protected health information

On May 17, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with MedEvolve, Inc. for $350,000. MedEvolve provides practice and revenue cycle management and practice analytics software services to health care entities. The settlement resulted from MedEvolve’s alleged violation of the Health Insurance Portability and Accountability

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced that it had entered into a Resolution Agreement, Corrective Action Plan, and settlement with Lifetime Healthcare, Inc., the parent of Excellus Health Plan, over alleged violations of HIPAA relating to a data breach that occurred from December 23, 2013 through

It is clear that the health care industry continues to be targeted with cyber-attacks. In 2018, the 10 largest health care breaches, outlined here, include unauthorized access to protected health information (PHI) through a vendor offering claims processing, ransomware incidents, successful phishing schemes, mailing PHI to wrong addressees, hacking, a misdirected email, and a

Verizon recently issued its Protected Health Information (PHI) Data Breach Report, which is always an interesting read. Not surprisingly, Verizon’s report concludes that based upon analysis of 1,360 security incidents involving the health care sector, 58 percent of the incidents were caused by insiders and 42 percent were caused by external threats.

Insider threats can

On February 13, 2018, the HHS Office for Civil Rights (OCR) announced a $100,000 settlement with a court-appointed receiver representing Filefax, Inc. (Filefax) arising from the 2015 discovery of medical records that contained protected health information (PHI) of over two thousand individuals in a dumpster. Filefax, a now-defunct medical records moving and storage company located

ABCD Pediatrics, located in San Antonio, Texas has notified the Office for Civil Rights that a ransomware cyber intrusion has resulted in access to its servers, including the protected health information (PHI) of its patients. The ransomware used by the attackers was Dharma. The practice found through forensic analysis that access had been gained to

Whenever fact sheets or other guidance is issued by either the Office of the National Coordinator for Health Information Technology (ONC) or the Office for Civil Rights (OCR), it helps gain insight into the thinking of the regulators so we watch it closely.

But when the ONC and OCR issues joint guidance, it is hitting the jackpot.
Continue Reading ONC and OCR Issue Joint Fact Sheet on Use of PHI for Public Health Activities

On January 7, 2015, HHS issued new guidance (Guidance) regarding an individual’s right to access his or her health information under HIPAA’s Privacy Rule. The Guidance emphasizes that HIPAA, while protecting the privacy and confidentiality of individuals’ health information, also recognizes the importance of providing individuals with access to their health information.

The Guidance reviews