Archive for the Data Breach Category

New HHS Fact Sheet on Direct Liability of Business Associates under HIPAA

24th May 2019 The HHS Office for Civil Rights (OCR) has issued a new fact sheet that provides a clear compilation of all provisions through which a business associate can be held directly liable for compliance with certain requirements of the HIPAA Privacy, Security, Breach Notification, and

[read_more text="Read more" title="Read more" url="https://ehr20.com/new-hhs-fact-sheet-on-direct-liability-of-business-associates-under-hipaa/" align="left"]
[divider_top]

Colorado hospital failed to terminate former employee’s access to ePHI

Colorado hospital failed to terminate former employee’s access to ePHI

Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security rules requires all healthcare covered entities and their business associates to conduct security risk analysis of their IT infrastructure annually and with any change in process or system. As part of HIPAA rules, all covered entities and their business associates are required to have proper procedure in place to terminate any employees.
Pagosa Springs Medical Center (PSMC) has agreed to pay $111,400 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services and to adopt a substantial corrective action plan to settle potential HIPAA violations

[read_more text="Read more" title="Read more" url="https://ehr20.com/colorado-hospital-failed-to-terminate-former-employees-access-to-ephi/" align="left"]
[divider_top]

Florida contractor physicians’ group shares protected health information with unknown vendor without a business associate agreement

December 8,2018 – Advanced Care Hospitalists PL (ACH) has agreed to pay $500,000 to the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) and to adopt a substantial corrective action plan to settle potential violations of the Health Insurance Portability

[read_more text="Read more" title="Read more" url="https://ehr20.com/hipaa_business_associate_contract_violation/" align="left"]
[divider_top]

HIPAA Fine for Lack of Timely Breach Notification 

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced the first Health Insurance Portability and Accountability Act (HIPAA) settlement of 2017 based on the untimely reporting of a breach of unsecured protected health information (PHI).  Presence Health has agreed to settle

[read_more text="Read more" title="Read more" url="https://ehr20.com/hipaa-fine-lack-timely-breach-notification/" align="left"]
[divider_top]

HIPAA Compliance 2016 Year in Review

Planning for the upcoming year is a chance to review the main developments in Healthcare IT HPAA Compliance from 2016 that will affect providers, business associates, and patients. Priorities remain to uphold confidentiality, integrity, and availability of patient data, factoring in the latest proceedings in technological and

[read_more text="Read more" title="Read more" url="https://ehr20.com/hipaa-compliance-2016-year-in-review/" align="left"]
[divider_top]

UMass settles potential HIPAA violations following malware infection

The University of Massachusetts Amherst (UMass) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. The settlement includes a corrective action plan and a monetary payment of $650,000, which is reflective of the fact that

[read_more text="Read more" title="Read more" url="https://ehr20.com/umass-settles-potential-hipaa-violations-following-malware-infection/" align="left"]
[divider_top]

EHR Vendor Bizmatics Reports Patient Data Breach

Complete Family Foot Care of Lincoln, NE was recently informed by Bizmatics, an EHR vendor of ambulatory care software and revenue cycle management services. The data breach has affected numerous other practices as well. Bizmatics has informed Complete Family Foot Care that the breach was believed to have

[read_more text="Read more" title="Read more" url="https://ehr20.com/complete-family-foot-care-hipaa-compliance/" align="left"]
[divider_top]

Eye Associates of Pinellas HIPAA Compliance

Eye Associates of Pinellas is the latest victim of HIPAA Compliance violation. Practice reported an incident of the data breach of their patient data at the hands of a third party vendor. The Eye Associates of Pinellas, located in Florida recently issued a statement to its patients

[read_more text="Read more" title="Read more" url="https://ehr20.com/eye-associates-of-pinellas-hipaa-compliance/" align="left"]
[divider_top]

HIPAA Violation Fines: Unauthorized Filming Results in $2.2 Million Settlement

New York Presbyterian Hospital has reached a settlement with the Office for Civil Rights (OCR) to pay $2.2 million HIPAA violation fine for the unauthorized disclosure of two patients Protected Health Information (PHI). The PHI was released to film crews and staff during the filming of an

[read_more text="Read more" title="Read more" url="https://ehr20.com/hipaa-violation-new-york-presbysterian/" align="left"]
[divider_top]

HIPAA Violation Fines: $750,000 settlement highlights the need for HIPAA business associate agreements

Raleigh Orthopedic violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule by handing over Protected Health Information (PHI) for approximately 17,300 patients to a potential business partner without having a business associate agreement. Not having a Business Associate Agreement (BA) in place leaves

[read_more text="Read more" title="Read more" url="https://ehr20.com/raleigh_orthopedic_hipaa_compliance_consulting/" align="left"]
[divider_top]