Proposed new federal regulations would end the HITECH Act electronic health records "meaningful use" incentive program for physicians treating Medicare patients and replace it with a simplified program as part of a sweeping payment revamp. What impact would the Medicare change have on data security requirements?
Now, more than ever, managing the risks involved in working with business associates and their subcontractors should be a top priority for healthcare organizations in their efforts to safeguard patient information, says risk management expert Andrew Hicks, who explains why.
For the second time in two years, federal regulators have slapped New York Presbyterian Hospital with a multi-million dollar penalty as part of a HIPAA settlement. The latest incident involved filming of patients without their permission.
A North Carolina orthopedic clinic will pay a $750,000 penalty as part of a breach-related federal settlement involving the release of 17,300 X-ray films containing patient information to a vendor without having a business associate agreement in place, as required under HIPAA.
A former pharmaceutical company manager faces sentencing in July after pleading guilty to criminal HIPAA violations for his part in a complex fraud scheme involving drug maker Warner Chilcott. Why are criminal HIPAA cases so rare?
Healthcare organizations are well aware of the importance of data security. Each year over 65 million people are affected by data breaches, costing healthcare providers approximately $6 billion. And these numbers continue to grow, putting them at risk for violating HIPAA and HITECH regulations, litigation and loss of...
MedStar is but the latest healthcare entity to fall victim to a ransomware attack. What can organizations do proactively to improve their ransomware defenses and response? PhishMe CEO Rohyt Belani offers insight.
It's no surprise that healthcare entities are being targeted, Belani says - and not just by ransomware,...
Federal regulators have quietly released an updated, extremely detailed protocol for use in phase two of HIPAA compliance audits of covered entities and business associates later this year. Experts say the protocol also can be a helpful tool in self-assessing compliance as well as security strategies.
The recent surge in ransomware attacks on hospitals has at least one member of Congress contemplating whether HIPAA's breach notification requirements need to be clarified or updated to reflect the trend.
Now that the Department of Health and Human Services has announced that it will soon begin the next round of HIPAA compliance audits, organizations need to take specific steps to prepare in case they're chosen for scrutiny, says attorney Robert Belfort, a regulatory specialist.
HHS says it has launched "phase two" of its HIPAA compliance audit program, portraying this as another interim step toward a permanent program. But will Congress ever approve enough funding to ramp up audits?
Smaller hospitals and clinics must avoid the common mistake of thinking they won't fall victim to cyberattacks, warns risk management expert Tom Andre, vice president of information services at the Cooperative of American Physicians.
For many organizations, compliance with data security
standards doesn't seem to be getting easier. Although HIPAA represents
only a portion of the data security compliance obligations
faced by most organizations handling healthcare data, it
is one of the most significant.
Achieving and proving your
In its second HIPAA settlement revealed this week, federal regulators smacked a New York-based medical research institute with a multimillion dollar penalty after investigating a breach tied to the theft of an unencrypted laptop containing data on several thousand patients and participants in a research project.
Federal regulators have imposed a $1.55 million penalty on a Minnesota healthcare system as part of a settlement following an investigation of a breach involving a business associate. The vendor has already been sanctioned by two other government entities for the same stolen laptop incident.