A ransomware attack reported by a business associate that impacted more than three dozen clients and nearly 207,000 individuals is among the latest incidents added to the Department of Health and Human Services' data breach tally. Here's the latest health data breach tracking update.
When a healthcare provider develops its own applications that handle patient data, it must take critical steps to safeguard protected health information and ensure HIPAA compliance, says privacy attorney Adam Greene.
Federal regulators have reached a $3 million HIPAA settlement in a case alleging that a medical imaging services provider delayed investigating and mitigating a breach involving patient information leaking onto the internet via a web server - and delayed notification of victims as well.
What are the key privacy and security requirements proposed in the latest draft of the Trusted Exchange Framework and Common Agreement issued by federal regulators to promote nationwide secure health data exchange? Elise Sweeney Anthony of the Office of the National Coordinator for Health IT explains.
The Department of Health and Human Services is lowering its top fines for less egregious HIPAA violations. Meanwhile, it's pledging to make a "big push" to enforce patients' right to access their health records. What's the potential impact?
Two organizations that provide treatment to patients with substance addictions have recently reported breaches of sensitive information. Compliance experts say that many organizations that provide such treatment must comply with HIPAA as well other stricter privacy requirements, which creates challenges.
Boston Children's Hospital is pioneering the use of Amazon's Alexa voice assist technology in the healthcare sector. John Brownstein, the hospital's chief innovation officer, discusses the security measures involved.
The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3 million HIPAA penalty levied against it last year by the Department of Health and Human Services following three data breaches was unlawful. What are the main arguments?
The Department of Health and Human Services has yet to take certain critical actions to help enhance cybersecurity, according to a new GAO report that lists hundreds of recommendations for improving operations that have not been implemented.
Several industry groups have offered suggestions - ranging from better cyber information sharing to new regulatory "safe harbors" for entities complying with best practices - in response to Sen. Mark Warner's recent request seeking ideas for improving healthcare sector cybersecurity.
Guided by a "human-centered" principle, there is nothing more critical to Tri-Counties Regional Center (TCRC), than protecting and promoting the lives of those with developmental disabilities. That is why TCRC proactively secures Personal Health Information (PHI) to protect the people behind that information. Critical...
Two recent ransomware attacks on mental healthcare providers serve as reminders of the security incident response and risk mitigation pressure faced by entities handling especially sensitive patient information.
A ransomware attack last fall on a company that provides billing and other business services to health plans and hospitals resulted in a breach affecting more than 600,000 individuals, according to Michigan state officials. But what makes breach determination in ransomware attacks so difficult?