HIPAA was enacted several years before social media networks such as Facebook and Instagram existed, so there are no specific HIPAA compliance rules for social media. However, organizations subject to HIPAA – and their workforces – must take care how social media is used to avoid violations of HIPAA and the Federal Trade Commission Act.… Read More »
What happens if a nurse violates HIPAA Compliance Rules? How are HIPAA violations dealt with and what are the penalties for individuals that accidentally or deliberately violate HIPAA and access, disclose, or share protected health information (PHI) without authorization? The Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules must… Read More »
All HIPAA covered entities must familiarize themselves with the HIPAA breach notification requirements and develop a breach response plan that can be implemented as soon as a breach of unsecured protected health information (PHI) is discovered. HIPAA training for staff must also include the procedures for reporting breaches of unsecured PHI. While most HIPAA covered… Read More »
The HIPAA definition of Covered Entities is generally explained as health plans, health care clearinghouses, and health care providers that conduct electronic transactions for which the Department of Health and Human Services (HHS) has developed standards. However, exceptions to this definition exist that can be responsible for unjustified complaints to the HHS’ Office for Civil… Read More »
Avalon Healthcare has agreed to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws with the Oregon and Utah Attorneys General that were uncovered during an investigation of a 2019 breach of the personal and protected health information of 14,500 of its employees and patients. Avalon Healthcare is part… Read More »
Fertility Centers of Illinois has proposed a $450,000 settlement to resolve a lawsuit filed on behalf of patients and employees who were affected by its February 2021 data breach. On February 1, 2021, hackers gained access to the network where sensitive employee and patient information was stored, including names, employee ID numbers, Social Security numbers,… Read More »
A settlement has been proposed by Scripps Health to resolve a consolidated class action lawsuit – In Re: Scripps Health Data Incident Litigation – to resolve all claims related to its 2021 ransomware attack. In April 2021, Scripps Health suffered a ransomware attack that was reported to the Department of Health and Human Services as… Read More »
Plaintiffs in a consolidated class action lawsuit against Meta recently sought an injunction against Meta to stop the company from collecting and transmitting data collected from the websites of healthcare providers through Meta Pixel tracking code. The plaintiffs claim the use of Meta Pixel code on appointment scheduling pages and patient portals allows sensitive information,… Read More »
Cyber insurance policies can help to cover the cost of losses from ransomware attacks, but these policies are becoming more difficult to obtain. Insurers are tightening their requirements for obtaining policies and many insurers are placing limits on underwriting amounts. Premiums are also skyrocketing, putting policies out of the reach of many healthcare organizations, if… Read More »
Southwest Louisiana Health Care System, Inc. has confirmed that the protected health information of up to 269,752 patients of Lake Charles Memorial Health System has been compromised. The Louisiana healthcare system said suspicious activity was detected by its security team on October 21, 2022, and steps were taken to contain the activity and investigate a… Read More »