In a ruling that could have a profound impact on HIPAA enforcement, a U.S. Court of Appeals has vacated a $4.3 million HIPAA civil monetary penalty levied by federal regulators against the University of Texas MD Anderson Cancer Center in the wake of three breaches involving unencrypted mobile devices.
The Federal Trade Commission's announcement this week of a proposed health data privacy settlement with Flo Health, a fertility-tracking mobile app vendor, illustrates how the agency can play a critical role in helping ensure data not regulated under HIPAA is protected.
In the latest move in its ongoing initiative to enforce a HIPAA provision granting patients the right to access their records, federal regulators have slapped an Arizona integrated healthcare system with a $200,000 fine for failing to provide two individuals with timely records access.
As federal regulators intensify their focus on compliance with requirements to provide patients with access to their health information, healthcare organizations need to sort through a variety of emerging challenges, says health information management and privacy expert Rita Bowen.
The COVID-19 pandemic has spotlighted an array of evolving patient privacy issues that legislators and regulators will need to address in the year ahead, say government policy experts Mari Savickis and Cassie Leonard of the College of Healthcare Information Management Executives.
Look for the Biden administration to put health data privacy and security on the front burner next year. Here's what could be in store at the Department of Health and Human Services' Office for Civil Rights, which enforces HIPAA.
Federal regulators have issued guidance to help clarify how HIPAA covered entities and business associates are permitted to make patient record disclosures for public health purposes to health information exchange organizations during the COVID-19 pandemic.
Under legislation passed by Congress this weekend that awaits President Trump's signature, HIPAA enforcers, when considering financial penalties for compliance violations, would need to determine whether an organization had implemented "recognized security practices," such as the NIST Cybersecurity Framework.
A long-overdue report on findings from a HIPAA compliance audit program conducted in 2016 and 2017 illustrates shortcomings that, unfortunately, are still common today. Those include the failure to conduct a security risk analysis and the failure to give patients access to their records.
Because 2020 wasn't already exciting enough, now we have to worry about being hunted by adversaries wielding FireEye's penetration testing tools, thanks to the company having suffered a big, bad breach. Here's a list of targeted flaws that every organization should ensure they've patched.
If FireEye - one of the top cybersecurity firms - can't protect itself, how can clients be sure anything from anyone will keep them safe? The myth of a "secured environment" has been revealed to be exactly that.