Two hacking incidents - one reported by a Texas-based substance abuse treatment network that operates in several states and the other by a New Mexico community health center - have affected the sensitive medical information of nearly 300,000 individuals.
A Florida operator of urgent care clinics recently reported to federal regulators a health data breach affecting more than 258,000 individuals tied to a vendor's ransomware attack in May 2021. Why did it take so long to determine that the incident resulted in breach of protected health information?
Two hacking incidents involving vendors providing important IT-related and other services to dozens of covered entity clients are among the latest breaches affecting hundreds of thousands of individuals' data and show how mounting reliance on third parties creates increased risk to patient data.
Another proposed federal class action lawsuit alleges Facebook uses its Pixel tracking tool to collect millions of individuals' sensitive health data from healthcare provider websites without patients' knowledge or consent. HIPAA prohibits the use of PHI for marketing purposes without consent.
New draft guidance from the National Institute of Standards and Technology - if properly applied by HIPAA regulated entities - could help organizations avoid fines and similar enforcement actions by regulators in the wake of breaches, some experts say.
A slew of HIPAA enforcement actions is a sign that regulators are impatient with the short shrift that many medical providers give to providing patients access to their health information. No fewer than 11 of the last dozen HIPAA fines focus on a right of access dispute.
Many healthcare sector entities are undertaking projects involving the collection, analysis and sharing of large volumes of health data. But along with those efforts come critical privacy and security concerns, says attorney Iliana Peters of Polsinelli.
The Biden administration continues to react to the Supreme Court's overturn of precedent guaranteeing a constitutional right to abortion, issuing Friday an executive order that includes provisions to help safeguard the privacy of patients' data.
Google's move to soon begin deleting location history pertaining to individuals' visits to facilities offering sensitive healthcare services is a step in the right direction, but experts say technology firms and others could do more to better protect the privacy of health data.
A ransomware attack on an accounts receivables management firm has affected hundreds of healthcare clients - including dental practices, physician groups and hospitals, resulting in one of the largest health data breaches involving a vendor so far this year.
Location data, browser history, IP addresses, and appointment scheduling are among the sensitive data putting individuals' privacy at risk in the wake of the decision to overturn Roe v. Wade, says Alexandra Reeve Givens of the Center for Democracy and Technology.
To help improve HIPAA breach reporting, the Department of Health and Human Services should implement a formal mechanism for organizations to communicate with regulators about that process, according to a new report from the Government Accountability Office.
A malware incident involving exfiltration of data has affected more than 1.24 million patients of Texas-based Baptist Medical Center and Resolute Health Hospital. It adds to a growing list of major health data breaches reported to regulators in recent weeks as affecting millions of individuals.
Four proposed federal class action lawsuits filed in recent days against MCG Health LLC in the wake of a recently disclosed 2020 hacking incident affecting up to 1.1 million individuals allege negligence and violations of various laws by the clinical guidelines vendor.
A proposed federal class action lawsuit alleges that Facebook is unlawfully collecting "millions" of individuals' information from the websites and patient portals of "hundreds" of medical providers without the knowledge and consent of patients.