Last year was another banner year for HIPAA data breaches reported to the Office of Civil Rights (OCR). Under HIPAA, covered entities must report to the OCR any unauthorized “acquisition, access, use, or disclosure” of protected health information (PHI). Depending on the circumstances, OCR may take no action -- or it may open an investigation, which could lead to the issuance of civil penalties. The department’s approach depends on both the incident and the nature of the resp
A former patient coordinator at UPMC, a medical center in Pittsburgh, has pleaded guilty to wrongfully disclosing health information in a rare case involving criminal prosecution for violating HIPAA. The Department of Justice says Linda Sue Kalina, 61, pleaded guilty in a Pittsburgh federal court to one count of unlawfully disclosing patient information, as reported by Bankinfo Security. This individual accessed the records of scores of patients over a period of 18 months. Sh
A pediatric cardiologist recently sentenced to six months’ probation is serving as the latest reminder that violations of the Health Insurance Portability and Accountability Act (“HIPAA”) can lead to more than civil monetary penalties and reputational damage associated with a breach. According to The National Law Review, this is the second case within a six-month period in which a physician was prosecuted by the U.S. Department of Justice (“DOJ”) for such a HIPAA violation, r
Email fraud attacks on the healthcare sector increased by a whopping 473 percent between the first quarter of 2017 and the fourth quarter of 2017, according to a new report from Proofpoint, as reported by Health IT Security. Proofpoint analyzed over 160 billion emails sent across 150 countries in 2017 and 2019 to determine cyberattack trends on the healthcare sector. The researchers found that on average, organizations were targeted by 96 email fraud attacks per quarter durin
Another day, another data breach … this time involving a business associate in charge of medical records storage, Sharecare Health Data Services (SHDS). AltaMed Health Services (AltaMed) and California Physicians Services (doing business as Blue Shield of California (BSC)) recently received notice that a hacker was able to acquire and/or access patients’ protected health information (PHI) contained in the medical records kept by SHDS on behalf of the two healthcare entities.
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services recently announced that 2018 was a significant year in Health Insurance Portability and Accountability Act (HIPAA) enforcement activity. Last year, OCR received approximately $28.7 million in financial penalties – a record-breaker in terms of total penalty amounts paid, surpassing the $23.5 million OCR collected in 2016. OCR obtained the penalty amounts by settling 10 cases and receiving sum