Summer HIPAA Violations

HIPAA violations

Fall is a good time to review the statistics coming out of the office of Health and Human Services concerning summer HIPAA breaches. A high number of HIPAA violations and data breaches have been tallied this summer across the United States and from a variety of medical organizations, according to a report by HIPAA Journal. These HIPAA violations include those resulting from ramsomware and phishing attacks, unencrypted email, unauthorized videotaping, and even social media misuse.

As you probably already know, any company or healthcare organization handling electronic protected healthcare information (e-PHI) must adhere to both HIPAA Privacy and HIPAA Security Rules. Violations can lead not only to hefty fines but also to criminal charges, as HIPAA policy is overseen by the Department of Health and Human Services, administered by the Office of Civil Rights and even prosecuted by the Department of Justice, in some cases.

On the technical side, where many of the violations and breaches occur, it is vital that your organization engages with an IT Provider who is knowledgeable and understands the HIPAA Security Rule, which includes Administrative, Physical and Technical aspects of keeping the e-PHI secure.

Did you know that as a healthcare organization handling e-PHI you are required to:

  • Also manage any vendors coming in contact with your organization’s PHI by securing signed Business Associates Agreements?
  • Assign a HIPAA Security Office who helps develop clear HIPAA Policies and procedures specifically written for your organization?
  • Offer HIPAA Awareness Training for all your employees on a regular basis?
  • Secure a HIPAA Risk Assessment to determine any gaps in your Administrative, Physical or Technical HIPAA requirements?

The following is a sampling of healthcare organizations from across the United States whose breaches or violations have been reported by the Office of Civil Rights.

  • Please note that phishing attacks, and social media misuse are the result of employee error, and a solid HIPAA Awareness Training coupled with an automated Cyber Security program has proven to be beneficial.
  • For the ransomware attacks, there are several important preventative measures that HIPAA requires all Healthcare organizations to have in place. These are “best practices” for any business.
  • Also, note that this sampling includes small offices as well as mid-size offices. Don’t be fooled into thinking that the Office of Civil Rights only prosecutes and fines larger organizations.
  • Finally, please be aware that NoWorriesIT’s system engineers are HIPAA certified and trained to assist businesses and non-profits who must handle protected healthcare information on the ins and outs of the HIPAA Security Rule. Please call us for a free consultation to see if we are good fit to work with your organization at 410-751-7650.

Phishing Attack on Legacy Health Results In Exposure of 38,000 Patients’ PHI (OR)

Central Colorado Dermatology Ransomware Attack Potentially Resulted in PHI Access (CO)

1,790 Patients Impacted by Phishing Attack on Los Angeles Drug and Alcohol Treatment Center (CA)

Mailing Error Resulted in Impermissible Disclosure of 19,570 Missouri Care Members’ PHI (MO)

NY Attorney General Fines Arc of Erie County $200,000 for Security Breach (NY)

Reliable Respiratory Phishing Attack Impacts 21,000 Patients (MA)

Phishing Attack on Acadiana Computer Systems Exposed the PHI of 31,000 Individuals (LA)

Texas Nurse Fired for Social Media HIPAA Violation (TX)

Email Security Breaches Reported by Hopebridge (IN) and United Methodist Homes (NY)

About The Author

Jean Burgess, Marketing Manager

Jean Burgess, Marketing Manager

Jean Burgess is Marketing Manager for NoWorriesIT, where she is continually surrounded by techno-speak and computer gear throughout the day. From Jean's desire to understand this alien world of Cloud Computing, Remote Monitoring and Management, Data Backup and Disaster Recovery, and Network Security sprang this blog -Thoughts From A Wannabe Techno Geek. Her goal: to be a liaison between the knowledgeable NoWorriesIT system engineers and the small business reader in an entertaining and informative manner.

« Previous Post

Next Post »

Leave a Reply