The HHS’ Office for Civil Rights has announced its second financial penalty of 2023 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA). Banner Health has agreed to pay a financial penalty of $1,250,000 and adopt a corrective action plan to resolve the alleged HIPAA Security Rule violations. Phoenix, AZ-based Banner… Read More »
The Federal Trade Commission’s Health Breach Notification Rule requires vendors of personal health records and related entities to issue notifications to consumers in the event of a breach of unsecured personal records. The rule took effect in 2009, yet compliance has not been enforced. That has now changed. Yesterday, the FTC issued its first penalty… Read More »
In 2022 the Office for Civil Rights (OCR) did not slow down its enforcement actions. Over 55% of HIPAA fines in 2022 were levied against small medical practices. Watch this recorded webinar to learn about: The breaches and fines of 2022 (what caused them and who was affected). How to protect yourself from committing a… Read More »
In late January, the U.S. Occupational Safety and Health Administration (OSHA) at the U.S. Department of Labor published new enforcement guidance which will see the agency adopt a much more aggressive stance on serious violations of the Occupational Safety and Health Act (OSH Act) in an effort to improve OSH Act compliance. OSHA will be… Read More »
When a data breach occurs and sensitive information is disclosed, the HIPAA Breach Notification Rule requires affected individuals to be notified. The FTC Health Breach Notification Rule also has breach reporting requirements, and all 50 states have enacted data breach notification laws. What is lacking in many of these regulations – at both the federal… Read More »
UCLA Health Announces Pixel-Related Data Breach UCLA Health has recently started notifying approximately 94,000 patients about an impermissible disclosure of their protected health information to certain unnamed service providers due to the use of analytics tools on its website and mobile app. UCLA Health said analytics tools were used to better understand how patients interacted… Read More »
San Andreas Regional Center has agreed to settle a class action lawsuit that was filed in response to a July 2021 ransomware attack in which hackers gained access to the personal information of more than 57,000 patients The San Jose, CA-based healthcare provider supports individuals with developmental disabilities through its facilities in the Santa Clara,… Read More »
The pro-Russian hacking group, Killnet, is conducting a campaign of Distributed Denial of Service (DDoS) attacks on U.S. hospitals in apparent retaliation for U.S. support of Ukraine. The attacks started a few days after the United States and other countries agreed to provide tanks to Ukraine to help with the fight against the Russian invasion.… Read More »
The National HIPAA Summit is the leading forum on healthcare EDI, privacy, breach notification, confidentiality, data security, and HIPAA compliance, and the deadline for registration for the Virtual 40th National HIPAA Summit is fast approaching. The event provides a tremendous opportunity for learning through HIPAA workforce training sessions and keynote speeches from top government officials… Read More »
Katherine Shaw Bethea (KSB) Hospital in Dixon, IL, has proposed a $380,000 settlement to resolve claims related to a September 2021 data breach at a business associate of the hospital. KSB Hospital used the Scottsbluff, NE-based healthcare accounts receivables service provider, Magnet Solutions, for billing-related services. Between September 17 and September 20, 2021, Magnet Solutions… Read More »