All HIPAA articles
-
News Brief
HHS creates new enforcement office for health privacy
The Department of Health and Human Services and its office responsible for enforcing health privacy reorganized so it can sharpen enforcement of cybersecurity and data breaches.
-
News Brief
HHS reports: Compliance reviews, health data breaches up
The number of compliance reviews by the Department of Health and Human Services of health organizations increased between 2017 and 2021, according to the agency’s latest reports to Congress.
-
News Brief
Banner Health to pay $1.25M over HIPAA Security Rule lapses
Banner Health agreed to pay $1.25 million as part of a settlement with the Department of Health and Human Services addressing violations of the Health Insurance Portability and Accountability Act Security Rule regarding a 2016 data breach.
-
News Brief
GoodRx facing $1.5M fine over improper sharing of health data
GoodRx agreed to pay $1.5 million as part of a settlement reached with the Federal Trade Commission addressing allegations the telemedicine and prescription drug discount provider shared personal health data with third parties for advertising purposes.
-
Article
Dems seek stronger HIPAA privacy for abortion patients
Democratic senators are urging the Department of Health and Human Services to strengthen federal health privacy protections for abortion patients by updating the HIPAA Privacy Rule.
-
Article
Proposed NIST cybersecurity guide incorporates HIPAA Security Rule
The National Institute of Standards and Technology is seeking comment on proposed guidance intended to help healthcare organizations that fall under the regulatory umbrella of the Health Insurance Portability and Accountability Act’s Security Rule.
-
Article
OSHA halts implementation of Biden vaccine policy
The Occupational Safety and Health Administration has suspended implementation and enforcement of its guidance ordering companies with more than 100 employees to develop a COVID-19 vaccine policy by Jan. 4.
-
Webcast
CPE Webcast: Streamlining HIPAA & HITRUST compliance with an alternative reporting approach
Your organization might be using HITRUST to manage multiple compliance initiatives, including HIPAA, NIST and the ISOs. The framework sets up a good set of practices that lend well to various privacy regulations and standards, yet connecting all that data for fast reporting is where most organization’s hit a wall. ...
-
Article
Excellus Health Plan fined $5.1M for 2015 data breach
The U.S. Department of Health and Human Services’ Office for Civil Rights fined Excellus Health Plan $5.1 million for failures relating to a 2015 data breach that exposed the personal information of 9.3 million individuals.
-
Article
Breach costs Premera Blue Cross $6.85M; second-largest HIPAA fine
Premera Blue Cross has agreed to pay $6.85 million in a settlement with the U.S. Department of Health and Human Services regarding a 2014 data breach that affected the personal and health plan information of over 10.4 million people.
-
Article
CCPA, SHIELD Act to take back seat during coronavirus pandemic?
With state attorneys general now fixated on “stay at home” directives amid the coronavirus pandemic, oversight of data privacy regulation may dip. But consumers—and the plaintiffs’ bar—are still watching.
-
Article
GoodRx’s mea culpa: Lessons for internet companies handling personal health data
Telemedicine platform GoodRx has committed to enhancements of its consumer data protection after Consumer Reports called out its sharing practices regarding personal health information.
-
Article
California AG seeks federal data privacy legislation modeled on CCPA
In a letter to Congressional committee leaders, California Attorney General Xavier Becerra suggests any federal data privacy law should still allow states to have parallel enforcement authority as well as their own laws.
-
Article
‘Femtech’ wanders into uncharted regulatory territory
Applications that serve women’s health needs could soon be held to a higher standard of accountability for protecting users’ data if they become classified as “covered entities” under HIPAA.
-
Article
Google, Ascension defend partnership amid federal inquiry
Criticism from lawmakers in addition to a federal inquiry regarding Google’s controversial partnership with Ascension has both the tech giant and the non-profit healthcare provider firing back.
-
Article
How GDPR, CCPA impact healthcare compliance
While most healthcare organizations have pretty much nailed down their data privacy requirements for HIPAA and HITECH, new privacy mandates under the GDPR and CCPA could throw a wrench into the system.
-
Article
Allscripts $145M settlement indicative of broader enforcement trend
Allscripts Healthcare Solutions has reached a $145 million agreement in principle with the DOJ to resolve civil and criminal investigations into violations of HIPAA and anti-kickback laws.
-
Blog
Business associate to pay $650K for HIPAA violation
The Department of Health and Human Services reached its first-ever enforcement action with a “business associate” of a HIPAA-covered entity. Compliance officers in the healthcare industry looking to minimize risk of future HIPAA violations will want to take a look at the resulting corrective action plan for lessons learned. Jaclyn ...
-
Blog
PhishMe adds healthcare compliance training modules
PhishMe, a global provider of phishing defense and intelligence solutions for the enterprise, announced the immediate availability of three new, complimentary computer-based trainings, accessible through the Phis hMe CBFree program. These modules provide employees with a better understanding of the policies, procedure, and reporting when handling protected personal information.
-
Blog
New solution helps companies reclaim lost data
Ground Labs, a global security software company, announced the release of Enterprise Recon 2.0. The solution scans for 100 different data points and personally identifiable information, allowing organizations to protect critical information at every endpoint without relying on antiquated perimeter security methods.