QCA Health Plan, Inc., of Arkansas, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, agreeing to a $250,000 monetary settlement and to correct deficiencies in its HIPAA compliance program. On February 21, 2012, HHS received notification from QCA regarding a breach of…
Category: Health Data
Concentra Health settles HHS charges over 2011 laptop theft breach, to pay $1.7M
Concentra Health Services (Concentra) has agreed to pay OCR $1,725,220 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, and will adopt a corrective action plan to evidence their remediation of these findings. The settlement stems from an incident on November 30, 2011 (previously reported…
Healthcare security stuck in Stone Age
Erin McCann reports: The new 2014 Verizon Data Breach Investigations Report highlights a concerning carelessness regarding privacy and security, specific to the healthcare industry. “They seem to be somewhat behind the curve as far as implementing the kinds of controls we see other industries already implemented,” said Suzanne Widup, senior analyst on the Verizon RISK…
Latest update to HHS breach tool discloses previously unknown breaches
HHS has another big update to their public-facing breach tool. While many of the incidents they have added have already been noted on this blog, there are some ones that have not been mentioned here previously. Here are the incidents we did know about already (links are to previous coverage of the incident on PHIprivacy.net):…
Tax refund fraud scheme affecting health care professionals reported in multiple states
The Indiana State Medical Association (ISMA) has issued this e-report: Based on reports from physicians and accountants, the ISMA previously issued several email alerts about physician identity theft and tax fraud at the federal level. The ISMA has now learned the Indiana Department of Revenue (DOR) has been investigating identity theft and tax return scams…
Update: As many as 27,000 University of Pittsburgh Medical Center employees affected by data breach
Adam Smeltz and Luis Fábregas report another update to a breach affecting employees of the University of Pittsburgh Medical Center (UPMC). Personal information about as many as 27,000 UPMC workers may have been compromised in a data breach and identify theft scheme that the hospital system first confirmed in February, UPMC officials said Thursday. New…