In the tenth HIPAA enforcement action in recent weeks, federal regulators have announced a $100,000 settlement in yet another case involving failure to provide a patient with timely access to their health records.
A 2014 data breach at Community Health Systems that exposed the protected health information of 6.1 million individuals has led to another round of government penalties. This time, the Franklin, Tennessee-based company has agreed to pay $5 million for a settlement with 28 state attorneys general.
Federal regulators have issued their eighth - and by far the largest - HIPAA penalty for failure to provide timely access to a patient's health records. Why have there been so many cases?
In an exclusive interview, Roger Severino, director of the HHS Office for Civil Rights, which enforces HIPAA, spells out critical steps healthcare organizations must take to safeguard patient information and ensure patient safety in light of the surge in ransomware and other hacking incidents.
As the compliance dates approach for the Department of Health and Human Services' information blocking and health IT interoperability final rules, organizations need to avoid potential pitfalls, says privacy attorney Adam Greene.
Federal regulators have smacked five more healthcare organizations with financial settlements for failing to provide individuals with timely access to health information as required under HIPAA. Earlier, regulators announced two other similar settlements.
The eHealth Initiative and the Center for Democracy and Technology are seeking feedback on their draft privacy framework that addresses gaps in legal protections for consumer health data falling outside of HIPAA's regulatory umbrella, says eHI CEO Jennifer Covich Bordenick.
What privacy and security issues are raised by patients using smartphone apps to access health records? Attorney Helen Oscislawski and security expert Jarrett Kolthoff offer an analysis.
Federal prosecutors say an electronic health records vendor has agreed to pay $500,000 to settle a whistleblower case about the software maker allegedly falsifying testing results in 2015 to obtain certification for participation in the HITECH Act meaningful use incentive program.
The Department of Health and Human Services' Office for Civil Rights plans to issue a notice of proposed rulemaking to modify the HIPAA rules before the end of the year, says Timothy Noonan, the agency's deputy director for health information privacy.
Several health IT industry groups are urging the FTC to update its health data breach notification rule, designed to cover health data not protected under HIPAA, to better address technological developments and regulatory gaps that have evolved since the rule was implemented a decade ago.
Never store hardcoded credentials in code uploaded to public-facing GitHub repositories, and make sure none of your business associates are doing that. Those are just two takeaways from a new report that describes how nine organizations were inadvertently exposing health records for at least 150,000 patients.
Rep. Bill Foster, D-Ill., who has twice introduced a measure to pave the way for a national patient identifier, explains in an in-depth interview why he believes such an ID is essential.
As developers design applications to provide patients with access to their digital health records via smartphones - as called for under the 21st Century Cures Act - special attention needs to be paid to balancing security with usability, says Chad Wilson, CISO of Stanford Children's Health.
An executive order President Donald Trump signed Monday that's designed as a first step toward potential long-term expansion of the use of telehealth could prompt renewed attention to related privacy and security issues.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
