A recent phishing attack against Network180, a mental health organization in Grand Rapids, Michigan, led to a data breach affecting approximately 2,200 patients.
In December, HHS Office for Civil Rights (OCR) released a request for information seeking input from the public in order to identify provisions of HIPAA that may impede value-based care or limit care coordination among individuals and covered entities, and which do not meaningfully contribute to protecting the privacy and security of protected health information.
Approximately 16,000 patients of Mind and Motion Developmental Centers of Georgia had their protected health information compromised after a ransomware attack on a server at the facility.
Q: A patient recently told me she was surprised to learn from another physician at our facility that her adult child had been prescribed a particular medication for high cholesterol. Her child is not a dependent adult under her care. Is it a HIPAA violation for a provider to discuss the care of non-dependent adult children with their parents?
In this month's HIPAA Q&A, we answer your questions about sending unencrypted emails to the right recipient, discussing patients with colleagues, scheduling appointments for spouses, and filing complaints against insurance companies.
Pagosa Springs Medical Center (PSMC) in Pagosa Springs, Colorado, has agreed to pay $111,400 to the Office for Civil Rights (OCR) and to adopt a substantial corrective action plan in a settlement over alleged HIPAA violations.
Baylor Scott & White Medical Center-Frisco, in Frisco, Texas, announced a data breach earlier this month affecting 47,000 patients and guarantors. The breach occurred in September when the hospital found an issue with a third-party vendor’s credit card processing system.
Q: Sometimes the emergency department where I work gets so busy we have to evaluate patients before they can be placed in a room. I have seen nurses perform examinations on patients on stretchers in hallways where they can easily be overheard discussing medical histories and treatment options. Would this be considered a HIPAA violation?
