Patient data exposed Inmediata Health Group, Corp., a provider of clearinghouse services, software, and business processing solutions to health plans, hospitals, IPAs, and independent physicians recently announced a security incident affecting some customer data. The incident was discovered in January 2019 when Inmediata found a misconfigured webpage was allowing some electronic health information to be...
Rush University Medical Center is feeling the impact of a breach they themselves did not cause. A third-party vendor is responsible for compromised personal information of 45,000 patients of Rush Medical. The breach was caused by an employee of the claims processing vendor when they inappropriately shared a patient file with an unauthorized individual. Rush...
According to the San Francisco Public Health Department, nearly 900 patients at two San Francisco hospitals had their personal information breached. On Friday, the Department stated that the breach occurred at San Francisco General and Laguna Honda hospitals when a former employee of one of the hospitals’ vendors gained unauthorized accessed the patient data. An...
The Center for Children’s Digestive Health (CCDH) a small, for-profit practice has agreed to implement a corrective action plan for their potential violations of the Health Insurance Portability Accountability Act of 1996 (HIPAA) Privacy Rule. According to the U.S. Department of Health and Human Services (HHS), the settlement includes a hefty payment of $31,000 for...
We have previously posted about HHS/OCR’s Guidance on HIPAA & Cloud Computing. The guidance is presented in question and answer form. To see the full guidance, you can go to the OCR page. Below are the 11 questions with partial answers to keep this brief but provide a good overview: Questions 1. May a...
Pun intended. We all use cloud computing resources every day. All you have to do is go on the Internet, and chances are the website you are accessing uses cloud services. Our website,, uses the Amazon cloud. There are many definitions of cloud services, but at a high level it is the use of...
Almost all software programs have bugs in their code. The bugs may be security holes, problems displaying pages on mobile devices or inaccurately displaying results in reports to name a few. So it should be no shock that electronic health record (EHR) systems would have bugs as well. EHRs are complex software programs and are...
A recent article over at Becker’s Spine Review, discusses some of the “low hanging fruit of HIPAA compliance”. They give 8 best practices for being HIPAA compliant. For the article they interviewed David Holtzman, JD, CIPP, vice president of compliance strategies, Cynergistek and Aaron Tantleff, partner and intellectual property lawyer with Foley & Lardner LLP. Encrypt health information. The...
Watch HSN CEO discuss the next round of HIPAA Audits
Background Although HIPAA is an important set of laws passed to protect the sensitive medical information handled by millions of covered entities and business associates, Health and Human Services Office for Civil Rights (OCR) has never established a permanent compliance audit program. Auditing activity to date by OCR has consisted of a pilot program of...
Recent Comments