Tag: PHI

Hollywood Presbyterian Medial Center Was Victim of Cyber-ransom

Hollywood Presbyterian Medical Center revealed on Wednesday that is was the victim of a cyber incident resulting in the hospital paying a cyber-ransom of $17,000 in Bitcoins.  On February 5th hackers used malware that locks systems by encrypting files to infect the hospital’s computer systems, including the electronic medical record […]

Hospital and Vendor Reach Agreement to Settle Alleged HIPAA Violations with Connecticut AG

Last week, the Connecticut Attorney General (the “Connecticut AG”) announced that Hartford Hospital and its subcontractor, EMC Corporation (“EMC”), agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  The entities will collectively pay a $90,000 penalty and also sign an Assurance of Voluntary Compliance (an […]

OIG Releases FY2016 Work Plan: Areas to be Reviewed Include SNFs, Drug Pricing, HIPAA

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) released this week its FY2016 Work Plan (Work Plan). The OIG Work Plan summarizes new and ongoing OIG reviews of various HHS programs and activities, which are selected based on a number of factors such as mandatory OIG review […]

HHS To Launch New HIPAA Audits in Early 2016 in Response to OIG Reports

The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) issued two reports  yesterday calling for the HHS Office of Civil Rights (OCR) to strengthen its Health Insurance Portability and Accountability Act (HIPAA) enforcement efforts.   In response to these reports, HHS announced that it […]

Cancer Care Group Reaches Agreement to Settle Alleged HIPAA Violations

Last week, Cancer Care Group, P.C. (CCG), an Indiana radiation oncology practice, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $750,000 and adopting a three year corrective action plan.

St. Elizabeth’s Medical Center Reaches Agreement to Settle Alleged HIPAA Breach

Last week, St. Elizabeth’s Medical Center (SEMC), a hospital located in Brighton, Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $218,400 and adopting a robust corrective action plan.

HIPAA FAQ Series: Does HIPAA Protect the PHI of Deceased Individuals?

In order to protect the privacy and security of patients’ information, the Health Insurance Portability and Accountability Act (HIPAA) imposes substantial obligations on covered entities (certain providers, plans, and health care clearinghouses), as well as their business associates.  These obligations can be intrusive and costly, and can require substantial investments […]

HIPAA FAQ Series: Are Covered Entities and Business Associates Required to Encrypt PHI?

The Health Insurance Portability and Accountability Act (HIPAA) mandates that both Covered Entities and Business Associates protect the security of Protected Health Information (PHI) in a variety of ways.  Specifically, HIPAA’s Security Rule sets forth various technical, administrative, and physical safeguards that must be enacted in order to ensure the […]

The Aftermath of the Anthem Breach

On February 4, 2015, Anthem Inc. (“Anthem”) announced a data breach involving the personal information of up to 80 million individuals resulting from what it characterized as a sophisticated, targeted cyber-attack.  According to Anthem, the information involved in the data breach included: names; dates of birth; social security numbers; health care […]