All HIPAA articles

  • GoodRx

    GoodRx facing $1.5M fine over improper sharing of health data


    GoodRx agreed to pay $1.5 million as part of a settlement reached with the Federal Trade Commission addressing allegations the telemedicine and prescription drug discount provider shared personal health data with third parties for advertising purposes.

  • HHS building

    Dems seek stronger HIPAA privacy for abortion patients


    Democratic senators are urging the Department of Health and Human Services to strengthen federal health privacy protections for abortion patients by updating the HIPAA Privacy Rule.

  • Health records

    Proposed NIST cybersecurity guide incorporates HIPAA Security Rule


    The National Institute of Standards and Technology is seeking comment on proposed guidance intended to help healthcare organizations that fall under the regulatory umbrella of the Health Insurance Portability and Accountability Act’s Security Rule.

  • COVID vaccine

    OSHA halts implementation of Biden vaccine policy


    The Occupational Safety and Health Administration has suspended implementation and enforcement of its guidance ordering companies with more than 100 employees to develop a COVID-19 vaccine policy by Jan. 4.

  • onspring 300x200

    CPE Webcast: Streamlining HIPAA & HITRUST compliance with an alternative reporting approach

    2021-06-17T14:00:00Z Provided by

    Your organization might be using HITRUST to manage multiple compliance initiatives, including HIPAA, NIST and the ISOs. The framework sets up a good set of practices that lend well to various privacy regulations and standards, yet connecting all that data for fast reporting is where most organization’s hit a wall. ...

  • Health records

    Excellus Health Plan fined $5.1M for 2015 data breach


    The U.S. Department of Health and Human Services’ Office for Civil Rights fined Excellus Health Plan $5.1 million for failures relating to a 2015 data breach that exposed the personal information of 9.3 million individuals.

  • Health records

    Breach costs Premera Blue Cross $6.85M; second-largest HIPAA fine


    Premera Blue Cross has agreed to pay $6.85 million in a settlement with the U.S. Department of Health and Human Services regarding a 2014 data breach that affected the personal and health plan information of over 10.4 million people.

  • EyeOnDataPrivacy

    CCPA, SHIELD Act to take back seat during coronavirus pandemic?


    With state attorneys general now fixated on “stay at home” directives amid the coronavirus pandemic, oversight of data privacy regulation may dip. But consumers—and the plaintiffs’ bar—are still watching.

  • Health records

    GoodRx’s mea culpa: Lessons for internet companies handling personal health data


    Telemedicine platform GoodRx has committed to enhancements of its consumer data protection after Consumer Reports called out its sharing practices regarding personal health information.

  • DataPrivacyLetter

    California AG seeks federal data privacy legislation modeled on CCPA


    In a letter to Congressional committee leaders, California Attorney General Xavier Becerra suggests any federal data privacy law should still allow states to have parallel enforcement authority as well as their own laws.

  • Femtech

    ‘Femtech’ wanders into uncharted regulatory territory


    Applications that serve women’s health needs could soon be held to a higher standard of accountability for protecting users’ data if they become classified as “covered entities” under HIPAA.

  • Google

    Google, Ascension defend partnership amid federal inquiry


    Criticism from lawmakers in addition to a federal inquiry regarding Google’s controversial partnership with Ascension has both the tech giant and the non-profit healthcare provider firing back.

  • dataprivacy_0

    How GDPR, CCPA impact healthcare compliance


    While most healthcare organizations have pretty much nailed down their data privacy requirements for HIPAA and HITECH, new privacy mandates under the GDPR and CCPA could throw a wrench into the system.

  • JusticeDepartment

    Allscripts $145M settlement indicative of broader enforcement trend


    Allscripts Healthcare Solutions has reached a $145 million agreement in principle with the DOJ to resolve civil and criminal investigations into violations of HIPAA and anti-kickback laws.

  • Blog post

    Business associate to pay $650K for HIPAA violation


    The Department of Health and Human Services reached its first-ever enforcement action with a “business associate” of a HIPAA-covered entity. Compliance officers in the healthcare industry looking to minimize risk of future HIPAA violations will want to take a look at the resulting corrective action plan for lessons learned. Jaclyn ...

  • Blog post

    PhishMe adds healthcare compliance training modules


    PhishMe, a global provider of phishing defense and intelligence solutions for the enterprise, announced the immediate availability of three new, complimentary computer-based trainings, accessible through the Phis hMe CBFree program. These modules provide employees with a better understanding of the policies, procedure, and reporting when handling protected personal information.

  • Blog post

    New solution helps companies reclaim lost data


    Ground Labs, a global security software company, announced the release of Enterprise Recon 2.0. The solution scans for 100 different data points and personally identifiable information, allowing organizations to protect critical information at every endpoint without relying on antiquated perimeter security methods.

  • Article

    Preparing for a HIPAA compliance audit


    The Department of Health and Human Services’ Office for Civil Rights has officially kicked off its second phase of audits for covered entities and their business associates to review compliance with the Health Insurance Portability and Accountability Act’s privacy, security, and breach notification rules. CW’s Jaclyn Jaeger says healthcare CCOs ...

  • Blog post

    HIPAA Privacy and Security Guidance Updated


    The Office of the National Coordinator for Health IT has released an updated version of its privacy and security guidance to help healthcare providers better understand how to integrate federal health information privacy and security requirements into their practices. The guidance was last published in 2011. Details inside.

  • Article

    Case Study: UCLA, Apps, and HIPAA Compliance


    Companies that handle health information are subject to data privacy rules under HIPAA—rules that have grown more complex with the proliferation of mobile health applications (mHealth apps). Those that want to develop mHealth apps in a compliant manner have two options: Build a HIPAA-compliant application of your own, or buy ...