Healthcare Information Security

HIPAA and Compliance News

Wakefern, ShopRite Pay New Jersey $235K for Fraud Act, HIPAA Violations

November 3, 2020 - The New Jersey Division of Consumer Affairs and NJ Attorney General Gurbir Grewal announced a settlement with Wakefern Food Corp and two associated ShopRite supermarkets to resolve violations of the NJ Consumer Fraud Act and HIPAA, stemming from improper records disposal. The monetary settlement includes $209,856.50 in civil penalties, along with $25,143.50 to...

Read More


Articles

New Haven Pays OCR $202K for PHI Breach of 498 Patients, HIPAA Failure

by

The Office for Civil Rights reached a settlement with the city of New Haven, Connecticut, including a $202,400 civil monetary penalty and a corrective action plan, following a breach to the protected health...

Aetna to Pay OCR $1M Over 3 Patient Data Breaches, HIPAA Violations

by

The Department of Health and Human Services Office for Civil Rights announced it reached a $1 million settlement with Aetna to resolve potential HIPAA violations stemming from three separate patient data breaches in...

Ensuring Transparency: Language to Avoid in HIPAA Breach Notifications

by

HIPAA-required breach notifications in the wake of a security incident continue to be an Achille’s heel for the healthcare sector. Many notices appear laden with flowery language that make light of an...

3 Compliance Considerations for HIPAA-Required Breach Response

by

In the wake of a breach, navigating a response to quickly eradicate the hackers from the network and reduce the impact of an attack is no easy feat. But in the healthcare sector, ensuring a response is also compliant with HIPAA...

NY Spine Settles with OCR for $100K Over HIPAA Right of Access Violation

by

The Office for Civil Rights announced yet another settlement under the 2019 HIPAA Right of Access Initiative. NY Spine Medicine will pay the agency $100,000 and agreed to a corrective action plan for failing to provide a...

Dignity Health to Pay OCR $160K for HIPAA Right of Access Failure

by

Arizona-based Dignity Health, doing business as St. Joseph’s Hospital and Medical Center (SJHMC), has agreed to corrective actions and a $160,000 enforcement action with the Office for Civil Rights, to settle...

Treasury Dept: Ransomware Payment Facilitation Could Be Sanction Risk

by

The US Department of Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory on the potential sanction risks associated with companies that facilitate ransomware payments to the threat actors on...

Anthem Settles with 44 States for $40M Over 2014 Breach of 78.8M

by

A multi-state coalition made up of 44 states and Washington, D.C reached a $39.5 million settlement with Anthem, to resolve breach claims stemming from the insurer’s 2014 cyberattack that compromised the...

Blackbaud Confirms Hackers Stole Some SSNs, as Lawsuits Increase

by

The ransomware hackers behind the massive Blackbaud ransomware attack and subsequent data breach likely had access to more unencrypted data than previously disclosed, including bank account information, Social Security numbers,...

Premera Pays OCR $6.85M to Settle HIPAA Violations, Breach of 10.4M

by

The Department of Health and Human Services Office for Civil Rights settled with Premera Blue Cross for $6.85 million and a corrective action plan, after an audit into the insurer’s 2015 data breach that impacted 10.4...

OCR Settles With Business Associate CHSPSC for $2.3 Over Breach of 6M

by

The Department of Health and Human Services Office for Civil Rights reached a $2.3 million settlement with CHSPSC, which provides services to hospitals and clinics indirectly owned by Community...

Athens Orthopedic Pays OCR $1.5M Over Systemic HIPAA Noncompliance

by

The Office for Civil Rights reached a settlement with the Athens Orthopedic Clinic for $1.5 million over a 2016 data breach caused by the notorious hacking group known as...

Patient Breach Victims File Lawsuits Against Assured Imaging, BJC Health

by

The patients impacted by two separate data breaches of Assured Imaging and BJC Healthcare have filed lawsuits against the providers, alleging security failings were behind the massive data compromises caused by...

HIPAA Compliance: ONC Updates Security Risk Assessment Tool

by

The Office of the National Coordinator (ONC) in collaboration with the Office of Civil Rights released an update to the Department of Health and Human Services Security Risk Assessment Tool designed to support small- and medium-sized...

OCR Settles with 5 Providers Over HIPAA Right of Access Violations

by

The Office for Civil Rights closed investigations and announced settlements with five providers over separate HIPAA right of access violations, which brings the total number of enforcement actions under its 2019...

Patient Data Privacy Lawsuit Against Google, UChicago Dismissed

by

The patient data privacy lawsuit brought against Google and the University of Chicago Medical Center was dismissed by a federal judge in Illinois on September 4, ruling that patient who filed the suit against the entities failed to...

OCR: IT Asset Inventory Can Improve HIPAA-Required Risk Analysis

by

The Office for Civil Rights recently shared a detailed list of IT asset inventory steps, which can help covered entities and their business associates better fulfill the HIPAA Security Rule requirement of performing a complete...

Lifespan to Pay OCR $1.04M HIPAA Penalty For Unencrypted Laptop Theft

by

The Office for Civil Rights reached a settlement with Lifespan Health System Affiliated Covered Entity over the theft of an unencrypted laptop in 2017. The Rhode Island entity will pay a $1.04 million civil...

OCR Settles with Small Provider for $25K Over Multiple HIPAA Violations

by

The Department of Health and Human Services Office for Civil Rights has reached a settlement with North Carolina-based Metropolitan Community Health Services, DBA Agape Health Services, over multiple potential HIPAA violations...

Most Read Stories

Upcoming Webcasts

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks