To offset some of the Trump administration's proposed cuts to the budget for the HHS Office for Civil Rights, which enforces HIPAA, the agency proposes to take advantage of another source of revenue. But will the HIPAA compliance audit program survive and thrive?
A New York City hospital has paid a hefty HIPAA settlement to federal regulators for privacy breaches that impacted just two patients but involved the impermissible disclosure of sensitive medical information, including HIV status.
The Trump administration's detailed budget proposal for fiscal 2018 calls for hefty cuts for the two Department of Health and Human Services agencies responsible for health data privacy and security issues, including HIPAA enforcement. What's the potential impact?
Federal regulators have slapped Memorial Hermann Health System with a $2.4 million HIPAA settlement stemming from the disclosure of one patient's information to the news media without the individual's consent. Why was the penalty so high?
This case study is from a large healthcare organization, with dozens of hospitals and tens of thousands of employees who wanted to expand their ability to assess manage and respond to security risks across the enterprise. Their home-grown tool and spreadsheets were inefficient, not able to scale and presented...
As President Trump approaches day 100 of his presidency April 29, it's time to assess the impact of his administration so far on health data privacy, security and related health IT issues. Do we have any more clarity now than we did when he took office in January?
Federal regulators have smacked a mobile heart-monitoring technology firm with a $2.5 million HIPAA settlement related to findings from an investigation into a 2012 breach involving a stolen unencrypted laptop. What factors led to the substantial penalty?
Federal regulators, in their latest HIPAA settlement, are again reminding healthcare entities about the importance of having business associate agreements with vendors that handle patients' protected health information.
A class action lawsuit against telehealth software vendor MDLive shines a spotlight on regulatory gaps and other murky privacy and security issues related to the growing use of consumer health applications.
The FDA has warned Abbott that it must submit a plan within 15 days to address previously identified cybersecurity vulnerabilities and other potential safety issues in certain cardiac devices of St. Jude Medical, which Abbott Labs acquired in January.
What should healthcare entities and business associates expect when faced with a data breach investigation or compliance audit by federal regulators? Attorney Marti Arvin discusses the do's and don'ts.
NIST's proposed update to its cybersecurity framework needs to better address specific concerns of the healthcare sector, say some industry groups commenting on the recently released draft. So, what are they asking NIST to do?