Some app developers know more about our health than our doctors do. Take, for instance, FitBit, which is attached to our wrist and measuring in real time our temperature, our heart rate, our steps and whether we have had enough exercise for our age in a day. Some people sleep with their phones on their … Continue Reading
Following the escalation of tensions between the United States and Iran in the past week, the Health Information Sharing and Analysis Center (H-ISAC) is warning hospitals and health systems that Iran could attack health organizations, which are considered critical infrastructure, and that they make sure their systems are being updated with patches. H-ISAC further recommended … Continue Reading
On December 12, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced its second “HIPAA Right of Access Initiative” settlement of alleged HIPAA violations. The HIPAA Right of Access Initiative is a new effort in 2019 by OCR to monitor compliance with HIPAA requirements addressing patient rights to promptly … Continue Reading
Arizona-based Banner Health has agreed to settle for up to $6 million a class action case filed against it following a 2016 incident that compromised the personal information of 3 million individuals. The breach compromised data on two information technology systems at the health system, including patient information and health insurance information on one system, … Continue Reading
On November 27, 2019, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a $2.175 million dollar settlement with a hospital system to resolve alleged violations of HIPAA’s Breach Notification Rule and Privacy Rule. The settlement is noteworthy as it represents OCR’s fourth HIPAA settlement in excess of $1 million … Continue Reading
The Office for Civil Rights (OCR) announced that it has fined the Texas Health and Human Services Commission (TXHHS) $1.6 million for HIPAA violations. This is one of the few fines the OCR has levied against a state agency. The fine centers around a data breach that TXHHS self-reported to the OCR in June 2015 … Continue Reading
In accordance with the Inflation Adjustment Act, the Department of Health and Human Services (HHS) has updated its regulations to reflect required annual inflation-related increases to civil monetary penalties, including those for certain violations of HIPAA’s “administrative simplification” provisions. The final regulations became effective on November 5, 2019, the date they were published in the … Continue Reading
On the heels of an FDA committee report concerning cybersecurity issues with medical devices [view related post] the U.S. Food and Drug Administration (FDA) issued an alert regarding cybersecurity vulnerabilities, referred to as “URGENT/11,” that could introduce risks for some medical devices and hospital networks. According to the FDA’s October 1st notice, the URGENT/11 vulnerabilities … Continue Reading
Consistent with our experience, security firm McAfee has confirmed in a report that ransomware attacks have doubled in 2019. Medical providers have been hit hard this year, and one provider, Wood Ranch Medical, located in California, is permanently closing following a ransomware attack. Wood Ranch was hit with a ransomware attack over the summer, and … Continue Reading
Everyone knows how I feel about those home genetic testing kits—most people don’t understand that when they send their DNA to a private company that it is not protected by HIPAA or any other law, and the company can legally use and disclose it, including selling it to other companies. Understand what companies are doing … Continue Reading
The Patient Engagement Advisory Committee (Committee) to the Food and Drug Association (FDA) met recently to discuss cybersecurity in medical devices. Medical devices are increasingly connected to the internet, hospital networks, and other medical devices to provide features designed to improve healthcare and increase providers’ ability to treat patients. However, as medical devices become more … Continue Reading
On August 26, 2019, the Department of Health and Human Services Substance Abuse and Mental Health Services Administration (SAMHSA) published a notice of proposed rulemaking (NPRM) to “better align” its substance use disorder (SUD) confidentiality regulations at 42 C.F.R. Part 2 (Part 2) with the needs of providers and patients, and to “facilitate the provision of well-coordinated … Continue Reading
As readers of this blog know, data breaches in the health care industry are all too common. Healthcare organizations are an attractive target for hackers because of the nature and amount of personal information that they possess. Therefore, it is perhaps not surprising that healthcare organizations have the highest costs associated with data breaches. They … Continue Reading
Following an investigation led by the Washington Attorney General, Premera Blue Cross has agreed to pay $10 million to 30 states after experiencing a data breach in 2014 that compromised the Protected Health Information of over 10 million individuals. $5.4 million of the settlement amount will be paid to the Washington State Attorney General’s Office … Continue Reading
When you next lie down to sleep, the bed may not your secrets keep. So-called “smart” beds, mattress pads, sleep apps, and fitness trackers with sleep options are collecting data on those who use them and sending that personal information back to manufacturers. The data gathered can include biometric information (i.e., heart rate, respiration), sleep … Continue Reading
On June 3, 2019, the U.S. Department of Health and Human Services Office of Inspector General (OIG) issued a fraud alert to notify consumers about genetic testing fraud schemes (the Alert). According to the OIG, fraudulent actors are using the provision of free genetic testing kits to obtain Medicare information from unwitting consumers, and then … Continue Reading
Although many thought that WannaCry was in the rear view mirror, a recent report by Artemis, based on client experience, found that health care organizations and manufacturing companies are still being hit with the ransomware that affected hundreds of thousands of machines in 2017. According to the report, 40 percent of Artemis’ health care clients … Continue Reading
In a development that may – understandably – have been overlooked by many heading into Memorial Day weekend, on May 24, 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a Fact Sheet on Direct Liability of Business Associates under the Health Insurance Portability and Accountability Act (HIPAA). … Continue Reading
The deservedly well-publicized arrest of the Golden State Killer last fall was a coup for law enforcement, and a marvelous use of modern technology. Sequencing the DNA profile of material left by the killer at a crime scene 40 years ago, then scouring publicly available databases for a genetic match, and ultimately making the arrest … Continue Reading
On December 14, 2018 the Department of Health & Human Services Office for Civil Rights (OCR) published a Request for Information (RFI) soliciting public input on updates to regulations promulgated under the Health Insurance Portability and Accountability Act (HIPAA) with the goals of removing “regulatory obstacles” and decreasing “regulatory burdens” in furtherance of the health care industry’s … Continue Reading
The United States Department of Health & Human Services, Office of Civil Rights (OCR) announced a settlement this week with Allergy Associates of Hartford, P.C. whereby Allergy Associates agreed to pay $125,000 to resolve a HIPAA violation complaint that alleged the covered entity impermissibly disclosed the complainant’s Protected Health Information (PHI) to an unauthorized third … Continue Reading
The Department of Health and Human Services Office for Civil Rights (OCR) announced this week that it has settled the largest health care data breach for the largest enforcement fine in history. OCR settled the massive data breach Anthem suffered in 2015 for $16 million—a substantially larger fine than any others assessed by OCR for … Continue Reading
The Office of Inspector General (OIG) recently announced the creation of a cybersecurity team focused on combating threats within the Department of Health & Human Services (HHS), and within the health care industry. The team includes auditors, evaluators, investigators, and attorneys with experience in cybersecurity matters, and its work is intended to build on the … Continue Reading
On September 17, 2018, the federal Office of the National Coordinator for Health Information Technology (ONC) submitted proposed new rules to the Office of Management and Budget (OMB), entitled, “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program.” https://www.reginfo.gov/public/do/eAgendaViewRule?pubId=201804&RIN=0955-AA01 [View related post]. The 21st Century Cures Act was signed into law … Continue Reading
