In a ruling that could have a profound impact on HIPAA enforcement, a U.S. Court of Appeals has vacated a $4.3 million HIPAA civil monetary penalty levied by federal regulators against the University of Texas MD Anderson Cancer Center in the wake of three breaches involving unencrypted mobile devices.
The Department of Health and Human Services has slapped Excellus Health Plan with a $5.1 million settlement in the wake of a 2015 data breach that affected more than 9.3 million individuals.
The Federal Trade Commission's announcement this week of a proposed health data privacy settlement with Flo Health, a fertility-tracking mobile app vendor, illustrates how the agency can play a critical role in helping ensure data not regulated under HIPAA is protected.
In the latest move in its ongoing initiative to enforce a HIPAA provision granting patients the right to access their records, federal regulators have slapped an Arizona integrated healthcare system with a $200,000 fine for failing to provide two individuals with timely records access.
Hacking incidents, including ransomware and phishing attacks, as well as security incidents involving vendors dominated the federal tally of major health data breaches in 2020.
As federal regulators intensify their focus on compliance with requirements to provide patients with access to their health information, healthcare organizations need to sort through a variety of emerging challenges, says health information management and privacy expert Rita Bowen.
The COVID-19 pandemic has spotlighted an array of evolving patient privacy issues that legislators and regulators will need to address in the year ahead, say government policy experts Mari Savickis and Cassie Leonard of the College of Healthcare Information Management Executives.
Look for the Biden administration to put health data privacy and security on the front burner next year. Here's what could be in store at the Department of Health and Human Services' Office for Civil Rights, which enforces HIPAA.
Federal regulators have issued guidance to help clarify how HIPAA covered entities and business associates are permitted to make patient record disclosures for public health purposes to health information exchange organizations during the COVID-19 pandemic.
Under legislation passed by Congress this weekend that awaits President Trump's signature, HIPAA enforcers, when considering financial penalties for compliance violations, would need to determine whether an organization had implemented "recognized security practices," such as the NIST Cybersecurity Framework.
A long-overdue report on findings from a HIPAA compliance audit program conducted in 2016 and 2017 illustrates shortcomings that, unfortunately, are still common today. Those include the failure to conduct a security risk analysis and the failure to give patients access to their records.
The Department of Health and Human Services on Thursday issued a long-awaited proposed rule that would modify the HIPAA Privacy Rule. Here's a summary of the changes.
A recent data breach at a Colorado-based mental health clinic that exposed data on nearly 300,000 individuals is the latest of several in the mental health sector this year.
Federal regulators have issued their 12th enforcement action tied to a case involving a patient's right to access their records, as spelled out in HIPAA.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.