The Office for Civil Rights (OCR) has announced its fourth cybersecurity investigation and settlement, noting a 264% increase in significant ransomware breaches since 2018. A recent settlement with a medium-sized healthcare provider involved a $250,000 payment and commitments to enhance the security of Protected Health Information (PHI). This investigation and settlement underscore the critical need
Nuanced Privacy Laws Means Healthcare Organizations Should Prioritize Protecting Personal Information
The healthcare industry is among the most highly regulated industries when it comes to privacy protections. In addition to the federal Health Insurance Portability and Accountability Act (HIPAA), healthcare providers also must comply with a growing number of state laws governing data privacy and security. Fully complying with this patchwork of privacy protections is a
New HIPAA Final Rule Imposes Added Protections for Reproductive Health Care Privacy
On April 22, 2024, the federal Department of Health and Human Services’ Office for Civil Rights (OCR) announced a final rule enhancing privacy protections relating to reproductive health care. Specifically, the final rule amends the Privacy Rule under the Health Insurance Portability and Accountability Act (HIPAA) to, among other things, establish new limits on the
AI, Phishing Attacks, Healthcare, and a $480,000 OCR Settlement under HIPAA
Phishing has long been a favorite tactic for threat actors (hackers) to commence a cyberattack. The rapid expansion of more adaptable and available artificial intelligence (AI) technologies, such as natural language processing and large language models, now fuels more ferocious phishing campaigns. The effects are being felt in many industries, perhaps most notably the healthcare
Sanction Policies Can Help Drive Cybersecurity and HIPAA Compliance, OCR Says
Many HIPAA covered entities and business associates struggle with developing and implementing a sanctions policy. What should it say, is zero-tolerance required, do we have to impose discipline in every case, etc. These are examples of frequent and thorny questions that arise in connection with the development and implementation of these policies. But they are
OCR Official Speaks About Compliance Concerns for HIPAA Covered Entities and Business Associates
What do ransomware, Yelp, and website tracking technologies all have in common? They are troubling areas of concern for HIPAA covered entities and business associates, according to one official from the federal Office for Civil Rights (OCR) which enforces the HIPAA privacy and security rules. Recently, the Executive Editor of Information Security Media Group’s (ISMG’s)
Hospital Mergers Double the Risk of a Data Breach, Study Shows
The healthcare sector is a prime target for data breaches. According to a summary by the HIPAA Journal, 32% of all data breaches between 2015 and 2022 were in the healthcare sector, “almost double the number recorded in the financial and manufacturing sectors.” Industry analysts cite to many reasons for this, including the sensitivity
ChatGPT and HIPAA, Caution is Needed, Even ChatGPT Says So!
Recently, things may have sped up a little in your doctor’s office. The notes for your recent visit may have been organized and filed a little more quickly. You might have received assistance sooner than expected with a physician letter to your carrier concerning a claim. You also may have received copies of those medical
Washington’s Governor Signs New Health Data Privacy Act
Health data privacy, including in the context of reproductive health, was strengthened last week when Washington Governor Jay Inslee signed the “My Health, My Data Act” on April 27, 2023. Set to take effect on March 31, 2024, the new law aims to address health data collected by entities not covered by the federal Health
Online Tracking Technologies Raise HIPAA Concerns
The growing use of healthcare mobile applications and websites—and the associated use of online tracking technologies—raises privacy concerns under the Health Insurance Portability and Accountability Act (HIPAA) that developers of such applications and healthcare organizations should keep in mind. Indeed, there has been an uptick in litigations filed across the country involving healthcare mobile application