HIPAA

Quest Diagnostics, a Madison, New Jersey-based medical laboratory services company, announced a data breach affecting 34,000 individuals. The breach occurred November 26, according to Quest Diagnostic’s December 12 statement.

Breaches and audits brought much needed attention to HIPAA

Q. Are we required to use encryption on all email, or only email that contains PHI?

Information security officers often have their hands full with HIPAA. But as high-deductible health plans have patients paying more out of pocket, it’s time organizations took a closer look at another set of cybersecurity guidance: the Payment Card Industry Data Security Standard (PCI DSS).

It’s been a challenging year for HIPAA compliance. OCR levied more than $20 million in breach settlement fines. Ransomware rocked the healthcare industry.

The second round of desk audits in the HIPAA audit program began this week, the Office for Civil Rights (OCR) announced in a November 30 email alert.

A new phishing scam targeting covered entities (CE) and business associates (BA) is disguised as an official communication from the Office for Civil Rights (OCR). In an alert released November 28, OCR advised CEs and BAs that a phishing email is being circulated on fake HHS letterhead with the signature of Jocelyn Samuels, OCR’s director.

The University of Massachusetts Amherst (UMass) agreed to a $650,000 HIPAA settlement fine after a breach investigation revealed the university failed to implement basic security measures.

An information security blogger stumbled across vulnerable protected health information stored by a billing service.

Data breaches spiked dramatically in the second half of the year but some experts at AHIMA’s 2016 national convention in Baltimore suggest the apparent surge might be caused in part by improved reporting.