Tag: HHS

phishing

Phishing Scam Leads to $400,000 HIPAA Settlement at Colorado Health Center

A nonprofit health center in Colorado agreed to pay $400,000 to settle Health Insurance Portability and Accountability Act (HIPAA) security allegations after a hacker accessed employees’ e-mail accounts and obtained 3,200 individuals’ protected health information (PHI) in a phishing incident, the U.S. Department of Health and Human Services (HHS) announced April 12.

No HIPAA Exception for Cybersecurity Information Sharing, HHS Warns

The Health Insurance Portability and Accountability Act’s (HIPAA’s) privacy rule does not exempt the sharing of information on cyber threat indicators, so HIPAA-covered entities and their business associates may not share protected health information (PHI) for this purpose unless HIPAA otherwise allows it, the U.S. Department of Health and Human Services (HHS) warned recently.

Recent Big-Ticket HIPAA Settlements Drive Home Need for Organizational Commitment

By David Slaughter, JD, Senior Legal Editor The month of July saw two hospitals reach multimillion-dollar Health Insurance Portability and Accountability Act (HIPAA) privacy and security settlements with the U.S. Department of Health and Human Services (HHS). Each case began with that most mundane of data breaches, the stolen laptop, but once HHS investigators started […]

Prepare for HIPAA Privacy/Security Audits This Summer, Experts Advise

By Gwen Cofield Now that the U.S. Department of Health and Human Services (HHS) has begun prescreening questionnaires for Phase 2 privacy and security audits, Health Insurance Portability and Accountability Act (HIPAA)-covered entities should make sure they’re prepared on the compliance areas HHS’ Office for Civil Rights (OCR) has indicated it plans to emphasize.