Safe Partner Inc. Confirmed as HIPAA Compliant

Compliancy Group has announced that Safe Partner Inc. has demonstrated it has implemented an effective HIPAA compliance program and has successfully completed its proprietary 6-stage HIPAA risk analysis and remediation process. Safe Partner Inc. is a Belmont, CA-based boutique software development and consulting company that provides a full range of software services, from design to… Read More »

FTC Seeks Comment on Health Breach Notification Rule

The U.S. Federal Trade Commission (FTC) is seeking comment on its breach notification requirements for non-HIPAA-covered entities that collect personally identifiable health information. The FTC’s Health Breach Notification Rule was introduced in 2009 as part of the American Recovery and Reinvestment Act of 2009 (ARRA). The rule took effect on August 22, 2010 and the… Read More »

Business Associate Agreement

Why Must Covered Entities Have a Business Associate Agreement? Both the HIPAA Privacy Rule and the HIPAA Security Rule require that a HIPAA covered entity enter into a business associate agreement with each of its business associates. A “business associate” is a person or entity, other than a member of the workforce of a covered… Read More »

Government Healthcare Agencies and COVID-19 Research Organizations Targeted by Nigerian BEC Scammers

Business email compromise scammers operating out of Nigeria have been targeting government healthcare agencies, COVID-19 research organizations, and pandemic response organizations to obtain fraudulent wire transfer payments and spread malware. The attacks were detected by Palo Alto Networks’ Unit 42 team researchers and have been attributed to a cybercriminal organization called SilverTerrier. SilverTerrier actors have… Read More »

CISA Issues Fresh Alert About Ongoing APT Group Attacks on Healthcare Organizations

Advanced Persistent Threat (APT) groups are continuing to target healthcare providers, pharmaceutical firms, research institutions, and others involved in the COVID-19 response, prompting a further joint alert from cybersecurity authorities in the United State and United Kingdom. The latest warning from the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the… Read More »

Healthcare Workers in Michigan and Illinois Fired for HIPAA Violations

Ann & Robert H. Lurie Children’s Hospital of Chicago has terminated an employee for improperly accessing the medical records of patients without authorization over a period of 15 months. The privacy violations were identified by the hospital on March 5, 2020. The employee’s access to hospital systems was immediately terminated while the investigation was conducted.… Read More »

Phishing Attack at BJC HealthCare Impacts Patients at 19 Hospitals

BJC Healthcare has announced that the email accounts of three of its employees have been accessed by an unauthorized individual after the employees responded to phishing emails. Suspicious activity was detected in the email accounts on March 6, 2020 and the accounts were immediately secured. A leading computer forensics firm was engaged to conduct an… Read More »