Snooping in Medical Records

Yakima Valley Memorial Hospital has settled with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) for $240,000 after security guards accessed medical records without authorization. The hospital will update policies and procedures to protect patient information and train employees to prevent future breaches. OCR Director Melanie Fontes Rainer stressed the …

Disclosure of Patients’ Protected Health Information to a News Reporter

St. Joseph’s Medical Center has settled with the Office for Civil Rights (OCR) over a HIPAA investigation regarding the disclosure of patients’ protected health information to a news reporter. The medical center provided a national media outlet with access to COVID-19 patients’ information without obtaining written authorization. OCR determined that three patients’ information was disclosed, …

HHS’ Office for Civil Rights Settles Ransomware Cyber-Attack Investigation

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has settled a ransomware cyber-attack investigation with Doctors’ Management Services, a Massachusetts medical management company. The $100,000 settlement resolves a breach report regarding a ransomware attack that affected the health information of over 200,000 individuals. Doctors’ Management Services will be monitored …

UnitedHealthcare Settles $80,000 with HHS to Resolve HIPAA Concerns Regarding Patient Medical Records Request

UnitedHealthcare Insurance Company (UHIC) has reached a settlement with the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) over a potential violation of the HIPAA Privacy Rule’s right of access provision. UHIC agreed to pay $80,000 and implement a corrective action plan. This is the 45th Right of …

HHS settles $75,000 HIPAA case with iHealth Solutions over Unsecured Server Disclosure

The HHS Office for Civil Rights has settled a HIPAA investigation with iHealth Solutions for $75,000. iHealth Solutions, a business associate, experienced a data breach affecting 267 individuals when a network server containing protected health information was left unsecured on the internet. The investigation found evidence of potential failures by iHealth Solutions to analyze risks …

HIPAA Enforcement Action: Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A. (UPI)

From the HHS web site: “Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A. (UPI), a dental practice with offices in Charlotte and Monroe, North Carolina, impermissibly disclosed a patient’s PHI on a webpage in response to a negative online review.  UPI did not respond to OCR’s data request, did not respond or object to an …

HIPAA Enforcement Action: Dr. Donald Brockley, D.D.M.

From the HHS site: “Dr. Donald Brockley, D.D.M., a solo dental practitioner in Butler, Pennsylvania, failed to provide a patient with a copy of their medical record.  After being issued a Notice of Proposed Determination, Dr. Donald Brockley, D.D.M requested a hearing before an Administrative Law Judge.  The litigation was resolved before the court made …

HIPAA Enforcement Action: Northcutt Dental-Fairhope, LLC (Northcutt Dental)

From the HHS website “Northcutt Dental-Fairhope, LLC (Northcutt Dental), a dental practice in Fairhope, Alabama, who impermissibly disclosed its patients’ PHI to a campaign manager and a third-party marketing company hired to help with a state senate election campaign, agreed to take corrective action and pay $62,500 to settle potential violations of the HIPAA Privacy …

HIPAA Enforcement Action: Jacob and Associates

From the HHS website “Jacob and Associates, a psychiatric medical services provider with two office locations in California, agreed to take corrective actions and pay OCR $28,000 to settle potential violations of the HIPAA Privacy Rule, including provisions of the right of access standard.” Resolution Agreement and Corrective Action Plan – PDF* 

3 Benefits of Conducting a Technology Audit

When was the last time you conducted a comprehensive technology audit? If it’s been a while or hasn’t happened at all, you’re probably vulnerable to a cyberattack. Cybercrime shows no signs of slowing down and is expected to cost the world $10.5 trillion per year by 2025.*  Are you confident that your organization is secure …