By Frank Zamani – A physician needed to share large imaging files with a specialist. The hospital’s file transfer system was too slow, so she used Dropbox instead. Three months later, a compliance audit revealed PHI for 2,400 patients had been stored on an unauthorized platform, no encryption, no access controls, no business associate agreement. The potential HIPAA penalties: up to $1.7 million.
Read More
By Devin Partida – One of the most crucial responsibilities in healthcare is protecting patient information. Federal and state regulations determine what healthcare professionals can share, but loved ones want to be involved and informed of what’s happening.
By Matt Fisher – Access to data and the enablement of data flow are significant issues and concerns within healthcare. In particular, individuals often have a hard time getting to their own data. Those difficulties exist even with different regulations in place designed to promote and require access to data.
By Andrew Mahler – Imagine a large health system implementing an advanced AI-powered imaging tool designed to assist radiologists in identifying abnormalities in chest CT scans. The AI vendor’s marketing materials include data demonstrating faster turnaround times and reduced error rates, promising enhanced efficiency and accuracy.
By Matt Fisher – The drumbeat of settlement agreements for alleged HIPAA violations by the Office for Civil Rights is continuing along with the consistent finding that the required risk analysis did not occur. The consistent announcement of settlements offers regular reminders to the healthcare industry that OCR is watching and expecting compliance to improve.
By Matt Fisher – The risk to privacy and security of healthcare information, despite all of the headlines, does not only come from outside attackers. Inside threats are real and can go undetected for potentially longer periods of time.
By Matt Fisher – The steady stream of settlements from the Office for Civil Rights continues. The underpinning to many of the recent settlements is notification following the occurrence of a data breach, often from some form of a cyber attack.
By Dr. Scott Schell – As cyber threats become increasingly sophisticated, proposed updates to federal healthcare cybersecurity standards have reignited debate across the industry. Introduced in December 2024, these regulations represent the first significant update to the HIPAA Security Rule, aiming to address the advent of AI, quantum computing, and virtual reality.
By Matt Fisher – Whenever an entity subject to HIPAA experiences a data breach, notification must be given to the Office for Civil Rights. Once OCR receives notification of a breach, an investigation will typically follow. That combination is a sure way for broader issues to be uncovered. That is the scenario that played out in the most recent settlement announced by OCR.