Protected Health Information

On September 7, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights issued an announcement containing disaster preparedness and recovery guidance in advance of Hurricane Irma. The announcement underscores key privacy and security issues for entities covered by HIPAA to help them protect individuals’ health information before, during and after emergency situations.
Continue Reading

On June 26, 2017, Airway Oxygen reported that it was the subject of a ransomware attack affecting 500,000 patients’ protected health information. The attack is the second largest health data breach recorded by the Office for Civil Rights this year, and the largest ransomware incident recorded by OCR since it began tracking incidents in 2009.
Continue Reading

On April 12, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Metro Community Provider Network that stemmed from MCPN’s lack of a risk analysis and risk management plan that addressed risks and vulnerabilities to protected health information.
Continue Reading

On February 16, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Memorial Healthcare System that emphasized the importance of audit controls in preventing breaches of protected health information. The 5.5 million dollar settlement with Memorial is the fourth enforcement action taken by OCR in 2017, and matches the largest civil monetary ever imposed against a single covered entity.
Continue Reading

On February 1, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a 3.2 million dollar civil monetary penalty against Children’s Medical Center of Dallas for alleged ongoing violations of the HIPAA Privacy and Security Rules, following two consecutive breaches of patient ePHI.
Continue Reading