HIPAA – Page 10 – DataBreaches.Net

What is the cost of not purging data or moving it offline, Sunday edition

Posted on March 19, 2023 by Dissent

Maybe one day, a law or regulation will require entities to purge old data that is no longer needed or requires it to be disconnected from the internet. If anyone needs a fresh example of why we need that type of law or regulation, here it is: Richard T. Miller, DMD, PC, d/b/a Great Neck/Mid…

HHS OCR creates new HIPAA enforcement arm and enhances focus on cybersecurity and privacy oversight

Posted on March 2, 2023 by Dissent

Marcy Wilder, Scott Loughlin, Melissa Bianchi, Paul Otto, and Alyssa Golay of Hogan Lovells write: This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions – Enforcement, Policy, and Strategic Planning –…

HHS OCR Settles HIPAA Investigation with Banner Health Following 2016 Hacking Incident

Posted on February 3, 2023 by Dissent

The following is a press release from HHS. It is an update to a 2016 hacking incident previously covered on this site. The incident also resulted in a class action lawsuit that was settled for $6 million in 2019. February 02, 2023 Today, the U.S. Department of Health and Human Services’ Office for Civil Rights…

In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem

Posted on February 1, 2023 by Dissent

In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem It’s time to be proactive about user privacy. Find out if you’re sending too much data to Facebook—or if you need to send data at all By: Maria Puertas and Simon Fondrie-Teitler We all use the internet to complete increasingly sensitive tasks: book doctor’s appointments,…

MN: Mayo Clinic settles another lawsuit stemming from insider-wrongdoing

Posted on January 18, 2023 by Dissent

Andy Brownell reports: The Mayo Clinic has apparently settled another lawsuit stemming from a data breach by a former Mayo Clinic employee. The lawsuit was filed in November 2020 by Olga Ryabchuk and sought class-action status on behalf of the more than 1600 Mayo Clinic patients who had their medical records improperly accessed. The case was officially…

OCR Releases New Recognized Security Practices Video

Posted on November 1, 2022 by Dissent

In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October for organizations covered under the HIPAA Rules on Recognized Security Practices. Recommended security practices can help organizations improve their ability to safeguard patient information from cyberattacks and better safeguard the health care services we all rely upon. Section 13412 of…