Sign in

News and Toolkit Updates

1

Recent breach shows importance of BA agreements

Carefully managing your Business Associates (BA) agreements is important. At PrivaPlan we can’t emphasize that enough. The following story illustrates why. As if going to the dentist doesn’t cause enough anxiety, last week 4300 dental patients learned that their personal records may have been compromised. Massachusetts General Hospital (MGH) in Boston contacted the patients about…

2

Final Guidance from OCR released on De-identification of PHI!

De-identification of PHI has become an increasingly complex issue and requirement with the increased use of electronic health records, health information exchanges and related. The Office of Civil Rights has been working on update guidance on methods of de-identification for some time. The final guidance is now available.

From the PrivaPlan Blog

1

Phishing scam exposes PHI of patients at Colorado Mental Health Institute

As the year comes to an end, there appears to be no end in sight for healthcare data hacks. An employee at the Colorado Mental Health Institute at Pueblo recently fell for a phishing scam that potentially exposed the PHI of 650 patients.

2

Will a Federal Data Security and Breach Notification Act finally get passed?

Three Democratic Senators re-introduced a Data Security and Breach Notification Act on Thursday that has failed to get legislative approval since 2015.

3

New HIPAA guidance released in opioid crisis

Responding to the opioid crisis, the OCR explains when and how healthcare providers can share a patient’s health information without violating HIPAA.

4

Our experts talk security with rural health care group

David Ginsberg talked about cyber security during one of the three sessions he led at the Colorado Rural Health Care Annual Rural Health Conference this week.

5

Expect phishing attacks to follow Equifax hack

With news that cyber criminals stole 143 million credit records in a hacking scandal at Equifax, highly targeted spear phishing attacks are expected.

6

Latest HIMSS cybersecurity report: threats rise, so does security

The August 2017 HIMSS Cybersecurity Report indicates that respondents are taking proactive steps to stay ahead of security threats.

7

A new cyber threat is also a HIPAA Security threat

Recent analysis of a new variant of what appeared to be ransomware turns out instead to be malicious software that erases files on computers.

8

Survey finds 68% healthcare employees will share sensitive info

Results from a recent survey reveal that 68% of healthcare employees occasionally share confidential or regulated data.

9

Health data breaches rise significantly in March

The number of health data breaches for March was more than January and February combined.

10

FBI warns of cyber attacks on FTP servers in healthcare

An FBI alert warns the healthcare sector that cyber criminals have stepped up attacks targeting their FTP servers.

11

HIPAA settlement proves value of audit controls

Having policies and procedures in place is good, as long as you have audit controls to ensure they’re implemented, unlike this Florida healthcare system.

12

Hospital’s fate warns of tax season scams

On January 25, it was discovered that the tax information of 1,457 hospital employees had fallen into a scammer’s hands in one of the latest W-2 business email compromise attacks.

13

Patient behind breach using hospital library laptop

The New Hampshire DHHS says a former patient is behind a breach that began on a laptop in the hospital library, affecting approximately 15,000 patients.

14

Hack of Quest Diagnostics affects 34k people

Quest Diagnostics Inc. is investigating a hack into an internet application on its network that exposed the PHI of about 34,000 people.

15

Be on the alert for App ID Theft

Want to give personal information to a scammer this holiday season? There’s an app for that. Actually, there are hundreds of apps for that and many are masquerading as legitimate retailers.

16

Latest HIPAA settlement proves why managing security risk is critical

St. Joseph Health will pay $2.14 million for HIPAA violations, serving as an unfortunate example of why managing security risk is critical.

17

OCR releases guidance on Cloud Computing and HIPAA

The OCR released a guidance on October 6 that attempts to clear things up regarding cloud service providers and HIPAA.

18

Latest HIPAA settlement shows importance of up-to-date BA agreements

On Sept. 23, 2016, the OCR announced its second HIPAA enforcement action against a business associate to the tune of $400,000. The hospital had previously entered into a settlement of $150,000 for its part in the breach.

19

Join Oct. 12 webcast: BAs, HIPAA Risk Management

More and more, HIPAA breaches are caused by the Business Associates of HIPAA covered entities. Learn how to manage these risks in Oct. 12 webcast.

20

OCR is stepping up its investigations of smaller breaches

The OCR has begun an initiative to more widely investigate the root causes of smaller breaches affecting fewer than 500 individuals.

21

Data breach at Banner Health affects 3.7 million

News of a massive data breach at Banner Health continues to make headlines since first being announced Aug. 3.

22

Recent breach shows importance of BA agreements

Carefully managing Business Associates agreements is important. Take a lesson from the breach of 4300 patient files through a vendor of a Boston hospital.

23

Plaintext data compromises patient info

A hacker claims to steal nearly 10 million patient records using readily available plaintext data. How can you protect patient info?

24

David Ginsberg explains new HIPAA audits in webinar

PrivaPlan President David Ginsberg leads June 28 webinar hosted by CORHIO about new HIPAA audits of covered entities and their business associates.

25

Can you name 10 technologies with the greatest vulnerabilities?

There are 10 technologies emerging in the next five years with the greatest vulnerabilities in terms of cybersecurity, finance, personal health and safety. Two directly impact the health care industry.