What many industry observers suggested is now confirmed: The Change Healthcare cyberattack earlier this year affected personal information of 100 million people, making it the nation’s largest-ever breach of healthcare data. Parent company UnitedHealthcare recently updated the Department of Health and Human Services’ Office for Civil Rights confirming the scope of the impact. However, it could be months or years before the department completes its investigation of Change and determines a financial penalty if it …
Read MoreCyberattacks Are One Thing, Exposed Records Are Another
Healthcare data statistics tracked by HIPAA Journal demonstrate a steady rise in breaches in the 14 years since the Department of Health and Human Services’ Office for Civil Rights (OCR) began publishing records. As of September 24, 2024, more than 490 breaches have been reported for the year. Reportable breaches, which only include incidents involving 500 or more health records, have been tracked by OCR since 2009, when just 18 breaches were recorded. From 2009 …
Read MoreNew Data Breach Exposed Information on 200,000+ Urgent Care Patients
It’s unclear whether human error or ill intent on the part of hackers is to blame, but on July 10 the records of more than 200,000 patients who had visited Premier Immediate Medical Care was exposed was “left exposed” for over a month on a practice management software server. The software provider, MedEvolve, says it is notifying current and former Premier patients that their names, billing addresses, telephone numbers, insurance status, and, for some, Social …
Read MoreGuard Patient Privacy Like You Would Your Own—or Face the Consequences
Prosecutions for relatively small-time violations of patient privacy under the Health Insurance Portability and Accountability Act (HIPAA) are becoming more common, in spite of the fact that larger-scale data breaches and fraud investigations grab all the headlines. One reason: Such violations may be low-hanging fruit that helps federal prosecutors win convictions more easily than more sweeping investigations. The HIPAA “privacy rule” sets standards to protect individuals’ medical records and other personal health information, requiring that …
Read MoreUpheld: HIPAA Violations by Themselves Are Not Ample Grounds to Sue
Violations of the Health Insurance Accountability and Portability Act are serious business, but they may not be sufficient grounds to sue violators, absent other circumstances, according to a decision just reached by a federal judge. A plaintiff in Washington, DC had charged that LabCorp left her protected health information (PHI) in plain sight at a local hospital, where it could be viewed by others not authorized to see it. That has been accepted as fact …
Read MoreAttention, Provider: You Can Be Sued for HIPAA Violations in Some States
Connecticut is the latest state to decide that healthcare providers can be sued for breaches of patient confidentiality under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Connecticut Supreme Court set the precedent when it decided that one patient’s breach of confidentiality and negligence claims against a provider could move forward. In essence, the decision paves the way for patients to use HIPAA as a standard of care and to sue providers …
Read MoreImplications of HIPAA and Employee Confidentiality Rules on Positive Drug Test Results
Urgent message: In addition to drug testing their own employees, many urgent care centers offer drug testing as a service to other employers. Therefore, it’s important to understand the laws affecting the privacy of drug screen results. Alan A. Ayers, MBA, MAcc is Vice President of Strategic Initiatives for Practice Velocity, LLC and is Practice Management Editor of The Journal of Urgent Care Medicine Introduction It’s standard procedure throughout the country for employers to require …
Read MoreOpportunity for Urgent Care Growth May Be Greatest in Rural Areas
There is a rare opportunity for a “transformative urgent care brand” to lock up market share in rural areas across the U.S., according to McGuireWoods, a public affairs consultancy. In fact, that was one of the nine key takeaways from their 12th annual Healthcare Provider Conference in Charlotte this month. Observing that urgent care operators have largely focused on growth in urban areas, McGuireWoods predicted that the next big opportunity will be in underserved rural …
Read MoreYou Could End Up Paying Millions for Employees’ HIPAA Violations
The U.S. Department of Health & Human Services’ Office of for Civil Rights (HHS OCR) has made it very clear that it’s the operator’s responsibility to police its own data policies—even among employees. Memorial Healthcare Systems (MHS) found that out the hard way, and now has to pay HHS $5.5 million to settle “potential violations” of HIPAA’s Privacy and Security rules, and to implement a “robust” 3-year corrective action plan and resolution agreement. HHS came …
Read MoreExtreme Caution: The HIPAA Dos and Don’ts When Responding to a Subpoena for Patient Medical Information
Urgent message: When health-care providers or urgent care centers respond to subpoenas for patients’ medical information, it is vital that they respond promptly, respond with exactly the information requested and nothing more, and protect patients’ privacy and confidentiality. Introduction When producing documents in response to a subpoena demanding patient medical information, a health-care provider must know the dos and don’ts to avoid privacy and confidentiality violations, sanctions, and penalties. A subpoena is a court or …
Read More