Two Day Seminar: HIPAA Compliance 2018 (Salt Lake City, Utah, United States – June 13-14, 2018 … – Press of Atlantic City

Two Day Seminar: HIPAA Compliance 2018 (Salt Lake City, Utah, United States - June 13-14, 2018 ...
Press of Atlantic City
Although healthcare news and the internet is replete with articles and descriptions of the HIPAA privacy and security regulations, there remain many misconceptions of what these regulations mean to healthcare organizations and what they, and their ...

and more »

Two Day Seminar: HIPAA Compliance 2018 (Salt Lake City, Utah, United States – June 13-14, 2018 … – Odessa American

Two Day Seminar: HIPAA Compliance 2018 (Salt Lake City, Utah, United States - June 13-14, 2018 ...
Odessa American
Although healthcare news and the internet is replete with articles and descriptions of the HIPAA privacy and security regulations, there remain many misconceptions of what these regulations mean to healthcare organizations and what they, and their ...

Two Day Seminar: HIPAA Compliance 2018 (Salt Lake City, Utah, United States – June 13-14, 2018 … – Business Wire (press release)


Bristol Herald Courier
Two Day Seminar: HIPAA Compliance 2018 (Salt Lake City, Utah, United States - June 13-14, 2018 ...
Business Wire (press release)
DUBLIN--(BUSINESS WIRE)--The "HIPAA Compliance 2018" conference has been added to ResearchAndMarkets.com's offering. This two day seminar takes the participants through HIPAA compliance from start to compliance. Although healthcare news and ...
Two Day Seminar: HIPAA Compliance 2018 (Salt Lake City, Utah ...Odessa American

all 4 news articles »

One Day HIPAA and the Business Associate Seminar (Savannah, United States – June 5th, 2018 … – Business Wire (press release)

One Day HIPAA and the Business Associate Seminar (Savannah, United States - June 5th, 2018 ...
Business Wire (press release)
The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, as there is so much misleading information regarding the do's and don'ts with HIPAA. I want to add clarity for Business Associates, and also help ...

HIPAA Compliance Seminar – Clear, Complete, Step-by-Step (Arlington, VA, United States – June 7-8, 2018 … – Business Wire (press release)

HIPAA Compliance Seminar - Clear, Complete, Step-by-Step (Arlington, VA, United States - June 7-8, 2018 ...
Business Wire (press release)
But mandatory HIPAA Compliance Audits conducted by the Office for Civil Rights (OCR), the HIPAA enforcement arm of the U.S. Department of Health and Human Services (HHS), found 94% of Covered Entities failed the Risk Management Audit and 87% ...

Healthcare Data Breach Report: April 2018

April was a particularly bad month for healthcare data breaches with both the number of breaches and the number of individuals impacted by breaches both substantially higher than in March.

There were 41 healthcare data breaches reported to the Department of Health and Human Services’ Office for Civil Rights in April. Those breaches resulted in the theft/exposure of 894,874 healthcare records.

Healthcare Data Breach Trends

For the past four months, the number of healthcare data breaches reported to OCR has increased month over month.

Healthcare data breaches by month

For the third consecutive month, the number of records exposed in healthcare data breaches has increased.

HEalthcare records exposed by month

Causes of Healthcare Data Breaches in April 2018

The healthcare industry may be a big target for hackers, but the biggest cause of healthcare data breaches in April was unauthorized access/disclosure incidents. While cybersecurity defences have been improved to make it harder for hackers to gain access to healthcare data, there is still a major problem preventing accidental data breaches by insiders and malicious acts by healthcare employees.

Causes of Healthcare Data Breaches in April 2018

Records exposed by breach type (April 2018)

Largest Healthcare Data Breaches in April 2018

More than half of the healthcare records exposed in April were the result of a single security incident at the California Department of Developmental Services. Thieves broke into California Department of Developmental Services offices, stole electronic equipment, and started a fire. Digital copies of PHI on the stolen equipment were encrypted and were therefore not exposed. Most of the PHI was in physical form and it does not appear any paperwork was taken by the burglars.

While hacking usually results in the highest number of exposed/stolen records, in April the most serious breaches in terms of the number of individuals affected, were unauthorised access/disclosure incidents. In April there were 11 major breaches involving the theft/exposure of more than 10,000 records.

Covered Entity Entity Type Records Exposed Breach Type
CA Department of Developmental Services Health Plan 582,174 Unauthorized Access/Disclosure
Center for Orthopaedic Specialists – Providence Medical Institute (PMI) Healthcare Provider 81,550 Hacking/IT Incident
MedWatch LLC Business Associate 40,621 Unauthorized Access/Disclosure
Inogen, Inc. Healthcare Provider 29,528 Hacking/IT Incident
Capital Digestive Care, Inc. Healthcare Provider 17,639 Unauthorized Access/Disclosure
Iowa Health System d/b/a UnityPoint Health Business Associate 16,429 Hacking/IT Incident
Knoxville Heart Group, Inc. Healthcare Provider 15,995 Hacking/IT Incident
Athens Heart Center, P.C. Healthcare Provider 12,158 Hacking/IT Incident
Fondren Orthopedic Group L.L.P. Healthcare Provider 11,552 Unauthorized Access/Disclosure
Kansas Department for Aging and Disability Services Healthcare Provider 11,000 Unauthorized Access/Disclosure
Carolina Digestive Health Associates, PA Healthcare Provider 10,988 Unauthorized Access/Disclosure

Location of Breached PHI

One of the main causes of healthcare breaches in April was phishing attacks. There were nine data breaches involving the hacking of email accounts in April. The high number of phishing attacks highlights the need for healthcare organizations to invest in technology to prevent malicious emails from being delivered to employees’ inboxes and to improve security awareness of the workforce.

Location of Breached PHI (April 2018)

Data Breaches by Covered Entity

The majority of breaches in April were reported by healthcare providers, followed by health plans and business associates. While five breaches were reported by business associates, there was business associate involvement in at least 11 incidents in April.

Data Breaches by Covered Entity (April 2018)

Healthcare Data Breaches by State

California is the most populated state and often tops the list for healthcare data breaches, although in April Illinois was the worst affected state with 6 reported breaches. California was second worst with 5 breaches, followed by Texas with 3 breaches.

Florida, Iowa, Kansas, Louisiana, Maryland, Minnesota, North Carolina, New Jersey, Virginia, and Wisconsin each has two breaches reported, while Georgia, Kentucky, Montana, Nebraska, New York, Pennsylvania, and Tennessee each had one reported breach in April.

Financial Penalties for HIPAA Covered Entities

The HHS’ Office for Civil Rights has only issued two financial penalties for HIPAA violations so far in 2018, with no cases resolved since February.

There was one HIPAA violation case resolved by a state attorney general in April. Virtua Medical Group agreed to resolve violations of state and HIPAA laws with the New Jersey attorney general’s office for $417,816.

The breach that triggered the investigation exposed the names, diagnoses, and prescription information of 1,654 New Jersey residents. The information was accessible over the Internet as a result of a misconfigured server.

A Division of Consumer Affairs investigation alleged Virtua Medical Group had failed to conduct a thorough risk analysis and did not implement appropriate security measures to reduce risk to a reasonable and acceptable level.

The post Healthcare Data Breach Report: April 2018 appeared first on HIPAA Journal.