2022, Health Insurance, HIPAA and Medicare - Health Care Compliance Brief

What is a HIPAA Violation?

HIPAA Journal

DECEMBER 31, 2022

To best answer the question what is a HIPAA violation, it is necessary to explain what HIPAA is, who it applies to, and what constitutes a violation; for although most people believe they know what a HIPAA compliance violation is, evidence suggests otherwise. What is HIPAA and Who Does It Apply To?

HIPAA

HIPAA Due Diligence Compliance Fraud

State of HIPAA – May 2023 Report

HIPAA Journal

MAY 29, 2023

It has been 27 years since President Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) into law, but compliance is still proving a challenge for many HIPAA-regulated entities. million in 2022. The average HIPAA penalty has fallen from $2.6 million in 2018 to just $1.6

HIPAA

HIPAA Compliance Due Diligence COVID-19

Editorial: 5 Gaps in HIPAA and How They Are Being Filled

HIPAA Journal

OCTOBER 21, 2022

There are – and always have been – gaps in HIPAA and, after more than a quarter of a century, some have yet to be addressed. Most of the gaps in HIPAA are attributable to omissions from the original Act, provisions of HIPAA and HITECH that have never been enacted, and the increasing use of technology in healthcare.

HIPAA

HIPAA Compliance Medicare Medicare

The New Search for Reproductive Justice in Old Laws

Bill of Health

OCTOBER 26, 2022

In the post- Dobbs fight to safeguard reproductive healthcare, a new spotlight has been placed on two existing federal laws: the Health Insurance Portability and Accountability Act (HIPAA) and the Emergency Medical Treatment and Active Labor Act (EMTALA). . In June 2022, the U.S. OCR HIPAA Privacy Rule Guidance.

HIPAA

HIPAA Medicare Medicare Medicaid

10 Charged Over BEC Scams Targeting Medicare, Medicaid, and Private Insurance Programs

HIPAA Journal

NOVEMBER 21, 2022

million being defrauded from Medicaid, Medicare, and private health insurance programs. Five state Medicaid programs, two Medicare Administrative Contractors, and two private health insurers were tricked into changing the bank account details for payments. million, and $6.4

Medicaid

Medicaid Medicaid Medicare Medicare

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

HIPAA Journal

MAY 2, 2022

6 data breaches have recently been reported by HIPAA-regulated entities that have collectively resulted in the exposure and potential theft of the protected health information of tens of thousands of individuals. The email account breaches were detected by the hospital on January 19, 2022. La Casa de Salud, New York.

HIPAA

HIPAA Health Insurance Licensing Hospitals

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

HIPAA Journal

OCTOBER 7, 2022

Choice Health was provided with the data of plan members to perform its contracted duties. The database was accessible over the Internet due to a misconfiguration by a third-party service provider and was accessed and downloaded on May 7, 2022. CareOregon Reports August 2022 Mailing Error.

HIPAA

HIPAA Health Insurance Medicaid Medicaid

AHA, AMA, BCBSA Urge CMS Not to Adopt Proposed Standards for Healthcare Attachments

HIPAA Journal

JULY 28, 2023

The HHS’ Centers for Medicare and Medicaid Services (CMS) is being urged not to implement the proposed standards for prior authorization attachments, as detailed in its December 2022 Notice of Proposed Rulemaking (NPR).

HIPAA

HIPAA Health Insurance Medicaid Medicaid

More Than 4 Million Individuals Affected by Cyberattack on Independent Living Systems

HIPAA Journal

MARCH 15, 2023

According to the breach notification, ILS identified suspicious activity within its computer systems on July 5, 2022. Assisted by third-party cybersecurity experts, ILS determined that unauthorized individuals accessed its network between June 30, 2022, and July 5, 2022, and acquired files containing sensitive data.

HIPAA

HIPAA Health Insurance Medicaid Medicaid

Humana Members Impacted by Choice Health Data Breach

HIPAA Journal

SEPTEMBER 29, 2022

Humana has recently announced that the protected health information of 22,767 individuals has potentially been compromised in a security incident and data breach at one of its business associates – Choice Health – which Human used to sell Medicare products on its behalf.

Health Insurance

Health Insurance Medicare Medicare Fraud

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

HIPAA Journal

OCTOBER 17, 2022

Valle de Sol did not state in its notification letters when hackers gained access to its network, or for how long they had access, but did confirm that the unauthorized activity was detected on January 25, 2022. A comprehensive review was conducted of all files that may have been accessed, which was completed on July 18, 2022.

Health Insurance

Health Insurance Licensing Fraud HIPAA

Costco Pharmacy Patients Sue for Website Tracking Technology Disclosures of PHI to Third Parties

HIPAA Journal

NOVEMBER 10, 2023

Two lawsuits have recently been filed against Costco Wholesale over the use of these trackers on the Costco Pharmacy pages of the Costco website, which has allegedly impermissibly disclosed information protected under the Health Insurance Portability and Accountability Act (HIPAA). Ellersick and Hart L.

HIPAA

HIPAA Health Insurance Medicare Medicare

Did COVID Lead to a Lower HIPAA Fine?

Compliancy Group

AUGUST 19, 2022

On Friday afternoon, July 15, 2022, the Department of Health and Human Services Office for Civil Rights announced 11 enforcement actions against healthcare providers across the country for alleged violations of the HIPAA Privacy Rule right of access provisions. Let’s Simplify Compliance Avoid HIPAA violation fines.

HIPAA

HIPAA COVID-19 Compliance Health Insurance

Independent Living Systems Sued Over 4 Million-Record Data Breach

HIPAA Journal

MARCH 21, 2023

ILS Identified the breach in July 2022 and determined unauthorized individuals had access to its network between June 30, 2022, and July 5, 2022. The post Independent Living Systems Sued Over 4 Million-Record Data Breach appeared first on HIPAA Journal. The lawsuit was filed by Joseph G.

Fraud

Fraud Health Insurance Medicaid Medicaid

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

HIPAA Journal

SEPTEMBER 9, 2022

That process concluded on June 24, 2022. Those emails contained patient information such as names, dates of birth, Social Security numbers, medical information, health insurance information, driver’s license numbers, and state ID numbers. appeared first on HIPAA Journal.

Licensing

Licensing Health Insurance Fraud HIPAA

Solara Medical Supplies $9.76 Million Data Breach Settlement Gets Preliminary Approval

HIPAA Journal

MAY 19, 2022

The settlement has received preliminary approval from the court and a final hearing for the settlement has been scheduled for September 12, 2022. The deadline for submitting a claim is August 8, 2022, and the deadline for objecting to the settlement or requesting to be excluded from the settlement is August 22, 2022.

Licensing

Licensing HIPAA Health Insurance Medicaid

Hackers Gained Access to Files Containing the PHI of 115,670 South Shore Hospital Patients

HIPAA Journal

FEBRUARY 15, 2022

Notification letters started to be sent to all affected individuals on January 24, 2022, and complimentary identity theft monitoring services have been offered to affected individuals. The post Hackers Gained Access to Files Containing the PHI of 115,670 South Shore Hospital Patients appeared first on HIPAA Journal.

Hospitals

Hospitals Health Insurance HIPAA Medicaid

New York Provider of Administrative Anesthesiology Services Facing Multiple Class Action Data Breach Lawsuits

HIPAA Journal

NOVEMBER 15, 2022

Anesthesiology firms started reporting data breaches to the Department of Health and Human Services’ Office for Civil Rights in September 2022, with the notification letters to patients indicating there had been a data breach at their anesthesia management services organization. The notification letters failed to name that company.

HIPAA

HIPAA Fraud Licensing Health Insurance

Capital Region Medical Center and Labette Health Announce Potential PHI Breaches

HIPAA Journal

MARCH 14, 2022

CRMC said at this stage of the investigation it does not appear that the attackers gained access to its electronic medical record database; however, the files accessed or potentially accessed by the attackers included information such as patient names, addresses, birth dates, medical information, and health insurance information.

Electronic Medical Records

Electronic Medical Records Health Insurance HIPAA Licensing

Refuah Health Center Alerts 260K Patients About May 2021 Cyberattack

HIPAA Journal

MAY 16, 2022

Refuah Health Center in New York has recently started notifying 260,740 patients about a security breach that occurred almost a year ago. According to the April 29, 2022, notification on the healthcare provider’s website, “We recently discovered unauthorized access to our network occurred between May 31, 2021, and June 1, 2021.”

Health Insurance

Health Insurance Ransomware HIPAA Licensing

Mon Health Faces Class Action Lawsuit Over 493K Record Data Breach

HIPAA Journal

OCTOBER 6, 2022

Mon Health announced the security breach on February 28, 2022, and confirmed that the hackers had access to the personal and protected health information of 492,861 individuals , including information about patients, employees, providers, and contractors. The lawsuit, which names Monongalia Health Systems Inc.

HIPAA

HIPAA Fraud Hospitals Health Insurance

OCR Releases Guidance on HIPAA Compliance When Providing Audio-Only Telehealth

Health Law RX

JUNE 28, 2022

The Guidance is the strongest signal yet from OCR that it intends to resume imposing penalties against covered entities that do not comply with the HIPAA Rules when providing telehealth. The Guidance is meant to assist covered entities with HIPAA compliance when the Telehealth Notification (defined below) is no longer in effect.

HIPAA

HIPAA Compliance COVID-19 Medicaid

Resources for Human Development, WellStar Health & Central Vermont Eye Care Announce Data Breaches

HIPAA Journal

APRIL 13, 2022

The Philadelphia, PA-based national human services nonprofit organization, Resources for Human Development (RHD), has recently confirmed that a hard drive containing the protected health information of 46,673 individuals has been stolen. The theft occurred on or around January 27, 2022, and was discovered by RHD on February 16, 2022.

Ransomware

Ransomware Licensing HIPAA Health Insurance

Email Incidents Reported by Ultimate Care, CareOregon Advantage, and University Medical Center Southern Nevada

HIPAA Journal

MARCH 25, 2022

Notification letters were sent to affected individuals on February 22, 2022. AHA discovered the email breach in early September 2021 and determined on December 2, 2021, that files containing the protected health information of its healthcare provider clients had been accessed. AHA provided notice about the attack on January 6, 2021.

Health Insurance

Health Insurance Licensing Ransomware Fraud

Data Breaches Reported by the New Jersey Department of Health, Onyx Technologies & San Diego American Indian Health Center

HIPAA Journal

AUGUST 24, 2022

Onyx Technologies, a Largo, MD-based provider of Information Technology and Consulting Services and a vendor of Independent Care Health Plan (iCare), has recently notified 96,814 health plan members that some of their protected health information has potentially been compromised.

Licensing

Licensing HIPAA Hospitals Health Insurance

277,000 Santa Clara Family Health Plan Members Affected by GoAnywhere Hack

HIPAA Journal

APRIL 25, 2023

On February 13, 2023, NationsBenefits confirmed that the data compromised in the attack included protected health information such as name, address, phone number, gender, date of birth, health insurance number, medical ID number, Social Security number, date(s) of service, medical device or product purchased, and provider/caregiver name.

Health Insurance

Health Insurance Public Health Ransomware Fraud

Atlanta Women’s Health Group Data Breach Impacts 33,800 Patients

HIPAA Journal

JUNE 21, 2023

Approximately 13,700 of the affected individuals were members of Vermont Blue Advantage Health Insurance Plans, around 2,250 individuals were members of Vermont Blue Advantage Plans, and the remainder of the affected individuals were members of other insurance plans.

Health Insurance

Health Insurance Licensing HIPAA Medicare

Anesthesia, Eye Care, and Telehealth Providers Announce Third-Party Data Breaches

HIPAA Journal

NOVEMBER 3, 2022

Last month, HIPAA Journal reported that 13 providers of anesthesia services to hospitals had been affected by the breach. The breach was detected by the MSO on July 11, 2022, with the forensic investigation determining information stored on its systems had been compromised. The tool was removed in August 2022.

HIPAA

HIPAA Health Insurance Licensing Medicaid

Multiple Data Breaches Reported by Iowa Medicaid and South Jersey Behavioral Health Resources

HIPAA Journal

JUNE 8, 2023

Names, addresses, Social Security numbers, and health insurance were impermissibly disclosed. Telligen subcontracted part of that work to Independent Living Systems (ILS), where the data breach occurred in June and July 2022. The protected health information of approximately 20,800 Medicaid members was compromised in the attack.

Medicaid

Medicaid Medicaid Ransomware Health Insurance

OCR Will Focus on You if You Don’t Focus on Cybersecurity

Health Law RX

DECEMBER 21, 2023

Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity vulnerabilities as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA Rules).

HIPAA

HIPAA Ransomware Compliance Medicaid

Monongalia Health System Suffers Another Major Data Breach

HIPAA Journal

MARCH 3, 2022

Mon Health said the incident also affected its affiliated hospitals: Monongalia County General Hospital Company, Stonewall Jackson Memorial Hospital Company, and Preston Memorial Hospital Corporation. Notification letters started to be sent to affected individuals on February 28, 2022.

Health Insurance

Health Insurance Hospitals HIPAA Medicare

CMS Issues Proposed Rule to Standardize Electronic Health Care Attachments Transactions and Electronic Signature under HIPAA

C&M Health Law

JANUARY 20, 2023

This builds on the HIPAA Transactions Rule standards for financial and administrative transactions among health care providers and health plans and aligns with Department of Health and Human Services (HHS) interoperability regulations.

HIPAA

HIPAA US Department of Health and Human Services Compliance Health Insurance

Radiology Associates of Albuquerque Notifies Patients About Security Breach That Started in December 2020

HIPAA Journal

OCTOBER 17, 2022

RAA said the review and cataloging of the affected files took until July 2022 to complete, then it took until September 2022 to verify up-to-date contact information. The post Radiology Associates of Albuquerque Notifies Patients About Security Breach That Started in December 2020 appeared first on HIPAA Journal.

Licensing

Licensing HIPAA Health Insurance Medicaid

Data Breaches Reported by WV and CO Healthcare Providers and NJ Medical Billing Administrator

HIPAA Journal

APRIL 8, 2022

The email accounts were compromised between January 10 and 11, 2022. That review was completed on March 16, 2022. That process was completed on January 27, 2022, the affected clients were notified, and authorization was received to send notification letters.

Medical Billing

Medical Billing Licensing Health Insurance Medicaid

559,000 Individuals Affected by Murfreesboro Medical Clinic & SurgiCenter Cyberattack

HIPAA Journal

JULY 4, 2023

ARx Patient Solutions Reports Email Account Breach from 2022 The Kansas-based healthcare provider, ARx Patient Solutions, has recently notified the Maine Attorney General about a security breach that has affected 41,116 individuals, including individuals who used the ARx Patient Solutions Pharmacy.

Medicaid

Medicaid Medicaid Health Insurance Licensing

Protected Health Information Exposed in 5 Recent Hacking Incidents

HIPAA Journal

MARCH 16, 2023

According to the notice sent to the Maine Attorney General, suspicious activity was detected within its computer network on September 16, 2022; however, it took until March 8, 2023, to determine that patient data had been exposed. The post Protected Health Information Exposed in 5 Recent Hacking Incidents appeared first on HIPAA Journal.

Electronic Medical Records

Electronic Medical Records Health Insurance Ransomware HIPAA

Patient Data Likely Lost Due to Cyberattack on Mercy Medical Center – Clinton

HIPAA Journal

JUNE 8, 2023

PVOC discovered on March 3, 2022, that malware had been installed on the servers of the vendors between November 13, 2021, and November 15, 2021. On May 11, 2022, PVOC learned that Alta’s online patient portal was vulnerable to unauthorized access to payment receipts until October 26, 2021.

Ransomware

Ransomware HIPAA Licensing Health Insurance

3 Email Security Incidents Reported That Affect More Than 111,000 Patients

HIPAA Journal

MARCH 9, 2022

A review of the emails and attachments was conducted and it was confirmed on February 25, 2022, that the accounts contained names along with one or more of the following data types: inpatient/outpatient status, internal patient account number, service date, treatment cost, procedure code, provider name, and/or health insurance provider.

Health Insurance

Health Insurance Licensing Hospitals HIPAA

Is Your Organization HITECH Compliant?

AIHC

NOVEMBER 6, 2023

The focus of this article is to “connect the dots” between Health Insurance Portability & Accountability Act (HIPAA) and HITECH regarding privacy and security of electronically protected health information (ePHI). However, your organization should not address only “HIPAA” or only “HITECH”. What is “HITECH”?

HIPAA

HIPAA Compliance Governance Health Insurance

Is Your Organization HITECH Compliant?

AIHC

NOVEMBER 6, 2023

The focus of this article is to “connect the dots” between Health Insurance Portability & Accountability Act (HIPAA) and HITECH regarding privacy and security of electronically protected health information (ePHI). However, your organization should not address only “HIPAA” or only “HITECH”. What is “HITECH”?

HIPAA

HIPAA Compliance Governance Health Insurance

Health Provider News – November 4, 2022

Hall Render

NOVEMBER 4, 2022

AMA scrutinizes lack of competition, consumer harms in Medicare Advantage plans. CMS makes big changes to Medicare Shared Savings Program. CVS Health, Walgreens each to settle all opioid cases for $5B. HHS releases video on documenting recognized HIPAA security practices. CMS bumps ASC payments to 3.8 That Number is 3.

US Department of Health and Human Services

US Department of Health and Human Services COVID-19 Nurses Nursing Homes

Why Data Analytics are Critical in a Value-Based Care (VBC) Environment

AIHC

NOVEMBER 29, 2023

A 2022 report from the Commonwealth Fund U.S. Health Care from a Global Perspective, 2022: Accelerating Spending, Worsening Outcomes indicates that in 2021 the U.S. We recommend reading Leadership in a Value-Based Care (VBC) Environment in addition to this article. Why this Trend of Value-Based Care?

Medicare

Medicare Medicare Medicaid Medicaid

CMS Finalizes its Proposal to Advance Interoperability and Improve Prior Authorization Processes

Healthcare Law Blog

JANUARY 26, 2024

On December 13, 2022, the Centers for Medicare and Medicaid Services (“CMS”) issued a proposed rule, titled Advancing Interoperability and Improving Prior Authorization Processes (“Proposed Rule”), to improve patient and provider access to health information and streamline processes related to prior authorizations for medical items and services.

US Department of Health and Human Services

US Department of Health and Human Services Medicare Medicare Medicaid

Why Data Analytics are Critical in a Value-Based Care (VBC) Environment

AIHC

NOVEMBER 29, 2023

A 2022 report from the Commonwealth Fund U.S. Health Care from a Global Perspective, 2022: Accelerating Spending, Worsening Outcomes indicates that in 2021 the U.S. We recommend reading Leadership in a Value-Based Care (VBC) Environment in addition to this article. Why this Trend of Value-Based Care?

Medicare

Medicare Medicare Medicaid Medicaid

What is a HIPAA Violation?

State of HIPAA – May 2023 Report

Trending Sources

Editorial: 5 Gaps in HIPAA and How They Are Being Filled

The New Search for Reproductive Justice in Old Laws

10 Charged Over BEC Scams Targeting Medicare, Medicaid, and Private Insurance Programs

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

AHA, AMA, BCBSA Urge CMS Not to Adopt Proposed Standards for Healthcare Attachments

More Than 4 Million Individuals Affected by Cyberattack on Independent Living Systems

Humana Members Impacted by Choice Health Data Breach

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

Costco Pharmacy Patients Sue for Website Tracking Technology Disclosures of PHI to Third Parties

Did COVID Lead to a Lower HIPAA Fine?

Independent Living Systems Sued Over 4 Million-Record Data Breach

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

Solara Medical Supplies $9.76 Million Data Breach Settlement Gets Preliminary Approval

Hackers Gained Access to Files Containing the PHI of 115,670 South Shore Hospital Patients

New York Provider of Administrative Anesthesiology Services Facing Multiple Class Action Data Breach Lawsuits

Capital Region Medical Center and Labette Health Announce Potential PHI Breaches

Refuah Health Center Alerts 260K Patients About May 2021 Cyberattack

Mon Health Faces Class Action Lawsuit Over 493K Record Data Breach

OCR Releases Guidance on HIPAA Compliance When Providing Audio-Only Telehealth

Resources for Human Development, WellStar Health & Central Vermont Eye Care Announce Data Breaches

Email Incidents Reported by Ultimate Care, CareOregon Advantage, and University Medical Center Southern Nevada

Data Breaches Reported by the New Jersey Department of Health, Onyx Technologies & San Diego American Indian Health Center

277,000 Santa Clara Family Health Plan Members Affected by GoAnywhere Hack

Atlanta Women’s Health Group Data Breach Impacts 33,800 Patients

Anesthesia, Eye Care, and Telehealth Providers Announce Third-Party Data Breaches

Multiple Data Breaches Reported by Iowa Medicaid and South Jersey Behavioral Health Resources

OCR Will Focus on You if You Don’t Focus on Cybersecurity

Monongalia Health System Suffers Another Major Data Breach

CMS Issues Proposed Rule to Standardize Electronic Health Care Attachments Transactions and Electronic Signature under HIPAA

Radiology Associates of Albuquerque Notifies Patients About Security Breach That Started in December 2020

Data Breaches Reported by WV and CO Healthcare Providers and NJ Medical Billing Administrator

559,000 Individuals Affected by Murfreesboro Medical Clinic & SurgiCenter Cyberattack

Protected Health Information Exposed in 5 Recent Hacking Incidents

Patient Data Likely Lost Due to Cyberattack on Mercy Medical Center – Clinton

3 Email Security Incidents Reported That Affect More Than 111,000 Patients

Is Your Organization HITECH Compliant?

Is Your Organization HITECH Compliant?

Health Provider News – November 4, 2022

Why Data Analytics are Critical in a Value-Based Care (VBC) Environment

CMS Finalizes its Proposal to Advance Interoperability and Improve Prior Authorization Processes

Why Data Analytics are Critical in a Value-Based Care (VBC) Environment

Stay Connected