The Department of Health and Human Services last week issued its 10th settlement involving a HIPAA "right of access" case since launching its patient records access initiative last year. But how might HIPAA enforcement priorities at HHS' Office for Civil Rights change under a Biden administration?
Federal regulators have issued the final version of a five-year strategic health IT plan that sets goals and objectives focused around providing patients secure access of their health data. But what do experts think of the plan, and would it stick under a potential Biden administration?
In the latest health data breach enforcement action by a state, New Jersey regulators have slapped a supermarket cooperative with a large settlement for improper disposal of customer pharmacy information.
Despite the soaring list of customers reporting data breaches tied to the May ransomware attack on Blackbaud - and numerous legal actions filed against the company - the fundraising software vendor recently told Wall Street that it expects cyber insurance to cover the bulk of its costs associated with the incident.
Federal regulators have slapped health insurer Aetna with a $1 million HIPAA settlement for three 2017 breaches - including a mailing incident that exposed HIV information - that occurred within six months.
Hacking incidents involving ransomware attacks continue to dominate the 2020 health data breach tally, with incidents affecting two companies - Blackbaud and Magellan Health - accounting for numerous breach notifications by their clients.
A 2014 data breach at Community Health Systems that exposed the protected health information of 6.1 million individuals has led to another round of government penalties. This time, the Franklin, Tennessee-based company has agreed to pay $5 million for a settlement with 28 state attorneys general.
In an exclusive interview, Roger Severino, director of the HHS Office for Civil Rights, which enforces HIPAA, spells out critical steps healthcare organizations must take to safeguard patient information and ensure patient safety in light of the surge in ransomware and other hacking incidents.
The attorneys general of 42 states plus Washington, D.C., have slapped health insurer Anthem with a $39.5 million settlement in the wake of a 2014 cyberattack that affected nearly 79 million individuals. Meanwhile, California's attorney general signed a separate $8.7 million settlement with the insurer.
Premera Blue Cross has agreed to pay a $6.85 million fine, the second largest HIPAA settlement ever announced by federal regulators. The case stems from a 2014 breach, which went undetected for nine months and exposed the information of 10.4 million individuals
Federal regulators have announced a $1.5 million HIPAA settlement with a Georgia orthopedic clinic stemming from a 2016 breach involving The Dark Overlord hacking group. The case serves as a warning of the potentially hefty cost of failure to implement a comprehensive HIPAA compliance program.
A federal judge has dismissed a lawsuit filed last year against Google and the University of Chicago Medicine involving complex privacy and other issues related to the use of patients' de-identified electronic health record data. But the court left the door open to filing an amended complaint.
The eHealth Initiative and the Center for Democracy and Technology are seeking feedback on their draft privacy framework that addresses gaps in legal protections for consumer health data falling outside of HIPAA's regulatory umbrella, says eHI CEO Jennifer Covich Bordenick.