The Department of Health and Human Services has issued a new proposed rule to better align the HIPAA privacy and breach notification rules with regulations involving the confidentiality of records pertaining to patients receiving treatment for substance use disorders.
Healthcare providers and their vendors often fear federal regulatory action, but do fines and corrective action many any difference at all? As breach cases have nearly doubled since 2018, federal fines dropped 93% in 2022, and some say the agency is understaffed and crippled by legal challenges.
An Indiana healthcare network, Community Health Network, is the latest medical entity to classify its use of online tracking code as a data breach reportable to federal regulators. It said the unauthorized access/disclosure breach affected 1.5 million individuals.
Authorities charged six people, including five former Tennessee hospital workers, with conspiracy in disclosing health data. Federal prosecutors say the six sold information about patients involved in motor vehicle accidents to third parties, including chiropractors and personal injury attorneys.
A server misconfiguration at Kentucky-based CorrectCare Integrated Health Inc., a firm that provides medical claims processing for correctional facilities, has exposed sensitive information of nearly 600,000 inmates who received medical care during the last decade while incarcerated.
A New York-based firm that provides anesthesiology administrative services to 100 surgery centers and medical offices across the U.S. is facing at least five proposed federal class action lawsuits following a July hacking incident that affected some of its clients and over 450,000 of their patients.
A recent ransomware attack at a Texas hospital that knocked out phone and email systems for weeks is now even worse following OakBend Medical Center's admission that the hackers downloaded data from the medical records of up to 500,000 individuals.
A U.S. federal district judge said users would be "shocked to realize" that Facebook collects patient data. Plaintiffs suing the social media giant asked the judge to enjoin the company from intercepting health data and communications through its Pixel web tracking tool embedded into patent portals.
A Georgia-based home health and hospice provider will pay $425,000 to Massachusetts to settle litigation stemming from a 2020 breach affecting about 166,000 individuals nationwide. The agreement comes shortly after Aveanna Healthcare settled a proposed class action lawsuit in federal district court.
Federal regulators have issued new guidance explaining how they will consider the "recognized security practices" of healthcare entities and their business associates during HIPAA enforcement activities, such as breach investigations and security audits.
A second healthcare entity is self-reporting its use of Facebook Pixel in web patient portals as a data breach to federal regulators. North Carolina-based WakeMed Health and Hospitals told federal regulators it disclosed to the social media giant patient information of half a million individuals.
Healthcare entities need to rehearse breach response playbooks to avoid paying fines to the Department of Health and Human Services for poor incident response after a severe breach. Well-tested security incident response plans ensure the security of patient data, says the HHS Office of Civil Rights.
The federal tally of health data breaches reached a new milestone this week: Since its inception in September 2009, more than 5,000 major incidents have been posted to the Department of Health and Human Services' HIPAA breach "wall of shame."
As controversy grows around the use of Facebook Pixel code and similar tracking tools that harvest sensitive health and other personal data of consumers, so does the pressure from lawmakers demanding answers from tech vendors about those data collection practices.
Health insurer EyeMed Vision Care will pay New York regulators $4.5 million to settle an investigation into its 2020 data breach incident. States are becoming more aggressive in applying enforcement actions against data breaches, say regulatory attorneys.