HIPAA – Page 4 – DataBreaches.Net

HHS OCR settles charges that Inmediata Health Group exposed 1.6 million patients’ PHI online

Posted on December 10, 2024 by Dissent

The following announcement by HHS OCR stems from an accidental exposure of protected health information online that continued for several years. Inmediata’s incident resulted in a class action lawsuit that was settled for $1.1 million in 2022, and a settlement with 33 states for $1.14 million in 2023. HHS seems to be the first to…

Veterans Affairs’ Nurse Charged With Unlawfully Accessing Patient Health Information

Posted on December 6, 2024 by Dissent

Here’s today’s reminder of the insider threat. It’s a shame they don’t explain how the employee was able to access the patient’s information or why it was accessed. From the U.S.A.O. of the Western District of Michigan: GRAND RAPIDS – U.S. Attorney for the Western District of Michigan Mark Totten today announced that Jessica Nicole Pitcher,…

HHS OCR Imposes a $548,265 Penalty Against Children’s Hospital Colorado for HIPAA Violations

Posted on December 5, 2024 by Dissent

Not all monetary penalties are for breaches affecting large numbers of patients. In this case, HHS imposed a penalty on an entity that had breaches in both 2017 and 2020. DataBreaches notes that the 2017 incident affected 3,370 patients, and the 2020 incident affected 2,553 patients — as reported to HHS at the time. Today,…

HHS Office for Civil Rights Imposes a $1.19 Million Penalty Against Gulf Coast Pain Consultants for HIPAA Security Rule Violations

Posted on December 3, 2024December 3, 2024 by Dissent

In April 2019, DataBreaches reported that Gulf Coast Pain Consultants, LLC d/b/a Clearway Pain Solutions Institute had recently notified patients after discovering on February 20 that their EMR system had been accessed by a third party without authorization. At the time, they disclosed that 35,000 patients had been affected but they did not indicate that…

Changes Are Likely on the Horizon for the Federal Healthcare Portfolio, in Areas Including Cybersecurity and in Regulatory Enforcement

Posted on November 30, 2024 by Dissent

Nicole K. Macris and Gabriel S. Oberfield of Bond Schoeneck & King PLLC write: Federal healthcare administration undoubtedly will look different in 2025 than it does as we close 2024. In the aftermath of the Republican party victories during this month’s Federal elections – and if the past is prelude – the Federal focus concerning…

The Office for Civil Rights Should Enhance Its HIPAA Audit Program to Enforce HIPAA Requirements and Improve the Protection of Electronic Protected Health Information

Posted on November 26, 2024 by Dissent

Issued on 11/21/2024 | Posted on 11/25/2024 | Report number: A-18-21-08014 To cut to the chase: What OIG Found OCR fulfilled its requirement under the HITECH Act to perform periodic HIPAA audits. However: OCR’s HIPAA audit implementation was too narrowly scoped to effectively assess ePHI protections and demonstrate a reduction of risks within the health care sector. Specifically: OCR’s audits consisted…