A mishap involving the mailing of breach notification letters has led a Tennessee hospice to issue a "corrective" privacy breach notification. The incident is yet another example of why healthcare organizations need to carefully scrutinize their breach response and notification processes.
HHS has slapped a Florida healthcare provider with an $85,000 settlement for failing to provide a mother with timely access to fetal monitoring records. The settlement with Bayfront Health St. Petersburg is the agency's first enforcement action in its "HIPAA right of access initiative."
The federal tally of major health data breaches has spiked over the last month, mostly because of the American Medical Collection Agency incident, which led to nearly two dozen breach reports from the firm's affected clients.
Providence Health Plan says some of its members were among the nearly 3 million individuals affected by a data breach revealed by health plan administrator Dominion National in June. What lessons are emerging from that security incident and others involving third parties?
Google and the University of Chicago Medical Center have filed motions to dismiss a class action lawsuit that alleges patients' records were not properly de-identified by the hospital before they were shared with Google for research. Legal experts offer an analysis of the privacy case.
The Department of Health and Human Services has issued proposed changes to privacy rules related to the sharing of patient records created by federally assisted substance use disorder treatment programs. Do the proposals go too far, or not far enough?
As many organizations are working to streamline their governance, risk and compliance (GRC) processes, they often encounter gaps in implementation and need to tailor their tools towards their unique industry and specific goals.
Download this guide which highlights how you can optimize your investment in the popular...
Health IT vendor Allscripts says it has reached a preliminary $145 million settlement with the Department of Justice related to the business practices of Practice Fusion, an EHR vendor the company acquired last year. Among the issues involved are HIPAA, HITECH Act and Anti-Kickback Statute compliance.
The National Association of Attorneys General is urging Congress to drop the "cumbersome, out-of-date privacy rules" contained in federal regulations on substance abuse and instead apply the "effective and more familiar" HIPAA Privacy Rule to help address the opioid crisis by easing the sharing of data.
It's been more than two months since lab companies began revealing they had patient data exposed in a data breach at American Medical Collection Agency. But new victim organizations are continuing to emerge, bringing the total to about 18.
Several large breaches involving hacking/IT incidents, including ransomware attacks, have been added in recent weeks to the federal tally of major health data breaches. Here's a rundown of the latest additions.
DirectTrust, - known for creating and maintaining the Direct protocol and trust framework for secure email in healthcare - has kicked off a new initiative to develop industry standards for secure real-time instant messaging. What are the potential benefits?
A medical center and a children's hospital in Puerto Rico are victims of a recent ransomware attack impacting a total of more than a half million individuals. The combined incident is the largest ransomware breach reported to federal regulators so far in 2019. How is this threat evolving?
Two health IT industry groups are pressing the Senate to follow the House's lead and approve legislation to lift the ban on the Department of Health and Human Services funding the development and adoption of a unique national patient identifier.
A medical equipment benefits administrator is the latest business associate to report a large health data breach affecting patients as well as healthcare providers. What can covered entities do to help prevent falling victim to BA breaches?