HIPAA Journal

JANUARY 1, 2023

Healthcare organizations and their business associates that want to share protected health information in a HIPAA-compliant way must do so in accordance with the HIPAA Privacy Rule, which limits the possible uses and disclosures of PHI, but de-identification of protected health information means HIPAA Privacy Rule restrictions no longer apply.

HIPAA 105

HIPAA Doctors Licensing Compliance 105

HIPAA Journal

JANUARY 1, 2023

A limited data set under HIPAA is a set of identifiable healthcare information that the HIPAA Privacy Rule permits covered entities to share with certain entities for research purposes, public health activities, and healthcare operations without obtaining prior authorization from patients, if certain conditions are met.

HIPAA 98

HIPAA Licensing Public Health Compliance 98

HIPAA Journal

SEPTEMBER 12, 2023

Schneck Medical Center has agreed to pay a penalty of $250,000 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws and will implement additional safeguards to prevent further data breaches.

HIPAA 105

HIPAA Ransomware Health Insurance Fraud 105

HIPAA Journal

JANUARY 10, 2024

Stripe is not HIPAA compliant and – other than its payment processing services – should not be used by covered entities and business associates to create, collect, store, or transmit Protected Health Information (PHI). Is Stripe HIPAA Compliant? Stripe complies with multiple US and International data privacy regulations (i.e.,

HIPAA 92

HIPAA US Department of Health and Human Services Fraud Telemedicine 92

HIPAA Journal

DECEMBER 24, 2022

Penalties for HIPAA violations can be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. In addition to financial penalties, covered entities are required to adopt a corrective action plan to bring policies and procedures up to the standards demanded by HIPAA. .

HIPAA 128

HIPAA Compliance Hospitals COVID-19 128

HIPAA Journal

JULY 11, 2022

Phoenixville Hospital Fires Employee for HIPAA Violation. When the privacy violation was discovered, the employee was immediately suspended pending an internal investigation and was later fired for the HIPAA breach. Some of the accessed records included partial Social Security numbers and health insurance information.

Hospitals 124

Hospitals HIPAA Health Insurance Licensing 124

Healthcare It News

SEPTEMBER 17, 2024

The health system said that the activity of the unauthorized third party was not focused on medical or health information content in the employee email boxes. Information that may have been accessed in the social engineering attack includes: First and/or last name. Driver’s license or state-issued identification number.

Electronic Medical Records 232

Electronic Medical Records Health Insurance Payment Systems Licensing 232

Compliancy Group

FEBRUARY 23, 2022

Keeping your dental office compliant with HIPAA and OSHA regulations is one more thing to juggle. HIPAA and OSHA training for dental offices is an essential part of compliance. Be able to prove the HIPAA and OSHA training was done. Know the most common HIPAA and OSHA citations and violations. These include: HIPAA.

HIPAA 122

HIPAA Compliance Licensing 122

HIPAA Journal

JUNE 26, 2023

HIPAA enforcement discretion occurs when the Secretary for Health and Human Services (HHS) announces the Department will exercise discretion in the enforcement of HIPAA Rules. Typically, Notices of Enforcement Discretion last between 72 hours and 60 days, are state or region-specific and apply to specific provisions of the HIPAA Rules.

HIPAA 74

HIPAA COVID-19 COVID-19 Vaccine Public Health 74

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. The Biggest HIPAA Breaches of 2022. The 12 biggest HIPAA breaches of 2022 affected almost 22.66 million patients and health plan members.

HIPAA 107

HIPAA Ransomware Health Insurance Compliance 107

HIPAA Journal

JANUARY 2, 2023

The settlements pursued by the Department of Health and Human Services’ Office for Civil Rights (OCR) are for egregious violations of HIPAA Rules. Settlements are also pursued to highlight common HIPAA violations to raise awareness of the need to comply with specific aspects of HIPAA Rules. Are Data Breaches HIPAA Violations?

HIPAA 110

HIPAA Compliance Hospitals Medicare 110

HIPAA Journal

AUGUST 10, 2023

The Ottumwa Fire Department in Iowa has recently fired employees for alleged violations of the HIPAA Rules and other misconduct. Clinical information that could have been accessed included diagnoses, lab results, medications, and procedures. Kye and Keith are entitled to request a hearing.

HIPAA 94

HIPAA Ransomware Licensing Health Insurance 94

HIPAA Journal

JUNE 5, 2023

If your HIPAA-covered organization is planning to use Microsoft Teams to collect, store, share, or transmit electronic PHI, it is important to know how to make Microsoft Teams HIPAA compliant. How to Make Microsoft Teams HIPAA Compliant No software is HIPAA compliant.

HIPAA 87

HIPAA Due Diligence Compliance Licensing 87

HIPAA Journal

NOVEMBER 16, 2022

Unauthorized individuals have gained access to the email system of the Administrative Fund of the Detectives’ Endowment Association of the Police Department of the City of New York (NYCDEA) and potentially viewed or obtained the protected health information of 21,544 individuals.

HIPAA 114

HIPAA Licensing Health Insurance Fraud 114

HIPAA Journal

MAY 9, 2023

The HHS’ Office for Civil Rights has announced its 44th enforcement action under its HIPAA Right of Access initiative with a $15,000 financial penalty for David Mente, MA, LPC, a licensed counselor that provides psychotherapy services in Pittsburgh, PA. That led to the father filing a second complaint with OCR. 164.524(3).

HIPAA 79

HIPAA Licensing Compliance 79

HIPAA Journal

DECEMBER 30, 2022

Avalon Healthcare has agreed to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws with the Oregon and Utah Attorneys General that were uncovered during an investigation of a 2019 breach of the personal and protected health information of 14,500 of its employees and patients.

HIPAA 99

HIPAA Compliance Compliance Officers Licensing 99

HIPAA Journal

SEPTEMBER 8, 2022

The Michigan law firm, Warner Norcross and Judd LLP, has issued notification letters to 255,160 individuals advising them about an October 2021 security breach in which files containing their personal and protected health information were potentially accessed and exfiltrated from its systems. The breach was detected on October 22, 2021.

Fraud 118

Fraud Health Insurance Ransomware HIPAA 118

HIPAA Journal

MAY 2, 2022

6 data breaches have recently been reported by HIPAA-regulated entities that have collectively resulted in the exposure and potential theft of the protected health information of tens of thousands of individuals. Valley View Hospital did not state in its substitute breach notice what types of information had been compromised.

HIPAA 116

HIPAA Health Insurance Licensing Hospitals 116

Compliancy Group

AUGUST 17, 2022

Ivy Pay is an online payment processor that serves only licensed therapists. Healthcare providers can only use HIPAA compliant payment processors to receive payments from patients. So, is Ivy Pay HIPAA compliant? Ivy Pay and Information Protection. × Simplified HIPAA Compliance for Therapists. Learn More! ×

HIPAA 52

HIPAA Compliance Licensing 52

Compliancy Group

JANUARY 13, 2023

In a world where hundreds of millions of tweets, posts, snaps, and stories are posted on social media daily, sharing information about our lives may seem like second nature. But for those in the healthcare industry, sharing the wrong thing could result in a HIPAA violation. Social Media and HIPAA – The Basics. Telephone number.

HIPAA 52

HIPAA Licensing Doctors Nurses 52

HIPAA Journal

NOVEMBER 11, 2024

South West Family Medicine Associates South West Family Medicine Associates in Dallas, Texas, has notified 36,959 current and former patients and employees that some of their protected health information was compromised in an August security breach. The security incident was detected on August 27, 2024, and disrupted its computer systems.

Licensing 59

Licensing Health Insurance HIPAA 59

Total HIPAA

JULY 12, 2022

Also, without a properly configured website with SSL/TLS certificates, any information you access on a website that is not encrypted is easily intercepted in transit. Many internet service providers offer SSL/TLS licenses for free or for less than $100/year. Depending on a third party to protect your information.

HIPAA 98

HIPAA Compliance Licensing COVID-19 98

HIT Consultant

NOVEMBER 21, 2021

Information exchange and data availability are now a cost of doing business but establishing a robust strategy for that exchange and compliance with the new regulation from the Office of the National Coordinator for Health Information Technology takes careful planning. Understand what constitutes “Electronic Health Information”.

Public Health 98

Public Health Compliance HIPAA Governance 98

HIPAA Journal

JULY 8, 2024

Pennsylvania has updated its data breach notification law, narrowing the definition of personal information, adding the requirement to notify the state Attorney General, and requiring credit monitoring services to be provided to data breach victims in certain circumstances. The amended law takes effect on September 26, 2024.

Licensing 126

Licensing HIPAA Health Insurance Compliance 126

HIPAA Journal

MARCH 16, 2023

Florida Medical Clinic, NorthStar Emergency Medical Services, Denver Public Schools, Wichita Urology Group, and The Bone & Joint Clinic have recently reported hacking incidents and the exposure and potential theft of protected health information. No financial information was compromised, and only 115 Social Security numbers were exposed.

Electronic Medical Records 68

Electronic Medical Records Health Insurance Ransomware HIPAA 68

HIPAA Journal

NOVEMBER 16, 2022

A former employee of Axia Women’s Health in Pennsylvania has been charged in a 39-count indictment for stealing patient information for personal gain. The information stolen by Latimer was used to open credit cards and make purchases totaling more than $31,000.

Licensing 68

Licensing HIPAA 68

Compliancy Group

APRIL 19, 2023

Wondering why your practice or organization should be HIPAA compliant? In the United States, the Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to regulate the handling and protecting confidential medical information. million per year for each violation of HIPAA.

HIPAA 52

HIPAA Compliance Licensing Health Insurance 52

Healthcare IT Today

OCTOBER 25, 2023

Sriram Rajagopalan , Enterprise Agile Evangelist at Inflectra Today’s most significant risk regarding security and privacy issues in health services is consumers’ need for more awareness of personal health information. Technology is growing faster than we can catch up, and we are giving away our personal information too soon.

HIPAA 114

HIPAA Licensing Doctors Nurses 114

HIPAA Journal

SEPTEMBER 8, 2022

The Michigan law firm, Warner Norcross and Judd LLP, has issued notification letters to 255,160 individuals advising them about an October 2021 security breach in which files containing their personal and protected health information were potentially accessed and exfiltrated from its systems. The breach was detected on October 22, 2021.

Fraud 93

Fraud Health Insurance Ransomware HIPAA 93

HIPAA Journal

NOVEMBER 12, 2024

Cyberattacks involving unauthorized access to patient information have been reported by Physical Medicine & Rehabilitation Center in New Jersey (4,083 records) and Orthopedics Rhode Island(500 records). Passwords were reset and policies and procedures have been reviewed.

Health Insurance 49

Health Insurance Fraud Licensing HIPAA 49

Total HIPAA

MARCH 29, 2023

In this blog post, we review nine email encryption vendors ( Barracuda, Egress, Hushmail, Indentillect, LuxSci, MailHippo, NeoCertified, Protected Trust, ProtonMail, Rmail, & Virtru ) who provide HIPAA compliant email encryption services that will keep your information safe when in transit. Setup takes less than 30 minutes.

HIPAA 52

HIPAA Compliance Licensing COVID-19 52

HIPAA Journal

JULY 4, 2024

SkinCure Oncology has notified 13,434 patients about an email attack that occurred in June 2023, and the Wisconsin Department of Health Services has announced a breach of the personal information of 19,150 Medicaid recipients. Further information can be contained by calling SkinCure Oncology’s helpline – (866) 528-8844.

Medicaid 123

Medicaid Medicaid Fraud Licensing 123

HIPAA Journal

APRIL 25, 2024

Politzer and Durocher, PLC, which does business as Optometric Physicians of Middle Tennessee (OPMT), has recently reported a hacking incident to the HHS Office for Civil Rights involving the personal and protected health information of 29,000 individuals. Advarra is notifying the affected individuals on behalf of Moffitt Cancer Center.

Licensing 114

Licensing HIPAA Ransomware 114

HIPAA Journal

JULY 5, 2024

The Mount Kisco Surgery Center, doing business as the Ambulatory Surgery Center of Westchester in New York, has recently notified 22,139 patients that some of their protected health information has been exposed and potentially stolen. That process was completed on May 30, 2024, and then address information was verified.

Health Insurance 79

Health Insurance Licensing HIPAA 79

HIPAA Journal

NOVEMBER 12, 2024

Health & Palliative Services of the Treasure Coast in Florida and Universal Health Corporation in Virginia have discovered unauthorized access to their email systems and the exposure of patients’ protected health information. The final list of affected patients was manually reviewed, and that process was completed on September 27, 2024.

HIPAA 49

HIPAA Licensing Health Insurance Medicaid 49

HIPAA Journal

APRIL 23, 2024

A cybersecurity firm was engaged to investigate the disruption and confirmed that unauthorized individuals accessed its network and exfiltrated files containing the personal information of residents. It took more than 10 months (April 10, 2024) to determine the types of information involved and the number of individuals affected.

Ransomware 115

Ransomware Fraud Licensing HIPAA 115

HIPAA Journal

NOVEMBER 8, 2023

Third-party forensics experts were engaged to investigate the breach and determined that its systems were compromised between September 1, 2023, and September 5, 2023, and during that time, files were exfiltrated that contained personal and protected health information.

Ransomware 118

Ransomware Licensing Health Insurance HIPAA 118