AHA Responds to Senate RFI on Health Data Privacy
On behalf of the nearly 5,000 member hospitals, health systems and other health care organizations, and our clinician partners — including more than 270,000 affiliated physicians, 2 million nurses and other caregivers — and the 43,000 health care leaders who belong to our professional membership groups, the American Hospital Association (AHA) appreciates the opportunity to comment on your request for information (RFI) on data privacy and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
FDA Updates Cybersecurity Guidance for Medical Device Makers
The Food and Drug Administration Sept. 26 finalized guidance updating the cybersecurity information device makers should submit to its Center for Devices and Radiological Health or Center for Biologics Evaluation and Research for premarket review of devices that have cybersecurity considerations.
HHS Alerts Health Sector to Critical Cyber Vulnerability
The Department of Health and Human Services Sept. 18 alerted the healthcare sector to a critical vulnerability in ManageEngine products that allows an attacker to perform remote code execution and which a North Korean state-sponsored actor is reportedly using to target health care entities in Europe and the United States.
HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that provides health care benefits and coverage through state, federal, and commercial programs. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules that set the requirements that HIPAA-regulated entities must follow to protect the privacy and security of protected health information (PHI).
UnitedHealthcare Pays $80,000 Settlement to HHS to Resolve HIPAA Matter over Patient Medical Records Request
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has announced a settlement with UnitedHealthcare Insurance Company (“UHIC”), a health insurer that provides insurance coverage to millions of individuals across the U.S., concerning a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule’s right of access provision.
Sentinel Event Alert on Cybersecurity in Healthcare
The number of cyberattacks and information system breaches in healthcare has grown steadily, escalating from isolated incidents to widespread targeted and malicious attacks.1 In 2022, 707 data breeches occurred, exposing more than 51.9 million patient records, according to data from the Department of Health and Human Services (DHHS).