Articles Tagged With: breach
-
First HIPAA Settlement for Ransomware, Fine for Phishing
The Office for Civil Rights achieved two firsts recently: a settlement agreement related to a ransomware attack on a business associate and the first fine issued for a phishing attack. Both cases hold lessons for other covered entities.
-
Breaches Sometimes Kept Secret, but Decision Is Highly Dangerous
Cybersecurity professionals often are told to keep breaches confidential, according to a recent survey that suggests healthcare organizations may be risking serious consequences for not reporting the improper loss of protected health information controlled by HIPAA.
-
HIPAA Safe Harbor Offers Limited But Important Protection
The HR 7898 HIPAA Safe Harbor Law, enacted in 2021, created a “safe harbor” for HIPAA-covered entities and their business associates when potentially facing fines and other penalties under HIPAA. But there are nuances to the law that risk managers and compliance officers must consider. -
IRBs, Researchers Starting to Recognize Security Breaches of Online Survey Data
Researchers at the University of Houston discovered a survey study had been breached. Large number of surveys poured in, with batches arriving in two-minute intervals. Other signs of a breach included suspicious responses, unusual email addresses and patterns, responses from outside the United States, and missing contact information.
-
Common Misconceptions About HIPAA Can Threaten Patient Safety, Quality of Care
Misconceptions about the Health Insurance Portability and Accountability Act continue despite years of education. Some wrong interpretations can jeopardize patient safety.
-
HIPAA Compliance a Concern as Working from Home Becomes Norm
It is possible for remote employees to breach protocols, but they can protect information with vigilance.
-
Wrong Person Receives Bill, OCR Secures $2.175 Million Fine
As new privacy laws and regulations are put forth on both the state and federal levels, every covered entity should work with competent counsel to develop policies and procedures for breach preparedness, avoidance, and response that is compliant with applicable laws and regulations.
-
Enforcement Action Follows Predictable Path, Starts With a Letter
The Office for Civil Rights usually has much less patience and understanding when the covered entity or business associate has not adopted required HIPAA policies and procedures, has not properly trained and retrained its employees (no less often than once per year), failed to conduct required periodic enterprise-wide risk assessments, or failed to investigate and report a breach timely.
-
OCR: Ransomware Attack Is Usually a Data Breach
With ransomware attacks a continuing threat to hospitals and health systems, the Office for Civil Rights is warning that, in addition to all the other headaches, such incidents could be considered a data breach under HIPAA.
-
‘Widespread Vulnerabilities’ Bring $2.7M Settlement
Oregon Health & Science University in Portland has agreed to settle potential Health Insurance Portability and Accountability Act violations with a $2.7 million fine after an investigation by the Office for Civil Rights found “widespread and diverse problems” at OHSU.