Health Insurance, HIPAA and Licensing - Health Care Compliance Brief

Atrium Health responds to new social engineering attack

Healthcare It News

SEPTEMBER 17, 2024

Driver’s license or state-issued identification number. Health insurance and/or treatment cost information, such as patient identification numbers and health insurance account or policy numbers. Social Security number. Date of birth. Medical record number. Bank or financial account numbers or information.

Electronic Medical Records

Electronic Medical Records Health Insurance Payment Systems Licensing

What are the Penalties for HIPAA Violations?

HIPAA Journal

DECEMBER 24, 2022

Penalties for HIPAA violations can be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. In addition to financial penalties, covered entities are required to adopt a corrective action plan to bring policies and procedures up to the standards demanded by HIPAA. .

HIPAA

HIPAA Compliance Hospitals COVID-19

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

HIPAA Journal

MAY 2, 2022

6 data breaches have recently been reported by HIPAA-regulated entities that have collectively resulted in the exposure and potential theft of the protected health information of tens of thousands of individuals. La Casa de Salud, New York. Valley View Hospital, Colorado.

HIPAA

HIPAA Health Insurance Licensing Hospitals

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

HIPAA Journal

SEPTEMBER 12, 2023

Schneck Medical Center has agreed to pay a penalty of $250,000 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws and will implement additional safeguards to prevent further data breaches.

HIPAA

HIPAA Ransomware Health Insurance Fraud

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

HIPAA Journal

NOVEMBER 16, 2022

The review of the compromised email accounts confirmed they contain information such as names, addresses, dates of birth, driver’s license numbers, state identification card numbers, financial account numbers, usernames and passwords, payment card information, medical histories, and health insurance information.

HIPAA

HIPAA Licensing Health Insurance Fraud

The Most Common HIPAA Violations You Should Avoid

HIPAA Journal

JANUARY 2, 2023

The settlements pursued by the Department of Health and Human Services’ Office for Civil Rights (OCR) are for egregious violations of HIPAA Rules. Settlements are also pursued to highlight common HIPAA violations to raise awareness of the need to comply with specific aspects of HIPAA Rules.

HIPAA

HIPAA Compliance Hospitals Medicare

Protected Health Information (PHI): Everything You Need to Know about HIPAA and PHI

Total HIPAA

MAY 23, 2022

What is Protected Health Information (PHI)? The Health Insurance Portability and Accountability Act ( HIPAA ) is a 1996 federal law that regulates privacy standards in the healthcare sector. Since 1996, Congress has passed additional laws to adapt HIPAA in accordance with new technological advancements.

HIPAA

HIPAA Due Diligence Compliance Health Insurance

Editorial: Lessons from Biggest HIPAA Breaches of 2022

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. The Biggest HIPAA Breaches of 2022. The 12 biggest HIPAA breaches of 2022 affected almost 22.66 million patients and health plan members.

HIPAA

HIPAA Ransomware Health Insurance Compliance

Who’s Liable for Bad Medical Advice in the Age of ChatGPT?

Bill of Health

JUNE 5, 2023

medical licensing exam , diagnose illnesses , and even outshine human doctors on measures of perceived empathy , raising many questions about how AI will reshape health care as we know it. In the field of medicine, ChatGPT already has been reported to ace the U.S. But what happens when AI gets things wrong?

Malpractice

Malpractice FDA HIPAA Doctors

Multiple Class Action Lawsuits Filed Against City of Hope National Medical Center Over Data Breach

HIPAA Journal

APRIL 25, 2024

The exposed and stolen data included contact information, Social Security numbers, driver’s license numbers, financial information, health insurance information, medical records, medical histories, diagnoses/conditions, and health insurance information.

Fraud

Fraud Health Insurance HIPAA Licensing

Eastern Ozarks Regional Health Sued by Arkansas AG for Failure to Secure Patient Data

HIPAA Journal

MARCH 18, 2022

Country Medical Services had run the hospital for 9 years; however, an investigation by the state Department of Health identified almost 3 dozen potential violations of the Emergency Medical Treatment and Labor Act, as the hospital was unable to provide emergency services. I am holding the hospital and its owners accountable.”.

Licensing

Licensing HIPAA Hospitals Health Insurance

Logan Health Medical Center Cyberattack Affects More Than 213,000 Patients

HIPAA Journal

FEBRUARY 23, 2022

A review of the files on the affected server revealed they contained patient information including names, addresses, medical record numbers, dates of birth, telephone numbers, email addresses, insurance claim information, date(s) of service, treating/referring physician, medical bill account number, and/or health insurance information.

Electronic Medical Records

Electronic Medical Records HIPAA Health Insurance Medical Billing

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

HIPAA Journal

MAY 24, 2022

The post Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack appeared first on HIPAA Journal. A class action lawsuit has already been filed on behalf of individuals affected by the breach.

Ransomware

Ransomware Licensing HIPAA Health Insurance

EU and US Regulatory Challenges Facing AI Health Care Innovator Firms

Bill of Health

APRIL 4, 2024

The main federal health privacy law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) applies only to “covered entities” like health insurers, claims- processing clearinghouses, and health care providers and their business associates, and only to a subset of protected health care information.

FDA

FDA Malpractice Regulatory Compliance Health Insurance

Avalon Healthcare Settles HIPAA Case with Oregon and Utah State AGs and Pays $200,000 Penalty

HIPAA Journal

DECEMBER 30, 2022

Avalon Healthcare has agreed to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws with the Oregon and Utah Attorneys General that were uncovered during an investigation of a 2019 breach of the personal and protected health information of 14,500 of its employees and patients.

HIPAA

HIPAA Compliance Compliance Officers Licensing

6 Healthcare Providers and Business Associates Report Hacks and Ransomware Attacks

HIPAA Journal

MARCH 10, 2022

The files exfiltrated from its systems included the protected health information of patients. Individuals whose Social Security number, driver’s license, state identification number, or financial account information may have been involved have been offered complimentary credit monitoring services.

Ransomware

Ransomware Licensing Health Insurance HIPAA

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

HIPAA Journal

OCTOBER 17, 2022

The exposed information included names, dates of birth, Social Security numbers, driver’s license numbers, clinical/diagnosis information, health insurance member ID numbers, medical record numbers, and Medicare or Medicaid numbers. No evidence of data theft or misuse of information has been detected.

Health Insurance

Health Insurance Licensing Fraud HIPAA

Email Incidents Reported by Ultimate Care, CareOregon Advantage, and University Medical Center Southern Nevada

HIPAA Journal

MARCH 25, 2022

AHA discovered the email breach in early September 2021 and determined on December 2, 2021, that files containing the protected health information of its healthcare provider clients had been accessed. UMC was a victim of a REvil ransomware attack in June 2021 that resulted in the theft of the protected health information of 1.3

Health Insurance

Health Insurance Licensing Ransomware Fraud

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

HIPAA Journal

JULY 5, 2022

Individuals who had their Social Security numbers or driver’s license numbers exposed have been offered complimentary credit monitoring and identity theft protection services. The post Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care appeared first on HIPAA Journal.

Licensing

Licensing Electronic Medical Records Health Insurance Hospitals

SuperCare Health Sued Over 318,000-Record Data Breach

HIPAA Journal

APRIL 15, 2022

The incident involved the exposure and potential theft of the protected health information of 318,400 patients, including names, addresses, birth dates patient account numbers, medical record numbers, health insurance information, testing, diagnostic, treatment, and claims information.

Electronic Medical Records

Electronic Medical Records HIPAA Health Insurance Fraud

Carolina Behavioral Health Alliance Reports Breach of the PHI of 130,000 Health Plan Members

HIPAA Journal

JULY 14, 2022

The affected email accounts included names, Social Security numbers, driver’s licenses, financial account information, usernames and passwords, passport numbers, biometric data, medical information, health insurance information, electronic/digital signatures, and employer-assigned identification numbers.

Licensing

Licensing Health Insurance Ransomware HIPAA

15,000 Patients Affected by Philadelphia FIGHT Community Health Centers Cyberattack

HIPAA Journal

FEBRUARY 16, 2022

The information potentially compromised in the attack included names, dates of birth, Social Security numbers, medical diagnoses, treatment information, and health insurance information. Vendor Email Account Breach Affects Over 6,000 Memorial Hermann Health System Patients.

Electronic Medical Records

Electronic Medical Records Health Insurance Licensing HIPAA

Capital Region Medical Center and Labette Health Announce Potential PHI Breaches

HIPAA Journal

MARCH 14, 2022

CRMC said at this stage of the investigation it does not appear that the attackers gained access to its electronic medical record database; however, the files accessed or potentially accessed by the attackers included information such as patient names, addresses, birth dates, medical information, and health insurance information.

Electronic Medical Records

Electronic Medical Records Health Insurance HIPAA Licensing

Ottumwa Fire Department Fires Employees for Misconduct and HIPAA Violations

HIPAA Journal

AUGUST 10, 2023

The Ottumwa Fire Department in Iowa has recently fired employees for alleged violations of the HIPAA Rules and other misconduct. The post Ottumwa Fire Department Fires Employees for Misconduct and HIPAA Violations appeared first on HIPAA Journal. The information involved varied from individual to individual.

HIPAA

HIPAA Ransomware Licensing Health Insurance

Pennsylvania’s Updated Breach Notification Law Requires Credit Monitoring Services for Breach Victims

HIPAA Journal

JULY 8, 2024

Credit monitoring services must be provided if a consumer reporting agency is required to be notified by law and if the breach involved an individual’s Social Security number, bank account number, driver’s license number, or state identification number.

Licensing

Licensing HIPAA Health Insurance Compliance

Healthcare Organizations Report Email Compromises, Hacking Incidents and Other ePHI Exposures

HIPAA Journal

MARCH 4, 2022

Those files included information such as names, contact information, dates of birth, Social Security numbers, driver’s license numbers, treatment and diagnosis information, and/or health insurance information. The breach has been reported to the HHS’ Office for Civil Rights as affecting 10,324 individuals.

Health Insurance

Health Insurance Licensing HIPAA

Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center

HIPAA Journal

JULY 11, 2022

Phoenixville Hospital Fires Employee for HIPAA Violation. According to the hospital operator, Tower Health, the unauthorized access was discovered during a routine audit of medical record access logs. Some of the accessed records included partial Social Security numbers and health insurance information.

Hospitals

Hospitals HIPAA Health Insurance Licensing

Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack

HIPAA Journal

AUGUST 3, 2022

The two health insurance firms confirmed they had been affected in late February 2022, with PracticeMax publicly reporting the breach in the fall of 2021. The post Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack appeared first on HIPAA Journal.

Ransomware

Ransomware Health Insurance Licensing HIPAA

Cyberattack on SuperCare Health Affects 318,000 Patients

HIPAA Journal

APRIL 7, 2022

A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed. SuperCare Health said the security breach prompted a review of its security safeguards and additional security measures have now been implemented to better protect the personal and protected health information of its patients.

Licensing

Licensing HIPAA Health Insurance Hospitals

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

HIPAA Journal

OCTOBER 7, 2022

HIPAA Journal has not yet been able to establish exactly how many Anthem Blue Cross members have been affected. No financial information, Social Security numbers, or driver’s license numbers were taken. The post PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon appeared first on HIPAA Journal.

HIPAA

HIPAA Health Insurance Medicaid Medicaid

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

HIPAA Journal

SEPTEMBER 9, 2022

Those emails contained patient information such as names, dates of birth, Social Security numbers, medical information, health insurance information, driver’s license numbers, and state ID numbers. The post Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

Licensing

Licensing Health Insurance Fraud HIPAA

November 8, 2023, Healthcare Data Breach Round-Up

HIPAA Journal

NOVEMBER 8, 2023

Third-party forensics experts were engaged to investigate the breach and determined that its systems were compromised between September 1, 2023, and September 5, 2023, and during that time, files were exfiltrated that contained personal and protected health information.

Ransomware

Ransomware Licensing Health Insurance HIPAA

Kisco Senior Living & Island Ambulatory Surgery Center Disclose Summer 2023 Cyberattacks

HIPAA Journal

APRIL 23, 2024

The review of the affected files was completed on February 7, 2024, and confirmed some or all of the following information was compromised: name, date of birth, Social Security number, driver’s license number, medical information, and/or health insurance information.

Ransomware

Ransomware Fraud Licensing HIPAA

Texas Retina Associates Cyberattack Affects 312,000 Patients

HIPAA Journal

JULY 3, 2024

The file review confirmed that the exposed data included first and last name, address, phone number, email address, birth date, gender, Social Security number, medical record number, clinical information, prescription information, medical information, health information, and health insurance information.

Ransomware

Ransomware Health Insurance Hospitals HIPAA

Cyberattacks Reported by Bienville Orthopaedic Specialists and Just Kids Dental

HIPAA Journal

SEPTEMBER 8, 2023

For patients, the affected information included name, address, email, phone number(s), birth date, Social Security number, driver’s license number, health insurance policy information, treatment information including radiographic images, medical record number, account number, and health conditions.

Licensing

Licensing Ransomware Health Insurance HIPAA

Data Breaches Reported by CareFirst Administrators, Legacy Health & Blakehurst

HIPAA Journal

DECEMBER 14, 2022

One of the compromised email accounts was determined to contain the protected health information of CFA members, including names, addresses, birth dates, Social Security numbers, health insurance information, medical information, and billing and claims information. Patients started to be notified on November 23, 2022.

Health Insurance

Health Insurance HIPAA Licensing

Data Breaches Reported by New Jersey Brain and Spine, Highmark Inc. and Dialyze Direct

HIPAA Journal

MARCH 23, 2022

a Pittsburgh, PA-based non-profit healthcare company and Integrated Delivery Network has recently announced that some HIPAA-protected data has been exposed in a data breach at the printing and mailing vendor, Quantum Group, which was used by its vendor, Webb Mason, which provides marketing services to Highmark. Highmark Inc.,

HIPAA

HIPAA Licensing Health Insurance Governance

Round Up of Recent Hacking Incidents and Email Account Breaches

HIPAA Journal

JANUARY 13, 2023

Quality Behavioral Health in Washington has recently reported a hacking incident to the HHS’ Office for Civil Rights that has affected 500 individuals – a number often used as a placeholder until the full extent of a data breach is known in order to meet the HIPAA Breach Notification Rule reporting requirements.

Health Insurance

Health Insurance Licensing HIPAA Hospitals

Insider Breaches Reported by Providence Mission Heritage Endocrinology & Samaritan Health Services

HIPAA Journal

JULY 5, 2024

The nature of the access was not disclosed; however, Providence said there is an active investigation by the California Department of Insurance. The review confirmed that only names, State IDs, driver’s license numbers, and health insurance coverage information were accessed.

Licensing

Licensing HIPAA Health Insurance Hospitals

Solara Medical Supplies Proposes $5 Million Settlement to Resolve Class Action Data Breach Lawsuit

HIPAA Journal

APRIL 26, 2022

The forensic investigation confirmed that the sensitive information of 114,007 of its customers had been exposed and potentially stolen, including names, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, and financial information.

HIPAA

HIPAA Licensing Health Insurance

Credential Stuffing Attack Exposed United HealthCare Member Data

HIPAA Journal

MAY 2, 2023

The accounts subjected to unauthorized access included information such as names, birthdates, addresses, health insurance member ID numbers, service dates, provider names, claim details, and group names and numbers. No Social Security numbers, financial information, or driver’s license numbers were exposed.

Licensing

Licensing Health Insurance Hospitals HIPAA

235,000 Keystone Health Patients Affected by August 2022 Cyberattack

HIPAA Journal

OCTOBER 18, 2022

Prompt notification is a requirement of the HIPAA Breach Notification Rule and is important for patients, as it allows them to take appropriate steps to protect themselves against misuse of their information. The post 235,000 Keystone Health Patients Affected by August 2022 Cyberattack appeared first on HIPAA Journal.

HIPAA

HIPAA Health Insurance Licensing Medicaid

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

HIPAA Journal

MARCH 29, 2023

While there have been no reported instances of misuse of patient data, OU Health could not rule out unauthorized access to patient data. The post Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals appeared first on HIPAA Journal.

Hospitals

Hospitals Ransomware Licensing Health Insurance

San Juan Regional Medical Center Settles Data Breach Lawsuit

HIPAA Journal

DECEMBER 2, 2022

While legal action was not taken over a HIPAA violation, the lawsuit alleged the lack of appropriate safeguards constituted a HIPAA violation. The post San Juan Regional Medical Center Settles Data Breach Lawsuit appeared first on HIPAA Journal. All claims must be submitted by February 8, 2023.

Licensing

Licensing HIPAA Ransomware Health Insurance

Atrium Health responds to new social engineering attack

What are the Penalties for HIPAA Violations?

Trending Sources

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

6 HIPAA Regulated Entities Report Phishing Attacks and Unauthorized Email Account Access

The Most Common HIPAA Violations You Should Avoid

Protected Health Information (PHI): Everything You Need to Know about HIPAA and PHI

Editorial: Lessons from Biggest HIPAA Breaches of 2022

Who’s Liable for Bad Medical Advice in the Age of ChatGPT?

Multiple Class Action Lawsuits Filed Against City of Hope National Medical Center Over Data Breach

Eastern Ozarks Regional Health Sued by Arkansas AG for Failure to Secure Patient Data

Logan Health Medical Center Cyberattack Affects More Than 213,000 Patients

Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack

EU and US Regulatory Challenges Facing AI Health Care Innovator Firms

Avalon Healthcare Settles HIPAA Case with Oregon and Utah State AGs and Pays $200,000 Penalty

6 Healthcare Providers and Business Associates Report Hacks and Ransomware Attacks

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

Email Incidents Reported by Ultimate Care, CareOregon Advantage, and University Medical Center Southern Nevada

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

SuperCare Health Sued Over 318,000-Record Data Breach

Carolina Behavioral Health Alliance Reports Breach of the PHI of 130,000 Health Plan Members

15,000 Patients Affected by Philadelphia FIGHT Community Health Centers Cyberattack

Capital Region Medical Center and Labette Health Announce Potential PHI Breaches

Ottumwa Fire Department Fires Employees for Misconduct and HIPAA Violations

Pennsylvania’s Updated Breach Notification Law Requires Credit Monitoring Services for Breach Victims

Healthcare Organizations Report Email Compromises, Hacking Incidents and Other ePHI Exposures

Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center

Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack

Cyberattack on SuperCare Health Affects 318,000 Patients

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

November 8, 2023, Healthcare Data Breach Round-Up

Kisco Senior Living & Island Ambulatory Surgery Center Disclose Summer 2023 Cyberattacks

Texas Retina Associates Cyberattack Affects 312,000 Patients

Cyberattacks Reported by Bienville Orthopaedic Specialists and Just Kids Dental

Data Breaches Reported by CareFirst Administrators, Legacy Health & Blakehurst

Data Breaches Reported by New Jersey Brain and Spine, Highmark Inc. and Dialyze Direct

Round Up of Recent Hacking Incidents and Email Account Breaches

Insider Breaches Reported by Providence Mission Heritage Endocrinology & Samaritan Health Services

Solara Medical Supplies Proposes $5 Million Settlement to Resolve Class Action Data Breach Lawsuit

Credential Stuffing Attack Exposed United HealthCare Member Data

235,000 Keystone Health Patients Affected by August 2022 Cyberattack

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

San Juan Regional Medical Center Settles Data Breach Lawsuit

Stay Connected