On December 6, 2017, Henry Ford Health System (HFHS) disclosed that health information of 18,470 patients may have been viewed or stolen. HFHS became aware of the incident on October 3, 2017 after employee credentials were accessed or stolen. According to a statement published on HFHS’ website, Social Security numbers and credit card information were

On November 24, 2017, image-sharing website Imgur disclosed that email addresses and passwords of 1.7 million users were stolen in a 2014 hack on the company. Imgur became aware of the breach on November 23, 2017 when a security researcher alerted the company about the potential issue. The breach was confirmed on November 24th

Hyatt Hotels Corporation recently announced that it had identified malicious software code resulting in unauthorized access to customer payment card information. Hyatt disclosed that upon investigating the incident, it discovered unauthorized access to customer payment cards manually entered or swiped at the front desk of 41 Hyatt-managed locations in 11 countries between March 18, 2017,

The U.S. Department of Health and Human Services (HHS) has used its authority to waive certain provisions of HIPAA in response to Hurricane Harvey. HHS previously declared a public health emergency in Texas and Louisiana related to the hurricane and its aftermath.

Under the waiver, HHS waives sanctions against covered hospitals that do not comply

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) is responsible for enforcing the HIPAA Privacy and Security Rules. Any person who believes that a covered entity or business associate is not complying with HIPAA may file a complaint with OCR (complaints may also be submitted directly to a covered entity). Here is a high-level overview of the OCR complaint process from intake and review through investigation and resolution:

Intake and Review. During this step, OCR reviews the complaint to determine whether it can or will take action. OCR may take action on a complaint if it meets the following conditions:
Continue Reading What is the HIPAA Complaint Process?

Last week, New Jersey Governor Chris Christie told reporters that he is in talks with representatives from the U.S. Department of Health and Human Services and the U.S. Department of Justice about easing HIPAA restrictions in situations where individuals have experienced an opioid overdose. Gov. Christie chairs the presidential commission on opioid abuse. Speaking to

A misconfigured backup server hosted by medical records technology vendor iHealth Solutions resulted in exposure of over 7,000 medical records, some containing sensitive information. The records, involving patients seen at Bronx-Lebanon Hospital Center in New York, New York, between 2014 – 2017, include patients’ names, addresses, HIV status, mental health diagnoses and addiction histories, as

The Office for Civil Rights (OCR) has announced that it entered into a settlement with The Center for Children’s Digestive Health (CCDH) for $31,000.  CCDH is a small for-profit health care provider with seven locations in Illinois.

The settlement arose out of an OCR compliance review initiated in August 2015 after an investigation of a

Cloudflare, Inc., a provider of performance and security solutions for websites, recently disclosed that a software bug caused it to leak customer data that was then cached by search engines. Uber, Fitbit, and OkCupid sites may have been affected. While the leaked data is believed to contain private information, the extent of that information is

According to several media outlets, Topps, whose products include sports trading cards, recently notified customers via email of a security breach. Information that may have been compromised includes bank account numbers, names, and email addresses of customers who placed orders between July 30 and October 12, 2016. Topps has not publicly released the number of