Opportunity Lost, Lesson Learned: OCR’s $3.2 Million Message to Children’s Medical Center

By on February 2, 2017 in Data Security with 0 Comments

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), announced on February 1, 2017, that it imposed a $3.2 million civil money penalty against Children’s Medical Center of Dallas (“Children’s”) for impermissible disclosure of unsecured electronic protected health information (ePHI) and many years of non-compliance with multiple standards of the HIPAA […]

Share

Continue Reading »

Cyber Risk Is Not Going Away

By on November 23, 2016 in Data Security with 0 Comments

In a future that has become more ambiguous than ever, some things are certain. Businesses, including health care entities, will increasingly rely on data and technology in order to conduct their business.  Data containing personal information will continue to be valuable.  The risk of liability for those holding that data will remain, whether the enforcer […]

Share

Continue Reading »

For Covered Entities and Business Associates, There Can Be No Such Thing as “HIPAA Lite”

It has been well over a decade since health care providers (and other HIPAA Covered Entities) started handing out their Notice of Privacy Practices as required by the HIPAA Privacy Rule. Patients have become so accustomed to the Notice that many never read it, even though signing that they have not only read it but […]

Share

Continue Reading »

It’s Not Just Ransomware – It’s a Breach!

By on July 29, 2016 in Data Security with 0 Comments

Ransomware.  It’s in the headlines, but what is it?  Recently, the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) provided a layperson’s description: Ransomware is a type of malware (malicious software) that attempts to deny access to a user’s data, usually by encrypting the data with a key known only to […]

Share

Continue Reading »

It’s Not Just About HIPAA: Patient Communications and a Lesson from the FTC

In a one-count complaint, the Federal Trade Commission (FTC) alleges that Practice Fusion, the country’s largest cloud-based electronic health records company, engaged in deceptive acts or practices under Section 5(a) of the Federal Trade Commission Act.  Specifically, the FTC alleges that Practice Fusion misled patients of its healthcare providers to believe they were sending messages […]

Share

Continue Reading »

Data Breach – Can You Win This War?

As a business owner or CEO, you know that information technology has become a key part of your operations.  But having an IT budget and finding the right employee or vendor for your IT needs—or what you think are your IT needs—will no longer suffice when it comes to privacy, security and data breach.  It […]

Share

Continue Reading »

Top