SAG-AFTRA Health Plan agreed to a $950,000 settlement to resolve consolidated class action claims arising from a September 2024 phishing-related email breach that exposed personal and protected health information (PHI). Incident Overview Hackers accessed the […]
A $3.75 million settlement has been agreed to resolve a data breach lawsuit involving Memorial Heart Institute, doing business as Chattanooga Heart Institute in Tennessee, following a 2023 cyberattack that exposed protected health information (PHI). […]
Cardiovascular Consultants in Arizona agreed to a $3,850,000 settlement to resolve a class action lawsuit related to a 2023 data breach affecting 484,000 individuals. Incident Overview The data breach was detected on September 29, 2023. […]
February 2026 recorded 63 healthcare data breaches affecting 500 or more individuals, exposing the protected health information (PHI) of at least 8,134,378 individuals and reflecting both an increase in breach volume and a substantial rise […]
Cardiovascular Consultants in Arizona has agreed to a $3,850,000 settlement to resolve a class action lawsuit arising from a 2023 data breach that exposed the protected health information (PHI) of 484,000 individuals. Breach Incident The […]
Healthcare organizations experienced the highest level of cyber targeting in 2025, with the sector accounting for 27% of incidents and recording the highest average ransom payments at $1,154,245. Healthcare Sector Cyber Incident Data The BakerHostetler […]
GuardDog Telehealth acknowledged that it accessed patient medical records through health information exchange systems for purposes not related to treatment and shared the information with law firms seeking potential litigation cases. Unauthorized Use Of Patient […]
Long Island Plastic Surgical Group, P.C. has agreed to establish a $2,600,000 settlement fund to resolve class action litigation related to unauthorized access to its computer systems on or about January 4, 2024. Cybersecurity Incident […]
Forty six large healthcare data breaches affecting 1,441,182 individuals were reported in January 2026 based on data listed on the U.S. Department of Health and Human Services Office for Civil Rights breach portal. Reported Breach […]
HIPAA-covered entity Asheville Eye Associates agreed to a class action settlement to resolve lawsuit arising from a November 2024 cyberattack in which a ransomware actor accessed and potentially exfiltrated sensitive patient information. Litigation Background The […]
HIPAA training self-attestation is not recommended because it produces weak evidence of workforce comprehension, reduces learner attention compared to randomized knowledge checks, and creates avoidable exposure during an Office for Civil Rights investigation when the […]
The deadline for HIPAA-regulated organizations to report small healthcare data breaches affecting fewer than 500 individuals to the Department of Health and Human Services’ Office for Civil Rights is March 1, 2026, for breaches discovered […]
A total of 41 large healthcare data breaches affecting 500 or more individuals were reported to the U.S. Department of Health and Human Services Office for Civil Rights (OCR) in December 2025, marking one of […]
Google Meet is an innovative VoIP and videoconferencing program that healthcare providers can use to deliver telehealth services, remote consultation services, and virtual patient sessions. However, is Google Meet compliant with HIPAA? Google Meet is […]
Outlook can be used for HIPAA-regulated email when the organization uses it within a Microsoft service arrangement that includes a business associate agreement, and when Outlook and the underlying email service are configured and operated […]
HIPAA matters to patients because it creates federal requirements that limit how Covered Entities and Business Associates use and disclose protected health information, require safeguards for health information, and give individuals enforceable rights over their […]
Gryphon Healthcare agreed to pay $2.87 million to settle a class action data breach lawsuit alleging exposed protected health information (PHI) following a July 2024 cyberattack. Data Breach Incident Details Gryphon Healthcare is a Houston, […]
Criminal penalties for HIPAA violations apply when a person knowingly obtains or discloses individually identifiable health information in violation of federal law, with maximum penalties that range from a fine of up to $50,000 and […]
Financial penalties for HIPAA violations include civil monetary penalties assessed by the HHS Office for Civil Rights under a tiered framework, monetary settlements paid to resolve enforcement actions, and costs tied to corrective action obligations, […]
Dropbox is not HIPAA compliant by default, and it is only appropriate for storing or sharing protected health information when the healthcare organization uses an eligible Dropbox team plan, executes a Business Associate Agreement with […]
HIPAA compliance regulations are the federal regulatory requirements that implement the Health Insurance Portability and Accountability Act of 1996 and govern how HIPAA Covered Entities and Business Associates use, disclose, safeguard, and respond to compromises […]
HIPAA compliance guidelines for Business Associates require a signed Business Associate Agreement with the Covered Entity, implementation of HIPAA Security Rule safeguards for electronic protected health information, compliance with applicable HIPAA Privacy Rule provisions governing […]
HIPAA compliance software is a category of tools used by HIPAA Covered Entities and Business Associates to manage, track, and retain documentation that supports compliance with the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA […]
A HIPAA compliance checklist is a documented control list used by a HIPAA Covered Entity or Business Associate to verify implementation and ongoing operation of requirements under the HIPAA Privacy Rule, HIPAA Security Rule, and […]
The consequences of non-compliance with HIPAA include civil monetary penalties, mandatory corrective action obligations, government monitoring, and criminal penalties for certain knowing misconduct involving individually identifiable health information. Enforcement actions can require changes to privacy […]
A HIPAA compliance certificate is a document issued by a training provider or assessor that records completion of a defined HIPAA-related training or evaluation activity and serves as evidence of participation, scope, and date rather […]
HIPAA implications for healthcare compliance include implementing and maintaining policies, procedures, workforce practices, and vendor controls that ensure uses and disclosures of protected health information comply with the HIPAA Privacy Rule, electronic protected health information […]
HIPAA requirements for healthcare data transmission require HIPAA Covered Entities and Business Associates to transmit protected health information only for permitted purposes under the HIPAA Privacy Rule, to limit transmitted information under the HIPAA Minimum […]
HIPAA violation fines for non-compliance include civil monetary penalties assessed by the Department of Health and Human Services Office for Civil Rights using tiered, inflation-adjusted dollar ranges per violation, and criminal fines that can be […]
A patient’s rights are a required operational component of HIPAA compliance because the HIPAA Privacy Rule mandates processes that allow individuals to access and obtain copies of protected health information, request amendments, receive an accounting […]
HIPAA guidelines for nursing students require protecting protected health information in any format, using or disclosing protected health information only for authorized education and patient care purposes, applying the HIPAA Minimum Necessary Rule when the […]
Documenting HIPAA compliance requires maintaining written and retained evidence that required HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule controls are implemented, operating, and updated for the protected health information an organization […]
HIPAA compliance in mental health is implemented by applying the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, and HIPAA Minimum Necessary Rule to psychotherapy notes, mental health records, care coordination, billing, telehealth, […]
HIPAA compliance and penalty avoidance are achieved by implementing documented HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule controls, maintaining evidence of those controls through policies and records, and operating a risk-based […]
The key provisions of HIPAA establish national standards for the privacy and security of protected health information, define when and how protected health information may be used and disclosed, require safeguards for electronic protected health […]
A HIPAA compliance officer is responsible for designing, implementing, and monitoring an organization’s HIPAA compliance program to meet requirements under the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule, including governance, documentation, […]
HIPAA violations are reported by documenting the facts, notifying the organization through its designated compliance reporting channel or privacy or security official, and submitting a complaint to the Department of Health and Human Services Office […]
HIPAA benefits patients by restricting non-permitted uses and disclosures of protected health information, requiring safeguards for health information, and granting individuals enforceable rights over their health records under the HIPAA Privacy Rule, HIPAA Security Rule, […]
Handle HIPAA violations in telemedicine practices by stopping the improper activity, preserving evidence, assessing whether protected health information was impermissibly used or disclosed under the HIPAA Privacy Rule and whether electronic protected health information safeguards […]
Improper disposal of protected health information can lead to enforcement action by the HHS Office for Civil Rights that includes corrective action requirements and civil money penalties, can trigger breach notification duties under the HIPAA […]
HIPAA requires covered healthcare providers that transmit certain healthcare transactions electronically, along with health plans and healthcare clearinghouses, to use federally adopted standard transaction formats, standard code sets, and standard identifiers for those transactions under […]
HIPAA compliance can be improved by strengthening governance, documentation, and operational controls that support consistent performance under the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule for protected health information. Improvement work […]
Blue Cross Blue Shield of Montana (BCBSMT) is being investigated for potential non-compliance with Montana’s breach notification rules after a data breach resulted in the compromise of sensitive personal data and protected health information (PHI) […]
A person becomes a HIPAA compliance officer by obtaining education and experience in healthcare compliance and privacy, developing working knowledge of the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule, and demonstrating […]
A HIPAA compliance audit can be conducted by the Department of Health and Human Services Office for Civil Rights, by the organization’s own internal audit or compliance function, or by an independent external assessor retained […]
A business can achieve HIPAA compliance by confirming whether it is a HIPAA Covered Entity or Business Associate, identifying where protected health information is created, received, maintained, or transmitted, and implementing documented policies, agreements, safeguards, […]
HIPAA patient rights are the individual rights under the HIPAA Privacy Rule that give a person control over how protected health information is used and disclosed, require transparency through privacy notices, allow access to and […]
Organizations handle HIPAA compliance breaches effectively by promptly containing the incident, preserving evidence, conducting a documented breach risk assessment under the HIPAA Breach Notification Rule, completing required notifications within applicable timeframes, and implementing corrective actions […]
HIPAA compliance policies are implemented in healthcare by converting HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, and HIPAA Minimum Necessary Rule requirements into written, role-based procedures that are trained, enforced, audited, and […]
HIPAA protects against genetic information discrimination by treating genetic information held by a HIPAA Covered Entity or Business Associate as protected health information under the HIPAA Privacy Rule, restricting when that information may be used […]
HIPAA penalties for unauthorized disclosures can include investigation and enforcement by the HHS Office for Civil Rights, civil monetary penalties assessed under a tiered framework based on culpability, resolution agreements with corrective action plans, required […]
HIPAA training for pharmacy staff means teaching every workforce member how to protect protected health information during dispensing, counseling, billing, and daily customer interactions. In a pharmacy, PHI appears in patient profiles, prescriptions, insurance claims, […]
Patient confidentiality is ensured under HIPAA compliance by limiting uses and disclosures of protected health information under the HIPAA Privacy Rule, applying the HIPAA Minimum Necessary Rule when treatment does not control the disclosure, securing […]
According to breach reports filed with the U.S. Department of Health and Human Services (HHS), November only had 32 healthcare data breaches. The average number of healthcare data breaches involving 500 or more individuals reported […]
HIPAA compliance in a small medical practice is implemented by establishing written policies and procedures under the HIPAA Privacy Rule and HIPAA Security Rule, completing and documenting a risk analysis and risk management plan, executing […]
HIPAA awareness training for business associates is mandatory under HIPAA rules because it ensures that organizations and their workforce understand how to safeguard protected health information while performing services on behalf of covered entities and […]
The best HIPAA training programs for small medical practices are online, role-aware courses that teach practical day to day privacy and security behaviors, document completion, and can be updated quickly when risks and workflows change. […]
Consequences of HIPAA violations include regulatory investigations by the HHS Office for Civil Rights, corrective action obligations, civil monetary penalties assessed under a tiered structure based on culpability, potential criminal prosecution for certain unlawful acts […]
HIPAA compliance standards are the enforceable federal requirements that govern how HIPAA Covered Entities and Business Associates use, disclose, safeguard, and respond to compromises of protected health information under the HIPAA Privacy Rule, HIPAA Security […]
A HIPAA compliance audit is a structured review of a HIPAA Covered Entity’s or HIPAA Business Associate’s policies, procedures, safeguards, and records to assess conformity with requirements in the HIPAA Privacy Rule, HIPAA Security Rule, […]
HIPAA certification for mental health professionals is a structured way to prove you have completed formal HIPAA education and can handle protected health information with the care that clinical practice demands. What HIPAA Certification Means […]
HIPAA protects against identity theft by restricting the use and disclosure of protected health information under the HIPAA Privacy Rule, requiring administrative, physical, and technical safeguards for electronic protected health information under the HIPAA Security […]
HIPAA addresses patient access to medical records through the HIPAA Privacy Rule right of access, which requires HIPAA Covered Entities to provide individuals with timely access to protected health information in a designated record set, […]
Including HIPAA on a resume is properly done by documenting completion of an online HIPAA training certification course from a recognized authority, listing the provider name, completion date, estimated training duration of 60 minutes to […]
HIPAA protects against unauthorized disclosures by limiting when protected health information may be used or disclosed under the HIPAA Privacy Rule, requiring safeguards for electronic protected health information under the HIPAA Security Rule, requiring business […]
HIPAA affects billing and coding by standardizing certain electronic health care transactions and code sets, defining permitted uses and disclosures of protected health information for payment, and requiring safeguards and access controls that govern how […]
A business can be fined for HIPAA non-compliance when it is a HIPAA Covered Entity or a HIPAA Business Associate and the Department of Health and Human Services Office for Civil Rights determines that the […]
Patient confidentiality HIPAA violations are prevented by enforcing HIPAA Privacy Rule controls that restrict uses and disclosures of protected health information, applying the HIPAA Minimum Necessary Rule to access and sharing, maintaining documented safeguards for […]
HIPAA patient authorization is a written permission signed by an individual or the individual’s personal representative that allows a HIPAA Covered Entity or Business Associate to use or disclose the individual’s protected health information for […]
Healthcare organizations maintain HIPAA compliance in electronic communications by controlling how electronic protected health information is created, transmitted, accessed, and retained through HIPAA Privacy Rule requirements for permitted uses and disclosures and HIPAA Security Rule […]
HIPAA penalties for failure to provide patient access can include HHS Office for Civil Rights civil money penalties or settlement payments for violations of the HIPAA Privacy Rule right of access requirements, along with corrective […]
HIPAA penalties for improper disposal of records can include HHS Office for Civil Rights civil money penalties or settlement payments tied to violations of the HIPAA Privacy Rule and, when electronic protected health information is […]
The Mystic Valley Elder Services based in Malden, Massachusetts decided to pay $520,000 to resolve a combined class action litigation associated with a data breach in April 5, 2024. Unauthorized individuals accessed the system of […]
HIPAA compliance is required for HIPAA Covered Entities and Business Associates that create, receive, maintain, or transmit protected health information in connection with regulated functions and services. HIPAA Covered Entities include health plans, health care […]
HIPAA violations and penalties are prevented by implementing documented HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule controls, performing and updating risk analysis and risk management for electronic protected health information, enforcing […]
Sharing patient stories is a HIPAA violation when a HIPAA Covered Entity or Business Associate discloses protected health information without a HIPAA Privacy Rule permission or a valid HIPAA authorization, including when the story contains […]
HIPAA requires Covered Entities and Business Associates to protect electronic protected health information with encryption when it is a reasonable and appropriate safeguard for the risks identified in the HIPAA Security Rule risk analysis, and […]
HIPAA guidelines for electronic communications require HIPAA Covered Entities and Business Associates to permit only uses and disclosures of protected health information that comply with the HIPAA Privacy Rule, to protect electronic protected health information […]
HIPAA requirements for healthcare data storage require HIPAA Covered Entities and Business Associates to store protected health information in a manner that supports permitted uses and disclosures under the HIPAA Privacy Rule, implements the administrative, […]
HIPAA violation fines for security breaches are civil money penalties assessed by the HHS Office for Civil Rights under a four-tier structure tied to culpability, with per-violation amounts and an annual limit applied per requirement […]
HIPAA applies when a HIPAA Covered Entity or Business Associate video records patients and the recording contains protected health information, which includes images or audio that identify the patient or can reasonably be used to […]
HIPAA addresses security safeguards through the HIPAA Security Rule, which requires HIPAA Covered Entities and applicable Business Associates to implement administrative safeguards, physical safeguards, and technical safeguards to protect the confidentiality, integrity, and availability of […]
HIPAA compliance affects digital health apps by imposing HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule obligations on an app vendor only when the app is offered by a HIPAA Covered Entity, […]
Penalties for non-compliance with HIPAA include civil money penalties and corrective action requirements imposed by the HHS Office for Civil Rights, breach notification obligations under the HIPAA Breach Notification Rule when unsecured protected health information […]
DocuSign can be used in a HIPAA-compliant manner only when a HIPAA Covered Entity or Business Associate obtains a DocuSign Business Associate Agreement before placing protected health information in the service, uses a DocuSign plan […]
HIPAA certification for mental health professionals is a structured way to prove you have completed formal HIPAA education and can handle protected health information with the care that clinical practice demands. In behavioral health, privacy […]
Checking for HIPAA compliance requires confirming that a HIPAA Covered Entity or Business Associate has implemented and can document required controls under the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule for […]
The best online HIPAA training course for new hires is one that delivers immediate, job-ready understanding of how to protect PHI while producing clear documentation that stands up during audits and investigations. Best Online HIPAA […]
The October 2025 healthcare data breach report is late because of the government shutdown in October. The HHS’ Office for Civil Rights, did not publish any data breach reports. The shutdown concluded on November 12, […]
Preventing HIPAA violations in electronic communications requires implementing HIPAA Security Rule safeguards for systems that create, receive, maintain, or transmit electronic protected health information, enforcing HIPAA Privacy Rule use and disclosure limits including the HIPAA […]
HIPAA impacts Business Associates by making them directly accountable for safeguarding protected health information they create, receive, maintain, or transmit for a HIPAA Covered Entity, requiring compliance with the HIPAA Security Rule for electronic protected […]
HIPAA compliance software should be selected by matching the product’s functions and contractual terms to the organization’s HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule obligations, then validating that the software supports […]
HIPAA is enforced primarily by the U.S. Department of Health and Human Services Office for Civil Rights for the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule, with criminal enforcement handled by […]
PHI stands for protected health information, which is individually identifiable health information held or transmitted by a HIPAA Covered Entity or its Business Associate in any form or medium, including electronic, paper, and oral communications, […]
Healthcare organizations prevent HIPAA violations by implementing enforceable HIPAA Privacy Rule and HIPAA Security Rule controls that restrict access to protected health information, govern permitted uses and disclosures, document compliance activities, and operate an incident […]
HIPAA defines protected health information as individually identifiable health information that is created or received by a health plan, a health care clearinghouse, or a health care provider that transmits health information in electronic form […]
HIPAA encryption requirements mandate that a HIPAA Covered Entity or Business Associate implement encryption for electronic protected health information when encryption is a reasonable and appropriate safeguard based on the HIPAA Security Rule risk analysis, […]
Avoiding HIPAA penalties in telemedicine requires selecting and configuring telemedicine tools to support HIPAA Security Rule safeguards, applying HIPAA Privacy Rule use and disclosure controls and the HIPAA Minimum Necessary Rule, executing business associate agreements […]
Handling HIPAA penalties after a healthcare data breach requires completing the HIPAA Breach Notification Rule duties on time, controlling legal and financial exposure through documented remediation and cooperation with the HHS Office for Civil Rights, […]
A HIPAA risk assessment is performed by completing a documented HIPAA Security Rule risk analysis for electronic protected health information that identifies where electronic protected health information is created, received, maintained, or transmitted, evaluates reasonably […]
HIPAA compliance affects medical billing by regulating how protected health information is used and disclosed during billing operations and by requiring standardized electronic transactions, safeguards for electronic protected health information, and breach response controls that […]
Civil penalties for HIPAA violations are civil monetary penalties assessed by the HHS Office for Civil Rights against HIPAA Covered Entities and Business Associates for violations of HIPAA administrative simplification provisions, with penalty amounts set […]
HIPAA penalties for non-compliance can include civil monetary penalties assessed under a tiered structure, settlement agreements and corrective action plans imposed through enforcement actions, required breach notifications and remedial measures under the HIPAA Breach Notification […]
HIPAA implications for health insurance companies arise because most health insurers are HIPAA Covered Entities as health plans and are required to comply with the HIPAA Privacy Rule, the HIPAA Security Rule for electronic protected […]
The definition of HIPAA compliance is the documented implementation and ongoing operation of policies, procedures, safeguards, agreements, and workforce controls required to meet federal obligations under the Health Insurance Portability and Accountability Act of 1996 […]
HIPAA violation fines for improper safeguards are civil money penalties assessed by the HHS Office for Civil Rights when a covered entity or business associate fails to implement reasonable safeguards under the HIPAA Privacy Rule […]
Marketo can support HIPAA compliance only when it is deployed under an Adobe Business Associate Agreement that applies to the Marketo license, the covered organization uses the specific Adobe healthcare or HIPAA-ready offerings and configurations […]
HIPAA violation penalties for data breaches include civil monetary penalties assessed by the Department of Health and Human Services Office for Civil Rights using tiered, inflation-adjusted amounts per violation and calendar year caps, settlement payments […]
The HIPAA Privacy Rule is a federal regulation that sets national standards for how HIPAA Covered Entities and, through required agreements and related obligations, HIPAA Business Associates use and disclose protected health information, and it […]
When HIPAA is violated, the covered organization or Business Associate must contain and mitigate the event, assess whether protected health information was impermissibly used or disclosed, determine whether the HIPAA Breach Notification Rule requires notification, […]
Best practices for HIPAA compliance are documented and repeatable operational controls that align with requirements under the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule for protected health information across clinical, administrative, […]
HIPAA compliance protects patient data by regulating how protected health information may be used and disclosed and by requiring administrative, physical, and technical safeguards that reduce unauthorized access, improper disclosure, alteration, and loss of protected […]
The purpose of the Health Insurance Portability and Accountability Act of 1996 is to improve health insurance portability and continuity, support administrative simplification for health care transactions, and establish federal requirements that govern the use, […]
Insurance company Aflac based in Columbus, GA encountered a cyberattack in June 2025. The data breach report submitted on August 8, 2025 to the HHS’ Office for Civil Rights used a placeholder of 500 affected […]
HIPAA impacts telemedicine practices by allowing remote delivery of health care while requiring HIPAA Covered Entities and Business Associates to control uses and disclosures of protected health information under the HIPAA Privacy Rule, protect electronic […]
Technology impacts HIPAA compliance by changing how protected health information is created, accessed, transmitted, and stored, which directly affects the safeguards required by the HIPAA Security Rule and the use and disclosure controls required by […]
HIPAA violation notification requirements are the legally required notices and deadlines that apply after a breach of unsecured protected health information under the HIPAA Breach Notification Rule, including notice to affected individuals, notice to the […]
The HIPAA law guidelines for patient consent require healthcare providers to obtain written authorization from patients before disclosing their PHI to third parties, except in cases of treatment, payment, healthcare operations, or situations where the […]
HIPAA violation penalties for privacy breaches include civil monetary penalties assessed by the Department of Health and Human Services Office for Civil Rights using tiered, inflation-adjusted dollar ranges per violation, criminal fines and imprisonment for […]
A HIPAA breach is an acquisition, access, use, or disclosure of unsecured protected health information that is not permitted under the HIPAA Privacy Rule and that compromises the security or privacy of the protected health […]
The 18 protected health information identifiers are names, geographic subdivisions smaller than a state, all elements of dates related to an individual except year, telephone numbers, fax numbers, email addresses, Social Security numbers, medical record […]
A hospital maintains HIPAA compliance by operating an integrated privacy, security, and breach response program that implements the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, and HIPAA Minimum Necessary Rule through governance, […]
The HIPAA Journal Training is the best option if your objective is HIPAA training built around real world breach scenarios rather than generic rule summaries. The HIPAA Journal Training is designed using lessons drawn from […]
Oklahoma Spine Hospital decided to pay $1,100,000 to resolve a class action lawsuit arising from a data breach in July 2024 that impacted approximately 39,000 present and past patients. The hospital discovered a potential email […]
HIPAA email encryption requirements are met when a HIPAA Covered Entity or Business Associate implements encryption for email that creates, maintains, or transmits electronic protected health information, or documents a valid risk-based determination that an […]
Penalties for HIPAA violations include civil monetary penalties that can range from $145 to $2,190,294 per violation based on the level of culpability and correction, criminal fines up to $250,000 with imprisonment up to 10 […]
HIPAA training for emergency staff is documented workforce training that covers the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule with operational focus on rapid triage, emergency communications, lawful disclosures during crises, […]
HIPAA affects healthcare research by regulating when and how HIPAA Covered Entities and Business Associates may use or disclose protected health information for research, requiring either an individual authorization or a permitted pathway under the […]
HIPAA training that stands up in an audit is a documented, training program delivered to all workforce members at onboarding and at least annually, updated on a defined cadence to reflect current workflows and threat […]
HIPAA risk assessments are documented evaluations used to identify and address risks to protected health information, including the HIPAA Security Rule required risk analysis for electronic protected health information and the HIPAA Breach Notification Rule […]
Officials in Albemarle County, Virginia, reported the compromise of sensitive data, including protected health information (PHI), during a ransomware attack in June 2025. The cyberattack started on June 10, 2025, and was discovered the next […]
A HIPAA violation risk assessment is a documented evaluation performed after an impermissible use or disclosure to determine whether the incident is a breach of unsecured protected health information under the HIPAA Breach Notification Rule […]
HIPAA refresher training for annual compliance is typically provided either by the organization itself using internal resources or by an external HIPAA training vendor that delivers standardized HIPAA training online. The HIPAA Journal is the […]
A HIPAA compliance violation is any act or omission by a HIPAA Covered Entity or HIPAA Business Associate that fails to meet a requirement, standard, implementation specification, or prohibition in the HIPAA Privacy Rule, HIPAA […]
The HITECH Act was enacted in 2009 to accelerate adoption and meaningful use of electronic health records and other health information technology while expanding and strengthening HIPAA privacy, security, and enforcement requirements for protected health […]
HIPAA compliance management tools include governance, risk, and compliance platforms; policy and procedure management systems; learning management systems for workforce training; Business Associate management repositories; technical security controls for electronic protected health information; monitoring and […]
Addressing HIPAA violations in cloud computing involves identifying whether electronic protected health information was created, received, maintained, or transmitted through the cloud service, confirming business associate status and contract coverage, investigating the incident and completing […]
HIPAA was implemented to improve health insurance portability and continuity of coverage, reduce health care fraud and abuse, and establish national administrative simplification standards that support consistent electronic health care transactions and protections for health […]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has released a “Dear Colleague” notice telling HIPAA-covered entities about their responsibilities under the HIPAA Privacy Law to give parents a complete […]
A judge of the California Superior Court gave preliminary approval to the settlement involving a lawsuit against Community Psychiatry Management, LLC. The mental healthcare provider, doing business as Mindpath Health, decided to settle the class […]
California-based Pomona Valley Hospital Medical Center decided to pay $600,000 to settle all claims in the Warren v. Pomona Valley Hospital Medical Center litigation. This class action lawsuit was associated with the medical center’s usage […]
HIPAA training is required at onboarding and whenever policies or procedures change, with annual refresher training widely recognized as the industry standard to maintain compliance and reinforce proper handling of protected health information. HIPAA training […]
HIPAA training for emergencies is required because emergencies increase the speed, volume, and complexity of decisions about protected health information (PHI), and staff need both core HIPAA training and additional emergency specific instruction to stay […]
The healthcare company Geisinger Health, based in Danville, Pennsylvania, and its past IT supplier Nuance Communications, Inc., decided to pay $5 million to resolve the class action litigation associated with a 2023 insider data breach […]
HIPAA training is important because it is mandated by federal regulation and is necessary to ensure the lawful handling, protection, and disclosure of protected health information by the workforce. The HIPAA Rules require Covered Entities […]
HIPAA training for emergency dispatchers is required when dispatch staff are part of a HIPAA covered entity workforce or a workforce that supports a covered entity and may access or handle protected health information during […]
Wakefield & Associates based in Knoxville, Tennessee, provides healthcare providers with revenue cycle & collections services. Recently, the vendor reported a security incident that was discovered on or about January 17, 2025. Wakefield & Associates […]
HIPAA compliance training works best when it is mandatory for all staff, delivered at onboarding and reinforced through annual refreshers and role based updates, and documented in a way that proves who was trained, when, […]
HIPAA applies to school nurses only when the nurse is working for a HIPAA Covered Entity and the health information involved is protected health information under the HIPAA Privacy Rule, while most health records maintained […]
Two U.S. citizens were recently accused of conducting cyberattacks in the United States using BlackCat ransomware. Another person is alleged to be involved, although they were not a part of the indictment. The three people […]
Conduent Business Solutions, a business associate of many HIPAA-regulated entities and government institutions, suffered a data breach that brought about the exposure and likely theft of the protected health information (PHI) of over 10.5 million […]
The cost of HIPAA compliance is the total labor, technology, and operational expense required to implement, document, and maintain controls that meet obligations under the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification […]
As of October 22, 2025, OCR listed 26 data breaches involving 500 or more people on its data breach website. This is the lowest number of data breaches per month from December 2018 up to […]
HIPAA training teaches the workforce how to protect patient information in day to day work and how to follow the Privacy Rule and Security Rule requirements that apply to their roles. HIPAA training is about […]
EyeMed Vision Care has decided to settle a class action lawsuit associated with a data breach in June 2020 for $5 million. The company discovered the data breach on July 1, 2025 after noticing suspicious […]
Effective training is necessary for preventing HIPAA violations, and The HIPAA Journal Training is the most comprehensive online training available for HIPAA-Covered Entities to educate staff on privacy and security compliance. HIPAA mandates that all […]
HIPAA compliance training is required at onboarding and whenever policies or regulations change, with annual refresher training widely recognized as the industry best practice to maintain compliance and reduce the risk of violations. When a […]
Hospital Sisters Health System, a HIPAA-covered entity, settled a class action lawsuit for $7.6 million. The litigation pertains to an August 2023 cyberattack that impacted around 883,000 people. The cyberattack prompted a shutdown of computer […]
HIPAA penalties should be addressed directly in employee training so staff understand how everyday actions can lead to violations and how proper behavior protects both patients and the organization. The HIPAA Journal Training is considered […]
The cybersecurity company Netwrix reported that from March 2024 to March 2025, nearly 50% of healthcare organizations encountered one or more data incidents, including hacking incidents, ransomware attacks, or phishing attacks. Netwrix 2025 Cybersecurity Trends […]
HIPAA compliance training is the required instruction that teaches workforce members how to protect protected health information in daily work, follow an organization’s HIPAA policies and procedures, and respond correctly to privacy and security events. […]
HIPAA compliance in remote working environments is maintained by applying HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule requirements to off-site workflows through documented policies, access controls, safeguarding practices, vendor oversight, incident […]
HIPAA training for emergency healthcare workers is required when staff are part of a HIPAA covered entity workforce and handle protected health information during triage, treatment, transport, or emergency operations. Emergency departments, urgent care settings, […]
HIPAA violation consequences for unauthorized access include required breach risk assessment and notification activities when unsecured protected health information is compromised under the HIPAA Breach Notification Rule, civil monetary penalties assessed by the Department of […]
HIPAA compliance during data sharing is ensured by permitting and limiting disclosures under the HIPAA Privacy Rule, applying the HIPAA Minimum Necessary Rule to disclosures that are not for treatment, implementing HIPAA Security Rule safeguards […]
Central Valley Regional Center, based in Fresno, California, provides services to persons who have developmental handicaps. It informed patients concerning the recent leakage of paper documents that contain their personal data. There is no announcement […]
Patient confidentiality can be broken when the HIPAA Privacy Rule permits or requires a disclosure of protected health information without the patient’s written authorization, when another law requires reporting, or when the patient provides a […]
Nonprofit health system, Adena Health System, based in southern and south central Ohio, decided to pay $17.8 million to settle allegations that it illegally shared patient records with third parties when it installed tracking codes […]
HIPAA compliance guidelines for workforce training require covered entities to train their workforce on privacy and security policies and procedures that apply to their roles, document that training, and refresh training when needed, with annual […]
The number of reported healthcare data breaches in the U.S. decreased by 34.1% month-over-month, and the number of individuals impacted decreased by 44.5%. In July, HIPAA-covered entities submitted 48 reports of data breaches affecting 500 […]
Cencora & The Lash Group decided to create a $40 million fund to resolve a class action data breach lawsuit over a data breach in February 2024 that affected about 1.43 million people. Cencora, Inc., […]
HIPAA compliance in telemedicine is achieved by using remote communication technologies and clinical workflows that satisfy the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule through documented risk analysis, appropriate vendor contracting, […]
New York business associate BST & Co. CPAs, LLP decided to pay the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) a $175,000 financial penalty to settle an alleged Health Insurance […]
In April 2025, DaVita, a kidney dialysis facility, mentioned a security breach in its SEC filing, though during the time, it was uncertain how many people were affected by the theft of sensitive data. The […]
HIPAA compliance requirements for data storage require HIPAA Covered Entities and Business Associates to store protected health information in a manner that supports permitted use and disclosure controls under the HIPAA Privacy Rule, safeguards electronic […]
The cybersecurity company Semperis has published a new report indicating a slight decrease in ransomware attacks year-over-year. The ransomware risk report indicates that ransomware groups continue to target the healthcare industry, with 77% of organizations […]
HIPAA guidelines for healthcare marketing require HIPAA Covered Entities and Business Associates to treat marketing communications that use or disclose protected health information as regulated uses and disclosures under the HIPAA Privacy Rule, to obtain […]
Premier Health Partners based in Dayton, OH issued a press release on July 18, 2025, concerning a data breach first discovered about two years ago. The press release stated that Premier Health discovered suspicious activity […]
HIPAA compliance requirements for employers apply when an employer is acting as a HIPAA Covered Entity or HIPAA Business Associate, or when the employer sponsors a group health plan that is a HIPAA Covered Entity, […]
Handling HIPAA violations in data breaches requires immediate containment, a documented investigation and breach risk assessment under the HIPAA Breach Notification Rule, timely notifications to affected individuals and regulators when required, remediation under the HIPAA […]
For June 2025, healthcare data breaches increased by 16.67% month-over-month, and the number of individuals who had their protected health information (PHI) exposed or impermissibly disclosed increased by 302.71% month-over-month. In June, the HHS’ Office […]
Healthcare organizations avoid HIPAA penalties by maintaining documented compliance with the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule through governance controls, workforce training and enforcement, risk analysis and risk management for […]
HIPAA compliance regulations apply to a business only when the business is a HIPAA Covered Entity, a Business Associate, or a subcontractor of a Business Associate handling protected health information, and they require the business […]
HIPAA compliance in healthcare is achieved by implementing and maintaining written privacy, security, and breach response controls that satisfy the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, and HIPAA Minimum Necessary Rule […]
Ransomware groups have carried out many attacks on medical labs recently. These attacks can lead to considerable disruption to laboratory screening services, causing delays in diagnosis and treatment. The ransomware attack on Synnovis last June […]
Compumedics USA Inc., a company that provides sleep study clinics with its diagnostic and research technologies for sleep disorders. The company recently suffered a data security incident that impacted patients of a few healthcare company […]
HIPAA does not apply to individuals and organizations that are not HIPAA Covered Entities or Business Associates, even when they handle health-related information, unless they perform functions or services for a covered entity that involve […]
OB/GYN Clinics Mid-Atlantic Women’s Care and Physicians to Women, Inc. agreed to settle a class action lawsuit associated with a data breach in April 2023. Hackers acquired access to protected health information (PHI) stored by […]
May saw 60 reports of healthcare data breaches involving 500 and up individuals submitted to the HHS’ Office for Civil Rights (OCR), a bit lower than the monthly 12-month average of 57 data breaches. This […]
HIPAA data privacy compliance guidelines for healthcare organizations require documented controls that limit uses and disclosures of protected health information, enforce the HIPAA Minimum Necessary Rule, provide required patient rights, manage Business Associate handling of […]
The U.S. House Committee on Oversight and Government Reform is looking at the national security and privacy risks associated with the sale of genetic testing firm 23andMe. The committee hearing showed the lawmakers’ worries regarding […]
Non-compliant software can lead to HHS Office for Civil Rights enforcement that requires corrective action and may include civil money penalties, can trigger breach notification duties under the HIPAA Breach Notification Rule when unsecured protected […]
The HHS’ Office for Civil Rights (OCR) has reported reaching a settlement with Comstar, LLC regarding an alleged non-compliance with the HIPAA Security Rule’s risk analysis requirement. This is the OCR’s 9th enforcement action associated […]
Common types of HIPAA violations include impermissible uses or disclosures of protected health information, failures to apply the HIPAA Minimum Necessary Rule, failures to provide individuals timely access to records under the HIPAA Privacy Rule, […]
Akeela Inc. offers mental health and substance use disorder treatment services in Anchorage, AK. This healthcare provider recently agreed to resolve a class action lawsuit associated with a 2023 data breach that exposed the protected […]
A big law enforcement operation has led to the shutdown of the system used for the DanaBot MaaS operation. This DanaBot banking Trojan and botnet malware is typically passed on through spam emails. It steals […]
April’s report of healthcare data breaches increased by 17.9% month-over-month, with 66 data breach reports involving 500 and up records submitted to the HHS’ Office for Civil Rights (OCR). This figure is higher than the […]
HIPAA addresses workforce training by requiring covered entities and business associates to train workforce members on the privacy and security policies and procedures that apply to their job duties, and to maintain training related documentation […]
HIPAA violations can result in Office for Civil Rights investigations, corrective action plans and ongoing monitoring, civil monetary penalties under the HIPAA Administrative Simplification enforcement process, required breach notifications and related response costs under the […]
Integrated health system Robeson Health Care Corporation, based in Pembroke, North Carolina, has decided to resolve a class action lawsuit prompted by a cyberattack in February 2023. Allegedly, hackers breached the provider’s network, compromising the […]
According to breach reports submitted to the HHS’ Office for Civil Rights (OCR), healthcare data breaches is beginning to decrease. 2024 saw an average of 61 big healthcare data breaches per month. In the last […]
Handling HIPAA violations in healthcare organizations requires prompt containment of the incident, a documented investigation that determines whether protected health information was impermissibly used or disclosed, application of the HIPAA Breach Notification Rule breach risk […]
Yale New Haven Health System reported a data security incident that impacted over 5.5 million people. The data breach report submitted the HHS’ Office for Civil Rights shows that the protected health information (PHI) of […]
Improper access controls can lead to Office for Civil Rights enforcement under the HIPAA Security Rule and the HIPAA Privacy Rule, with civil monetary penalties that can reach $73,011 per violation and up to $2,190,294 […]
HIPAA compliance is not a general international privacy law, but it applies to HIPAA Covered Entities and HIPAA Business Associates even when protected health information is created, accessed, processed, or stored outside the United States […]
A HIPAA compliance form is a standardized document used by a HIPAA Covered Entity or Business Associate to collect, record, or communicate information needed to meet a specific requirement under the HIPAA Privacy Rule, HIPAA […]
Retina Group of Washington agreed to resolve a class action lawsuit associated with a data breach in March 2023 that resulted in the unauthorized access of the protected health information (PHI) of 455,935 persons. Retina […]
HIPAA exists to improve health insurance portability and continuity of coverage, reduce fraud and abuse in health care and health insurance, and establish federal administrative simplification requirements that standardize certain electronic health care transactions and […]
On April 7, 2025, Oracle mailed notifications to clients concerning a security incident reported in the news, stating that Oracle Cloud was not compromised. Oracle mentioned in the email notification that Oracle Cloud, also called […]
Hi-School Pharmacy, a drug store chain in Vancouver, WA has decided to resolve a class action lawsuit associated with a data breach in November 2023. The company will create a $600,000 settlement fund for class […]
HIPAA is the Health Insurance Portability and Accountability Act of 1996, a federal law that addresses health insurance portability and continuity and establishes national standards for regulated handling of protected health information through administrative simplification […]
HIPAA addresses data breaches by defining when an impermissible use or disclosure of protected health information becomes a breach, requiring a documented breach risk assessment for unsecured protected health information, and imposing notification, reporting, and […]
A growing number of cyber actors are targeting retailers, suppliers, and software companies, exploiting vulnerabilities to gain access to their systems. According to the latest SecurityScorecard report, about 35.5% of the 2024 data breaches were […]
February saw a 36% decline in healthcare data breaches, as the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) received 46 big healthcare data breach reports. Big data breaches refer to […]
HIPAA does not contain a standalone electronic signature rule, but electronic signatures may be used for HIPAA-required authorizations, agreements, and other signed documents when the signature is legally valid under applicable law and the covered […]
A healthcare provider conducts a HIPAA compliance audit effectively by defining the audit scope against the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule, collecting objective evidence through document review and operational […]
HIPAA impacts healthcare technology by requiring HIPAA Covered Entities and Business Associates to design, deploy, and operate systems that use or handle protected health information in compliance with the HIPAA Privacy Rule, protect electronic protected […]
An alert has been released concerning the Medusa ransomware-as-a-service (RaaS) group, which currently claims over 300 victims in critical infrastructure industries such as healthcare, manufacturing, and education. The group started operations in June 2021 as […]
HIPAA is needed to establish enforceable federal requirements for health insurance portability and continuity of coverage, standardization of certain electronic health care transactions, and the privacy, security, and breach notification obligations that govern how Covered […]
HIPAA compliance impacts health insurance companies by requiring health plans that are HIPAA Covered Entities, and their Business Associates, to control how protected health information is used and disclosed under the HIPAA Privacy Rule, protect […]
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued the second financial penalty for 2025 to settle a HIPAA Rules violation. Oregon Health & Science University (OHSU) was […]
In 2024, the healthcare sector was shaken by the Change Healthcare ransomware attack causing significant disruption to medical services throughout the country. The protected health information (PHI) of over 190 million people. As per Kroll, […]
HIPAA is important for healthcare employees because it sets enforceable federal requirements for how protected health information may be used, disclosed, safeguarded, and reported when compromised, and employee actions directly determine whether a healthcare organization […]
In January, 66 big healthcare data breaches were reported by HIPAA-covered entities to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). In the last 12 months, the average number of […]
Technology companies can meet HIPAA compliance by determining whether their services make them a Business Associate or subcontractor of a Business Associate, executing required Business Associate agreements, and implementing documented privacy, security, and breach response […]
HIPAA protects patient privacy by restricting how HIPAA Covered Entities and Business Associates use and disclose protected health information, requiring administrative and technical controls that limit access and prevent unauthorized disclosure, granting individuals enforceable rights […]
Berry, Dunn, McNeil & Parker, LLC (BerryDunn) opted to negotiate a class action lawsuit that claimed negligence for not stopping a data breach that impacted over 1.1 million people. BerryDunn has consented to set up […]
TPO in HIPAA stands for treatment, payment, and health care operations, which are the primary categories of permitted uses and disclosures of protected health information under the HIPAA Privacy Rule without a patient authorization when […]
The Department of Government Efficiency (DOGE) employees were given access to HHS Centers for Medicare and Medicaid Services (CMS) important payment and contracting systems to find options for enhancing productivity and to determine fraud and […]
Contec Health discovered a remote code execution vulnerability along with a hidden backdoor in the software of its popular patient monitors, the Epsimed MN-120 patient monitors and Contec CMS8000 patient monitors. Cybersecurity and Infrastructure Security […]
HIPAA requirements for healthcare providers include complying with the HIPAA Privacy Rule use and disclosure standards and individual rights, implementing the HIPAA Security Rule safeguards for electronic protected health information, meeting the HIPAA Breach Notification […]
Recent HIPAA compliance regulatory changes consist of a federal court vacating most of the 2024 HIPAA Privacy Rule amendments for reproductive health information while leaving certain Notice of Privacy Practices requirements in effect with a […]
HIPAA sets the legal and operational requirements that healthcare organizations follow to protect protected health information, standardize permitted uses and disclosures, implement security safeguards for electronic protected health information, notify affected parties when unsecured protected […]
HIPAA penalties for data breaches and cyberattacks include HHS Office for Civil Rights civil money penalties or settlement payments, plus corrective action obligations, when a covered entity or business associate violates the HIPAA Privacy Rule, […]
Addressing HIPAA penalties in business associate agreements requires allocating responsibility for compliance failures, defining breach reporting and cooperation duties that support HIPAA Breach Notification Rule timelines, and establishing contractual remedies that manage financial exposure when […]
Key requirements for HIPAA compliance are the documented implementation and ongoing operation of controls that meet obligations under the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule for protected health information by […]
HIPAA was enacted on August 21, 1996, when President Bill Clinton signed the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, creating federal statutory requirements that later became the HIPAA Administrative Simplification […]
HIPAA compliance in cloud computing is addressed by selecting cloud services that support HIPAA Privacy Rule and HIPAA Security Rule requirements, executing a Business Associate Agreement when the cloud provider creates, receives, maintains, or transmits […]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) only received 46 reports of data breaches involving 500 and up healthcare records in December. The small December total showed that since […]
Suspected HIPAA violations are reported to authorities by filing a written complaint with the HHS Office for Civil Rights through the OCR Complaint Portal or by submitting a written complaint by mail, fax, or email […]
It’s about 11 months after Change Healthcare’s network breach that resulted in the theft of data of approximately 100 million people, and encryption of files using ransomware. On January 14, 2025, Change Healthcare released information […]
OneBlood, a Florida nonprofit blood donation organization reported on July 31, 2024 that it suffered a ransomware attack. The cyberattack resulted in the shutdown of its IT systems. The organization continued to collect, test, and […]
Nebraska’s Attorney General Mike Hilgers filed a lawsuit against Change Healthcare in relation to the ransomware attack it experienced on February 11, 2024. Change Healthcare had been targeted by a BlackCat/ALPHV ransomware group affiliate, who […]
The U.S. Bureau of Labor Statistics has released its results of the 2023 National Census of Fatal Occupational Injuries. According to the census, workplace fatalities declined by 3.7% year-over-year. In 2023, 5,283 workplace fatalities occurred […]
Penalties for unauthorized disclosure of protected health information include HHS Office for Civil Rights enforcement with corrective action requirements and possible civil money penalties, breach notification duties under the HIPAA Breach Notification Rule when unsecured […]
In November 2024, healthcare data breaches increased by 15.3% month-over-month. The U.S. Department of Health and Human Services Office for Civil Rights (OCR) received 68 data breach reports involving 500 and up healthcare records. This […]
The data of hundreds of thousands of residents in Rhode Island were stolen during a cyberattack on the Rhode Island Bridges system. State residents use this online portal to get social services and medical insurance. […]
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) opted to resolve the alleged HIPAA Privacy and Security Law violations with Inmediata Health Group, a healthcare clearinghouse in Puerto Rico. […]
In October, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights received 57 reports of healthcare data breaches involving 500 and up records. Data breaches increased by 62.9% month-over-month from 35 […]
In April 2024, Signature Health mental health treatment facility based in Maple Heights, Ohio had an incident where a patient attacked a nurse. The patient continuously stabbed the staff using a knife he carried into […]
In July 2024, a federal jury found 34-year-old Trent James Russell guilty of unlawful access to the health data of Supreme Court Justice Ruth Bader Ginsburg when he was working as the coordinator of an […]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) currently focuses its enforcement initiative on implementing the risk analysis requirements of the Security Management Standard under the HIPAA Security Law. OCR […]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) made a decision regarding its investigation of a South Dakota plastic surgery practice’s ransomware attack. This is the sixth ransomware investigation by […]
The number of healthcare data breaches in September is the lowest since May 2020. Only 34 data breach reports involving 500 and up records were submitted to the Department of Health and Human Services (HHS) […]
Staff can be educated about HIPAA compliance through documented HIPAA staff training, consistent policy communication, supervised practice controls, and ongoing monitoring that reinforce requirements under the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach […]
Censys, a company that provides an Internet intelligence platform for threat hunting and attack surface management, discovered thousands of IP addresses that leak medical devices and systems online, 49% of which are from the United […]
Cybercriminals are taking advantage of a critical vulnerability with a CVSS severity score of 9.8 identified in Veeam Backup & Replication software. The software is designed for data backup and recovery across virtual, physical, and […]
A critical vulnerability tracked as CVE-2024-45519 with a CVSS base score of 9.8, has been identified in Zimbra’s email servers, exposing the servers to remote code execution and full server compromise. Exploiting the vulnerability allows […]
The Occupational Safety and Health Administration (OSHA) has addressed growing concerns regarding its proposal on the Emergency Response Standard and the potential challenges it could present for volunteer fire departments. Because of terrorist incidents, major […]
The number of large healthcare data breaches in August slightly increased. There were 49 data breaches involving 500 or more healthcare records reported to the U.S. Department of Health and Human Services (HHS) Office for […]
Prevent HIPAA violations in data transmission by restricting transmission methods to approved systems, applying the HIPAA Security Rule transmission security requirements with encryption and integrity protections where reasonable and appropriate, enforcing access controls and authentication, […]
A recent American Association of Colleges of Nursing (AACN) meeting discussed the growing number of citations and sanctions against nurses for their Health Insurance Portability and Accountability Act (HIPAA) violations while providing care. Discussions also […]
Acadian Ambulance Service based in Louisiana is sending notifications to individuals impacted by a cyberattack and data breach. According to the Daixin Team, they had stolen 10 million unique records from the private ambulance service. […]
Large healthcare data breaches have reached an 18-month low after going down for the fourth consecutive month. In July 2024, 43 breach reports involving 500 and up records were submitted to the U.S. Department of […]
In the cybersecurity newsletter published in August 2024, OCR emphasized that physical security measures like facility access controls, are important for HIPAA Security Rule compliance. HIPAA-regulated entities should not treat these measures as mere tasks […]
Healthcare providers ensure HIPAA compliance by implementing and maintaining written HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule controls that govern how protected health information is used, disclosed, safeguarded, and reported, supported […]
Indiana Attorney General Todd Rokita has filed a privacy lawsuit against IU Health and its Associates for alleged violations of the Indiana Deceptive Consumer Sales Act and the Health Insurance Portability and Accountability Act (HIPAA). […]
Supreme Court Justice Ruth Bader of Ginsburg found an organ transplant coordinator guilty of unlawfully accessing medical information and removing proof but was found not guilty on the charge of posting a copy of the […]
A data breach’s average cost has increased to $4.88 million; critical infrastructure entities have the highest breach costs. The most expensive breaches involved healthcare companies. Healthcare data breach costs dropped by 10.6% year-over-year with 2023’s […]
The National Community Pharmacists Association (NCPA) and about 3 dozen healthcare companies in 22 U.S. states filed a lawsuit against Optum, Change Healthcare, and UnitedHealth Group related to its ransomware attack and data security breach […]
In June 2024, 47 data breaches involving 500 and up healthcare records were reported to the HHS’ Office for Civil Rights (OCR). This is the lowest number of breaches from October 2023 to date. Data […]
The debt collection company Financial Business and Consumer Solutions (FBCS) recently informed the Maine Attorney General that a February 2024 breach that was earlier reported as impacting 1,955,385 persons has more than doubled the number […]
The prosthetics and orthotics firm based in Jackson, TN known as Human Technology Inc., and its associates Murphy’s Orthopedic & Footcare, Greer Orthotics & Prosthetics, and Hi-Tech Prosthetics & Orthotics were impacted by a data […]
Pennsylvania revised its data breach notification regulation, limiting the meaning of personal information, including the need to alert the state Attorney General, and the provision of credit monitoring services to victims of data breaches victims […]
The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) has recommended the first federal workplace heat standard to safeguard millions of people in America from the health threats connected with exposure to intense […]
The number of reported healthcare data breaches dropped to its lowest for the second month since October 2023. May had 51 data breaches with 500 and up breached healthcare records reported to OCR. This number […]
SecurityScorecard gave the U.S. healthcare industry a B+ rating for cybersecurity during the first 6 months of 2024. This indicates that the industry is doing better in spite of the reported major breaches, including the […]
Medication benefits management service provider A&A Services, also known as Sav-Rx, is facing a class action lawsuit because of a data breach that occurred in October 2023 affecting 2.8 million people. On or about October […]
In 2022, a hacker accessed Medibank’s system, stole the personal and health data of 9.7 million people, and exposed the stolen files on the dark web. This Australian health insurance company has confirmed the ransomware […]
Adventist Health has just reported that an unauthorized individual accessed the protected health information (PHI) of over 70,000 patients of Adventist Health Tulare in California. The security incident happened at its business associate, Signature Performance, […]
The Health Sector Cyber Initiative of the Biden administration has partnered with Microsoft and Google to give critical access and rural hospitals free and discounted cybersecurity services. In 2023, the healthcare industry experienced more ransomware […]
In July 2023, the LockBit ransomware group listed Panorama Eyecare on its data leak website and noted to have stolen 798 GB of files from the doctor-led management services provider based in Fort Collins, CO. […]
The Los Angeles County Department of Mental Health suffered a phishing attack that allowed unauthorized access to the email account of an employee resulting in the compromise of protected health information (PHI) for 1,598 individuals. […]
The Cybersecurity and Infrastructure Security Agency (CISA) included a critical vulnerability identified in the NextGen Healthcare Mirth Connect remote code execution to its Known Exploited Vulnerability (KEV) Catalog. Mirth Connect is a free software integration […]
The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) issued an alert warning the healthcare and public health (HPH) sector against business email compromise (BEC) attacks. This kind of spear […]
Healthcare data breaches dropped by 43% month-over-month. There were 54 data breaches involving 500 and up records reported to the HHS’ Office for Civil Rights. The reported number of breaches this April is the lowest […]
PHI Compromised in Redwood Coast Regional Center Cyberattack Social services organization Redwood Coast Regional Center based in Ukiah, CA offers services and assistance to children and adults who have developmental handicaps. It recently submitted a […]
Federal Judge Dismisses CommonSpirit Health Data Breach Lawsuit Due to Not Enough Standing A federal court judge decided to dismiss a class action lawsuit versus CommonSpririt Health regarding its 2022 data breach because of the […]
HIPAA risk management requirements are met when a covered entity or business associate conducts an accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information […]
March had 93 healthcare data breach reports involving 500 or more records submitted to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). The number of breaches increased by 50% from […]
OctaPharma Plasma Donation Centers Closed While Investigating Ransomware Attack The Swiss pharmaceutical provider, Octapharma Plasma, experienced a cyberattack that impacted the systems at 190 plasma donation centers located in 35 U.S. states. Those donation centers […]
MedData Pays $7 Million to Resolve Class Action Data Breach Lawsuit Revenue cycle management company MedData based in Spring, TX consented to pay $7 million to resolve a class action lawsuit associated with the breach […]
Seattle Children’s Hospital Website Tracking Technology Lawsuit Dismissed with Prejudice A Washington court dismissed with prejudice the class action lawsuit filed against Seattle Children’s Hospital (SCH) concerning its usage of pixels and other tracking technologies […]
The number of healthcare data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) in February dropped with 59 data breaches involving 500 and up records reported. The breaches […]
Senator Mark R. Warner (D-VA) presented new legislation that will approve advance and faster payments to healthcare companies in case of a cyberattack. The new legislation was prompted by the ransomware attack on Change Healthcare, […]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has released updates on the guidance for entities covered by the Health Insurance Portability and Accountability Act (HIPAA) about online tracking technologies. The […]
NSA Releases Guidance on Implementing Zero Trust to Restrict Lateral Movement The National Security Agency (NSA) has released guidance on implementing zero trust security to restrict lateral movement inside a network when a threat actor […]
The Department of Health and Human Services (HHS) has reported the Blackcat ransomware attack on UnitedHealth Group-managed Change Healthcare in February 2024. The attack affected over 100 of Change Healthcare’s systems, which subsequently impacted the […]
Feds Alerts Healthcare Industry Concerning ALPHV/Blackcat Ransomware Group A joint cybersecurity notification was given by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human […]
Ransomware Attack on Maryland Psychotherapy Provider Ended in HIPAA Penalty The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) resolved the supposed Health Insurance Portability and Accountability Act (HIPAA) violations with […]
CalHIPAA is a registered trademark. © Copyright 2003 to 2024 calHIPAA. All rights reserved.