Time for Covered Entities and Business Associates to Harden Their Security Defenses

January 31, 2017. In recent posts on the HIPAA Integrity® Website, we have urged our readers and clients to invest in security and to harden access to their IT systems in order to minimize the likelihood of a privacy breach or security incident and the consequences thereof. We commend to your attention an excellent January 23, 2017, Modern Healthcare Special Report written by Adam Rubenfire and Joseph Conn entitled: “Building a Better Cyberdefense: How to harness technology to protect your organization and patients from the latest cyberthreats.”

SC Hospital Reports a Breach of Digital Camera Card Containing 500 Babies’ PHI

January 30, 2017. The January 24, 2017, Charleston, SC-based Post & Courier article entitled: “Camera used to take photos of newborn babies missing from Mount Pleasant hospital,” mischaracterizes several statements pertaining to the breach of a missing digital card containing protected health information “for approximately 500 babies born between November 2015 and November 2016.

OCR Initiates 2nd Settlement in January for $2.2 Million for Failure of a Covered Entity Health Plan to Implement HIPAA Safeguards

January 25, 2017. On January 18, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced in a news release a $2,204,182 settlement with MAPFRE Life Insurance Company of Puerto Rico for the HIPAA Privacy violation of “impermissible disclosure of unsecured electronic protected health information [ePHI].” OCR’s investigation of the breach—a stolen non-safeguarded USB data storage device containing protected health information of 2,209 individuals—revealed that MAPFRE failed “to conduct its risk analysis and implement risk management plans, contrary to its prior representations, and a failure to deploy encryption or an alternative measure on its laptops and removable storage media.” According to the Resolution Agreement, MAPFRE failed to do the following pertaining to HIPAA compliance:

OCR Initiates First HIPAA Enforcement Settlement for Failure of Covered Entity to Provide Timely Written Notification of Breach

January 13, 2017. On January 9, 2017, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced that Presence Health Network of Illinois settled a HIPAA enforcement action for $475,000 for failure to report in writing in a timely manner as required by the HITECH Act Breach Notification Rule a breach of unsecured protected health information (PHI) in paper format in October 2013 that affected 836 individuals.

Categories



Archives

  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)