2022, HIPAA and Medicare - Health Care Compliance Brief

Up to 254,000 Medicare Beneficiaries Affected by Ransomware Attack on CMS Subcontractor

HIPAA Journal

DECEMBER 15, 2022

On November 14, 2022, Fairmont, WV-based Health Care Management Solutions (HMS) reported a data breach to the HHS’ Office for Civil Rights that affected up to 500,000 individuals. It has now been confirmed that HMS suffered a ransomware attack on October 8, 2022. At the time, few details about the breach were released.

Ransomware

Ransomware Medicare Medicare HIPAA

What is a HIPAA Violation?

HIPAA Journal

DECEMBER 31, 2022

To best answer the question what is a HIPAA violation, it is necessary to explain what HIPAA is, who it applies to, and what constitutes a violation; for although most people believe they know what a HIPAA compliance violation is, evidence suggests otherwise. What is HIPAA and Who Does It Apply To?

HIPAA

HIPAA Due Diligence Compliance Fraud

COVID-19 Public Health Emergency and HIPAA Telehealth Flexibilities Due to be Extended

HIPAA Journal

OCTOBER 13, 2022

The Secretary of the Department of Health and Human Services, Xavier Becerra, is expected to extend the COVID-19 Public Health Emergency (PHE) today (October 13, 2022) for the 11th time. The COVID-19 PHE was first declared in January 2020 by then HHS Secretary, Alex Azar II, with the last extension issued by Becerra on July 15, 2022.

COVID-19

COVID-19 Public Health HIPAA Medicare

Mailing Error at CMS Vendor Affects 10,000 Medicare Beneficiaries

HIPAA Journal

APRIL 27, 2023

The Centers for Medicare & Medicaid Services (CMS) has started notifying certain Medicaid beneficiaries about an impermissible disclosure of some of their protected health information due to a mailing error at one of its contractors. The CMS believes that the risk of identity theft and Medicare fraud is minimal.

Medicare

Medicare Medicare Medicaid Medicaid

Tift Regional Medical Center Patients Notified About August 2022 Cyberattack

HIPAA Journal

AUGUST 15, 2023

Tift Regional Medical Center in Georgia has started notifying 180,142 patients that their personal and protected health information was compromised in a cyberattack that was detected on or around August 16, 2022. The post Tift Regional Medical Center Patients Notified About August 2022 Cyberattack appeared first on HIPAA Journal.

Ransomware

Ransomware Electronic Medical Records HIPAA Medicaid

State of HIPAA – May 2023 Report

HIPAA Journal

MAY 29, 2023

It has been 27 years since President Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) into law, but compliance is still proving a challenge for many HIPAA-regulated entities. million in 2022. The average HIPAA penalty has fallen from $2.6 million in 2018 to just $1.6

HIPAA

HIPAA Compliance Due Diligence COVID-19

What is HIPAA Enforcement Discretion?

HIPAA Journal

JUNE 26, 2023

HIPAA enforcement discretion occurs when the Secretary for Health and Human Services (HHS) announces the Department will exercise discretion in the enforcement of HIPAA Rules. Typically, Notices of Enforcement Discretion last between 72 hours and 60 days, are state or region-specific and apply to specific provisions of the HIPAA Rules.

HIPAA

HIPAA COVID-19 COVID-19 Vaccine Public Health

MIPS and MACRA 2022: What’s New?

Compliancy Group

NOVEMBER 16, 2022

In 2015, legislation known as the Medicare Access and CHIP Reauthorization Act (MACRA) was enacted. Under MACRA, the Centers for Medicare and Medicaid Services created regulations for healthcare providers’ use of health information technology. MACRA MIPS 2022 is discussed in greater detail below. Find Out More!

Medicare

Medicare Medicare HIPAA Medicaid

Editorial: 5 Gaps in HIPAA and How They Are Being Filled

HIPAA Journal

OCTOBER 21, 2022

There are – and always have been – gaps in HIPAA and, after more than a quarter of a century, some have yet to be addressed. Most of the gaps in HIPAA are attributable to omissions from the original Act, provisions of HIPAA and HITECH that have never been enacted, and the increasing use of technology in healthcare.

HIPAA

HIPAA Compliance Medicare Medicare

The New Search for Reproductive Justice in Old Laws

Bill of Health

OCTOBER 26, 2022

In the post- Dobbs fight to safeguard reproductive healthcare, a new spotlight has been placed on two existing federal laws: the Health Insurance Portability and Accountability Act (HIPAA) and the Emergency Medical Treatment and Active Labor Act (EMTALA). . In June 2022, the U.S. OCR HIPAA Privacy Rule Guidance. The Old Laws.

HIPAA

HIPAA Medicare Medicare Medicaid

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

HIPAA Journal

MAY 2, 2022

6 data breaches have recently been reported by HIPAA-regulated entities that have collectively resulted in the exposure and potential theft of the protected health information of tens of thousands of individuals. The email account breaches were detected by the hospital on January 19, 2022. La Casa de Salud, New York.

HIPAA

HIPAA Health Insurance Licensing Hospitals

10 Charged Over BEC Scams Targeting Medicare, Medicaid, and Private Insurance Programs

HIPAA Journal

NOVEMBER 21, 2022

million being defrauded from Medicaid, Medicare, and private health insurance programs. Five state Medicaid programs, two Medicare Administrative Contractors, and two private health insurers were tricked into changing the bank account details for payments. Medicare, Medicaid, and private health insurers suffered losses of more than $4.7

Medicaid

Medicaid Medicaid Medicare Medicare

2022 Budget Bill Includes Mandatory Healthcare Cyber Incident Reporting

Med Law Blog

APRIL 4, 2022

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), was passed as part of the consolidated Budget Act for 2022, which also included the telehealth provisions I posted about last week. The definition of “covered entity” in the Act is far greater than covered entity as defined by HIPAA.

HIPAA

HIPAA Medicare Medicare Compliance

Did COVID Lead to a Lower HIPAA Fine?

Compliancy Group

AUGUST 19, 2022

On Friday afternoon, July 15, 2022, the Department of Health and Human Services Office for Civil Rights announced 11 enforcement actions against healthcare providers across the country for alleged violations of the HIPAA Privacy Rule right of access provisions. Let’s Simplify Compliance Avoid HIPAA violation fines.

HIPAA

HIPAA COVID-19 Compliance Health Insurance

OCR Releases Guidance on HIPAA Compliance When Providing Audio-Only Telehealth

Health Law RX

JUNE 28, 2022

The Guidance is the strongest signal yet from OCR that it intends to resume imposing penalties against covered entities that do not comply with the HIPAA Rules when providing telehealth. The Guidance is meant to assist covered entities with HIPAA compliance when the Telehealth Notification (defined below) is no longer in effect.

HIPAA

HIPAA Compliance COVID-19 Medicaid

More Than 4 Million Individuals Affected by Cyberattack on Independent Living Systems

HIPAA Journal

MARCH 15, 2023

According to the breach notification, ILS identified suspicious activity within its computer systems on July 5, 2022. Assisted by third-party cybersecurity experts, ILS determined that unauthorized individuals accessed its network between June 30, 2022, and July 5, 2022, and acquired files containing sensitive data.

HIPAA

HIPAA Health Insurance Medicaid Medicaid

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

HIPAA Journal

OCTOBER 7, 2022

On August 5, 2022, Anthem discovered that an unauthorized individual had gained access to a database and downloaded files containing plan members’ protected health information, including names, addresses, dates of birth, phone numbers, email addresses, Medicare ID numbers, and Medicaid ID numbers.

HIPAA

HIPAA Health Insurance Medicaid Medicaid

Costco Pharmacy Patients Sue for Website Tracking Technology Disclosures of PHI to Third Parties

HIPAA Journal

NOVEMBER 10, 2023

Two lawsuits have recently been filed against Costco Wholesale over the use of these trackers on the Costco Pharmacy pages of the Costco website, which has allegedly impermissibly disclosed information protected under the Health Insurance Portability and Accountability Act (HIPAA). Ellersick and Hart L. Robinovitch of Zimmerman Reed LLP.

HIPAA

HIPAA Health Insurance Medicare Medicare

AHA, AMA, BCBSA Urge CMS Not to Adopt Proposed Standards for Healthcare Attachments

HIPAA Journal

JULY 28, 2023

The HHS’ Centers for Medicare and Medicaid Services (CMS) is being urged not to implement the proposed standards for prior authorization attachments, as detailed in its December 2022 Notice of Proposed Rulemaking (NPR).

HIPAA

HIPAA Health Insurance Medicaid Medicaid

Humana Members Impacted by Choice Health Data Breach

HIPAA Journal

SEPTEMBER 29, 2022

Humana has recently announced that the protected health information of 22,767 individuals has potentially been compromised in a security incident and data breach at one of its business associates – Choice Health – which Human used to sell Medicare products on its behalf.

Health Insurance

Health Insurance Medicare Medicare Fraud

Security Breaches in Healthcare in 2023

HIPAA Journal

JANUARY 31, 2024

In the paper, the HHS indicated it will be adopting a carrot-and-stick approach by developing voluntary Healthcare and Public Health (HPH) Sector Cybersecurity Goals (CPGs) that consist of cybersecurity measures that will have the greatest impact on security along with an update to the HIPAA Security Rule to add new cybersecurity requirements.

Ransomware

Ransomware HIPAA Hospitals Compliance

Independent Living Systems Sued Over 4 Million-Record Data Breach

HIPAA Journal

MARCH 21, 2023

ILS Identified the breach in July 2022 and determined unauthorized individuals had access to its network between June 30, 2022, and July 5, 2022. The post Independent Living Systems Sued Over 4 Million-Record Data Breach appeared first on HIPAA Journal.

Fraud

Fraud Health Insurance Medicaid Medicaid

Ransomware Attack Key Factor in H1 Operating Losses of $102.6 Million for Point32 Health

HIPAA Journal

AUGUST 25, 2023

million in the first 6 months of 2022 on $4.9 The attack resulted in systems being taken offline for several weeks, including the systems that support the Harvard Pilgrim Health Care Commercial and Medicare Advantage Stride℠ plans (HMO)/(HMO-POS). Million for Point32 Health appeared first on HIPAA Journal. billion in revenue.

Ransomware

Ransomware HIPAA Medicare Medicare

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

HIPAA Journal

OCTOBER 17, 2022

Valle de Sol did not state in its notification letters when hackers gained access to its network, or for how long they had access, but did confirm that the unauthorized activity was detected on January 25, 2022. A comprehensive review was conducted of all files that may have been accessed, which was completed on July 18, 2022.

Health Insurance

Health Insurance Licensing Fraud HIPAA

New York Provider of Administrative Anesthesiology Services Facing Multiple Class Action Data Breach Lawsuits

HIPAA Journal

NOVEMBER 15, 2022

Anesthesiology firms started reporting data breaches to the Department of Health and Human Services’ Office for Civil Rights in September 2022, with the notification letters to patients indicating there had been a data breach at their anesthesia management services organization. The notification letters failed to name that company.

HIPAA

HIPAA Fraud Licensing Health Insurance

Solara Medical Supplies $9.76 Million Data Breach Settlement Gets Preliminary Approval

HIPAA Journal

MAY 19, 2022

The settlement has received preliminary approval from the court and a final hearing for the settlement has been scheduled for September 12, 2022. The deadline for submitting a claim is August 8, 2022, and the deadline for objecting to the settlement or requesting to be excluded from the settlement is August 22, 2022.

Licensing

Licensing HIPAA Health Insurance Medicaid

Resources for Human Development, WellStar Health & Central Vermont Eye Care Announce Data Breaches

HIPAA Journal

APRIL 13, 2022

The theft occurred on or around January 27, 2022, and was discovered by RHD on February 16, 2022. The data was uploaded to the leak site on March 17, 2022. Wellstar Health learned about the security breach on February 7, 2022, with the forensic investigation confirming that the breach was limited to two email accounts.

Ransomware

Ransomware HIPAA Licensing Health Insurance

Mon Health Faces Class Action Lawsuit Over 493K Record Data Breach

HIPAA Journal

OCTOBER 6, 2022

Mon Health announced the security breach on February 28, 2022, and confirmed that the hackers had access to the personal and protected health information of 492,861 individuals , including information about patients, employees, providers, and contractors.

HIPAA

HIPAA Fraud Hospitals Health Insurance

MIPS Rules for 2023: Onward and Upward

Compliancy Group

OCTOBER 5, 2023

The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) was signed into law to improve patient healthcare outcomes. Under MACRA, the Centers for Medicare and Medicaid Services (CMS) created regulations to encourage healthcare providers to use secure health information technology. The MIPS rules for 2023 are discussed below.

HIPAA

HIPAA Medicare Medicare Compliance

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

HIPAA Journal

SEPTEMBER 9, 2022

That process concluded on June 24, 2022. has recently notified the Montana Attorney General about a cyberattack that was detected on April 11, 2022. The investigation confirmed on June 9, 2022, that files may have been accessed or exfiltrated from its systems between January 19, 2022, and April 11, 2022.

Licensing

Licensing Health Insurance Fraud HIPAA

Data Breaches Reported by the New Jersey Department of Health, Onyx Technologies & San Diego American Indian Health Center

HIPAA Journal

AUGUST 24, 2022

On June 28, 2022, Onyx discovered its computer systems had been accessed by unauthorized individuals, who may have gained access to the protected health information of iCare members, including names, birth dates, addresses, phone numbers, iCare member ID numbers, Medicare ID Numbers, dates of service, and provider names.

HIPAA

HIPAA Licensing Hospitals Health Insurance

CMS Issues Proposed Rule to Standardize Electronic Health Care Attachments Transactions and Electronic Signature under HIPAA

C&M Health Law

JANUARY 20, 2023

This builds on the HIPAA Transactions Rule standards for financial and administrative transactions among health care providers and health plans and aligns with Department of Health and Human Services (HHS) interoperability regulations.

HIPAA

HIPAA US Department of Health and Human Services Compliance Health Insurance

Cybersecurity is Now a Patient Safety Issue, Suggests Sen. Warner In Congressional Report

HIPAA Journal

NOVEMBER 4, 2022

The Department of Health and Human Services (HHS) is the Sector Risk Management Agency (SRMA) for the healthcare industry, but within the HHS agencies such as the Office for Civil Rights (OCR), Centers for Medicare and Medicaid Services (CMS), and the Food and Drug Administration (FDA) have their own jurisdictions and cybersecurity policies.

HIPAA

HIPAA Governance FDA Medicaid

Evergreen Treatment Services Hacking Incident Affects 21K Patients

HIPAA Journal

MARCH 2, 2023

The attack was detected on November 28, 2022, when suspicious activity was identified within its network. An individual had uploaded a Medicare remittance document to an Adobe Acrobat website that contained the data of Sentara Healthcare patients. Coronis Health provided further training to its entire team in response to the error.

Medicare

Medicare Medicare Fraud HIPAA

Refuah Health Center Alerts 260K Patients About May 2021 Cyberattack

HIPAA Journal

MAY 16, 2022

According to the April 29, 2022, notification on the healthcare provider’s website, “We recently discovered unauthorized access to our network occurred between May 31, 2021, and June 1, 2021.” On March 15, 2022, RiverKids discovered an unauthorized individual had gained access to the email account of an employee.

Health Insurance

Health Insurance Ransomware HIPAA Licensing

What's ahead for health IT policy and legislation in 2023

Healthcare IT News - Telehealth

JANUARY 23, 2023

With Congress providing telehealth waivers as part of its omnibus spending bill at the close of 2022, delaying the "telehealth cliff" for two years, HIMSS says it's now ready to make the case for permanent reimbursement of virtual care. We now have three years of data on the impact to the Medicare Trust Fund," he said.

Medicare

Medicare Medicare Governance Medicaid

OCR Will Focus on You if You Don’t Focus on Cybersecurity

Health Law RX

DECEMBER 21, 2023

Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity vulnerabilities as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA Rules).

HIPAA

HIPAA Ransomware Compliance Medicaid

The Methodist Hospitals Settles Class Action Data Breach Lawsuit for $425,000

HIPAA Journal

JULY 21, 2022

Final approval of the settlement was received on June 13, 2022. Claims must be submitted by October 6, 2022. The post The Methodist Hospitals Settles Class Action Data Breach Lawsuit for $425,000 appeared first on HIPAA Journal. A lawsuit – Jones v. The Methodist Hospitals, Inc. –

Hospitals

Hospitals Licensing HIPAA Medicaid

Anesthesia, Eye Care, and Telehealth Providers Announce Third-Party Data Breaches

HIPAA Journal

NOVEMBER 3, 2022

Last month, HIPAA Journal reported that 13 providers of anesthesia services to hospitals had been affected by the breach. The breach was detected by the MSO on July 11, 2022, with the forensic investigation determining information stored on its systems had been compromised. The tool was removed in August 2022.

HIPAA

HIPAA Health Insurance Licensing Medicaid

Capital Region Medical Center and Labette Health Announce Potential PHI Breaches

HIPAA Journal

MARCH 14, 2022

The investigation concluded on February 11, 2022, that certain files and folders on its network that contained patients’ protected health information had been accessed by unauthorized individuals, who may have exfiltrated some of those files.

Electronic Medical Records

Electronic Medical Records Health Insurance HIPAA Licensing

Hackers Gained Access to Files Containing the PHI of 115,670 South Shore Hospital Patients

HIPAA Journal

FEBRUARY 15, 2022

Notification letters started to be sent to all affected individuals on January 24, 2022, and complimentary identity theft monitoring services have been offered to affected individuals. The post Hackers Gained Access to Files Containing the PHI of 115,670 South Shore Hospital Patients appeared first on HIPAA Journal.

Hospitals

Hospitals Health Insurance HIPAA Medicaid

How Healthcare Consumerism is Driving Integration in 2022

HIT Consultant

FEBRUARY 1, 2022

Further encouraging this long-term growth, the 2022 physician fee schedule from the Centers for Medicare and Medicaid Services extended parity reimbursement for telehealth services through December 31, 2023 – but indicates that changes may be made permanent.

Medicaid

Medicaid Medicaid HIPAA Medicare

Patient Data Compromised in Ransomware Attacks on Family Christian Health Center & Jackson County Hospital

HIPAA Journal

FEBRUARY 16, 2022

The security breach was detected on or around January 9, 2022, when certain systems were rendered inaccessible. The post Patient Data Compromised in Ransomware Attacks on Family Christian Health Center & Jackson County Hospital appeared first on HIPAA Journal.

Ransomware

Ransomware Hospitals Licensing HIPAA

Email Incidents Reported by Ultimate Care, CareOregon Advantage, and University Medical Center Southern Nevada

HIPAA Journal

MARCH 25, 2022

Notification letters were sent to affected individuals on February 22, 2022. On January 27, 2022, an email containing an attachment with plan member data was sent to a contracted consultant in error. The attached file contained information such as member names, ID numbers, Medicare/Medicaid numbers, and dates of birth.

Health Insurance

Health Insurance Licensing Ransomware Fraud

Up to 254,000 Medicare Beneficiaries Affected by Ransomware Attack on CMS Subcontractor

What is a HIPAA Violation?

Trending Sources

COVID-19 Public Health Emergency and HIPAA Telehealth Flexibilities Due to be Extended

Mailing Error at CMS Vendor Affects 10,000 Medicare Beneficiaries

Tift Regional Medical Center Patients Notified About August 2022 Cyberattack

State of HIPAA – May 2023 Report

What is HIPAA Enforcement Discretion?

MIPS and MACRA 2022: What’s New?

Editorial: 5 Gaps in HIPAA and How They Are Being Filled

The New Search for Reproductive Justice in Old Laws

6 HIPAA-Regulated Entities Report Email Account Breaches and the Exposure of PHI

10 Charged Over BEC Scams Targeting Medicare, Medicaid, and Private Insurance Programs

2022 Budget Bill Includes Mandatory Healthcare Cyber Incident Reporting

Did COVID Lead to a Lower HIPAA Fine?

OCR Releases Guidance on HIPAA Compliance When Providing Audio-Only Telehealth

More Than 4 Million Individuals Affected by Cyberattack on Independent Living Systems

PHI Exposed in Data Incidents at Anthem, WellMed Medical Management and CareOregon

Costco Pharmacy Patients Sue for Website Tracking Technology Disclosures of PHI to Third Parties

AHA, AMA, BCBSA Urge CMS Not to Adopt Proposed Standards for Healthcare Attachments

Humana Members Impacted by Choice Health Data Breach

Security Breaches in Healthcare in 2023

Independent Living Systems Sued Over 4 Million-Record Data Breach

Ransomware Attack Key Factor in H1 Operating Losses of $102.6 Million for Point32 Health

70,000 Valle del Sol Community Health Patients Affected by Cyberattack

New York Provider of Administrative Anesthesiology Services Facing Multiple Class Action Data Breach Lawsuits

Solara Medical Supplies $9.76 Million Data Breach Settlement Gets Preliminary Approval

Resources for Human Development, WellStar Health & Central Vermont Eye Care Announce Data Breaches

Mon Health Faces Class Action Lawsuit Over 493K Record Data Breach

MIPS Rules for 2023: Onward and Upward

Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care Inc.

Data Breaches Reported by the New Jersey Department of Health, Onyx Technologies & San Diego American Indian Health Center

CMS Issues Proposed Rule to Standardize Electronic Health Care Attachments Transactions and Electronic Signature under HIPAA

Cybersecurity is Now a Patient Safety Issue, Suggests Sen. Warner In Congressional Report

Evergreen Treatment Services Hacking Incident Affects 21K Patients

Refuah Health Center Alerts 260K Patients About May 2021 Cyberattack

What's ahead for health IT policy and legislation in 2023

OCR Will Focus on You if You Don’t Focus on Cybersecurity

The Methodist Hospitals Settles Class Action Data Breach Lawsuit for $425,000

Anesthesia, Eye Care, and Telehealth Providers Announce Third-Party Data Breaches

Capital Region Medical Center and Labette Health Announce Potential PHI Breaches

Hackers Gained Access to Files Containing the PHI of 115,670 South Shore Hospital Patients

How Healthcare Consumerism is Driving Integration in 2022

Patient Data Compromised in Ransomware Attacks on Family Christian Health Center & Jackson County Hospital

Email Incidents Reported by Ultimate Care, CareOregon Advantage, and University Medical Center Southern Nevada

Stay Connected