Licensing Compliance

EU and US Regulatory Challenges Facing AI Health Care Innovator Firms

Bill of Health

APRIL 4, 2024

Beyond the health care sector-specific Medical Devices Regulation (EU) 2017/745 (MDR) and the In Vitro Diagnostic Medical Devices Regulation (EU) 2017/746 (IVDR), this mix of AI & Data related regulatory requirements stems from a series of generalized, cross-sectoral EU laws of the last 5 years. Sectoral US Laws In the U.S.,

FDA

FDA Malpractice Regulatory Compliance Health Insurance

Data Breaches Reported by New Jersey Brain and Spine, Highmark Inc. and Dialyze Direct

HIPAA Journal

MARCH 23, 2022

a Pittsburgh, PA-based non-profit healthcare company and Integrated Delivery Network has recently announced that some HIPAA-protected data has been exposed in a data breach at the printing and mailing vendor, Quantum Group, which was used by its vendor, Webb Mason, which provides marketing services to Highmark. Highmark Inc.,

HIPAA

HIPAA Licensing Health Insurance Governance

OCR Fines California Dental Practice for PHI Disclosures on Yelp

HIPAA Journal

DECEMBER 14, 2022

The HHS’ Office for Civil Rights (OCR) has announced a settlement has been reached with a Californian dental practice to resolve multiple HIPAA violations that were identified during investigations of a complaint about impermissible disclosures of protected health information on the review platform Yelp.

HIPAA

HIPAA Compliance

Seattle Plastic Surgery Practice to Pay $5 Million to Resolve False Review and Illegal NDA Lawsuit

HIPAA Journal

JULY 3, 2024

A Seattle, WA, plastic surgery practice has been ordered to pay a financial penalty of $5 million to the Office of the Washington Attorney General to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA), Washington Consumer Protection Act (CPA), and the federal Consumer Review Fairness Act (CRFA).

HIPAA

HIPAA Health Insurance Doctors Compliance

The Pace of Tech-Adoption Grows Among Older Americans, AARP Finds – But Privacy Concerns May Limit Adoption

Health Populi

JANUARY 28, 2020

The same percentage of people over 50 own a voice assistant, a market penetration rate which more than doubled between 2017 and 2019, AARP noted in the 2020 Tech and the 50+ Survey published in December 2019. Under the current privacy regime of HIPAA for healthcare, indeed, we are. legislators can get on the same privacy page.

HIPAA

HIPAA Health Insurance Doctors

Children’s Hospital Colorado Fined by OCR

Compliancy Group

DECEMBER 10, 2024

In early December of 2024, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced it has issued a $548,625 civil monetary penalty (CMP) against Childrens Hospital Colorado (CHC), for the latters HIPAA compliance trip-ups: violations of the HIPAA Privacy and Security Rules.

Hospitals

Hospitals US Department of Health and Human Services HIPAA Compliance

Preparing for the Return of HIPAA Audits in 2024: Steps to Success

HIPAA Trek

OCTOBER 7, 2024

The Office for Civil Rights (OCR) audits you hoped were a thing of the past—having been discontinued since 2017—are returning. All covered entities will be subject to these HIPAA audits, and they are due to start any day now. What does that mean for you as a compliance officer?

HIPAA

HIPAA Compliance Officers Compliance

Online Alcohol Counseling Service Provider Reports 109K-record Tracking Tool Data Breach

HIPAA Journal

APRIL 14, 2023

Monument explained in its breach notification letters that an internal review was conducted in late 2022 into the use of website tracking tools after guidance was issued by the HHS’ Office for Civil Rights on pixels and other tracking tools and how they may violate the HIPAA Rules. Monument acquired Tempest in May 2022.

HIPAA

HIPAA Hospitals

The OCR HIPAA Audit Program and the HIPAA Security Rule

Compliancy Group

SEPTEMBER 18, 2024

The HITECH Act requires the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to conduct periodic audits of HIPAA covered entity and business associate compliance with the HIPAA Privacy, Security, and Breach Notification Rules. Subsequently, OCR evaluated the effectiveness of the pilot HIPAA audit program.

HIPAA

HIPAA Compliance Health Insurance

On-the-spot Email Interventions Reduce Repeat Medical Record Snooping Incidents by 95%

HIPAA Journal

APRIL 19, 2022

A study conducted by Bai, Jiang, and Flasher in 2017 found the risk of data breaches was higher at large academic medical centers than at other hospitals. The post On-the-spot Email Interventions Reduce Repeat Medical Record Snooping Incidents by 95% appeared first on HIPAA Journal.

Electronic Medical Records

Electronic Medical Records HIPAA Hospitals Compliance

FTC Issues First Financial Penalty for a Health Breach Notification Rule Violation

HIPAA Journal

FEBRUARY 2, 2023

In September 2021, the FTC issued a policy statement announcing its intention to start actively enforcing the Health Breach Notification Rule with a focus on health apps, which are generally not covered by HIPAA and data breaches are therefore not subject to the notification requirements of the HIPAA Breach Notification Rule.

Prescription Drug Pricing

Prescription Drug Pricing HIPAA Compliance Telemedicine

326,278 Aetna ACE Members Affected by Ransomware Attack at Mailing Vendor

HIPAA Journal

AUGUST 3, 2022

Aetna also experienced another mailing-related data breach in 2017 that affected 12,000 individuals. The post 326,278 Aetna ACE Members Affected by Ransomware Attack at Mailing Vendor appeared first on HIPAA Journal. EyeMed was fined $600,000 by the New York State Attorney General for security failures that led to the data breach.

Ransomware

Ransomware HIPAA Health Insurance

Breach Barometer Report Shows Over 50 Million Healthcare Records Were Breached in 2021

HIPAA Journal

MARCH 11, 2022

The report includes healthcare data breaches reported to regulators, as well as data breaches that have been reported in the media, incidents that have not been disclosed by the breached entity, and data breaches involving healthcare data at non-HIPAA-regulated entities. The data for the report was provided by databreaches.net.

HIPAA

HIPAA Ransomware Health Insurance

Arizona Man Sentenced to 54 Months in Criminal HIPAA Violation Case

HIPAA Journal

JUNE 2, 2023

An Arizona man has been sentenced to 54 months in jail for aggravated identity theft and criminal violations of the Health Insurance Portability and Accountability Act (HIPAA). Rico Prunty pleaded guilty to aggravated identity theft and criminal HIPAA violations for accessing and disclosing patients’ protected health information.

HIPAA

HIPAA Fraud Health Insurance Compliance

HIPAA Cyber Incident Response Requirements

Compliancy Group

OCTOBER 31, 2022

HIPAA requires healthcare organizations to report security incidents to the Office for Civil Rights (OCR). HIPAA defines a security incident as “ the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.”. We can help!

HIPAA

HIPAA Ransomware Compliance Hospitals

HHS Warns of Potential Threats to the Healthcare Sector

HIPAA Journal

MARCH 2, 2022

While attacks involving these malware variants are currently concentrated in Ukraine, in 2017, NotPetya wiper malware was used in targeted attacks in Ukraine and was delivered through compromised tax software, but attacks involving the malware spread globally and affected multiple healthcare organizations in the United States.

US Department of Health and Human Services

US Department of Health and Human Services Ransomware Governance HIPAA

HIPAA complaints, breaches increased from 2017 to 2021 as HHS urges more funding

HIPAA Compliance in the Age of Big Data: Ensuring Patient Privacy in Healthcare Data Analytics

Webinars

Trending Sources

HIPAA 2024 Year in Review – Ransomware, Risk Analysis, and Right of Access Remedies

Webinars

Modernizing Healthcare Communications with Cloud Fax

Oklahoma State University Settles HIPAA Case with OCR for $875,000

Lack of Funding Hampering OCR’s Ability to Enforce HIPAA

OCR Announces 4 Financial Penalties to Resolve HIPAA Violations

Former Methodist Hospital Employees Plead Guilty to Criminal HIPAA Violations

Five Former Tennessee Hospital Employees Charged with Criminal HIPAA Violations

OCR: HIPAA-Regulated Entities Need Continue to Improve HIPAA Security Rule Compliance

What are the Penalties for HIPAA Violations?

HIPAA Enforcement by State Attorneys General

HIPAA Business Associate Fined $75,000 for Maintaining ePHI on an Unsecured Server

A Brief Quantum Medicine Policy Guide

What are the HIPAA Breach Notification Requirements?

HHS Announces Restructuring Effort to Trim Backlog of HIPAA and Civil Rights Complaints

Epic enables location services with Mapquest integration

OCR’s Third Phase of HIPAA Compliance Audits Underway

Oklahoma State University Agrees to $875k HIPAA Breach Fine

The Most Common HIPAA Violations You Should Avoid

Survey Says: Majority Missing Key Piece of HIPAA Compliance

How Should You Respond to an Accidental HIPAA Violation?

Six Compelling Reasons to Begin Your HIPAA Compliance Journey Before the Year Ends

Washington Attorney General Sues Plastic Surgery Provider for HIPAA Violations and Falsely Inflating Online Ratings

Healthcare Data Breach Statistics

Community Health Network reports online tracking data breach affecting 1.5 million

The Rise of AI in Telemedicine: Enhancing Efficiency and Accessibility

Pittsburgh Counselor Fined $15,000 for HIPAA Right of Access Violation

EU and US Regulatory Challenges Facing AI Health Care Innovator Firms

Data Breaches Reported by New Jersey Brain and Spine, Highmark Inc. and Dialyze Direct

OCR Fines California Dental Practice for PHI Disclosures on Yelp

Seattle Plastic Surgery Practice to Pay $5 Million to Resolve False Review and Illegal NDA Lawsuit

The Pace of Tech-Adoption Grows Among Older Americans, AARP Finds – But Privacy Concerns May Limit Adoption

Children’s Hospital Colorado Fined by OCR

Preparing for the Return of HIPAA Audits in 2024: Steps to Success

Online Alcohol Counseling Service Provider Reports 109K-record Tracking Tool Data Breach

The OCR HIPAA Audit Program and the HIPAA Security Rule

On-the-spot Email Interventions Reduce Repeat Medical Record Snooping Incidents by 95%

FTC Issues First Financial Penalty for a Health Breach Notification Rule Violation

326,278 Aetna ACE Members Affected by Ransomware Attack at Mailing Vendor

Breach Barometer Report Shows Over 50 Million Healthcare Records Were Breached in 2021

Arizona Man Sentenced to 54 Months in Criminal HIPAA Violation Case

HIPAA Cyber Incident Response Requirements

HHS Warns of Potential Threats to the Healthcare Sector

Stay Connected