Cloud Tool Reduces AWS Costs by 60%
May10

Cloud Tool Reduces AWS Costs by 60%

Healthcare groups are, increasingly, implementing cloud-based systems to meet their IT requirements, but while there are multiple reasons for moving applications, infrastructure and data center operations to the cloud, the high cloud costs make it an unattractive possibility. Many healthcare groups purchase AWS EC2 instances for to implement this on their servers. While this particular platform meets their requirements, the...

Read More
582,000 Patients Warned of Potential PHI Compromise by California Dept. of Developmental Services
Apr27

582,000 Patients Warned of Potential PHI Compromise by California Dept. of Developmental Services

A recent survey carried out with hackers, incident responders, and penetration testers has showed that most can gain access to a targeted system in around 15 hours, but 54% of hackers take under five hours to gain access to a system, and identify and obtain sensitive data. The data comes from the second yearly Nuix Black Report and its survey of 112 hackers and penetration testers, 79% of which were located in the United States. Those...

Read More
Manufacturer of Oxygen Equipment Reports Data Theft Incident Possibly Impacted 30,000
Apr26

Manufacturer of Oxygen Equipment Reports Data Theft Incident Possibly Impacted 30,000

Inogen, a manufacturer of portable oxygen concentrators, has found that an unauthorized individual has obtained the credentials of a employees and has used them to access to the staff member’s email account. Phishing and other credentials theft incidents are commonplace in the healthcare industry, although what makes this incident unusual is the number of people affected by the attack. The compromised email account includeed the...

Read More
Integrated Rehab Consultants Takes 16 Months to Notify Patients of PHI Breach
Apr24

Integrated Rehab Consultants Takes 16 Months to Notify Patients of PHI Breach

Illinoie-based physiatry organization Integrated Rehab Consultants is broadcasting notification correspondence to some patients alerting them to the exposure of some of their protected health information, in line with HIPAA regulations. However, the breach was not discovered within the past 60 days. Integrated Rehab Consultants (IRC) initially became aware of the exposure of PHI on December 2, 2016 – 16 months previously. The...

Read More
Des Moines Crisis Observation Center Suppers HIPAA Due to Inappropriate Dissemination of Data
Apr23

Des Moines Crisis Observation Center Suppers HIPAA Due to Inappropriate Dissemination of Data

1,071 patients who were treated at the Des Moines Crisis Observation Center managed by Polk County Health Services Inc., have been contacted to advise them  that some of their protected health information has been “accidentally and unknowingly disseminated” at some point in the last 3.5 years. The breach was first identified on February 14, 2018, although the inquiry revealed that information was first disclosed on June 1, 2014 and...

Read More
Misconfigured Security Settings Lead to 63,500 Middletown Medical Patients Having their PHI Exposed
Apr19

Misconfigured Security Settings Lead to 63,500 Middletown Medical Patients Having their PHI Exposed

A security setting that was not configured properly on a radiology system has lead to  the patients’ protected health information of tens of thousands of patients of Middletown Medical, a multi-specialty physicians’ group based in Middleton, NY, The breach was first discovered on January 29, 2018. On January 30 the interface was realigned that any unauthorized individuals could no longer obtain patient information. The length of time...

Read More
Possible Abuse of Credit Card Details Affects 1,500 Baptist Health Patients
Apr18

Possible Abuse of Credit Card Details Affects 1,500 Baptist Health Patients

A former worker at Baptist Health’s West Kendall Baptist Hospital based  in Miami, FL illegally obtained the credit card details of patients and used the information to complete fraudulent transactions. The misuse of credit cards was identified by Baptist Health on March 9, 2018 and the matter was then made known to Miami-Dade law enforcement and the employee was removed from their position. Baptist Health has not made it known...

Read More
Multiple Staff Email Accounts Accessed in UnityPoint Health Phishing Attack
Apr17

Multiple Staff Email Accounts Accessed in UnityPoint Health Phishing Attack

It has been discovered that the email accounts of several employees of UnityPoint Health hhave been compromised and accessed by unauthorized people. Access to the staff email accounts was first obtained on November 1, 2017 and went on for a period of three months until February 7, 2018, when the phishing attack was noticed and access to the compromised email accounts was turned off. When the phishing attack was first noticed,...

Read More
Almost 14,000 Affected by SAMBA Privacy Breach
Apr13

Almost 14,000 Affected by SAMBA Privacy Breach

14,000 individuals are being alerted about a February 2018 breach of protected health information at the Special Agents Mutual Benefit Association (SAMBA). The data breach affects eligible family members of plan members who were covered by the Federal Employees Health Benefits Plan during 2017. It is an Internal Revenue Service (IRS) obligation for SAMBA to send a copy of Form 1095-B to all plan members every tax year. The form in...

Read More
Data Breach Notification and Information Security Laws Updated in Oregon
Apr12

Data Breach Notification and Information Security Laws Updated in Oregon

Data breach notification laws in Oregon have been updated to enhance security  for state residents whose personal data is accessible to the public during a data breach. Kate Brown, the State governor, signed the Senate Bill (SB 1551) last month, which updates several parts of the legislation, particularly Oregon’s Breach Notification Law, O.R.S. 646A.604 and Information Security Law, O.R.S. 646A.622. The updates will become...

Read More
Arc of Erie County New York Reports that 3,751 Patients’ PHI Was Exposed on Internet in 30-Month Period
Apr11

Arc of Erie County New York Reports that 3,751 Patients’ PHI Was Exposed on Internet in 30-Month Period

A provider of person-centered services to individuals with developmental disabilities, The Arc of Erie County New York (The Arc), has reported that two spreadsheets listing the protected health information of 3,751 patients were open to the public via the Internet without the need for authentication for a time period of longer than 30 months from July 2015 to February 2018. The two spreadsheets in question could be seen through the...

Read More
Missing Hard Drives from Chesapeake Regional Healthcare Reports PHI of 2,100 Patients
Apr09

Missing Hard Drives from Chesapeake Regional Healthcare Reports PHI of 2,100 Patients

Chesapeake, Virginia based Chesapeake Regional Healthcare has reported that two hard drives containing the protected health information (PHI) of approximately 2,100 patients are missing from their Chesapeake Regional Medical Center campus at that location. The private health information stored on the devices in question relates to patients who participated in research at its Sleep Center between April 2015 and February 2018. it is...

Read More
Improper Disposal of PHI is Common According to JAMA Study
Apr05

Improper Disposal of PHI is Common According to JAMA Study

A recently completed study (published in JAMA) has emphasized  just how often hospitals are disposing of PHI in an unsafe fashion. While the study was completed in Canada, which is not subject to HIPAA, the results emphasize a critical area of PHI security that is often neglected. Incorrect Destruction of PHI is More Commonplace than Previously Thought Researchers at St. Michael’s Hospital in Toronto reviewed recycled paperwork at...

Read More
Data Breach Notification Law Enacted by South Dakota
Apr04

Data Breach Notification Law Enacted by South Dakota

It has taken some time for South Dakota to introduce legislation to enhance protections for consumers impacted by breaches of their personal private data. Laws have already been passed in 48 states that obligate persons and companies that hold personal information to publish notifications to breach victims when that information is accessible by unauthorized individuals. Last week, South Dakota citizens were given similar security...

Read More
Cambridge Health Alliance Advised of PHI Breach by Law Enforcement
Apr02

Cambridge Health Alliance Advised of PHI Breach by Law Enforcement

Massachusetts based Cambridge Health Alliance (CHA) have been advised, by law enforcement agencies, that the protected health information of some of its clients has been found in the possession of an unauthorized person. The breach occurred On January 31, 2018, Everett Massachusetts Police Department made CHA aware that files including the PHI of some of its clients had been found in the possession of an person unauthorized to have...

Read More

Clinical Pathology Laboratories Southeast Patients’ Have PHI Exposed Due to Theft of Unencrypted Laptop

Clinical Pathology Laboratories Southeast, Inc., (CPLSE) has revealed that an unencrypted laptop computer issued to a member of staff has been stolen, exposing the protected health information of a number of patients and their payment guarantors. CPLSE quickly activated safety actions to prevent the laptop from being used to gain access to its network and the theft was made known to law enforcement; however, it is possible that the...

Read More
35,000 Patients of ATI Physical Therapy Affect by Data Breach
Mar28

35,000 Patients of ATI Physical Therapy Affect by Data Breach

The protected health information of more than 35,000 patients of ATI Physical Therapy has  has potentially been compromised by a cyber attack that occurred when hackers obtained access to staff email accounts. A security violation was discovered on January 18, 2018 when ATI Physical Therapy saw that the direct deposit information of some of its staff members had been altered in its payroll platform. Quick action was taken to remove...

Read More
Finger Lakes Health Computer System Grind to Halt after Ransomeware Attack
Mar26

Finger Lakes Health Computer System Grind to Halt after Ransomeware Attack

A ransomware attack on Finger Lakes Health, based in Geneva, NY, has impacted the computer system to the extent that staff have had to work using pen and paper. In the meantime efforts to remove the malware and restore access to electronic data have been enhanced. The health system came under attack from the health system beginning at around midnight on Sunday March 18, 2018, with workers first noticing the attack when a ransom demand...

Read More
NH-ISAC Partnership with Anomali Boost Threat Detection and Data Sharing
Mar22

NH-ISAC Partnership with Anomali Boost Threat Detection and Data Sharing

The National Health Information Sharing and Analysis Center (NH-ISAC) and Anomali have begun working together and will be providing threat intelligence to healthcare centers through NH-ISAC. As part of this partnership Anomali will be helping NH-ISAC with the required tools and infrastructure to allow its clients to work together and share threat intelligence with other subscribers. Anomali will be making up to date threat...

Read More
1,049 Patients of RoxSan Pharmacy Notified of 2015 Email Breach
Mar20

1,049 Patients of RoxSan Pharmacy Notified of 2015 Email Breach

1,049 patients of Beverly Hills, CA-based RoxSan Pharmacy have been warned that some of their protected health information has been shared with a business associate through an unencrypted email. The notification letters were sent to affected people during February, although the incident happened on January 20, 2015. Commenting in a recent press release, RoxSan stated that affected individuals are being contatced in “as timely a manner...

Read More
Primary Health Care Experiences Multiple Email Hacks
Mar20

Primary Health Care Experiences Multiple Email Hacks

A non-profit network of community health centers in Des Moines, Marshalltown and Ames, IA, Primary Health Care Inc. has reported that hackers gained access to the email accounts of four workers and may have viewed or downloaded patients’ PHI. A press release issued by Primary Health Care and published a substitute breach notice to its website on March 16, 2018 outlining that the breach occurred on February 28, 2017. The breach was...

Read More
10,000 ShopRite Clients Have PHI Exposed to Improper Destruction of Device
Mar17

10,000 ShopRite Clients Have PHI Exposed to Improper Destruction of Device

A Millville, New Jersey based ShopRite pharmacy has reported that an electronic device used to save the signatures of people has been destroyed without first deleting all stored protected health information from the device. A restricted amount of protected health information was held on the computing device, including patients’ names, birth dates, contact details, zip codes, prescription numbers, medication names, signatures,...

Read More
PHI of 5,300 Disclosed to Employees of QuadMed
Mar16

PHI of 5,300 Disclosed to Employees of QuadMed

The protected health information of 5,305 patients of QuadMed, a Wisconsin-based provider of medical, laboratory, pharmacy, fitness, and physical therapy services, may have been impermissibly shared with some employees. In November 2013, QuadMed took over management of an onsite clinic at Hillenbrand Inc. Occupational health information of employees based at the Batesville, IN-based manufacturer was held in an electronic medical...

Read More
33,420 BJC Healthcare Patients Have PHI Exposed in 8-Months HIPAA Breach
Mar16

33,420 BJC Healthcare Patients Have PHI Exposed in 8-Months HIPAA Breach

BJC Healthcare has revealed that the protected health information of 33,420 of it’s subscribers has been open to public accessible for eight months without adequate  for authentication required to view the PHI. The BJC Healthcare group is one of the largest not-for profit healthcare groups located in the United States. The healthcare organization, based in St Louis, runs two nationally recognized hospitals in Missouri –...

Read More
Top Healthcare Security Threats Revealed in HIMSS Survey Results
Mar12

Top Healthcare Security Threats Revealed in HIMSS Survey Results

HIMSS has released the findings of its 2017 healthcare cybersecurity survey, which gives us valuable insights into the state of cybersecurity in the healthcare sector and names the top healthcare security threats. The HIMSS 2018 cybersecurity survey was carried out on 239 respondents from the healthcare sector between December 2017 and January 2018. The findings of the survey were revealed at the HIMSS 2018 Conference &...

Read More
New York Surgery & Endoscopy Suffers Record Data Breach Affected 135,000 patients
Mar06

New York Surgery & Endoscopy Suffers Record Data Breach Affected 135,000 patients

A malware infection has potentially allowed hackers to gain access to the medical records of as many as 135,000 patients at St. Peter’s Surgery & Endoscopy Center, located in New York So far in 2018, this is the second largest healthcare data breach reported and the most serious seen in New York state since the 3,466,120-record data breach at Newkirk Products, Inc. in August 2016. The St. Peter’s Surgery & Endoscopy...

Read More
70,320 Tufts Health Plan Members Affects in Window Envelope Privacy Breach
Mar06

70,320 Tufts Health Plan Members Affects in Window Envelope Privacy Breach

Tufts Health Plan is warning 70,320 of its subscriber that their health plan ID numbers have been accessed. A mailing vendor/partner utilized by Tufts Health Plan sent Tufts Medicare Preferred ID cards to Medicare Advantage subscribers between December 11, 2017 and January 2, 2018. Envelopes with plastic envelopes were used which naturally permitted plan members’ names and addresses to be visible, but Tufts Health Plan member IDs were...

Read More
Kansas Department for Aging and Disability Services Experiences 11,000-Record Breach
Mar06

Kansas Department for Aging and Disability Services Experiences 11,000-Record Breach

It has been discovered that an employee at Kansas Department for Aging and Disability Services (KDADS) sent an unauthorized email to a group of KDADS business associates that included the protected health information of almost 11,000 individuals. The email was issued to individuals who had already signed a business associate agreement with KDADS which disallows them from disclosing or using inappropriately any emailed protected health...

Read More
5,123 Individuals Impacted by Flexible Benefit Service Corporation Breach
Mar06

5,123 Individuals Impacted by Flexible Benefit Service Corporation Breach

Chicago-Il-based general agency and benefit administrator Flexible Benefit Service Corporation (Flex) has revealed that a phishing attack resulted in an unauthorized person gaining access to a corporate email account. The security breach was first noticed on December 6, 2017 when an email account of a company worker was found to be sending phishing emails. The email account was compromised after a single worker replied to a phishing...

Read More
Updated Common Rule Allows Research Institutions Another Six Months for Compliance
Feb28

Updated Common Rule Allows Research Institutions Another Six Months for Compliance

Initially scheduled due to be introduced on January 19, 2018, amendments to the Common Rule – The Federal Policy for the Protection of Human Subjects have been put back for six months, allowing research groups additional time to comply with the new provisions. July 19, 2018 is the new date for the change to be introduced,however the provision covering cooperative research still has an introduction and enforceable date of January 20,...

Read More
Phishing Attack on Sutter Health Business Associate Impacts Patients
Feb26

Phishing Attack on Sutter Health Business Associate Impacts Patients

Sutter Health is contacting certain patients to advise them that their protected health information may have been exposed in a phishing attack on the legal firm Salem and Green, one of its business associates. It is thought that the attack took place on or around October 11, 2017, a phishing email was received by a worker at Salem and Green. The worker responded and, in doing so, allowed the attackers access to their email account....

Read More
HIPAA Compliance and Citrix ShareFile
Feb22

HIPAA Compliance and Citrix ShareFile

ShareFile was purchased by Citrix Systems during 2011 and the service is offered as a suitable data sync, file sharing, and collaboration service for the healthcare sector. it is vitally important for anyone considering using it to consider HIPAA Compliance and Citrix Fileshare. It is a safe file sharing, data storage and collaboration service that permits large files to be easily sent within a company, with remote workers, and with...

Read More
HIPAA Compliance and Amazon CloudFront
Feb20

HIPAA Compliance and Amazon CloudFront

Amazon CloudFront is a web tool that permits users to quicken web content delivery across the Internet. In most case, when a website is visited, the visitor encounters some latency accessing static and dynamic pieces of content. This is due to the fact that web visitors will not make a direct connection to the content, instead they will be taken through a path to log onto the server where the content can be obtained. The path can...

Read More
Ron’s Pharmacy Services Patients Receive Email Account Breach Alerts
Feb13

Ron’s Pharmacy Services Patients Receive Email Account Breach Alerts

San Diego, CA-based Ron’s Pharmacy Services has found that an employee’s email account containing limited protected health information has been logged onto by an unknown individual. Unusual activity was noticed on the employee’s email account during October 3, 2017 resulting in an investigation; however, it was not until December 21, 2017 that it was revealed that an unauthorized individual had obtained messages in the email...

Read More
Online Breach Reporting Tool Launched in Massachusetts
Feb04

Online Breach Reporting Tool Launched in Massachusetts

It has been announced, by Massachusetts Attorney General Maura Healey, that a new online data breach reporting tool it to be introduced to simplify the process of submitting breach notifications to the State Attorney General’s office. Massachusetts data breach notification law (M.G.L. c. 93H) states that  groups or organizations that suffer a breach of personal information must complete a notification and send it to the Massachusetts...

Read More
Online Trust Alliance Reveals that 2017 Worst Year Ever for Cybersecurity Attacks
Feb02

Online Trust Alliance Reveals that 2017 Worst Year Ever for Cybersecurity Attacks

The Online Trust Alliance´s “Cyber Incident & Breach Trends Report” has revealed that 2017 was the “worst year ever” for cybersecurity attacks. The organization believes that, calculated using the number of reported violations, there were nearly twice as many cybersecurity incidents than in 2016. The Online Trust Alliance´s “Cyber Incident & Breach Trends Report” encompasses more than a simple review of the previous...

Read More
Allscripts Facing Class Action Lawsuit Following Ransomware Attack
Jan31

Allscripts Facing Class Action Lawsuit Following Ransomware Attack

Allscripts experienced a ransomware attack at centers in Raleigh and Charlotte, NC, resulting in several applications remaining offline for as many as 1,500 clients. Florida-based Surfside Non-Surgical Orthopedics. has already begun legal action by filing a class action lawsuit against the EHR vendor. A new variety SamSam ransomware infected Allscripts, a provider of  EHR and e-prescription services to 2,500 hospitals and 19,000...

Read More
Breach Notification Bill Advanced by South Dakota Senate Attorney Judiciary Committee
Jan28

Breach Notification Bill Advanced by South Dakota Senate Attorney Judiciary Committee

A voted in favor of introducing data breach notification legislation has been overwhelmingly passed by the South Dakota Senate Attorney Judiciary Committee. The bill advanced after a 7-0 vote. It was originally introduced, at the request of the Attorney General Marty Jackley, by the Committee on Judiciary. Presently there are only two states left in the US that have yet to implement data breach legislation to secure state residents....

Read More
DC Assisted Living Facility Hit by Malware Breach Exposing 5,200 PHI Records
Jan28

DC Assisted Living Facility Hit by Malware Breach Exposing 5,200 PHI Records

A malware attack experienced at Westminster Ingleside King Farm Presbyterian Retirement Communities may have allowed the hackers to obtain the protected health information of thousands of its clients. The Washington D.C., located assisted living center had adapted a wide range of security solutions to stop unauthorized access to its systems, although on this occasion they were unable to prevent the attack. The malware was identified...

Read More
53,000 Pharmacy Patients have PHI Exposed in Email Hack
Jan25

53,000 Pharmacy Patients have PHI Exposed in Email Hack

Patients of Onco360 and CareMed Specialty Pharmacy have been notified that the PHI of 53,173 patients has been compromised due to a phishing attack. A security breach was discovered on November 14, 2017, when suspicious activity involving an member of staff’s email account was uncovered. Following the discovery third party computer forensics experts conducted an investigation to determine the manner and extent of the breach. It...

Read More
Hancock Health Hit by Ransomware Attack
Jan19

Hancock Health Hit by Ransomware Attack

Following a ransomware attack on Indiana-based organization Hancock Health last  Thursday, staff at the hospital had no choice but to move to using pen and paper to detail patient health information, while IT staff made efforts to obstruct the attack and regain access to encrypted files. The attack started around 9.30pm on Thursday night when files on its network started to be encrypted. The attack initially caused the network to run...

Read More

Registered Nurses ‘Happy’ With PHI Security According to University of Phoenix Survey

The results of a recent survey completed by the University of Phoenix College of Health Professions indicates registered nurses (RNs) are of the belief that their organization’s ability to prevent data breaches is of an acceptable level. The survey was transmitted to 504 permanent RNs and administrative workers across the USA. Respondents had held their position for a minimum of two years. Just under half of RNs (48%) and 57% of...

Read More
Coplin Health Systems Patients’ PHI Possibly Compromised by Laptop Theft
Jan17

Coplin Health Systems Patients’ PHI Possibly Compromised by Laptop Theft

43,000 patients of West Virginia-based Coplin Health Systems have been warned that their PHI may have been exposed following the theft of an unencrypted laptop computer from the vehicle of an worker at the organization. Coplin Health was discovered the laptop theft on November 2, 2017. The theft was then reported to law enforcement and an investigation was initiated, although at the time of sending the warnings, the laptop computer in...

Read More
PHI Breach at Oklahoma State University Center for Health Sciences
Jan13

PHI Breach at Oklahoma State University Center for Health Sciences

An unauthorized individual has gained access to parts of the Oklahoma State University Center for Health Sciences (OSUCHS) network and may have accessed files containing billing details of Medicaid patients. The security breach was uncovered on November 7, 2017 with access to the network terminated the next day. Third party computer forensics experts were employed to carry out a comprehensive investigation to determine which areas of...

Read More
North Carolina State Medicaid Agency Found to Have Data Security Inadequacies
Jan09

North Carolina State Medicaid Agency Found to Have Data Security Inadequacies

The Department of Health and Human Services’ Office of Inspector General (OIG) has released the results of an audit of the North Carolina State Medicaid agency. The audit uncovered the fact that the State agency did not implement sufficient controls to ensure the security of its Medicaid eligibility determination system and the security, integrity, and availability of Medicaid eligibility information. HHS manages the administration of...

Read More
Nebraska Ransomware Attacks Compromised PHI of Almost 10,000 Patients
Dec27

Nebraska Ransomware Attacks Compromised PHI of Almost 10,000 Patients

A ransomware attack that targeted Columbus Surgery Center, LLC and Eye Physicians, P.C., in Columbus, Nebraska has potentially exposedin the protected health information of almost 10,000 clients. The ransomware attack took place on October 7, 2017 and saw a wide variety of files on some servers being encrypted by the ransomware. A ransom demand was made by the hackers, although this was not paid. The encrypted data was restored from a...

Read More
5,000 Patients’ PHI exposed in Two Separate Breaches
Dec18

5,000 Patients’ PHI exposed in Two Separate Breaches

Separate breaches of patients’ protected health information have been exposed at Midland Memorial Hospital in Midland, TX, and Washington Health System Greene in Waynesburg, PA. The Washington Health System Greene organization is contacting 4,145 patients to advise them that some of their protected health information has been exposed after a hard drive could not be found at their premises. An external hard drive used with a bone...

Read More
Companies not Ready for GDPR According to Hytrust Safety
Dec17

Companies not Ready for GDPR According to Hytrust Safety

A recent survey carried out by IT security specialists HyTrust has revealed some troubling news coming from the US is that almost 80% of the companies that participated are not ready for the introduction of the General Data Protection Regulation (GDPR) on May 25 2018. The 323 companies questioned were all talking about their Cloud Infrastructure, a critical service when it comes to the security of personal data. Potentially, the most...

Read More
Extortion Attempt on Sports Medicine Provider Exposes Private Data of 7,000 Individuals
Dec05

Extortion Attempt on Sports Medicine Provider Exposes Private Data of 7,000 Individuals

Sports Medicine & Rehabilitation Therapy (SMART), based in Massachusetts, has contacting 7,000 clients regarding a breach of their protected private health information that occurred in September 2017. Potentially, the breach impacted all clients whose data was saved during a visit to a SMART outlet prior to December 31, 2016. Hackers, in an extortion attempt, accessed SMART systems, allegedly stole private information, and asked...

Read More
Multiple Breaches Leads to $2m Fine for Cottage Health
Dec04

Multiple Breaches Leads to $2m Fine for Cottage Health

Cottage Health, the Santa Barbara-based healthcare provider, will pay $2 million to resolve multiple violations of state and federal laws as per a directive from the California attorney general’s office. The group was examined by the California attorney general’s office in relation to a breach of private patient data back in 2013. The breach of data was found by the organization on December 2, 2013, when someone made the healthcare...

Read More
Rocky Mountain Health Care Services has Second Unencrypted Laptop Stolen
Nov30

Rocky Mountain Health Care Services has Second Unencrypted Laptop Stolen

An unencrypted laptop has been stolen from one of its employees of Rocky Mountain Health Care Services of Colorado Springs. This is the second such incident to be identified in just three months. The most recent incident was identified on September 28. The laptop computer was seen to store the protected health information of a small number of patients. The types of data stored on the device included first and last names, addresses,...

Read More
Clinic Worker Who Stole PHI Jailed for Five Years
Nov27

Clinic Worker Who Stole PHI Jailed for Five Years

A staff member at a clinic who stole the protected health information of mentally ill patients and sold the data to identity thieves for profit has fail in an appeal to get a five-year jail term lessened. Jean Baptiste Alvarez, aged 43, of Aldan, PA, obtained daily census sheets from the Kirkbride Center, a 267-bed behavioral health care facility located in Philadelphia. The census sheets included all the information required to steal...

Read More
Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI
Nov23

Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI

A network of hospitals and medical centers in Williamsport, Wellsboro and Muncy in Pennsylvania, called UPMC Susquehannam has revealed that the protected health information of 1,200 patients has possibly been accessed by unauthorized people. Access to patient information is thought to have been obtained after an worker replied to a phishing email. While information regarding the breach date have not been published, UPMC Susquehanna...

Read More
Blue Cross and Blue Shield of Florida Breach Impacts Almost 1,000 People
Nov22

Blue Cross and Blue Shield of Florida Breach Impacts Almost 1,000 People

Blue Cross and Blue Shield of Florida, dba Florida Blue, has announced to the public that the personally identifiable information of a small number of insurance applicants has been improperly accessed online. Florida Blue discovered to the exposure of patient data in late August 2017 and immediately initiated a review. Florida Blue reports that the showed that 475 insurance applications had been saved to the cloud by an unaffiliated...

Read More
New Jersey Medical Practice has Boxes of Medical Records Stolen
Nov21

New Jersey Medical Practice has Boxes of Medical Records Stolen

Otolaryngology Associates of Central Jersey is making contact with patients to advise them of breach of their protected health information, following a theft at an off-site storage service in East Brunswick, NJ. The thieves removed thirteen boxes of paper medical records from the service, which included data like names, addresses, health insurance account numbers, birth dates, dates of military duty served, and the names of treating...

Read More
Alex Azar Nominated for HHS Secretary by President Trump
Nov16

Alex Azar Nominated for HHS Secretary by President Trump

Alex Azar, the former Deputy Secretary of the Department of Health and Human Services, is now the favorite to take over the reins from former Secretary Tom Price after receiving the presidential nomination for the role by President Trump. During the Presidential term of George W. Bush, Azar served as general counsel to the HHS and Deputy Secretary President Trump confirmed, via his Twitter account, that he believes Azar is the best...

Read More
Hospitals System and Cook County Health Patientshave Patients
Nov15

Hospitals System and Cook County Health Patientshave Patients

Illinois-based Cook County Health and Hospitals System, a health system comprising two hospitals and more than a dozen community health centers in Cook County, has advised its patients of a possible breach of their protected health information. The breach was experienced at the offices of Experian Health, a business associate of Cook County Health and Hospitals System. Experian Health is utilized to calculate insurance eligibility and...

Read More
2017 Data Breach Report Reveals 305% Annual Rise in Breached Records
Nov14

2017 Data Breach Report Reveals 305% Annual Rise in Breached Records

The Risk Based Security (RBS) 2017 data breach report has shown there has been a 305% surge in the number of records exposed in data breaches in the last 12 months. For its latest breach report RBS, a provider of real time information and risk analysis tools, reviewed analyzed breach reports from the first three quarters of 2017. RBS explained in a recently published blog post, this year has been “yet another record breaker for data...

Read More
NY AG Brings in Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)
Nov08

NY AG Brings in Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)

Aiming to protect New Yorkers from unwelcome breaches of their personal information, The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) has been introduced into the legislature in New York by Attorney General Eric T. Schneiderman. It is hoped that this Act with ensure that those affected will be notified when such breaches are incurred. Sponsored by Senator David Carlucci (D-Clarkstown) and Assembly member Brian...

Read More
New Variant of WannaCry Ransomware Detected in FirstHealth CyberAttack
Nov03

New Variant of WannaCry Ransomware Detected in FirstHealth CyberAttack

A new variant of the WannaCry ransomware has been detected in a cyber attack on FirstHealth of the Carolinas, a Pinehurst, SC-based not for profit health provider. WannaCry ransomware came to global attention in cybers attacks in May 2017. In excess of 230,000 computers were infected within one day of the worldwide attacks starting. The ransomware variant had wormlike features and was capable of spreading quickly and affecting all...

Read More
Dental Offices And HIPAA Compliance: What Needs to Be Addressed?
Oct31

Dental Offices And HIPAA Compliance: What Needs to Be Addressed?

Dr. Joseph Beck became the first ever dentist to be receive a HIPAA violation fine in 2014. This alerted dental offices to HIPAA compliance and the importance of it.  Until then, dental offices had not been subjected fines for noncompliance with HIPAA Rules. The penalty was not applied by the Department of Health and Human Services’ Office for Civil Rights (OCR), but by the Office of the Indiana attorney general. The fine of $12,000...

Read More
Consolidated Inc. Data Breach Impacts 21,856 People
Oct29

Consolidated Inc. Data Breach Impacts 21,856 People

Nebraska-based CBS Consolidated Inc., operating as Cornerstone Business & Management Solutions, completed a routine audit of system logs on July 10, 2017 and found an unfamiliar account on the server. Closer inspection of that account showed it was being used to download sensitive data from the server, including the protected health information of patients that used its medical supplies. 21,856 people who received durable medical...

Read More
3,725 Veterans Have Their PHI Exposed Due to Missing Laptop
Oct27

3,725 Veterans Have Their PHI Exposed Due to Missing Laptop

A laptop computer, no longer in use, owned by the Mann-Grandstaff VA Medical Center (MGVAMC) in Spokane, WA, has gone missing, potentially leading to the exposure of sensitive patient data. The laptop was linked to a hematology analyzer and held data related to hematology tests. The laptop was in operation between April 2013 and May 2016, but was put out of use when the device became unusable. The laptop, which had been purchased from...

Read More
Data Breaches Drop For Second Consecutive Month
Oct26

Data Breaches Drop For Second Consecutive Month

The latest report of the Breach Barometer from Protenus/Databreaches.net Healthcare shows that data violations have dropped for the second consecutive month, according to . In August, there were 33 reported healthcare data violations, down from 36 incidents in July and 56 in June. While the drop int he number of data breaches is encouraging, that is still more than one healthcare data breach per day. While it was the second best month...

Read More
New Service Streamlines Process of Finding HIPAA Compliant Vendors
Oct25

New Service Streamlines Process of Finding HIPAA Compliant Vendors

Finding HIPAA compliant vendors can be difficult for healthcare providers, health plans and other HIPAA covered entities. Any prospective vendor is required to comply with Health Insurance Portability and Accountability Act Rules. They must agree to implement robust security controls to safeguard any PHI that is supplied, comply with HIPAA Privacy Rule provisions, and agree to send notifications in the event of a PHI breach. Once a...

Read More
Multiple Security Weaknesses in Alabama’s Medicaid Management Information System OIG Identified
Oct24

Multiple Security Weaknesses in Alabama’s Medicaid Management Information System OIG Identified

The HHS’ Office of Inspector General (OIG) has completed an audit of Alabama’s Medicaid data and information systems to adetermine whether the state was in compliance with federal regulations. The review included the Medicaid Management Information System (MMIS) and associated policies and processes. OIG also carried out a vulnerability scan on networked devices, databases, websites, and servers to identify vulnerabilities that could...

Read More
HHS Withdraws Proposed Rule for Health Plans Certification of Compliance
Oct20

HHS Withdraws Proposed Rule for Health Plans Certification of Compliance

A new rule for certification of compliance for health plans was proposed by the HHS In January 2014, requiring all controlling health plans (CHPs) to submit a range of documentation to HHS to demonstrate HIPAA compliance. The proposed rule ‘Administrative Simplification: Certification of Compliance for Health Plans’ was drafted to promote more consistent testing procedures for CHPs. The HHS has now dediced to withdraw the...

Read More
Medical Device Cybersecurity Emphasis for New AEHIS/ MDISS Partnership
Oct17

Medical Device Cybersecurity Emphasis for New AEHIS/ MDISS Partnership

A new working relationship d between CHIME’s Association for Executives in Healthcare Information Security (AEHIS) and the Foundation for Innovation, Translation and Safety Science’s Medical Device Innovation, Safety and Security Consortium (MDISS) will focus on helping advance medical device cybersecurity and improve patient data security. The two groups will cooperate to aid members identify, mitigate, and prevent cybersecurity...

Read More
Internet of Things Medical Resilience Partnership Act to Provide Direction on Devices
Oct13

Internet of Things Medical Resilience Partnership Act to Provide Direction on Devices

The Internet of Medical Things Resilience Partnership Act, aimed at establishing public-private stakeholder partnership which will be tasked with developing a cybersecurity framework to prevent data breaches, has been approved by the U.S. House of Representatives. The hope is that this framework will be adopted by medical device manufacturers and other stakeholders to prevent data breaches and make medical devices more secure from...

Read More
HHS Withdraws Proposed Rule for Certification of Compliance for Health Plans
Oct11

HHS Withdraws Proposed Rule for Certification of Compliance for Health Plans

Early in 2014 the HHS proposed a new rule for certification of compliance for health plans that would have meant all those managing health plans (CHPs) to complete a range of documentation to HHS to show compliance with electronic transaction standards set by the HHS under HIPAA Rules. The proposed rule rule was aimed at to supporting more consistent testing processes for CHPs. The HHS has now revealed that the proposed rule has now...

Read More
Over Half of Cloud Storage Services are Misconfigured: Report
Oct10

Over Half of Cloud Storage Services are Misconfigured: Report

A recent report by cloud threat defense firm RedLock claims more than half of businesses have made errors that have exposed sensitive data to the general public vuia the cloud. The study shows many organizations are not adhering to established security best practices, such as using multi-factor authentication for all privileged account subscirbers. Worse again, many groups are failing to constantly review their cloud environments...

Read More
Hacking Group ‘The Dark Overlord’ Attacks Another Healthcare Organization
Oct09

Hacking Group ‘The Dark Overlord’ Attacks Another Healthcare Organization

After a seemingly prolonged period of inactivity, the hacking group TheDarkOverlord has revealed another attack on a U.S. healthcare supplier, Mass-based SMART Physical Therapy (SMART PT). The hack reportedly happened on September 13, 2017, with the announcement of the data theft released by TDO on Twitter on Friday 22, 2017.  No details were given as to how access to the data was gained, although it was revealed to databreaches.net...

Read More
What is the Definition of a HIPAA Covered Entity?
Oct09

What is the Definition of a HIPAA Covered Entity?

The Health Insurance Portability and Accountability Act (HIPAA) applies to covered entities and business associates, but what is the definition of a HIPAA covered entity and what are HIPAA business associates? Knowing the definition of a covered entity and business associate is essential. If you are classed as either, you must comply with HIPAA Rules. There are severe financial penalties for noncompliance with HIPAA and ignorance is...

Read More
Catholic Charities of the Diocese of Albany Discovers Long-Term Malware Infection
Oct09

Catholic Charities of the Diocese of Albany Discovers Long-Term Malware Infection

Catholic Charities of the Diocese of Albany (CCDA) has discovered, during a software upgrade in August 2017, that malware  was installed on one of the computer servers used by its Glens Falls premise, which provides services in Saratoga, Warren and Washington Counties in New York. A quick response was taken to block access to the server and CCDA called in a computer security firm to carry out an investigation into the unauthorized...

Read More
Responding to a Cyberattack Advised Issued by OCR
Oct05

Responding to a Cyberattack Advised Issued by OCR

Recently, the Department of Health and Human Services’ Office for Civil Rights published new guide lines for covered organizations on the correct way to respond to a cyberattack. These guideline included a quick response checklist and accompanying infographic to explain the correct response to a cyberattack and the sequence of steps that should be taken. Preparation is key is a correct response. Covered entities must have response and...

Read More
128,000 Arkansas Patients Attacked by Ransomware
Oct05

128,000 Arkansas Patients Attacked by Ransomware

128,000 patients at the Arkansas Oral Facial Surgery Center in Fayetteville have had their private information potentially impacted following a a ransomware. Ransomware was believed to have been placed on its network between July 25 and 26, 2017. The attack was identified quickly, although not before files, x-ray images, and documents had been encrypted. The incident did not break through the encryption of its patient database, except...

Read More
Microsoft OneDrive: Does it adhere to HIPAA Compliance Rules?
Oct01

Microsoft OneDrive: Does it adhere to HIPAA Compliance Rules?

With the proliferation of cloud storage coming at the same time that HIPAA Compliance Rules have become increasingly strict in order to secure private data, organizations are beginning to examine if Microsoft OneDrive is OneDrive HIPAA compliant? A multitude of healthcare groups are already using Microsoft Office 365 Business Essentials, including Microsoft Exchange online for email. Office 365 Business Essentials includes OneDrive...

Read More
Cloud Computing Platforms and the Implications of HIPAA
Sep28

Cloud Computing Platforms and the Implications of HIPAA

Prior to cloud computing services being used by healthcare providers for storing or processing protected health information (PHI) or for creating web-based applications that collect, store, maintain, or transmit PHI, covered bodies must ensure the services are kept in a secure manner. Even in case where a cloud computing platform provider has being given HIPAA certification, or claims their service is HIPAA-compliant or supports HIPAA...

Read More
HITRUST/AMA Begin Project to Assit Small Healthcare Firms with HIPAA Compliance
Sep28

HITRUST/AMA Begin Project to Assit Small Healthcare Firms with HIPAA Compliance

HITRUST has revealed it will be working with the American Medical Association (AMA) for a new project that will assist small healthcare companies with HIPAA compliance, cybersecurity and cyber risk management. Small healthcare providers can be more exposed to cyberattacks, as they usually lack the resources to dedicate to cybersecurity and do not tend to have the budgets at their disposal to employ skilled cybersecurity staff. This...

Read More
HHS Issues Partial HIPAA Privacy Rule Waiver in Hurricane Maria Disaster Zone
Sep23

HHS Issues Partial HIPAA Privacy Rule Waiver in Hurricane Maria Disaster Zone

A partial waiver of HIPAA has been issued by the U.S. Department of Health and Human Services in the Hurricane Maria disaster area in Puerto Rico and the U.S. Virgin Islands, the thrid such waiver of 2017 following the has already issuing of waivers of HIPAA sanctions and penalties in areas affected by hurricanes earlier this year. The previous waivers were issued in relation to Hurricane Harvey and Hurricane Irma  and, as was the...

Read More

Hurricane Maria Disaster Zone: Partial HIPAA Privacy Rule Waiver Issued by HHS

A third HIPAA waiver has been issued by the U.S. Department of Health and Human Services, following applying two earlier partial waivers of HIPAA sanctions and penalties in areas affected by hurricanes previously in 2017. On this occasion the waiver is in relation to the Hurricane Maria disaster zone in Puerto Rico and the U.S. Virgin Islands. As with the waivers issued in relation to Hurricane Harvey and Hurricane Irma, the waiver...

Read More
Imperial Valley Family Care Medical Group Passes HIPAA Audit
Sep20

Imperial Valley Family Care Medical Group Passes HIPAA Audit

The second round of HIPAA compliance audits was commenced late in 2018 by the Department of Health and Human Services’ Office for Civil Rights. The audit program will include of desk-based audits of HIPAA-covered companies, organizations and business associates followed by a round of complex audits incorporating site visits. The desk audits part of this round have been completed but with the site audits had been delayed but are now...

Read More
Imperial Valley Passes OCR HIPAA Audit With Help From The Compliancy Group
Sep19

Imperial Valley Passes OCR HIPAA Audit With Help From The Compliancy Group

The Department of Health and Human Services’ Office for Civil Rights (OCR) has investigated a Californian Physician’s group following a reported breach of protected health information. Covered entities can implement policies and procedures to prevent data breaches, but security incidents are still likely to occur. Responding correctly to those breaches and ensuring HIPAA Rules are carefully followed will help to ensure financial...

Read More
Hospitals in Irma Disaster Area Granted Limited HIPAA Waiver
Sep13

Hospitals in Irma Disaster Area Granted Limited HIPAA Waiver

A  limited waiver of HIPAA Privacy Rule sanctions and penalties for hospitals affected by Hurricane Irma has been issued by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) in the U.S. Virgin Islands, Puerto Rico, and Florida. OCR says that the HIPAA Privacy and Security Rules are still in place and covered organizations must continue to obey HIPAA Rules; however, certain parts of the Privacy Rule have...

Read More
OCR Warns Covered Bodies to Prepare for Natural Disasters
Sep09

OCR Warns Covered Bodies to Prepare for Natural Disasters

Medical Centers and Hospitals were recently stretched before and after Hurricane Harvey, in Texas and Louisiana, as they sought to provide medical services without breaching HIPAA Rules. Concern arose regarding when it is allowable to share health information with patients’ friends and family, the media and the emergency services and how the Privacy Rule applies in emergencies. The Department of Health and Human Services’ Office for...

Read More
Finding ‘Big, Juicy, Egregious’ HIPAA Breach Priority for OCR Head
Sep07

Finding ‘Big, Juicy, Egregious’ HIPAA Breach Priority for OCR Head

The main enforcement priority for 2017 of Roger Severino, the Director of the Department of Health and Human Services’ Office for Civil Rights (OCR), is to find a “big, juicy, egregious” HIPAA breach to use as an example for other healthcare groups on the risks of failing to follow HIPAA Rules. When choosing which cases to pursue, OCR considers the chance to use such a case as an educational tool to warn covered groups of the need to...

Read More
Hurricane Harvey Disaster Zone: HHS Issues Partial Waiver of HIPAA Sanctions
Sep01

Hurricane Harvey Disaster Zone: HHS Issues Partial Waiver of HIPAA Sanctions

HHS Secretary Tom Price announced that OCRis issuing a partial waiver of sanctions and financial penalties for specific Privacy Rule breaches for hospitals in Texas and Louisiana in the Hurricane Harvey emergency zone. This partial waiver is only applicable to the provisions of the HIPAA Privacy Rule as outlined below: The obligations to recieve a patient’s agreement to talk with family members or friends involved in the patient’s...

Read More
HIPAA Privacy Rule Violation Penalties Waived in Wake of Hurricane Harvey
Aug28

HIPAA Privacy Rule Violation Penalties Waived in Wake of Hurricane Harvey

Secretary of the U.S. Department of Health and Human Services Tom Price has announced that certain HIPAA Privacy Rule violation penalties will be waived in the disaster area of Hurricane Harvey in Texas and Louisiana. Following any natural disaster, hospitals and health systems must operate in difficult circumstances. During such times, it can be a major challenge to provide treatment while complying with all aspects of HIPAA Rules....

Read More
Noncompliance With HIPAA: Costs for Healthcare Organizations
Aug19

Noncompliance With HIPAA: Costs for Healthcare Organizations

Noncompliance with HIPAA can cost healthcare organizations dearly. If regulators discover willful violations of HIPAA Rules, multi-million-dollar fines are possible. Fines for Noncompliance with HIPAA Rules The Department of Health and Human Services’ Office for Civil Rights is the primary enforcer of HIPAA Rules and investigates all data breaches that impact more than 500 individuals. When a data breach is experienced, the breached...

Read More
Getting Basics Correct Key to Avoiding Data Breaches
Aug16

Getting Basics Correct Key to Avoiding Data Breaches

Intrusion identification systems, next generation firewalls, insider threat management software and data encryption will all help healthcare groups recognize danger, cut out security violations, and identify attacks quickly when they happen. even with all of these measures it is still vitally important to address the security basics. The Office for Civil Rights Breach portal is filled with examples of HIPAA data breaches that have...

Read More
Breach Notification Rule is Violated by Delaying Issuing of Breach Notifications
Aug12

Breach Notification Rule is Violated by Delaying Issuing of Breach Notifications

The HIPAA Breach Notification Rule (45 CFR §§ 164.400-414) states that covered organizations to advise the HHS’ Office for Civil Rights of any violation of private health information and issue notification correspondence to affected people as soon as is unreasonable and no later than 60 days after the identification of the breach. July’s Breach Barometer reports from Protenus indicated that many covered organizations have had...

Read More
U.S. Senate Passes Jessie’s Law Allowing Drug Histories to be Shared with Doctors
Aug07

U.S. Senate Passes Jessie’s Law Allowing Drug Histories to be Shared with Doctors

Last week, the U.S. Senate passed new legislation – Jessie’s Law – that allows details of patients’ past drug abuse to be shared with physician’s if patients give their consent. At present, drug abuse histories are prohibited from being shared to protect the privacy of patients. That information is kept separate from a patient’s medical record. Unfortunately, the law can have terrible consequences, as was highlighted by a tragic...

Read More
2017 Healthcare Data Breach Trends Highlighted in Protenus Report
Aug04

2017 Healthcare Data Breach Trends Highlighted in Protenus Report

Protenus, working with Databreaches.net, has released its Breach Barometer mid-year review. The report includes all healthcare data violations reported over the past six months and gives important insights into the latest data breach trends. The Breach Barometer is a detailed review of healthcare data breaches, including not only the data breaches made known to the Department of Health and Human Services’ Office for Civil Rights’...

Read More
NotPetya Attack on Nuance Communications Decides Not Reported to OCR
Aug03

NotPetya Attack on Nuance Communications Decides Not Reported to OCR

The Department of Health and Human Services’ Office for Civil Rights has previously made it clear, in its ransomware guidance, if ePHI is encrypted ransomware attacks are usually HIPAA breaches and are always reportable violations. In the guidance on ransomware guidance OCR says that “Whether or not the presence of ransomware would be a breach under the HIPAA Rules is a fact-specific determination,” adding that the definition of a...

Read More
47% of Healthcare Orgs Have Had a HIPAA Data Breach in the Past 24 Months
Aug01

47% of Healthcare Orgs Have Had a HIPAA Data Breach in the Past 24 Months

A recent survey conducted by KMPG has revealed that 47% of healthcare organizations have experienced a HIPAA data breach in the past 24 months. The last time the KPMG Cyber Healthcare and Life Sciences Survey was conducted in 2015, 37% of respondents confirmed they had experienced a data breach over the same time period. 70% of respondents said they had experienced at least one security breach due to an unplugged vulnerability being...

Read More
HIPAA Breaches Under Investigation Highlighted in OCR Data Breach Portal Update
Jul28

HIPAA Breaches Under Investigation Highlighted in OCR Data Breach Portal Update

In June 2017, the Department of Health and Human Services announced it was considering an update to its data breach portal, normally called the OCR ‘Wall of Shame’. Section 13402(e)(4) of the HITECH Act states that the OCR must maintain a public list of breaches of protected health information that have affected more than 500 individuals. All 500+ record data breaches submitted or made known to OCR since 2009 are listed on the breach...

Read More
33% of Patients Access Their Health Data on Patient Portals
Jul28

33% of Patients Access Their Health Data on Patient Portals

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule allow people to view information regarding their health stored by their providers. However, as revealed in a recent U.S. Government Accountability Office (GAO) report, few patients are actually exercising this right using the provided patient portals. The Medicare Electronic Health Record Incentive Program encouraged healthcare organizations to move from...

Read More
Data Breach Reporting Tool Updated by OCR
Jul25

Data Breach Reporting Tool Updated by OCR

Following the passing of the HITECH Act in 2009, the Department of Health and Human Services’ Office for Civil Rights developed its data breach reporting tool to allow HIPAA-covered entities to easily submit reports of data breaches. A summary of data breach reports is published via the data breach reporting tool and is viewable by the public. The data breach list – which is commonly known as OCR’s Wall of Shame – details all reported...

Read More
Model Patient Request for Health Information Form Issued by AHIMA
Jul25

Model Patient Request for Health Information Form Issued by AHIMA

A model patient request for health information form has been issued by the American Health Information Management Association (AHIMA) that can be used by healthcare providers to give to patients who request copies of their health information. The HIPAA Privacy Rule permits patients to obtain copies of their health data from their providers, although at many hospitals the process is inefficient, lacks transparency and patients are...

Read More
Hows does HIPAA Affect Use of Google Drive?
Jul22

Hows does HIPAA Affect Use of Google Drive?

The service G Suite – formerly known as Google Apps, of which Google Drive is a part – is compliant with HIPAA.  The service does not breach HIPAA Rules, however users of the service may breach the rules themselves. G Suite includes all of the required security measures controls to make it a HIPAA-compliant service and can be used by HIPAA-covered organizations to share PHI (in accordance with HIPAA Rules), once the account is...

Read More