Our Blog
HIPAA Compliant News Articles and Enforcement
$5.5 million HIPAA settlement shines light on the importance of audit controls
Memorial Healthcare System (MHS) has paid the U.S. Department of Health and Human Services (HHS) $5.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules and agreed to implement a robust corrective action plan. MHS is a nonprofit corporation which operates six hospitals, an…
Read MoreChildren’s Medical Center of Dallas Pays Penalty of 3.2 Million for HIPAA and Compliance Violations
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) civil money penalty against Children’s Medical Center of Dallas (Children’s) based on its impermissible disclosure of unsecured electronic protected health information (ePHI) and non-compliance over many years with multiple standards…
Read MoreRansomware Infection Results in Patients PHI Being Encrypted
Another healthcare provider has announced that a ransomware infection has resulted in patients’ protected health information being encrypted, and potentially accessed, by cybercriminals. The Susan M. Hughes Center, a provider of aesthetic medicine and cosmetic surgery services in New Jersey and Philadelphia, discovered ransomware had been installed on its computer system on August 30, 2016.…
Read MoreFirst HIPAA enforcement action for lack of timely breach notification settles for $475,000
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced the first Health Insurance Portability and Accountability Act (HIPAA) settlement based on the untimely reporting of a breach of unsecured protected health information (PHI). Presence Health has agreed to settle potential violations of the HIPAA Breach Notification Rule by paying…
Read MoreWhy OCR is turning up the heat on business associates
The HIPAA spotlight is beginning to shine brightly on business associates. Covered entities have long had their time to star, so it is only fair to share the stage now. It is likely that covered entities are only too happy to have the Office for Civil Rights and others focus attention on business associates, with…
Read MoreNew Jersey Spine Center Pays Ransom to Unlock EHR System
The New Jersey Spine Center has reported it has suffered a ransomware attack that resulted not only in the electronic health records of patients being encrypted, but also its backup files. The infection also disabled the spine center’s phone system. The ransomware was installed on July 27, 2016, and while the organization’s antivirus software did detect…
Read MoreUPDATED SECURITY RISK ASSESSMENT TOOL RELEASED BY ONC
OCR prefers to settle HIPAA compliance issues through voluntary compliance and non-punitive means, although financial penalties are now becoming more commonplace. If OCR investigators uncover HIPAA violations, financial penalties may be issued. Fines of up to $1.5 million can be issued for each violation category discovered. One of the most common reasons for a financial…
Read MoreTexas Doctor Resentenced to Prison Following Appeal
TYLER, Texas – A 65-year-old Dallas County, Texas, physician, has been resentenced to federal prison for health care fraud and identity theft violations in the Eastern District of Texas, announced U.S. Attorney John M. Bales. In July 2014, Tariq Mahmood, of Cedar Hill, Texas, was found guilty by a jury of conspiracy to commit health…
Read MoreDoctor Sentenced to 4 Years in Prison for Falsely Certifying Patients Were Terminally Ill
LOS ANGELES – A doctor from Pasadena who falsely certified that at least 79 Medicare and Medi-Cal patients were qualified for hospice care because they were terminally ill – when, in fact, the vast majority of them were not dying – has been sentenced to four years in federal prison. Boyao Huang, 43, was sentenced…
Read More