Collaborate Disseminate
LA Care, the largest publicly operated health plan in the country paid $1,300,000 to settle Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Po… Continue reading HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s bre… Continue reading An inexcusable gap from breach to notification, or an excusable one?
Eric Geller reports: The U.S. government is struggling to convince hospitals that they need to spend time and money fighting hackers and provide useful advice to them, a problem that could have lethal consequences as the country’s ransomware crisis rag… Continue reading The Government Isn’t Sure How to Get Small Hospitals to Take Cybersecurity Seriously
From HHS OCR: The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS) are hosting two webinars for the release of version 3.4 of the … Continue reading HHS Security Risk Assessment Tool Version 3.4 and Webinars
Matt Fisher writes: Demands for medical records can stem from a variety of investigations, which can involve a myriad of sources. The most recent example driving headlines is an investigation involving Vanderbilt University Medical Center (“VUMC”). VUM… Continue reading Health Data and Investigations: Between a Rock and a Hard Place
In September 2022, DataBreaches broke the story of how Hive had attacked Tift Regional Medical Center in Georgia between July and August. The attack did not involve encryption of systems but Hive claimed to have exfiltrated about 1 TB of data, includin… Continue reading One year later, Tift Regional Medical Center notifies patients of Hive attack
In this Help Net Security interview, Patricia Thaine, CEO at Private AI, reviews the main privacy concerns when using ChatGPT in a business context, as well as the risks that businesses can face if they betray customers’ trust. Thaine also discus… Continue reading ChatGPT and data protection laws: Compliance challenges for businesses
I am using a non-HIPAA-compliant vendor (Vercel) for the hosting of my site. This includes serverless functions on Vercel’s infrastructure that serve HTML/CSS/JS. However, the entire backend/database infrastructure lives in my own AWS acco… Continue reading HIPAA Compliance for Frontend Hosting
I work in the medical field across multiple locations, often outside of areas where internet is easily accessible. As part of my work, I keep a few different patient records on a Mac laptop. In the interest of patient privacy and protectio… Continue reading Privacy when using professional data recovery [closed]
A New York law firm has agreed to pay $200,000 in penalties to the state because it failed to protect the private and electronic health information of approximately 114,000 patients. How did the data theft happen? Heidell, Pittoni, Murphy and Bach (HPM… Continue reading New York law firm gets fined $200k for failing to protect health data