Healthie and Dock Health Integrate to Drive Operational Efficiencies and Enable Workforce Resiliency With Its HIPAA … – Business Wire
World Password Day 2024 – Password Tips and Best Practices – HIPAA Journal
HHS Extends Protections for Reproductive Privacy Under HIPAA – Privacy & Information Security Law Blog
HHS Extends Protections for Reproductive Privacy Under HIPAA Privacy & Information Security Law Blog
HHS Modifies the HIPAA Privacy Rule To Protect Reproductive Health Information | Advisories – Arnold & Porter
HHS Releases Final HIPAA Omnibus Rule – The National Law Review
HHS Releases Final HIPAA Omnibus Rule The National Law Review
Almost 500,000 Individuals Affected by Designed Receivable Solutions Data Breach – HIPAA Journal
Almost 500,000 Individuals Affected by Designed Receivable Solutions Data Breach
The Cypress, CA-based revenue cycle management company, Designed Receivable Solutions (DRS), has recently confirmed the details of a data breach that was reported to the HHS’ Office for Civil Rights on March 23, 2024, as involving the protected health information of 129,584 individuals, and the Maine Attorney General as affecting 498,686 individuals.
On January 22, 2024, DRS identified suspicious activity within its network. Third-party cybersecurity specialists were engaged to investigate the incident and determine the cause of the activity. The investigation confirmed that an unauthorized actor accessed its systems and viewed and exfiltrated files from its systems. On March 8, 2024, after a time-consuming and detailed review of the files, DRS confirmed that they contained the personal and protected health information of current and former patients of its healthcare clients.
Following that determination, DRS has been working with the affected clients to review and verify the affected information and obtain up-to-date contact information to allow notification letters to be issued. DRS said the types of data involved varied from individual to individual and may have included names, addresses, dates of birth, health insurance information, dates of service, and Social Security numbers. DRS has reviewed its policies and procedures related to data privacy and is taking steps to reduce the risk of a similar incident in the future and has offered the affected individuals complimentary credit monitoring services.
As OCR recently confirmed in a website Q&A regarding breach notification letters, HIPAA-covered entities are ultimately responsible for ensuring notification letters are sent to the affected individuals when there is a data breach at a business associate, but the covered entity may delegate the responsibility of providing individual notices to the business associate.
DRS is issuing notification letters on behalf of the following covered entity clients:
- Air Methods
- AMG Healthcare Management Services
- CAN Emergency Physicians
- Cedars-Sinai Medical Center
- CHA Hollywood Presbyterian Medical Center, L.P.
- Core Orthopaedics Medical Center
- GEM Physicians Group
- Marshall Medical Center
- OptumCare Management, LLC
- Redlands Community Hospital
- Ridgecrest Regional Hospital
- South Coast ER Medical Group
- Southland Medical Corporation
- Springhill Emergency Physicians
- Sycamore Physicians, LLC
- USC Arcadia Hospital (formerly Methodist Hospital of Southern California)
- Valkyrie Clinical Trials, Inc.
The post Almost 500,000 Individuals Affected by Designed Receivable Solutions Data Breach appeared first on HIPAA Journal.
FTC finalizes updates to Health Breach Notification Rule – HealthITSecurity
FTC finalizes updates to Health Breach Notification Rule HealthITSecurity