hhs
-
Stretched Agency Must Balance HIPAA Enforcement With Policing DEI in HealthcareHHS investigators charged with protecting the civil rights and privacy of patients are now assigned to finding and stamping out diversity, equity and inclusion programs at universities and hospitals, with DEI now deemed discriminatory under the Trump administration.
-
Stretched Agency Must Balance HIPAA Enforcement With Policing DEI in HealthcareHHS investigators charged with protecting the civil rights and privacy of patients are now assigned to finding and stamping out diversity, equity and inclusion programs at universities and hospitals, with DEI now deemed discriminatory under the Trump administration.
-
HHS’ Privacy Rule Update Limits Use, Disclosure of Reproductive Health PHIA Biden administration HIPAA Privacy Rule that went into effect last June to restrict the disclosure of reproductive health information is being challenged in federal court by the attorneys general of 15 states. The AGs are asking a Tennessee federal court to overturn the rule.
-
HHS OCR announced another settlement that is their ninth ransomware investigation and their third settlement as part of their Risk Analysis Initiative. This one stems from a breach by VPN Solutions that was previously reported on this site: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a…
-
Note: In 2019, when USR Holdings disclosed this breach to affected patients, they did not mention that ePHI had been deleted. So in 2025, we are first learning of this part of the breach? The following is HHS OCR’s press release today. Settlement resolves multiple Security Rule failures Today, the U.S. Department of Health and…
-
MalBot December 13, 2024, 1:45pm 1 How many patient data breaches can a covered entity have before HHS OCR opens a serious investigation into their compliance with the HIPAA Security Rule? According to DataBreaches’ count, UT Southwestern Medical Center in Texas has disclosed at least four breaches since July 2023. As a brief recap of…
-
MalBot December 10, 2024, 9:20pm 1 The following announcement by HHS OCR stems from an accidental exposure of protected health information online that continued for several years. Inmediata’s incident resulted in a class action lawsuit that was settled for $1.1 million in 2022, and a settlement with 33 states for $1.14 million in 2023. HHS…
-
MalBot December 6, 2024, 12:00am 1 Not all monetary penalties are for breaches affecting large numbers of patients. In this case, HHS imposed a penalty on an entity that had breaches in both 2017 and 2020. DataBreaches notes that the 2017 incident affected 3,370 patients, and the 2020 incident affected 2,553 patients — as reported…
-
Healthcare , HIPAA/HITECH , Industry Specific HHS OIG: Current Audit Program Is Not Pushing Entities Enough to Improve Cyber Marianne Kolbasuk McGee (HealthInfoSec) • November 26, 2024
-
The U.S. Department of Health and Human Services is meeting the minimum requirements for auditing health organizations’ data privacy practices, but a recent report shows there’s more work to be done to protect patient data.
-
Healthcare , Industry Specific , Standards, Regulations & Compliance
-
Governance & Risk Management , Government , HIPAA/HITECH
-
The U.S. Government Accountability Office said HHS “continues to have challenges” as the lead agency for healthcare cybersecurity.
-
The U.S. Government Accountability Office (GAO) has identified challenges faced by the Department of Health and Human Services (HHS) in fulfilling its cybersecurity responsibilities. Strengthening HHS’s leadership could be achieved by implementing previous recommendations. Cyberattacks on the healthcare and public health sectors have surged in recent years.
-
Governance & Risk Management , Government , HIPAA/HITECH
-
MalBot November 13, 2024, 10:20pm 1 The Government Accountability Office said its unaddressed cyber guidance can result “in potential adverse impact on healthcare providers and patient care.”
-
With cyberattacks on healthcare organizations rising sharply, the U.S. Department of Health and Human Services (HHS) faces mounting criticism over its ability to protect this essential sector.
-
Following up on a settlement yesterday that was HHS’s first enforcement action under OCR’s Risk Analysis Initiative, HHS OCR today released a security risk assessment tool. Here is their statement about it:
-
HHS OCR announced a second ransomware investigation settlement today. This one involved Bryan County Ambulance Authority (BCAA), a provider of emergency medical services in Oklahoma. The Bryan County Ambulance Authority breach occurred in November 2021, but was only first reported to HHS on May 18, 2022. It affected 14,273 patients. HHS’s press release (below) notes…
-
A press release from HHS OCR today announces a settlement with Plastic Surgery Associates of South Dakota. In July 2017, DataBreaches reported that the entity was notifying 10,200 patients after a ransomware incident.