Skip to main content
Home
New Series: How Information...
Article One
News Sections
Academic Research
Analytics
Clinical IT
Cybersecurity
Hospital Systems
Government
Imaging
Industry Perspectives
Interoperability/HIE
Population Health Management
Revenue Cycle / Finance
Editor's Choice
Video
White Papers
Premium Articles
Achieving value-based care through the supply chain
Why Partnerships are Key to Driving Healthcare Forward
Books
Contact
Menu
Home
New Series: How Information...
Article One
News Sections
Academic Research
Analytics
Clinical IT
Cybersecurity
Hospital Systems
Government
Imaging
Industry Perspectives
Interoperability/HIE
Population Health Management
Revenue Cycle / Finance
Editor's Choice
Video
White Papers
Premium Articles
Achieving value-based care through the supply chain
Why Partnerships are Key to Driving Healthcare Forward
Books
Contact
Cybersecurity
ICYMI: Protecting Patients and Data at the 2023 Healthcare Cybersecurity Forum
Top cybersecurity leaders convened at the 2023 Healthcare Cybersecurity Forum to explore strategies to fortify defenses, safeguard patients and defend against attackers.
AHA Responds to Senate RFI on Health Data Privacy
On behalf of the nearly 5,000 member hospitals, health systems and other health care organizations, and our clinician partners — including more than 270,000 affiliated physicians, 2 million nurses and other caregivers — and the 43,000 health care leaders who belong to our professional membership groups, the American Hospital Association (AHA) appreciates the opportunity to comment on your request for information (RFI) on data privacy and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
FDA Updates Cybersecurity Guidance for Medical Device Makers
The Food and Drug Administration Sept. 26 finalized guidance updating the cybersecurity information device makers should submit to its Center for Devices and Radiological Health or Center for Biologics Evaluation and Research for premarket review of devices that have cybersecurity considerations.
HHS Alerts Health Sector to Critical Cyber Vulnerability
The Department of Health and Human Services Sept. 18 alerted the healthcare sector to a critical vulnerability in ManageEngine products that allows an attacker to perform remote code execution and which a North Korean state-sponsored actor is reportedly using to target health care entities in Europe and the United States.
HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that provides health care benefits and coverage through state, federal, and commercial programs. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules that set the requirements that HIPAA-regulated entities must follow to protect the privacy and security of protected health information (PHI).
UnitedHealthcare Pays $80,000 Settlement to HHS to Resolve HIPAA Matter over Patient Medical Records Request
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has announced a settlement with UnitedHealthcare Insurance Company (“UHIC”), a health insurer that provides insurance coverage to millions of individuals across the U.S., concerning a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule’s right of access provision.
Sentinel Event Alert on Cybersecurity in Healthcare
The number of cyberattacks and information system breaches in healthcare has grown steadily, escalating from isolated incidents to widespread targeted and malicious attacks.1 In 2022, 707 data breeches occurred, exposing more than 51.9 million patient records, according to data from the Department of Health and Human Services (DHHS).
SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies
The Securities and Exchange Commission adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules requiring foreign private issuers to make comparable disclosures.
HCA Healthcare Reports Data Security Incident
HCA Healthcare, recently discovered that a list of certain information with respect to some of its patients was made available by an unknown and unauthorized party on an online forum.
HIMSS Endorses and Issues Recommendations on US Government Proposed Rule on Reproductive Health Data Privacy
The U.S. Supreme Court last year overturned Roe v. Wade, which raised extreme concerns around health outcomes, equity and data privacy. On June 16, HIMSS issued recommendations to the Health and Human Services Office of Civil Rights to strengthen data privacy surrounding reproductive healthcare in response to the agency’s proposed rule.
HHS Office for Civil Rights Settles HIPAA Investigation with iHealth Solutions Regarding Disclosure of Protected Health Information on an Unsecured Server for $75,000
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules with iHealth Solutions, LLC (doing business as Advantum Health), a Kentucky-based business associate that provides coding, billing, and onsite information technology services to health care providers.
Snooping in Medical Records by Hospital Security Guards Leads to $240,000 HIPAA Settlement
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with Yakima Valley Memorial Hospital, a not-for-profit community hospital located in Yakima, Washington resolving an investigation under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Agencies Alert Field to Hidden State-Sponsored Cyberthreat to Networks
U.S. and international cybersecurity authorities released an advisory to help health care and other critical infrastructure organizations identify and protect their networks from a People’s Republic of China state-sponsored group known as Volt Typhoon that uses built-in network administration tools to avoid detection.
Ovulation Tracking App Premom Will be Barred from Sharing Health Data for Advertising Under Proposed FTC Order
The Federal Trade Commission charged that the developer of the fertility app Premom deceived users by sharing their sensitive personal information with third parties, including two China-based firms, disclosed users’ sensitive health data to AppsFlyer and Google, and failed to notify consumers of these unauthorized disclosures in violation of the Health Breach Notification Rule (HBNR).
HHS Office for Civil Rights Enters Into $15,000 Settlement Resolving Potential HIPAA Violation Under the Right of Access Initiative
The U.S. Department of Health and Human Services’ Office for Civil Rights announced a settlement with David Mente, MA, LPC (“Mente”), a licensed counselor providing psychotherapy services in Pittsburgh, Pennsylvania, concerning a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule’s right of access provision.
Back to top