By Tom Toperczer – Criminal attacks are the leading cause of PHI reaches, according to a Ponemon Institute study. Breaches cost the healthcare industry $6.2B in 2016, while HIPAA Security and Privacy rule violation penalties for providers range from $50,000 per breach incident up to $1.5M.
Read More
By Rita Bowen – As of September 30, 2013, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has received over 141,754 complaints. Over 24,500 of these led to OCR investigations, resulting in required changes to privacy practices, corrective actions or technical assistance.
By Jon Melling – The rising complexity of healthcare, particularly as it relates to providers’ growing technical needs, is increasingly prompting healthcare organizations to seek the help of outside consultants.
HITRUST announced the creation of a Threat Catalogue to aid healthcare organizations in improving their information security posture by better aligning cyber threats with HITRUST CSF risk factors and controls.
By Marla Durben Hirsch – Providers continue to be confused as to how to dispose of their trash without running afoul of HIPAA. But the stakes are now higher – because it’s often the provider’s trash collector that’s exposing the patient data that’s in the garbage.
By Lucia Savage JD – Important work to ensure the health system is functioning properly is conducted by a wide variety of entities at the federal, state, and local level.
By Bob Grant – The HHS Office for Civil Rights announced that NY Presbyterian Hospital would be required to pay a $2.2M settlement after the “egregious disclosure” of two patients’ protected health information. NYP allowed an ABC film crew and staff from the show “NY Med” to film two patients, one of whom was dying, and another experiencing serious distress.
By Bob Grant – Understanding the regulatory requirements that govern the use and disclosure of protected health information (PHI) is essential for health care professionals operating across the country. However, federal HIPAA regulation only accounts for a portion of those requirements.
By Irv H. Lichtenwald – Not that long ago, healthcare worried mostly about the physical loss of personal health information (PHI) by way of a lost thumb drive, a stolen laptop, some misplaced paper files. These were the primary concerns in HIMSS initial 2008 security survey.
Five years later, the largest healthcare security breaches came from cyber attacks not lost or stolen devices.