Hollywood Presbyterian Medical Center revealed on Wednesday that is was the victim of a cyber incident resulting in the hospital paying a cyber-ransom of $17,000 in Bitcoins. On February 5th hackers used malware that locks systems by encrypting files to infect the hospital’s computer systems, including the electronic medical record […]
Last week, the Connecticut Attorney General (the “Connecticut AG”) announced that Hartford Hospital and its subcontractor, EMC Corporation (“EMC”), agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The entities will collectively pay a $90,000 penalty and also sign an Assurance of Voluntary Compliance (an […]
The Department of Health and Human Services (HHS) Office of Inspector General (OIG) released this week its FY2016 Work Plan (Work Plan). The OIG Work Plan summarizes new and ongoing OIG reviews of various HHS programs and activities, which are selected based on a number of factors such as mandatory OIG review […]
The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) issued two reports yesterday calling for the HHS Office of Civil Rights (OCR) to strengthen its Health Insurance Portability and Accountability Act (HIPAA) enforcement efforts. In response to these reports, HHS announced that it […]
Last week, Cancer Care Group, P.C. (CCG), an Indiana radiation oncology practice, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $750,000 and adopting a three year corrective action plan.
Last week, St. Elizabeth’s Medical Center (SEMC), a hospital located in Brighton, Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $218,400 and adopting a robust corrective action plan.
In order to protect the privacy and security of patients’ information, the Health Insurance Portability and Accountability Act (HIPAA) imposes substantial obligations on covered entities (certain providers, plans, and health care clearinghouses), as well as their business associates. These obligations can be intrusive and costly, and can require substantial investments […]
The Health Insurance Portability and Accountability Act (HIPAA) mandates that both Covered Entities and Business Associates protect the security of Protected Health Information (PHI) in a variety of ways. Specifically, HIPAA’s Security Rule sets forth various technical, administrative, and physical safeguards that must be enacted in order to ensure the […]
On February 4, 2015, Anthem Inc. (“Anthem”) announced a data breach involving the personal information of up to 80 million individuals resulting from what it characterized as a sophisticated, targeted cyber-attack. According to Anthem, the information involved in the data breach included: names; dates of birth; social security numbers; health care […]