53,000 Pharmacy Patients Have PHI Exposed in Email Hack
Jan25

53,000 Pharmacy Patients Have PHI Exposed in Email Hack

Patients of Onco360 and CareMed Specialty Pharmacy have been notified that the PHI of 53,173 patients has been compromised due to a phishing attack. A security breach was discovered on November 14, 2017, when suspicious activity involving an member of staff’s email account was uncovered. Following the discovery third party computer forensics experts conducted an investigation to determine the manner and extent of the breach. It...

Read More
Hancock Health Hit by Ransomware Attack
Jan19

Hancock Health Hit by Ransomware Attack

Following a ransomware attack on Indiana-based organization Hancock Health last  Thursday, staff at the hospital had no choice but to move to using pen and paper to detail patient health information, while IT staff made efforts to obstruct the attack and regain access to encrypted files. The attack started around 9.30pm on Thursday night when files on its network started to be encrypted. The attack initially caused the network to run...

Read More

Registered Nurses ‘Happy’ With PHI Security According to University of Phoenix Survey

The results of a recent survey completed by the University of Phoenix College of Health Professions indicates registered nurses (RNs) are of the belief that their organization’s ability to prevent data breaches is of an acceptable level. The survey was transmitted to 504 permanent RNs and administrative workers across the USA. Respondents had held their position for a minimum of two years. Just under half of RNs (48%) and 57% of...

Read More
Coplin Health Systems Patients’ PHI Possibly Compromised by Laptop Theft
Jan17

Coplin Health Systems Patients’ PHI Possibly Compromised by Laptop Theft

43,000 patients of West Virginia-based Coplin Health Systems have been warned that their PHI may have been exposed following the theft of an unencrypted laptop computer from the vehicle of an worker at the organization. Coplin Health was discovered the laptop theft on November 2, 2017. The theft was then reported to law enforcement and an investigation was initiated, although at the time of sending the warnings, the laptop computer in...

Read More
PHI Breach at Oklahoma State University Center for Health Sciences
Jan13

PHI Breach at Oklahoma State University Center for Health Sciences

An unauthorized individual has gained access to parts of the Oklahoma State University Center for Health Sciences (OSUCHS) network and may have accessed files containing billing details of Medicaid patients. The security breach was uncovered on November 7, 2017 with access to the network terminated the next day. Third party computer forensics experts were employed to carry out a comprehensive investigation to determine which areas of...

Read More
North Carolina State Medicaid Agency Found to Have Data Security Inadequacies
Jan09

North Carolina State Medicaid Agency Found to Have Data Security Inadequacies

The Department of Health and Human Services’ Office of Inspector General (OIG) has released the results of an audit of the North Carolina State Medicaid agency. The audit uncovered the fact that the State agency did not implement sufficient controls to ensure the security of its Medicaid eligibility determination system and the security, integrity, and availability of Medicaid eligibility information. HHS manages the administration of...

Read More
Nebraska Ransomware Attacks Compromised PHI of Almost 10,000 Patients
Dec27

Nebraska Ransomware Attacks Compromised PHI of Almost 10,000 Patients

A ransomware attack that targeted Columbus Surgery Center, LLC and Eye Physicians, P.C., in Columbus, Nebraska has potentially exposedin the protected health information of almost 10,000 clients. The ransomware attack took place on October 7, 2017 and saw a wide variety of files on some servers being encrypted by the ransomware. A ransom demand was made by the hackers, although this was not paid. The encrypted data was restored from a...

Read More
5,000 Patients’ PHI Exposed in Two Separate Breaches
Dec18

5,000 Patients’ PHI Exposed in Two Separate Breaches

Separate breaches of patients’ protected health information have been exposed at Midland Memorial Hospital in Midland, TX, and Washington Health System Greene in Waynesburg, PA. The Washington Health System Greene organization is contacting 4,145 patients to advise them that some of their protected health information has been exposed after a hard drive could not be found at their premises. An external hard drive used with a bone...

Read More
Companies not Ready for GDPR According to Hytrust Safety
Dec17

Companies not Ready for GDPR According to Hytrust Safety

A recent survey carried out by IT security specialists HyTrust has revealed some troubling news coming from the US is that almost 80% of the companies that participated are not ready for the introduction of the General Data Protection Regulation (GDPR) on May 25 2018. The 323 companies questioned were all talking about their Cloud Infrastructure, a critical service when it comes to the security of personal data. Potentially, the most...

Read More
Extortion Attempt on Sports Medicine Provider Exposes Private Data of 7,000 Individuals
Dec05

Extortion Attempt on Sports Medicine Provider Exposes Private Data of 7,000 Individuals

Sports Medicine & Rehabilitation Therapy (SMART), based in Massachusetts, has contacting 7,000 clients regarding a breach of their protected private health information that occurred in September 2017. Potentially, the breach impacted all clients whose data was saved during a visit to a SMART outlet prior to December 31, 2016. Hackers, in an extortion attempt, accessed SMART systems, allegedly stole private information, and asked...

Read More
Multiple Breaches Lead to $2m Fine for Cottage Health
Dec04

Multiple Breaches Lead to $2m Fine for Cottage Health

Cottage Health, the Santa Barbara-based healthcare provider, will pay $2 million to resolve multiple violations of state and federal laws as per a directive from the California attorney general’s office. The group was examined by the California attorney general’s office in relation to a breach of private patient data back in 2013. The breach of data was found by the organization on December 2, 2013, when someone made the healthcare...

Read More
Rocky Mountain Health Care Services has Second Unencrypted Laptop Stolen
Nov30

Rocky Mountain Health Care Services has Second Unencrypted Laptop Stolen

An unencrypted laptop has been stolen from one of its employees of Rocky Mountain Health Care Services of Colorado Springs. This is the second such incident to be identified in just three months. The most recent incident was identified on September 28. The laptop computer was seen to store the protected health information of a small number of patients. The types of data stored on the device included first and last names, addresses,...

Read More
Clinic Worker Who Stole PHI Jailed for Five Years
Nov27

Clinic Worker Who Stole PHI Jailed for Five Years

A staff member at a clinic who stole the protected health information of mentally ill patients and sold the data to identity thieves for profit has fail in an appeal to get a five-year jail term lessened. Jean Baptiste Alvarez, aged 43, of Aldan, PA, obtained daily census sheets from the Kirkbride Center, a 267-bed behavioral health care facility located in Philadelphia. The census sheets included all the information required to steal...

Read More
Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI
Nov23

Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI

A network of hospitals and medical centers in Williamsport, Wellsboro and Muncy in Pennsylvania, called UPMC Susquehannam has revealed that the protected health information of 1,200 patients has possibly been accessed by unauthorized people. Access to patient information is thought to have been obtained after an worker replied to a phishing email. While information regarding the breach date have not been published, UPMC Susquehanna...

Read More
Blue Cross and Blue Shield of Florida Breach Impacts Almost 1,000 People
Nov22

Blue Cross and Blue Shield of Florida Breach Impacts Almost 1,000 People

Blue Cross and Blue Shield of Florida, dba Florida Blue, has announced to the public that the personally identifiable information of a small number of insurance applicants has been improperly accessed online. Florida Blue discovered to the exposure of patient data in late August 2017 and immediately initiated a review. Florida Blue reports that the showed that 475 insurance applications had been saved to the cloud by an unaffiliated...

Read More
New Jersey Medical Practice has Boxes of Medical Records Stolen
Nov21

New Jersey Medical Practice has Boxes of Medical Records Stolen

Otolaryngology Associates of Central Jersey is making contact with patients to advise them of breach of their protected health information, following a theft at an off-site storage service in East Brunswick, NJ. The thieves removed thirteen boxes of paper medical records from the service, which included data like names, addresses, health insurance account numbers, birth dates, dates of military duty served, and the names of treating...

Read More
Alex Azar Nominated for HHS Secretary by President Trump
Nov16

Alex Azar Nominated for HHS Secretary by President Trump

Alex Azar, the former Deputy Secretary of the Department of Health and Human Services, is now the favorite to take over the reins from former Secretary Tom Price after receiving the presidential nomination for the role by President Trump. During the Presidential term of George W. Bush, Azar served as general counsel to the HHS and Deputy Secretary President Trump confirmed, via his Twitter account, that he believes Azar is the best...

Read More
Cook County Health Patients Affected by Data Breach
Nov15

Cook County Health Patients Affected by Data Breach

Illinois-based Cook County Health and Hospitals System, a health system comprising two hospitals and more than a dozen community health centers in Cook County, has advised its patients of a possible breach of their protected health information. The breach was experienced at the offices of Experian Health, a business associate of Cook County Health and Hospitals System. Experian Health is utilized to determine insurance eligibility and...

Read More
2017 Data Breach Report Reveals 305% Annual Rise in Breached Records
Nov14

2017 Data Breach Report Reveals 305% Annual Rise in Breached Records

The Risk Based Security (RBS) 2017 data breach report has shown there has been a 305% surge in the number of records exposed in data breaches in the last 12 months. For its latest breach report RBS, a provider of real time information and risk analysis tools, reviewed analyzed breach reports from the first three quarters of 2017. RBS explained in a recently published blog post, this year has been “yet another record breaker for data...

Read More
NY AG Brings in Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)
Nov08

NY AG Brings in Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)

Aiming to protect New Yorkers from unwelcome breaches of their personal information, The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) has been introduced into the legislature in New York by Attorney General Eric T. Schneiderman. It is hoped that this Act with ensure that those affected will be notified when such breaches are incurred. Sponsored by Senator David Carlucci (D-Clarkstown) and Assembly member Brian...

Read More
New Variant of WannaCry Ransomware Detected in FirstHealth CyberAttack
Nov03

New Variant of WannaCry Ransomware Detected in FirstHealth CyberAttack

A new variant of the WannaCry ransomware has been detected in a cyber attack on FirstHealth of the Carolinas, a Pinehurst, SC-based not for profit health provider. WannaCry ransomware came to global attention in cybers attacks in May 2017. In excess of 230,000 computers were infected within one day of the worldwide attacks starting. The ransomware variant had wormlike features and was capable of spreading quickly and affecting all...

Read More
Dental Offices and HIPAA Compliance: What Needs to Be Addressed?
Oct31

Dental Offices and HIPAA Compliance: What Needs to Be Addressed?

Dr. Joseph Beck became the first ever dentist to be receive a HIPAA violation fine in 2014. This alerted dental offices to HIPAA compliance and the importance of it.  Until then, dental offices had not been subjected fines for noncompliance with HIPAA Rules. The penalty was not applied by the Department of Health and Human Services’ Office for Civil Rights (OCR), but by the Office of the Indiana attorney general. The fine of $12,000...

Read More
Consolidated Inc. Data Breach Impacts 21,856 People
Oct29

Consolidated Inc. Data Breach Impacts 21,856 People

Nebraska-based CBS Consolidated Inc., operating as Cornerstone Business & Management Solutions, completed a routine audit of system logs on July 10, 2017 and found an unfamiliar account on the server. Closer inspection of that account showed it was being used to download sensitive data from the server, including the protected health information of patients that used its medical supplies. 21,856 people who received durable medical...

Read More
3,725 Veterans Have Their PHI Exposed Due to Missing Laptop
Oct27

3,725 Veterans Have Their PHI Exposed Due to Missing Laptop

A laptop computer, no longer in use, owned by the Mann-Grandstaff VA Medical Center (MGVAMC) in Spokane, WA, has gone missing, potentially leading to the exposure of sensitive patient data. The laptop was linked to a hematology analyzer and held data related to hematology tests. The laptop was in operation between April 2013 and May 2016, but was put out of use when the device became unusable. The laptop, which had been purchased from...

Read More
Data Breaches Drop For Second Consecutive Month
Oct26

Data Breaches Drop For Second Consecutive Month

The latest report of the Breach Barometer from Protenus/Databreaches.net Healthcare shows that data violations have dropped for the second consecutive month, according to . In August, there were 33 reported healthcare data violations, down from 36 incidents in July and 56 in June. While the drop int he number of data breaches is encouraging, that is still more than one healthcare data breach per day. While it was the second best month...

Read More
New Service Streamlines Process of Finding HIPAA Compliant Vendors
Oct25

New Service Streamlines Process of Finding HIPAA Compliant Vendors

Finding HIPAA compliant vendors can be difficult for healthcare providers, health plans and other HIPAA covered entities. Any prospective vendor is required to comply with Health Insurance Portability and Accountability Act Rules. They must agree to implement robust security controls to safeguard any PHI that is supplied, comply with HIPAA Privacy Rule provisions, and agree to send notifications in the event of a PHI breach. Once a...

Read More
OIG: Multiple Security Weaknesses in Alabama’s Medicaid Management Information System
Oct24

OIG: Multiple Security Weaknesses in Alabama’s Medicaid Management Information System

The HHS’ Office of Inspector General (OIG) has completed an audit of Alabama’s Medicaid data and information systems to adetermine whether the state was in compliance with federal regulations. The review included the Medicaid Management Information System (MMIS) and associated policies and processes. OIG also carried out a vulnerability scan on networked devices, databases, websites, and servers to identify vulnerabilities that could...

Read More
HHS Withdraws Proposed Rule for Health Plans Certification of Compliance
Oct20

HHS Withdraws Proposed Rule for Health Plans Certification of Compliance

A new rule for certification of compliance for health plans was proposed by the HHS In January 2014, requiring all controlling health plans (CHPs) to submit a range of documentation to HHS to demonstrate HIPAA compliance. The proposed rule ‘Administrative Simplification: Certification of Compliance for Health Plans’ was drafted to promote more consistent testing procedures for CHPs. The HHS has now dediced to withdraw the...

Read More
Medical Device Cybersecurity Emphasis for New AEHIS/ MDISS Partnership
Oct17

Medical Device Cybersecurity Emphasis for New AEHIS/ MDISS Partnership

A new working relationship d between CHIME’s Association for Executives in Healthcare Information Security (AEHIS) and the Foundation for Innovation, Translation and Safety Science’s Medical Device Innovation, Safety and Security Consortium (MDISS) will focus on helping advance medical device cybersecurity and improve patient data security. The two groups will cooperate to aid members identify, mitigate, and prevent cybersecurity...

Read More
Internet of Things Medical Resilience Partnership Act to Provide Direction on Devices
Oct13

Internet of Things Medical Resilience Partnership Act to Provide Direction on Devices

The Internet of Medical Things Resilience Partnership Act, aimed at establishing public-private stakeholder partnership which will be tasked with developing a cybersecurity framework to prevent data breaches, has been approved by the U.S. House of Representatives. The hope is that this framework will be adopted by medical device manufacturers and other stakeholders to prevent data breaches and make medical devices more secure from...

Read More
Over Half of Cloud Storage Services are Misconfigured: Report
Oct10

Over Half of Cloud Storage Services are Misconfigured: Report

A recent report by cloud threat defense firm RedLock claims more than half of businesses have made errors that have exposed sensitive data to the general public vuia the cloud. The study shows many organizations are not adhering to established security best practices, such as using multi-factor authentication for all privileged account subscirbers. Worse again, many groups are failing to constantly review their cloud environments...

Read More
Hacking Group ‘The Dark Overlord’ Attacks Another Healthcare Organization
Oct09

Hacking Group ‘The Dark Overlord’ Attacks Another Healthcare Organization

After a seemingly prolonged period of inactivity, the hacking group TheDarkOverlord has revealed another attack on a U.S. healthcare supplier, Mass-based SMART Physical Therapy (SMART PT). The hack reportedly happened on September 13, 2017, with the announcement of the data theft released by TDO on Twitter on Friday 22, 2017.  No details were given as to how access to the data was gained, although it was revealed to databreaches.net...

Read More
What is the Definition of a HIPAA Covered Entity?
Oct09

What is the Definition of a HIPAA Covered Entity?

The Health Insurance Portability and Accountability Act (HIPAA) applies to covered entities and business associates, but what is the definition of a HIPAA covered entity and what are HIPAA business associates? Knowing the definition of a covered entity and business associate is essential. If you are classed as either, you must comply with HIPAA Rules. There are severe financial penalties for noncompliance with HIPAA and ignorance is...

Read More
Catholic Charities of the Diocese of Albany Discovers Long-Term Malware Infection
Oct09

Catholic Charities of the Diocese of Albany Discovers Long-Term Malware Infection

Catholic Charities of the Diocese of Albany (CCDA) has discovered, during a software upgrade in August 2017, that malware  was installed on one of the computer servers used by its Glens Falls premise, which provides services in Saratoga, Warren and Washington Counties in New York. A quick response was taken to block access to the server and CCDA called in a computer security firm to carry out an investigation into the unauthorized...

Read More
Responding to a Cyberattack: Advice Issued by OCR
Oct05

Responding to a Cyberattack: Advice Issued by OCR

Recently, the Department of Health and Human Services’ Office for Civil Rights published new guide lines for covered organizations on the correct way to respond to a cyberattack. These guideline included a quick response checklist and accompanying infographic to explain the correct response to a cyberattack and the sequence of steps that should be taken. Preparation is key is a correct response. Covered entities must have response and...

Read More
128,000 Arkansas Patients Attacked with Ransomware
Oct05

128,000 Arkansas Patients Attacked with Ransomware

128,000 patients at the Arkansas Oral Facial Surgery Center in Fayetteville have had their private information potentially impacted following a a ransomware. Ransomware was believed to have been placed on its network between July 25 and 26, 2017. The attack was identified quickly, although not before files, x-ray images, and documents had been encrypted. The incident did not break through the encryption of its patient database, except...

Read More
Microsoft OneDrive: Does it Adhere to HIPAA Compliance Rules?
Oct01

Microsoft OneDrive: Does it Adhere to HIPAA Compliance Rules?

With the proliferation of cloud storage coming at the same time that HIPAA Compliance Rules have become increasingly strict in order to secure private data, organizations are beginning to examine if Microsoft OneDrive is OneDrive HIPAA compliant? A multitude of healthcare groups are already using Microsoft Office 365 Business Essentials, including Microsoft Exchange online for email. Office 365 Business Essentials includes OneDrive...

Read More
Cloud Computing Platforms and the Implications of HIPAA
Sep28

Cloud Computing Platforms and the Implications of HIPAA

Prior to cloud computing services being used by healthcare providers for storing or processing protected health information (PHI) or for creating web-based applications that collect, store, maintain, or transmit PHI, covered bodies must ensure the services are kept in a secure manner. Even in case where a cloud computing platform provider has being given HIPAA certification, or claims their service is HIPAA-compliant or supports HIPAA...

Read More
HITRUST/AMA Begin Project to Assist Small Healthcare Firms with HIPAA Compliance
Sep28

HITRUST/AMA Begin Project to Assist Small Healthcare Firms with HIPAA Compliance

HITRUST has revealed it will be working with the American Medical Association (AMA) for a new project that will assist small healthcare companies with HIPAA compliance, cybersecurity and cyber risk management. Small healthcare providers can be more exposed to cyberattacks, as they usually lack the resources to dedicate to cybersecurity and do not tend to have the budgets at their disposal to employ skilled cybersecurity staff. This...

Read More
HHS Issues Partial HIPAA Privacy Rule Waiver in Hurricane Maria Disaster Zone
Sep23

HHS Issues Partial HIPAA Privacy Rule Waiver in Hurricane Maria Disaster Zone

A partial waiver of HIPAA has been issued by the U.S. Department of Health and Human Services in the Hurricane Maria disaster area in Puerto Rico and the U.S. Virgin Islands, the thrid such waiver of 2017 following the has already issuing of waivers of HIPAA sanctions and penalties in areas affected by hurricanes earlier this year. The previous waivers were issued in relation to Hurricane Harvey and Hurricane Irma  and, as was the...

Read More
Imperial Valley Family Care Medical Group Passes HIPAA Audit
Sep20

Imperial Valley Family Care Medical Group Passes HIPAA Audit

The second round of HIPAA compliance audits was commenced late in 2018 by the Department of Health and Human Services’ Office for Civil Rights. The audit program will include of desk-based audits of HIPAA-covered companies, organizations and business associates followed by a round of complex audits incorporating site visits. The desk audits part of this round have been completed but with the site audits had been delayed but are now...

Read More
Imperial Valley Passes OCR HIPAA Audit With Help From The Compliancy Group
Sep19

Imperial Valley Passes OCR HIPAA Audit With Help From The Compliancy Group

The Department of Health and Human Services’ Office for Civil Rights (OCR) has investigated a Californian Physician’s group following a reported breach of protected health information. Covered entities can implement policies and procedures to prevent data breaches, but security incidents are still likely to occur. Responding correctly to those breaches and ensuring HIPAA Rules are carefully followed will help to ensure financial...

Read More
Hospitals in Irma Disaster Area Granted Limited HIPAA Waiver
Sep13

Hospitals in Irma Disaster Area Granted Limited HIPAA Waiver

A  limited waiver of HIPAA Privacy Rule sanctions and penalties for hospitals affected by Hurricane Irma has been issued by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) in the U.S. Virgin Islands, Puerto Rico, and Florida. OCR says that the HIPAA Privacy and Security Rules are still in place and covered organizations must continue to obey HIPAA Rules; however, certain parts of the Privacy Rule have...

Read More
OCR Warns Covered Entities to Prepare for Natural Disasters
Sep09

OCR Warns Covered Entities to Prepare for Natural Disasters

Medical Centers and Hospitals in Texas and Louisiana have been stretched due to Hurricane Harvey,and are trying to provide medical services without breaching HIPAA Rules. Concern arose regarding when it is allowable to share health information with patients’ friends and family, the media and the emergency services and how the Privacy Rule applies in emergencies. The Department of Health and Human Services’ Office for Civil Rights...

Read More
Finding ‘Big, Juicy, Egregious’ HIPAA Breaches Priority for OCR Head
Sep07

Finding ‘Big, Juicy, Egregious’ HIPAA Breaches Priority for OCR Head

The main enforcement priority for 2017 of Roger Severino, the Director of the Department of Health and Human Services’ Office for Civil Rights (OCR), is to find a “big, juicy, egregious” HIPAA breach to use as an example for other healthcare groups on the risks of failing to follow HIPAA Rules. When choosing which cases to pursue, OCR considers the chance to use such a case as an educational tool to warn covered groups of the need to...

Read More
Hurricane Harvey Disaster Zone: HHS Issues Partial Waiver of HIPAA Sanctions
Sep01

Hurricane Harvey Disaster Zone: HHS Issues Partial Waiver of HIPAA Sanctions

HHS Secretary Tom Price announced that OCRis issuing a partial waiver of sanctions and financial penalties for specific Privacy Rule breaches for hospitals in Texas and Louisiana in the Hurricane Harvey emergency zone. This partial waiver is only applicable to the provisions of the HIPAA Privacy Rule as outlined below: The obligations to recieve a patient’s agreement to talk with family members or friends involved in the patient’s...

Read More
HIPAA Privacy Rule Violation Penalties Waived in Wake of Hurricane Harvey
Aug28

HIPAA Privacy Rule Violation Penalties Waived in Wake of Hurricane Harvey

Secretary of the U.S. Department of Health and Human Services Tom Price has announced that certain HIPAA Privacy Rule violation penalties will be waived in the disaster area of Hurricane Harvey in Texas and Louisiana. Following any natural disaster, hospitals and health systems must operate in difficult circumstances. During such times, it can be a major challenge to provide treatment while complying with all aspects of HIPAA Rules....

Read More
Noncompliance With HIPAA: Costs for Healthcare Organizations
Aug19

Noncompliance With HIPAA: Costs for Healthcare Organizations

Noncompliance with HIPAA can cost healthcare organizations dearly. If regulators discover willful violations of HIPAA Rules, multi-million-dollar fines are possible. Fines for Noncompliance with HIPAA Rules The Department of Health and Human Services’ Office for Civil Rights is the primary enforcer of HIPAA Rules and investigates all data breaches that impact more than 500 individuals. When a data breach is experienced, the breached...

Read More
Getting Basics Correct Key to Avoiding Data Breaches
Aug16

Getting Basics Correct Key to Avoiding Data Breaches

Intrusion identification systems, next generation firewalls, insider threat management software and data encryption will all help healthcare groups recognize danger, cut out security violations, and identify attacks quickly when they happen. even with all of these measures it is still vitally important to address the security basics. The Office for Civil Rights Breach portal is filled with examples of HIPAA data breaches that have...

Read More
Breach Notification Rule is Violated by Delaying Issuing of Breach Notifications
Aug12

Breach Notification Rule is Violated by Delaying Issuing of Breach Notifications

The HIPAA Breach Notification Rule (45 CFR §§ 164.400-414) states that covered organizations to advise the HHS’ Office for Civil Rights of any violation of private health information and issue notification correspondence to affected people as soon as is unreasonable and no later than 60 days after the identification of the breach. July’s Breach Barometer reports from Protenus indicated that many covered organizations have had...

Read More
U.S. Senate Passes Jessie’s Law Allowing Drug Histories to be Shared with Doctors
Aug07

U.S. Senate Passes Jessie’s Law Allowing Drug Histories to be Shared with Doctors

Last week, the U.S. Senate passed new legislation – Jessie’s Law – that allows details of patients’ past drug abuse to be shared with physician’s if patients give their consent. At present, drug abuse histories are prohibited from being shared to protect the privacy of patients. That information is kept separate from a patient’s medical record. Unfortunately, the law can have terrible consequences, as was highlighted by a tragic...

Read More
2017 Healthcare Data Breach Trends Highlighted in Protenus Report
Aug04

2017 Healthcare Data Breach Trends Highlighted in Protenus Report

Protenus, working with Databreaches.net, has released its Breach Barometer mid-year review. The report includes all healthcare data violations reported over the past six months and gives important insights into the latest data breach trends. The Breach Barometer is a detailed review of healthcare data breaches, including not only the data breaches made known to the Department of Health and Human Services’ Office for Civil Rights’...

Read More
NotPetya Attack on Nuance Communications Not Reported to OCR
Aug03

NotPetya Attack on Nuance Communications Not Reported to OCR

The Department of Health and Human Services’ Office for Civil Rights has previously made it clear, in its ransomware guidance, if ePHI is encrypted ransomware attacks are usually HIPAA breaches and are always reportable violations. In the guidance on ransomware guidance OCR says that “Whether or not the presence of ransomware would be a breach under the HIPAA Rules is a fact-specific determination,” adding that the definition of a...

Read More
47% of Healthcare Orgs Have Had a HIPAA Data Breach in the Past 24 Months
Aug01

47% of Healthcare Orgs Have Had a HIPAA Data Breach in the Past 24 Months

A recent survey conducted by KMPG has revealed that 47% of healthcare organizations have experienced a HIPAA data breach in the past 24 months. The last time the KPMG Cyber Healthcare and Life Sciences Survey was conducted in 2015, 37% of respondents confirmed they had experienced a data breach over the same time period. 70% of respondents said they had experienced at least one security breach due to an unplugged vulnerability being...

Read More
HIPAA Breaches Under Investigation Highlighted in OCR Data Breach Portal Update
Jul28

HIPAA Breaches Under Investigation Highlighted in OCR Data Breach Portal Update

In June 2017, the Department of Health and Human Services announced it was considering an update to its data breach portal, normally called the OCR ‘Wall of Shame’. Section 13402(e)(4) of the HITECH Act states that the OCR must maintain a public list of breaches of protected health information that have affected more than 500 individuals. All 500+ record data breaches submitted or made known to OCR since 2009 are listed on the breach...

Read More
33% of Patients Access Their Health Data via Patient Portals
Jul28

33% of Patients Access Their Health Data via Patient Portals

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule allow people to view information regarding their health stored by their providers. However, as revealed in a recent U.S. Government Accountability Office (GAO) report, few patients are actually exercising this right using the provided patient portals. The Medicare Electronic Health Record Incentive Program encouraged healthcare organizations to move from...

Read More
Data Breach Reporting Tool Updated by OCR
Jul25

Data Breach Reporting Tool Updated by OCR

Following the passing of the HITECH Act in 2009, the Department of Health and Human Services’ Office for Civil Rights developed its data breach reporting tool to allow HIPAA-covered entities to easily submit reports of data breaches. A summary of data breach reports is published via the data breach reporting tool and is viewable by the public. The data breach list – which is commonly known as OCR’s Wall of Shame – details all reported...

Read More
Model Patient Request for Health Information Form Issued by AHIMA
Jul25

Model Patient Request for Health Information Form Issued by AHIMA

A model patient request for health information form has been issued by the American Health Information Management Association (AHIMA) that can be used by healthcare providers to give to patients who request copies of their health information. The HIPAA Privacy Rule permits patients to obtain copies of their health data from their providers, although at many hospitals the process is inefficient, lacks transparency and patients are...

Read More
Hows Does HIPAA Affect Use of Google Drive?
Jul22

Hows Does HIPAA Affect Use of Google Drive?

The service G Suite – formerly known as Google Apps, of which Google Drive is a part – is compliant with HIPAA.  The service does not breach HIPAA Rules, however users of the service may breach the rules themselves. G Suite includes all of the required security measures controls to make it a HIPAA-compliant service and can be used by HIPAA-covered organizations to share PHI (in accordance with HIPAA Rules), once the account is...

Read More
Study: Data Breaches by Ex Employees a Concern
Jul20

Study: Data Breaches by Ex Employees a Concern

A recent study carried out by OneLogin showed many groups are not doing enough to stop data violations by ex-employees. While access to computer systems and applications is a requirement during employment, many organizations are neglecting to block access to systems quickly when employees depart the company, even though ex-employees pose a significant data danger to security. Preventing access to networks and email accounts when an...

Read More
ONC Office of the Chief Privacy Officer Funding Stopping in 2018
Jul19

ONC Office of the Chief Privacy Officer Funding Stopping in 2018

The withdrawal of funding for the Office of the Chief Privacy Officer has resulted in ONC National Coordinator Don Rucker, M.D. confirming that the office will be closed during 2018. Deven McGraw, the Deputy Director for Health Information Privacy, has been acting as Acting Chief Privacy Officer until a permanent replacement to the role previously filled by Lucia Savage is identified, following her departure in January. It now seems...

Read More
HHS Announces Closing Out of Office of the Chief Privacy Officer
Jul17

HHS Announces Closing Out of Office of the Chief Privacy Officer

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) will be closing out the Office of the Chief Privacy Officer in FY 2018 due to cuts to its budget. The budget cuts are intended to make the ONC more accountable and a much leaner organization. The ONC will have to operate with $22 million less funding in FY 2018, and the Office of the Chief Privacy Officer is one of...

Read More
HIPAA Compliance and Dropbox: What You Need to Know
Jul16

HIPAA Compliance and Dropbox: What You Need to Know

Dropbox is a one of the most popular and successful file hosting services available online, but doe it comply with HIPAA? Dropbox claims it is now fully behind and supportive of HIPAA and HITECH Act compliance but that does not mean Dropbox itself is HIPAA compliant. No software or file sharing platform can be HIPAA compliant on its own as it depends on how the software or platform is used and the individuals using it. However,...

Read More
ONC Offers Tips to Improve Patient Data Access
Jul15

ONC Offers Tips to Improve Patient Data Access

The HHS’ Office of the National Coordinator for Health Information Technology (ONC) has given covered entities tips to improve patient data access, explaining how important it is for patients to be given access to their health information. In its report – Improving the Health Records Request Process for Patients – ONC explains that under HIPAA Rules, patients are given the right to access their records. Healthcare organisations must...

Read More
File Sharing Tools and Cloud Computing: OCR Highlights Risks
Jul05

File Sharing Tools and Cloud Computing: OCR Highlights Risks

File sharing and collaboration services offer many advantages to HIPAA-covered companies, although the services can also introduce risks to the privacy and security of electronic health information.  Many groups use these services, including among those healthcare organizations, yet they can lead to the exposure or disclosure of sensitive information. The Department of Health and Human Services’ Office for Civil Rights (OCR)  has...

Read More
Anthem Agrees Largest Ever Data Violation Settlement
Jun28

Anthem Agrees Largest Ever Data Violation Settlement

The largest ever data violation settlement has recently been agreed by the health insurer Anthem Inc. Anthem was hit with a cyber attack in 2015 resulting in the theft of 78.8 million records of current and former health plan subscribers. The breach involved names, addresses, Social Security numbers, email addresses, birth dates and employment/income information being accessed with the necessary permission. A breach of that size...

Read More
Healthcare Data Breach Resolution Costs Fall
Jun26

Healthcare Data Breach Resolution Costs Fall

Healthcare data breach resolution costs are still higher than all other industries, but the latest Ponemon Institute/IBM Security study has shown that for the first time ever, those costs have fallen year-over-year. For seven years, Ponemon/IBM have been conducting their cost of a data breach study, and each year the costs of resolving data breaches has risen. However, this year, average breach resolution costs fell by around 10%. The...

Read More
Healthcare Data Breach Report Shows Breaches Are Taking Years to Detect
Jun24

Healthcare Data Breach Report Shows Breaches Are Taking Years to Detect

The latest healthcare data breach report issued by Protenus, in conjunction with databreaches.net, shows healthcare data breaches increased in May, with 37 breaches reported compared to 34 the previous month.  The numbers of records exposed in those breaches was 255,108, although not all breach figures are known. That still represents a jump from last month when 232,060 healthcare records were known to have been exposed or stolen. One...

Read More
CoPilot Fined $130,000 by NY AG for Breach Notification Submitted Late
Jun21

CoPilot Fined $130,000 by NY AG for Breach Notification Submitted Late

A data breach that happened in the second half of 2015 should have seen targeted people warned within 2 months. However it took CoPilot Provider Support Services Inc., until January 2017 to send out official breach notifications. An administration portal controlled by CoPilot was accessed by an unauthorized person on October 26, 2015. That person also stole the data of 221,178 people. The stolen data included names, dates of birth,...

Read More
New York Attorney General Fines CoPilot for Delaying Breach Notifications
Jun19

New York Attorney General Fines CoPilot for Delaying Breach Notifications

Under Health Insurance Portability and Accountability Act (HIPAA) Rules, covered entities must report data breaches within 60 days of the discovery of a breach. Affected individuals must also be notified within the same time frame. State legislation has been introduced that similarly requires organizations to issue notifications and report the incidents to state officials. Breach reports are also covered by other federal legislation...

Read More
HHS Looking Into OCR’s Wall of Shame Following Criticism
Jun17

HHS Looking Into OCR’s Wall of Shame Following Criticism

The Department of Health and Human Services’ Office for Civil Rights started publishing OCR’s ‘Wall of Shame’ – summaries of healthcare data breaches – on its website in 2009. The data breach list only includes a short synopsis of data breaches, including the name of the covered organization, the state in which the covered organization is based, covered organization type, date of notification, type of...

Read More
HHS Considers Making Changes to the OCR Wall of Shame
Jun16

HHS Considers Making Changes to the OCR Wall of Shame

Since the HITECH Act came into force in 2009, the Department of Health and Human Services’ Office for Civil Rights (OCR) has been publishing data breach summaries on its website. The website lists brief details of the type of data breach experienced by HIPAA-covered entities with information such as the cause of the breach, the devices that were involved, the number of individuals affected and the name of the company that experienced...

Read More
OCR Issues Guidance on the Correct Response After a Cyberattack
Jun09

OCR Issues Guidance on the Correct Response After a Cyberattack

The increase in hacking incidents in 2017 and major worldwide cyber incidents such has Wannacry ransomware attacks have prompted the Department of Health and Human Services’ Office for Civil Rights (OCR) to issue new guidance on the correct response after a cyberattack. Yesterday, OCR sent a Quick Response Cyber Attack Checklist to its security and privacy list subscribers explaining the correct procedures to follow after a...

Read More
Need for Access Controls and Alerts Highlighted by Internal Staff Snooping Incidents
Jun04

Need for Access Controls and Alerts Highlighted by Internal Staff Snooping Incidents

Ransomware, malware and unaddressed software weaknesses pose a danger to the confidentiality, integrity and access to PHI, although healthcare groups should put in place processes to deal with the threat internally. This year has seen a multitude of cases involving employees snooping and accessing medical records without permission. The HIPAA Security Rule 45 CFR §164.312(b) requires covered organizations to “Implement hardware,...

Read More
$387,000 HIPAA Penalty for Disclosing HIV Status to Employer
May26

$387,000 HIPAA Penalty for Disclosing HIV Status to Employer

Following a Department of Health and Human Services’ Office for Civil Rights (OCR) investigation of a complaint about a case of impermissible disclosure of PHI, St. Luke’s-Roosevelt Hospital Center Inc. has paid OCR $387,200 to resolve potential HIPAA violations In September 2014, a complaint was submitted to the OCR about a possible privacy violation involving a patient of St. Luke’s Spencer Cox Center for Health. In the complaint...

Read More
Egregious HIPAA Breach Punished with $378,000 Fine
May24

Egregious HIPAA Breach Punished with $378,000 Fine

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced yet another settlement to resolve HIPAA violations, this time for the careless handling of extremely sensitive health information. St. Luke’s-Roosevelt Hospital Center Inc., has paid OCR $378,000 to resolve an impermissible disclosure of patients’ protected health information to their employers. A wide range of highly sensitive information...

Read More
Dept. of Health and Human Services Issues Ransomware Warning
May21

Dept. of Health and Human Services Issues Ransomware Warning

Following the recent WannaCry ransomware attacks, the Department of Health and Human Services has been issuing cybersecurity alerts and warnings to healthcare organizations on the threat of attack and steps that can be taken to reduce risk. The email alerts were sent soon after the news of the attacks on the UK’s NHS first started to emerge on Friday May 12, and continued over the course of the week. The alerts provided timely and...

Read More
NIST Issues Guidance on Securing Drug Pumps
May17

NIST Issues Guidance on Securing Drug Pumps

Guidance on securing drug pumps has been issued by the National Institute of Standards and Technology (NIST) to help healthcare organizations mitigate the risk of cyberattacks that could cause patients to come to harm or allow sensitive data to be stolen. Over the past two years there has been concern raised about the lack of security on medical devices, with drug pumps a particularly serious concern. If threat actors are able to gain...

Read More
$2.4 Million HIPAA Fine Following Memorial Hermann Health System HIPAA Breach
May12

$2.4 Million HIPAA Fine Following Memorial Hermann Health System HIPAA Breach

A HIPAA breach arising from disclosure on a press release issued by Memorial Hermann Health System (MHHS) in September 2015 has led to the organization agreeing to settle potential HIPAA Privacy Rule violations with the Department of Health and Human Services’ Office for Civil Rights (OCR) for $2.4 million. MHHS is a 16-hospital health system which os located in Texas, treating patients in the Greater Houston area. In September, an...

Read More
Memorial Hermann Health System HIPAA Fine Issued for Improper Disclosure of PHI
May11

Memorial Hermann Health System HIPAA Fine Issued for Improper Disclosure of PHI

An unauthorized disclosure of a patient’s name has resulted in a Memorial Hermann Health System HIPAA fine. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to settle potential HIPAA Privacy Rule violations with Memorial Hermann Health System with the payment of a $2.4 million penalty. Memorial Hermann Health System must also adopt a corrective action plan to ensure HIPAA Rules are followed in...

Read More
New Mexico HIPAA Violation Lawsuit Heads to NM Supreme Court
May10

New Mexico HIPAA Violation Lawsuit Heads to NM Supreme Court

A New Mexico HIPAA violation lawsuit filed by the victim of a sexual assault whose identity was improperly disclosed has been referred to the Supreme Court to assess whether the claim has standing. The lawsuit was filed by the plaintiff ‘G.R.’ who suffered a sexual assault and sought treatment for her injuries at Gallup Indian Medical Center (GIMC) where she was employed. G.R. alleges that following treatment, details of the assault...

Read More
Motion Filed to Dismiss ‘Baseless’ MDLive HIPAA Lawsuit
May09

Motion Filed to Dismiss ‘Baseless’ MDLive HIPAA Lawsuit

A motion has been submitted to dismiss a MDLive HIPAA lawsuit that was filed b y a plaintiff who alleges the firm improperly disclosed protected health information to a third party without informing or obtaining consent from users of the telehealth platform. The MDLive HIPAA lawsuit was filed by plaintiff Joan Richards, who alleges MDLive takes screenshots of data entered on the app on multiple occasions during the first 15 minutes of...

Read More
Healthcare Cyber Threat Landscape to be Covered in HIMSS Privacy and Security Forum
May06

Healthcare Cyber Threat Landscape to be Covered in HIMSS Privacy and Security Forum

Over the next week, the HIMSS Privacy and Security Forum will be held in San Francisco. The two-day conference provides an chance for CISOs, CIOs and other healthcare professionals to obtain valuable guidance from security experts on the most recent cybersecurity threats, along with practical tips on how to limit the chance of damage being inflicted. In excess of 30 speakers will be present at the event and will provide talks on a...

Read More
Alleged Patient Privacy Violations Could Lead to Class Action Lawsuit for MDLive
Apr27

Alleged Patient Privacy Violations Could Lead to Class Action Lawsuit for MDLive

Claims that telemedicine company MDLive violated the privacy of patients by disclosing sensitive medical information to a third party without informing or obtaining official consent from patients have resulted in a class action lawsuit has being filed. App users must enter in a range of private information into the MDLive app; however, the complainant claims that during the first 15 minutes of use, the app takes an average of 60...

Read More
CardioNet Settles HIPAA Violations with OCR for $2.5 Million
Apr26

CardioNet Settles HIPAA Violations with OCR for $2.5 Million

Pensylvania-based CardioNet has agreed a $2.5 million settlement to resolve potential HIPAA violations. The provider of remote mobile monitoring and quick response services to patients in danger of suffering cardiac arrhythmias. Settlements have previously been agreed with healthcare suppliers, health plans, and business clients of covered organizations, but this is the first-time OCR has settled potential HIPAA breaches with a...

Read More
Risk Analysis and Risk Management Errors Results in $2.5 Million HIPAA Settlement
Apr25

Risk Analysis and Risk Management Errors Results in $2.5 Million HIPAA Settlement

Risk analysis and risk management errors have resulted in a $2.5 million HIPAA compliance penalty for CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk of cardiac arrhythmias. The Department of Health and Human Services’ Office for Civil Rights agreed to settle the potential HIPAA violations with no admission of liability. In addition to the substantial HIPAA settlement, CardioNet is...

Read More
CCDH Agrees OCR Settlement for Potential Violations
Apr23

CCDH Agrees OCR Settlement for Potential Violations

The OCR recently revealed it has agreed to settle potential breaches of the Health Insurance Portability and Accountability Act with The Center for Children’s Digestive Health (CCDH); a small 7-center pediatric subspecialty practice located in Park Ridge, Illinois. On August 13, 2015, OCR completed a HIPAA compliance review of CCDH following an audit of FileFax Inc., which was contracted by CCDH to store inactive patient histories and...

Read More
Supreme Court Ruling: Donor Network Must Disclose Patient Details
Apr23

Supreme Court Ruling: Donor Network Must Disclose Patient Details

A New York Supreme Court Judge has recently ruled that patient details recorded by the New York Organ Donor Network must be handed over to a plaintiff and that HIPAA does not give basis for denying this request. Patrick McMahon believes he was fired from his position of Transplant Coordinator by the New York Organ Donor Network following complaints he filed about organ harvesting from four patients who were still displaying clear...

Read More
HIPAA Rules on Business Associate Agreements
Apr21

HIPAA Rules on Business Associate Agreements

This week, the HHS’ Office for Civil Rights (OCR) sent a warning to covered entities about the need to ensure HIPAA Rules on business associate agreements are followed. OCR announced a settlement had been reached with an Illinois healthcare provider for disclosing protected health information (PHI) without first obtaining a signed copy of a BAA. What is a Business Associate Agreement? Under HIPAA Rules, a business associate is classed...

Read More
$31,000 HIPAA Penalty for a Business Associate Agreement Violation
Apr21

$31,000 HIPAA Penalty for a Business Associate Agreement Violation

The Department of Health and Human Services’ Office for Civil Rights has issued a $31,000 HIPAA penalty for a business associate agreement violation to The Center for Children’s Digestive Health (CCDH), a for-profit 7-center Illinois pediatric healthcare provider. OCR discovered potential HIPAA violations during an investigation of the document storage solution provider FileFax. The investigation revealed that FileFax had obtained the...

Read More
Denver-Based Metro Community Agrees $400,000 HIPAA Penalty
Apr15

Denver-Based Metro Community Agrees $400,000 HIPAA Penalty

Metro Community Provider Network (MCPN), a Denver, CO-based federally-qualified health center (FQHC), has agreed to pay OCR $400,000 and implement a stringent corrective action plan to resolve all HIPAA compliance issues found during an OCR investigation into a a data breach that occurred in 2011. The incident that lead to the OCR investigation was a phishing attack that happened on December 5, 2011. A hacker sent phishing emails to...

Read More
Are HIPAA Rules Outdated and is an Update Overdue?
Apr13

Are HIPAA Rules Outdated and is an Update Overdue?

Are HIPAA Rules outdated? Is an update long overdue? An article recently published in the journal JAMIA explores potential updates to HIPAA to keep the legislation relevant. The Health Insurance Portability and Accountability Act (HIPAA) was signed into law by President Clinton in 1996 at a time when the Internet was in its infancy. Now, almost two decades later, a lot has changed. The majority of healthcare organizations have now...

Read More
Security Management Process HIPAA Violations Resolved with $400,000 OCR Settlement
Apr13

Security Management Process HIPAA Violations Resolved with $400,000 OCR Settlement

Yesterday, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced that a $400,000 settlement had been agreed with Metro Community Provider Network (MCPN) to resolve potential security management process HIPAA violations. The Denver, CO-based federally-qualified health center (FQHC) experienced a phishing attack in December 2011 that resulted in unauthorized access to the email accounts of employees. The...

Read More
Study Analyses Hospital Data Breach Risk
Apr06

Study Analyses Hospital Data Breach Risk

A recent study published in JAMA Internal Medicine looked at the hospital data breach risk and determined which organizations are most at risk of experiencing data breaches. The researchers discovered that hospital data breach risk is positively linked with the size of the hospital. Larger hospitals are more likely to experience data breaches, as are hospitals with a strong focus on teaching. Smaller hospitals may have smaller budgets...

Read More
40% of Second-Hand Devices Found to Contain PII
Mar30

40% of Second-Hand Devices Found to Contain PII

The danger of failing to ensure mobile devices have all data securely wiped before being recommissioned or resold has been highlighted by a recent study conducted by National Association for Information Destruction (NAID). In the largest study of its type to date, NAID analysed data on more than 250 devices that had been sold on the second-hand market. 40% of those devices were found to contain personally identifiable information. It...

Read More
Mecklenburg County HIPAA Violation Prompts Policy Update
Mar30

Mecklenburg County HIPAA Violation Prompts Policy Update

A recently discovered Mecklenbury County HIPAA violation has infuriated county officials. An investigation has now been conducted to determine how HIPAA Rules were so easily violated. The incident was discovered on Monday this week. A member of the Mecklenburg County staff received a freedom of information request from the media who were investigating how 185 female patients were not informed about abnormal PAP smear results. While...

Read More
Severino Appointed as Director of HHS’ Office for Civil Rights
Mar29

Severino Appointed as Director of HHS’ Office for Civil Rights

Former civil rights trial attorney Roger Severino has been appointed, by the Department of Health and Human Services’ Office for Civil Rights, to lead its HIPAA enforcement efforts. Mr Severino moves to the OCR from his role at the Heritage Foundation’s DeVos Center for Religion and Civil Society, Institute for Family, Community, and Opportunity, where he held the position of Director since May 2015. An official announcement about the...

Read More
New Resource Provides HIPAA Help for mHealth Developers
Mar29

New Resource Provides HIPAA Help for mHealth Developers

A new online tool has been released by the Connected Health Initiative providing HIPAA help for mHealth developers and healthcare providers. The new tool – called HIPAA Check – has been developed to aid understanding of the complexities of the HIPAA Privacy and Security Rules. Health apps now track a range of user metrics. Data collected by the apps are stored along with personally identifiable information. Much of the information...

Read More
ONC Updates SAFER Guides to Assist HIPAA-Covered Entities with EHR Safety and Security
Mar29

ONC Updates SAFER Guides to Assist HIPAA-Covered Entities with EHR Safety and Security

The Office of the National Coordinator for Health IT (ONC) has released updated versions of its SAFER Guides. The series of guides provide useful information to help covered entities make their EHRs more usable and safer and can be used by HIPAA-covered entities to assess potential vulnerabilities in their EHRs. Hackers search for vulnerabilities in EHRs that can be exploited to gain access to data. It is therefore essential that...

Read More
Roger Severino to Lead OCR’s HIPAA Enforcement Efforts
Mar27

Roger Severino to Lead OCR’s HIPAA Enforcement Efforts

The Department of Health and Human Services’ Office for Civil Rights has a new Director to lead its HIPAA enforcement efforts. Late last week, the Trump Administration quietly installed Roger Severino as the new head of OCR filling the position left vacant following the departure of Jocelyn Samuels. No official announcement about the appointment has been made by the Trump Administration, although an OCR spokesperson has confirmed that...

Read More