President Trump has signed disaster declarations for Texas and Louisiana. Health and Human Services Secretary Tom Price signed a public health emergency declaration for Texas and Louisiana, authorizing the use of Section 1135 waivers of certain Medicare and Medicaid regulations. The Centers for Medicare & Medicaid Services is coordinating the requests and approvals to use … Read more
If you are not monitoring access logs on your computer system on a regular basis to see who is accessing what PHI and why, CMS is very likely to conclude you aren’t doing your job under HIPAA. That is especially true if you miss the fact that a former employee is still accessing PHI in … Read more
The US DHS Office of Civil Rights has announced the second HIPAA fine of the year, with a whopping $2.2 million dollar settlement against a Puerto Rico based life insurance company known as MAPFRE Life, a subsidiary company of MAPFRE S.A., a global multinational insurance company headquartered in Spain. MAPFRE underwrites and administers a variety … Read more
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) civil money penalty against Children’s Medical Center of Dallas (Children’s) based on its impermissible disclosure of unsecured electronic protected health information (ePHI) and non-compliance over many years with multiple standards … Read more
Alert: Phishing Email Disguised as Official OCR Audit Communication November 28, 2016 It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and … Read more
It does not take a huge breach of privacy to result in a huge fine — in this case, malware that potentially compromised 1670 patient files of PHI cost UMASS $650,000 in fines. This emphasizes the concept that there is no such thing as a “small breach” of PHI. The OCR announcement of the fine … Read more
The FBI has doubled-down on its repeated warnings on ransomware with another warning and a request to report all instances of ransomware attacks so the FBI can get a handle on the true scope of the issue. The FBI press release Friday states: Ransomware Victims Urged to Report Infections to Federal Law Enforcement The FBI … Read more
An AZ anesthesiology practice with 200 providers across the state has reported a hack to their computer system that may have — or may not have — exposed the PHI of more than 880,000 patients and employees. The situation was made public when the practice announced that it was notifying all patients and staff whose … Read more
OCR release: Advocate Health Care Network (Advocate) has agreed to a settlement with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), for multiple potential violations of the Health Insurance Portability and Accountability Act (HIPAA) involving electronic protected health information (ePHI). Advocate has agreed to pay a settlement amount of $5.55 … Read more
The FBI is quoted as saying there are only two kinds of organizations – those that have had a data breach, and those who just don’t know they have had a data breach. The internet security website Esecurityplanet.com reports that 91% of healthcare organizations have sustained a data breach in the past two years and … Read more