2014 and HIPAA - Health Care Compliance Brief

Former Executive Sentenced to Probation for HIPAA Violation

HIPAA Journal

JANUARY 9, 2024

Mark Kevin Robison, a former vice president of Commonwealth Health Corporation (now Med Center Health) in Kentucky has been sentenced to 2 years’ probation and ordered to pay $140,000 in restitution after reaching a plea agreement with federal prosecutors over a HIPAA violation.

HIPAA

HIPAA Compliance

L.A. Care Health Plan Settles Multiple HIPAA Security Rule Violations for $1.3 Million

HIPAA Journal

SEPTEMBER 11, 2023

Care Health Plan, has settled multiple violations of the HIPAA Privacy and Security Rules with the HHS’ Office for Civil Rights (OCR) and will pay a $1,300,000 penalty and adopt a robust corrective action plan. OCR determined that there had been several failures to fully comply with the requirements of the HIPAA Privacy and Security Rules.

HIPAA

HIPAA Compliance Medicaid Medicaid

Action Taken Against CHS: Multistate HIPAA Settlement Following C10P Ransomware Attack

Compliancy Group

APRIL 4, 2023

One such case is the Community Health Systems (CHS) C10P Ransomware attack, which affected millions of patients and resulted in a multistate HIPAA settlement. No No one is protected from HIPAA violation double jeopardy. Make Sure You’re HIPAA Compliant Protect your business from breaches and fines by becoming compliant today!

Ransomware

Ransomware HIPAA Compliance

Arizona Man Sentenced to 54 Months in Criminal HIPAA Violation Case

HIPAA Journal

JUNE 2, 2023

An Arizona man has been sentenced to 54 months in jail for aggravated identity theft and criminal violations of the Health Insurance Portability and Accountability Act (HIPAA). Rico Prunty pleaded guilty to aggravated identity theft and criminal HIPAA violations for accessing and disclosing patients’ protected health information.

HIPAA

HIPAA Fraud Health Insurance Compliance

Pharma Sales Rep Pleads Guilty to Healthcare Fraud and Criminal HIPAA Violations

HIPAA Journal

OCTOBER 21, 2022

A pharmaceutical sales rep has pleaded guilty to conspiring to commit healthcare fraud and wrongfully disclosing and obtaining patients’ protected health information in an elaborate healthcare fraud scheme involving criminal HIPAA violations. He is due to be sentenced on Feb.

Fraud

Fraud HIPAA FDA Health Insurance

Interview: Ty Allen, Founder & CEO, SocialClimb

HIPAA Journal

JANUARY 31, 2024

The HIPAA Journal has spoken with Ty Allen, Founder & CEO of SocialClimb. SocialClimb offers a comprehensive, HIPAA-compliant healthcare marketing platform that aligns with the goals of healthcare organizations of all types and sizes. In 2014 I was involved in an accident that fractured my neck and injured my spinal cord.

HIPAA

HIPAA Compliance Doctors Health Insurance

HIPAA Nightmare: Dentist tells patient to Get a Life

Health Care Performance

APRIL 28, 2022

He last came to my office on March 2014 as an emergency. The first lesson is obvious: don’t post PHI on social media without a valid HIPAA authorization. Lastly, if you are unsure of what needs to be in place to comply with HIPAA to protect PHI, read the OCR resolution agreement for a prior - and similar - social media breach.

HIPAA

Did COVID Lead to a Lower HIPAA Fine?

Compliancy Group

AUGUST 19, 2022

On Friday afternoon, July 15, 2022, the Department of Health and Human Services Office for Civil Rights announced 11 enforcement actions against healthcare providers across the country for alleged violations of the HIPAA Privacy Rule right of access provisions. Let’s Simplify Compliance Avoid HIPAA violation fines. Learn More! ×

HIPAA

HIPAA COVID-19 Compliance Health Insurance

ONC and OCR Release Updated Security Risk Assessment Tool

HIPAA Journal

JUNE 16, 2022

The HIPAA Security Rule requires HIPAA-regulated entities to conduct a comprehensive, organization-wide risk analysis to identify the risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI). Risk analyses/assessments are vital for HIPAA compliance.

HIPAA

HIPAA Compliance

December 2022 Healthcare Data Breach Report

HIPAA Journal

JANUARY 16, 2023

Only one other year has seen a fall in recorded data breaches (2014). HIPAA Journal has been unable to obtain information on two of those breaches. HIPAA-regulated entities should also ensure that their password management practices are kept up to date. December Data Breaches by HIPAA Regulated Entity. California.

Ransomware

Ransomware HIPAA Hospitals

Why Employers Need to be HIPAA Compliant

Total HIPAA

JULY 21, 2020

HIPAA compliance for employers is a complicated and nuanced topic. Though you may believe you’re not affected by HIPAA, many groups usually have access to more PHI than they realize. In this article, we outline some of the issues that you may face as a benefits specialist and the connection between ERISA and HIPAA.

HIPAA

HIPAA Health Insurance Compliance

Judge Denies Class Certification in CareFirst Data Breach Lawsuit

HIPAA Journal

MARCH 31, 2023

District Court Judge has denied class certification in a long-running legal battle against CareFirst BlueCross BlueShield over its 2014 data breach that affected 1.1 The post Judge Denies Class Certification in CareFirst Data Breach Lawsuit appeared first on HIPAA Journal. million plan members.

Fraud

Fraud HIPAA

California and North Dakota Hospitals Report Cyberattacks

HIPAA Journal

MARCH 28, 2024

Fernald Developmental Center campus in Waltham, MA, which was sold to the city of Waltham in 2014. The documents had been improperly stored in the buildings since 2014 and many had degraded, so it was not possible to tell the exact types of information that had been exposed.

Hospitals

Hospitals Ransomware HIPAA Licensing

How health systems can better protect patient privacy

Healthcare It News

SEPTEMBER 21, 2023

According to one 2014 survey, 10% of patients distrusted health technology, Liederman said, but another recent survey found 87% of patients are unwilling to divulge all their medical information. " To safely address insider snooping you have to record all the views and actions, which HIPAA requires anyway.

Governance

Governance HIPAA Ransomware Licensing

FDA Releases Updated Guidance on Medical Device Cybersecurity

HIPAA Journal

APRIL 11, 2022

The FDA first released final guidance on premarket expectations for medical devices in 2014, then updated and released draft guidance in 2018. The post FDA Releases Updated Guidance on Medical Device Cybersecurity appeared first on HIPAA Journal. The FDA will then work on a final version of the guidance.

FDA

FDA HIPAA

Healthcare & Life Sciences Private Equity Deal Tracker: Aldrich Capital Partners to Invest $75 Million in Compliancy Group

McGuire Wood

FEBRUARY 9, 2022

Founded in 2005, the company’s solution, The Guard, is intended to help businesses meet HIPAA compliance requirements. and founded in 2014, pursues investments in healthcare IT and other technology service and software companies. Compliancy Group , based in Greenlawn, N.Y., Aldrich Capital Partners , based in Tower Vienna, Va.,

Compliance

Compliance HIPAA

NIST Requests Comments on How to Improve its Cybersecurity Framework

HIPAA Journal

FEBRUARY 28, 2022

The NIST Cybersecurity Framework was released in 2014 to help public and private sector organizations implement cybersecurity standards and best practices to improve their cybersecurity posture, better defend against cyber threats, and quickly identify and respond to cyberattacks in progress to limit the harm that can be caused.

HIPAA

SundaySky Cyberattack Impacts 37,000 Health Plan Members

HIPAA Journal

MARCH 23, 2023

The affected individuals had created an online PPS account between July 2014 and January 13, 2023. The post SundaySky Cyberattack Impacts 37,000 Health Plan Members appeared first on HIPAA Journal. On January 10, 2023, PPS discovered that the names and email addresses of 82,466 patients had been shared with the Kroger Co.

Licensing

Licensing HIPAA

University of Pittsburgh Medical Center Settles Data Breach Lawsuit for $450,000

HIPAA Journal

JUNE 23, 2022

The lawsuit was filed on behalf of 27,000 employees affected by a February 2014 data breach. The post University of Pittsburgh Medical Center Settles Data Breach Lawsuit for $450,000 appeared first on HIPAA Journal. Last year, UPMC settled a long-running lawsuit for $2.65

HIPAA

AngelEye Health Raises Funding to Expand Patient Engagement Platform

HIT Consultant

NOVEMBER 10, 2022

HIPAA-Compliant Patient Engagement Solutions Platform. Since its launch in 2014, AngelEye has built a diverse portfolio of resources designed to support the current and future needs of the highly specialized NICU and PICU.

HIPAA

HIPAA Hospitals

United Health Centers of San Joaquin Valley Notifies Patients About August 2021 Ransomware Attack

HIPAA Journal

AUGUST 16, 2022

HIPAA Journal reported on the incident in September 2021. Intermedix Corporation worked with Lee County Emergency Medical Services for almost 15 years, with the contract terminating in September 2014. On August 31, 2021, Bleeping Computer was made aware of the data leak and made multiple attempts to notify United Health Centers.

Ransomware

Ransomware HIPAA Licensing Governance

HC3 Report Reveals Cyberattack Trends and Provides Insights to Improve Healthcare Cybersecurity

HIPAA Journal

MARCH 8, 2022

The report shows how adversaries stepped up their attacks on the healthcare industry from 2014 through 2017. In 2014, Boston Children’s Hospital suffered a major distributed Denial of Service (DDoS) attack, there was a massive cyberattack on Anthem Inc.

Ransomware

Ransomware COVID-19 HIPAA World Health

Tampa General Hospital Sued over 1.2 Million Record Data Breach

HIPAA Journal

AUGUST 9, 2023

TGH experienced a data breach in 2014 which was reported to the HHS’ Office for Civil Rights as an unauthorized electronic medical record access incident affecting 675 patients. Million Record Data Breach appeared first on HIPAA Journal. The lawsuit also points out that this is not the first data breach to have occurred at TGH.

Hospitals

Hospitals Electronic Medical Records Health Insurance HIPAA

HHS Information Security Program Rated ‘Not Effective’

HIPAA Journal

MAY 4, 2022

The post HHS Information Security Program Rated ‘Not Effective’ appeared first on HIPAA Journal. The audit was conducted at five of the 12 operating divisions of the HHS, although OIG did not state which five divisions were audited. The HHS concurred with all OIG recommendations.

HIPAA

HIPAA Compliance

Dentist Disclosing PHI in Response to Negative Online Review Leads to $50,000 Civil Monetary Penalty

Hall Render

APRIL 28, 2022

A North Carolina dental practice (“Practice”) has been fined $50,000 following a Notice of Final Determination regarding a violation of the HIPAA Privacy Rule. Comparing social media activities to peer entities to determine what social media practices are acceptable is not a viable strategy to ensure compliance with HIPAA.

HIPAA

HIPAA Compliance

The Pandemic Accelerated Consumers’ Digital Health Tech Ownership As Big Tech Morphs To Big Health

Health Populi

JUNE 10, 2021

.” Health Populi’s Hot Points: HIPAA, the Health Insurance Portability and Accountability Act, was signed into law in 1996 by President Bill Clinton. This week, Ken Mandl and Eric Perakslis co-wrote an essay in The New England Journal of Medicine on HIPAA and the “leak of ‘deidentified’ EHR data.”

HIPAA

HIPAA COVID-19 Health Insurance Health Outcomes

FBI Thwarted ‘Despicable’ Cyberattack on Boston Children’s Hospital

HIPAA Journal

JUNE 3, 2022

Back in 2014, the hospital suffered a series of attacks that disrupted its systems for more than a week. The post FBI Thwarted ‘Despicable’ Cyberattack on Boston Children’s Hospital appeared first on HIPAA Journal. Boston Children’s Hospital is no stranger to cyberattacks.

Hospitals

Hospitals Ransomware HIPAA

Asante Discovers 9 Years of Unauthorized Medical Record Access by a Physician

HIPAA Journal

MARCH 8, 2023

An investigation was launched when the unauthorized access was detected which revealed the unauthorized access had been occurring over a period of 9 years, starting in 2014. The post Asante Discovers 9 Years of Unauthorized Medical Record Access by a Physician appeared first on HIPAA Journal.

Electronic Medical Records

Electronic Medical Records Doctors Fraud Licensing

Healthcare Sector Warned About Increase in GootLoader Malware Infections

HIPAA Journal

FEBRUARY 15, 2023

GootLoader is a malware loader first identified in 2014 that is now one of the biggest malware threats. The post Healthcare Sector Warned About Increase in GootLoader Malware Infections appeared first on HIPAA Journal.

HIPAA

Patch Due for Release on November 1, 2022 to Fix Critical OpenSLL Vulnerability

HIPAA Journal

OCTOBER 31, 2022

In 2014, OpenSLL discovered a critical vulnerability dubbed Heartbleed, which could be exploited to obtain passwords or encryption keys. The post Patch Due for Release on November 1, 2022 to Fix Critical OpenSLL Vulnerability appeared first on HIPAA Journal.

Public Health

Public Health HIPAA

HC3 Warns Healthcare Sector About Growing Threat from Emotet Malware

HIPAA Journal

JUNE 8, 2022

Emotet was first detected in 2014 and was initially a banking Trojan; however, the malware has been updated over the years and has had new features added. The post HC3 Warns Healthcare Sector About Growing Threat from Emotet Malware appeared first on HIPAA Journal.

Ransomware

Ransomware HIPAA Governance

Interview: Stacey A. Tovino, JD, PhD, William J. Alley Professor of Law, University of Oklahoma College of Law

HIPAA Journal

FEBRUARY 17, 2023

HIPAA Journal is conducting interviews with healthcare professionals, compliance professionals, and industry service providers to find out more about how their experiences with HIPAA, their successes, and the challenges they have and continue to face with HIPAA compliance. When did you first get involved with HIPAA compliance?

HIPAA

HIPAA Compliance Licensing Hospitals

HC3 Warns of Risk of Web Application Attacks on Healthcare Organizations

HIPAA Journal

JULY 25, 2022

A Major DDoS attack was conducted on Boston Children’s Hospital in April 2014 over the course of a week by a hacker in response to a child custody issue. The post HC3 Warns of Risk of Web Application Attacks on Healthcare Organizations appeared first on HIPAA Journal. DDoS attacks are also conducted by hacktivists.

Electronic Medical Records

Electronic Medical Records Ransomware COVID-19 HIPAA

The Pace of Tech-Adoption Grows Among Older Americans, AARP Finds – But Privacy Concerns May Limit Adoption

Health Populi

JANUARY 28, 2020

Smartphone adoption among older people grew by 50% since 2014, rising from 48% adoption among people 50+ to 79%. Under the current privacy regime of HIPAA for healthcare, indeed, we are. legislators can get on the same privacy page.

HIPAA

HIPAA Health Insurance Doctors

Know Your Adversary: HC3 Shares Details of Chinese APT Groups Targeting the Healthcare Sector

HIPAA Journal

AUGUST 24, 2023

APT18 is believed to be behind a 2014 attack on a healthcare provider in which the data of 4.5 The post Know Your Adversary: HC3 Shares Details of Chinese APT Groups Targeting the Healthcare Sector appeared first on HIPAA Journal. million patients was stolen.

COVID-19 Vaccine

COVID-19 Vaccine Governance COVID-19 Public Health

Multiple Security Vulnerabilities Identified at Arizona VA Healthcare System

HIPAA Journal

JULY 13, 2023

The inspection was performed as the Northern Arizona VA Healthcare System had not previously been visited as part of a Federal Information Security Modernization Act of 2014 (FISMA) audit. The post Multiple Security Vulnerabilities Identified at Arizona VA Healthcare System appeared first on HIPAA Journal.

Department of Veterans Affairs

Department of Veterans Affairs HIPAA

OpenSSL Downgrades Bug Severity to High and Releases Patches

HIPAA Journal

NOVEMBER 1, 2022

The news of a critical flaw existing brought back memories of the Heartbleed Bug (CVE-2014-0160) which was exploited to read the memory of systems including servers and routers to eavesdrop on communications. The post OpenSSL Downgrades Bug Severity to High and Releases Patches appeared first on HIPAA Journal.

HIPAA

NIST Releases Draft Version of Cybersecurity Framework 2.0 for Public Comment

HIPAA Journal

AUGUST 10, 2023

This is the first major update to the NIST CSF since its release in 2014. for Public Comment appeared first on HIPAA Journal. The National Institute of Standards and Technology (NIST) has published a draft version of an updated version of its popular Cybersecurity Framework (CSF) – version 2.0.

Governance

Governance HIPAA Hospitals

Healthcare Industry Warned About Risk Posed by APT41 Threat Group

HIPAA Journal

SEPTEMBER 28, 2022

APT41 – also known as Double Dragon, Barium, Winnti, Wicked Panda, Wicked Spider, TG-2633, Bronze Atlas, Red Kelpie – conducted targeted campaigns on the healthcare sector in 2014, 2015, 2016, 2018, 2019, and 2020. The post Healthcare Industry Warned About Risk Posed by APT41 Threat Group appeared first on HIPAA Journal.

Pharmaceutical Industry

Pharmaceutical Industry HIPAA Governance

My Health, My Data – Thinking Consumers, Privacy and Self-Care at HIMSS 2023

Health Populi

APRIL 17, 2023

The bill expands privacy protections for Washington State’s health citizens beyond HIPAA’s provisions. The Washington State legislature passed House Bill 1155, aka the My Health, My Data Act , last week. Governor Jay Inslee is expected to sign this into State law later this year.

HIPAA

HIPAA Hospitals

Healthcare Industry Most Commonly Attacked with Downloaders and Ransomware

HIPAA Journal

JANUARY 26, 2023

One of the most commonly used downloaders is Emotet, which first emerged in 2014 as a banking Trojan. The post Healthcare Industry Most Commonly Attacked with Downloaders and Ransomware appeared first on HIPAA Journal. The operators of these botnets partner with other threat groups to deliver third-party payloads.

Ransomware

Ransomware HIPAA

Core Principles for Application Decommissioning and Data Archiving

Healthcare IT Today

DECEMBER 5, 2019

While we’ve been writing about EMR data archiving since back in 2009 and then again in 2013 and 2014 to name a few, the topic has never been more important than it is today. With many healthcare organizations literally supporting 100s and even 1000s of health IT software, how you handle legacy systems including data […].

HIPAA

HIPAA Hospitals

Health Gorilla Raises $50M to Expand FHIR-Native Health Interoperability Platform

HIT Consultant

MARCH 7, 2022

Founded in 2014, Health Gorilla is focused on streamlining access to clinical data with a suite of FHIR-based APIs that digital health developers integrate into their products. These paired with varying data standards have created a healthcare environment that is disconnected and difficult for patients to navigate.

Compliance Officers

Compliance Officers HIPAA Compliance

Accellion Settles Healthcare Data Breach Suit for $8.1 Mil

Compliancy Group

JANUARY 20, 2022

In 2014 Kiteworks was launched as a successor to FTA. This case also underscores some commonly overlooked points by many working to achieve HIPAA compliance. . Compliancy Group has a security assessment questionnaire for business associates built into our industry-standard HIPAA Compliance software solution, “The Guard.”

Licensing

Licensing Compliance HIPAA Governance

Former Executive Sentenced to Probation for HIPAA Violation

L.A. Care Health Plan Settles Multiple HIPAA Security Rule Violations for $1.3 Million

Trending Sources

Action Taken Against CHS: Multistate HIPAA Settlement Following C10P Ransomware Attack

Arizona Man Sentenced to 54 Months in Criminal HIPAA Violation Case

Pharma Sales Rep Pleads Guilty to Healthcare Fraud and Criminal HIPAA Violations

Interview: Ty Allen, Founder & CEO, SocialClimb

HIPAA Nightmare: Dentist tells patient to Get a Life

Did COVID Lead to a Lower HIPAA Fine?

ONC and OCR Release Updated Security Risk Assessment Tool

December 2022 Healthcare Data Breach Report

Why Employers Need to be HIPAA Compliant

Judge Denies Class Certification in CareFirst Data Breach Lawsuit

California and North Dakota Hospitals Report Cyberattacks

How health systems can better protect patient privacy

FDA Releases Updated Guidance on Medical Device Cybersecurity

Healthcare & Life Sciences Private Equity Deal Tracker: Aldrich Capital Partners to Invest $75 Million in Compliancy Group

NIST Requests Comments on How to Improve its Cybersecurity Framework

SundaySky Cyberattack Impacts 37,000 Health Plan Members

University of Pittsburgh Medical Center Settles Data Breach Lawsuit for $450,000

AngelEye Health Raises Funding to Expand Patient Engagement Platform

United Health Centers of San Joaquin Valley Notifies Patients About August 2021 Ransomware Attack

HC3 Report Reveals Cyberattack Trends and Provides Insights to Improve Healthcare Cybersecurity

Tampa General Hospital Sued over 1.2 Million Record Data Breach

HHS Information Security Program Rated ‘Not Effective’

Dentist Disclosing PHI in Response to Negative Online Review Leads to $50,000 Civil Monetary Penalty

The Pandemic Accelerated Consumers’ Digital Health Tech Ownership As Big Tech Morphs To Big Health

FBI Thwarted ‘Despicable’ Cyberattack on Boston Children’s Hospital

Asante Discovers 9 Years of Unauthorized Medical Record Access by a Physician

Healthcare Sector Warned About Increase in GootLoader Malware Infections

Patch Due for Release on November 1, 2022 to Fix Critical OpenSLL Vulnerability

HC3 Warns Healthcare Sector About Growing Threat from Emotet Malware

Interview: Stacey A. Tovino, JD, PhD, William J. Alley Professor of Law, University of Oklahoma College of Law

HC3 Warns of Risk of Web Application Attacks on Healthcare Organizations

The Pace of Tech-Adoption Grows Among Older Americans, AARP Finds – But Privacy Concerns May Limit Adoption

Know Your Adversary: HC3 Shares Details of Chinese APT Groups Targeting the Healthcare Sector

Multiple Security Vulnerabilities Identified at Arizona VA Healthcare System

OpenSSL Downgrades Bug Severity to High and Releases Patches

NIST Releases Draft Version of Cybersecurity Framework 2.0 for Public Comment

Healthcare Industry Warned About Risk Posed by APT41 Threat Group

My Health, My Data – Thinking Consumers, Privacy and Self-Care at HIMSS 2023

Healthcare Industry Most Commonly Attacked with Downloaders and Ransomware

Core Principles for Application Decommissioning and Data Archiving

Health Gorilla Raises $50M to Expand FHIR-Native Health Interoperability Platform

Accellion Settles Healthcare Data Breach Suit for $8.1 Mil

Stay Connected