In a recent blog post, Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA) explained that for Cybersecurity Awareness Month she has been traveling the country promoting cybersecurity best practices, explaining the steps that everyone can take to stay safe online, and stressing the importance of enabling multi-factor authentication on email accounts,… Read More »
A round-up of healthcare data breaches that have recently been reported to the HHS’ Office for Civil Rights and State Attorneys General. Delaware Department of Health and Social Services – Database Misconfiguration The Delaware Department of Health and Social Services, Division of Developmental Disabilities Services (DDDS) has recently discovered a misconfiguration occurred when creating new… Read More »
A former employee of Main Line Women’s Healthcare in Bryn Mawr, PA, was discovered to be accessing and photographing patient records using a personal cellphone. The investigation into the breach indicates the records of 804 patients of the OB/GYN practice were accessed and photographed. When the HIPAA violation was detected, the employee was immediately suspended… Read More »
A relatively new data extortion and ransomware gang known as Daixin team is actively targeting U.S. healthcare organizations, prompting a warning from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). Daixin Team first appeared on the radar in June 2022, with… Read More »
Meta is facing further scrutiny of its privacy practices related to its Meta Pixel JavaScript code, which has been added to the websites and web applications of many U.S. hospitals to allow them to track user activity. Meta Pixel is a snippet of JavaScript code that can be used by website owners for tracking user… Read More »
WakeMed Health and Hospitals, a health system with multiple healthcare facilities in metropolitan Raleigh, NC, has recently notified around 495,000 patients that some of their protected health information may have been impermissibly disclosed to Meta/Facebook due to the use of Meta Pixel tracking code on its website. The privacy violation was announced by the health… Read More »
Neurology MIND Care PLLC, a private practice in Merrick, NY that specializes in cognitive behavioral neurology and dementia consultations, has recently been confirmed as having an effective HIPAA compliance program by Compliancy Group. The healthcare services provided by Neurology MIND Care naturally involve contact with patients’ identifiable protected health information, which requires compliance with the… Read More »
There are – and always have been – gaps in HIPAA and, after more than a quarter of a century, some have yet to be addressed. Most of the gaps in HIPAA are attributable to omissions from the original Act, provisions of HIPAA and HITECH that have never been enacted, and the increasing use of… Read More »
63 data breaches of 500 or more records were reported to the HHS’ Office for Civil Rights in September, bringing an end to the downward trend in data breaches seen over the previous three months. September’s total was above the 12-month average of 59 breaches a month, with data breaches being reported at a rate… Read More »
Most sources of information answering the question when can PHI be disclosed refer to the standards of the HIPAA Privacy Rule that specify the required and permissible uses and discloses of PHI, and those that require the consent or authorization of the individual (§164.502 – §164.514). However, it is important to be aware that there… Read More »