Cybersecurity


Diagnostic Imaging Provider Pays $3 Million to Settle Data Breach
May 7, 2019 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Litigation
Touchstone Medical Imaging has agreed to pay $3 million to settle HIPAA violations after an unsecured computer server exposed the medical records of 300,000 patients on Google in 2014. The U.S. Department of Health and Human Services (HHS) announced the settlement on May 6. Touchstone, based in Franklin, Tennessee, provides diagnostic imaging services in Nebraska, …
Read More
OCR Issues HIPAA FAQs on Software Apps
May 6, 2019 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Medical Devices and Wearables
The U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) recently issued five new FAQs pertaining to software applications that obtain individuals’ electronic protected health information (ePHI). The FAQs describe various scenarios in which HIPAA covered entities may transmit ePHI to apps, including fitness trackers and other wearables. In short, a covered entity …
Read More
HHS Reduces Potential HIPAA Penalties
April 30, 2019 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA
The U.S. Department of Health and Human Services (HHS) has revised the potential monetary penalties that may be imposed on healthcare providers, health plans and business associates for HIPAA violations. HHS’s notice of enforcement discretion, issued on April 26, reduces the maximum annual penalty for less-severe violations from $1.5 million to as low as $25,000. The …
Read More
Amazon’s Alexa Now HIPAA-Compliant
April 18, 2019 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Home Health | Hospitals | Medical Devices and Wearables | Private Insurers | Telehealth
Amazon announced in a blog post on April 4 that its Alexa voice assistant’s operating environment now complies with HIPAA. Companies that build functions, or skills, for Alexa will now be able to create skills that involve the transmission of users’ protected health information. The initial group of six participants in an invitation-only program includes …
Read More
Imaging Equipment Vulnerable to Cyberattacks
April 4, 2019 | Eric D. Fader | Cybersecurity | Electronic Health Records | Hospitals | Telehealth
Researchers at the Ben-Gurion University Cyber Security Research Center in Israel have created malware that could exploit vulnerabilities in MRI and CT scanning equipment to alter patients’ images. The Washington Post discussed the research project in an April 3 article. In theory, by adding fabricated cancerous nodules to a MRI or CT scan, an attacker …
Read More
Medtronic Warns of Defibrillator Hacking Vulnerability
March 27, 2019 | Eric D. Fader | Cybersecurity | Electronic Health Records | FDA | Legislation and Public Policy | Medical Devices and Wearables | Telehealth
Medtronic PLC self-disclosed last week to the U.S. Food and Drug Administration (FDA) that an unspecified problem in the wireless technology of 19 models of the company’s defibrillators makes them vulnerable to being hacked. The company said it is not aware of any cyberattacks, privacy breaches, or patient harm related to the 750,000 vulnerable devices. …
Read More
OCR May Alter HIPAA Rules to Ease Compliance, Care Coordination
February 28, 2019 | Rivkin Rounds Staff | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy
An article in the March issue of Healthcare Risk Management discussed a Request for Information (RFI) released in December by the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR). The RFI, which seeks public input on how the HIPAA rules may be modified to promote coordinated, value-based healthcare, was previously discussed …
Read More
Overlooked BAA Costly for Florida Group
December 11, 2018 | Margarita Christoforou | Cybersecurity | Electronic Health Records | HIPAA | Hospitals
Advanced Care Hospitalists, PL (ACH), a Florida physician group, has learned that failing to enter into a proper business associate agreement (BAA) with a vendor can be a very costly mistake. As a result of that failure, ACH has paid a penalty of $500,000 to the U.S. Department of Health and Human Services’ Office for …
Read More
Florida Physicians Group Exposed 9,000 Patients’ Data to Web
December 5, 2018 | Rivkin Rounds Staff | Cybersecurity | Electronic Health Records | HIPAA | Hospitals
A December 4 article in Bloomberg Law’s Health Law & Business, “Florida Physicians Group Exposed 9,000 Patients’ Data to Web,” discussed a $500,000 HIPAA settlement entered into by Advanced Care Hospitalists (ACH), a Florida physician group, with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). Rivkin Radler’s Eric Fader was quoted …
Read More
HHS Releases Updated HIPAA Security Risk Assessment Tool
October 23, 2018 | Carol A. Hyde | Cassandra Rivais DiNova | Cybersecurity | Electronic Health Records | HIPAA
As cybersecurity threats increase, the need for healthcare providers to conduct periodic security risk assessments as required by the HIPAA Security Rule has become more critical. To assist providers in this task, the U.S. Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health Information Technology and Office for Civil Rights …
Read More

Authors
show more

Get legal updates and news delivered to your inbox