Guidance on Cyber Threats Issued to Healthcare Organizations by OCR
Mar08

Guidance on Cyber Threats Issued to Healthcare Organizations by OCR

The U.S. Department of Health and Human Services’ Office of Civil Rights has issued new guidance on cyber threats, advising HIPAA-covered entities to obtain the latest intelligence on new cyber threats that could potentially allow cybercriminals to gain access to the protected health information of patients and health plan members. Threat intelligence is issued by many organizations, although OCR recommends in its guidance on cyber...

Read More
HIPAA Noncompliance Penalties Likely to Increase
Mar03

HIPAA Noncompliance Penalties Likely to Increase

The Department of Health and Human Services’ Office for Civil Rights is expected to issue more HIPAA noncompliance penalties over the coming year. While OCR assists HIPAA-covered entities with their compliance efforts by issuing guidance, 2017 is likely to see OCR crackdown on non-compliance. Organizations found to have violated HIPAA Rules can expect to have to dig deep and pay for their failure to comply with the HIPAA Privacy,...

Read More
New Simplified HITRUST CSF for Small Healthcare Providers
Mar03

New Simplified HITRUST CSF for Small Healthcare Providers

This week, HITRUST announced it has created a new, simplified HITRUST CSF for small healthcare providers to help them with their compliance and risk management programs. A New HITRUST CSF for Small Healthcare Providers The HITRUST CSF is a certifiable framework that was developed to help healthcare organizations manage risk and comply with industry regulations such as HIPAA. The framework is flexible and can be tailored to suit...

Read More
HIPAA Privacy Rule Compliance: Patient Copies of Health Information
Mar02

HIPAA Privacy Rule Compliance: Patient Copies of Health Information

An important element of HIPAA Privacy Rule compliance is ensuring patient copies of health information are provided on request. The Health Insurance Portability and Accountability Act requires HIPAA-covered entities to provide either electronic or paper copies of patient health records to the patient, or their nominated representative, if they are specifically requested. This week, the American Health Information Management...

Read More
Deadline for Small Healthcare Data Breach Notification is March 1
Feb27

Deadline for Small Healthcare Data Breach Notification is March 1

The Health Insurance Portability and Accountability Act’s Breach Notification Rule stated that all covered organizations must make violations of unsecured electronic protected health information known to the Department of Health and Human Services’ Office for Civil Rights (OCR). While large scale data violations – those affecting 500 or more individuals – must be reported to OCR within 60 days of the the breach being found, covered...

Read More
Texting, Social Media, & Case Walkthrough HIPAA Guidance to be Published in 2017
Feb24

Texting, Social Media, & Case Walkthrough HIPAA Guidance to be Published in 2017

Recently at HIMSS17, OCR’s Deven McGraw outlined the HIPAA guidance OCR expects to publish in 2017. OCR may be busy reviewing the findings of the HIPAA compliance desk audits of healthcare groups and their business associates, but a flurry of new HIPAA guidance documentation is set to be published this year. In 2016, the Joint Commission cancelled the ban on the use of text messages for making orders, although within weeks of the...

Read More
HIPAA Breach Notification Deadline for 2016 Data Breaches Fast Approaching
Feb22

HIPAA Breach Notification Deadline for 2016 Data Breaches Fast Approaching

The HIPAA breach notification deadline for HIPAA-covered entities is fast approaching. Covered entities have until March 1, 2017 to submit their 2016 data breach reports to the Department of Health and Human Services’ Office for Civil Rights. HIPAA covered entities that have experienced a breach of the protected health information of patients or plan members are required by the HIPAA Breach Notification Rule to send a report of the...

Read More
New OCR HIPAA Compliance Guidance on the Way
Feb21

New OCR HIPAA Compliance Guidance on the Way

At this year’s Health Information and Management Systems Society (HIMSS) annual meeting, OCR officials have explained that 2017 will see a swathe of new OCR HIPAA compliance guidance issued. While there have been no changes to HIPAA Rules for a number of years, the pace at which technology is progressing has seen many gaps appear in HIPAA legislation. New medical devices have come to market, wearable technology has been adopted by...

Read More
Onsite HIPAA Compliance Audits Will be Delayed
Feb21

Onsite HIPAA Compliance Audits Will be Delayed

The Office for Civil Rights’ onsite HIPAA compliance audits that were scheduled to take place in the first quarter of 2017 are to be delayed, according to OCR’s Deputy Director of Health Information Privacy, Deven McGraw. In an interview at HIMSS17, McGraw explained to Information Security Media Group that the decision to delay the onsite HIPAA compliance audits was taken to allow OCR time to process the reports from the desk audits....

Read More
Horizon BCBS of New Jersey HIPAA Fine of $1.1 Million Announced
Feb20

Horizon BCBS of New Jersey HIPAA Fine of $1.1 Million Announced

A Horizon BCBS of New Jersey HIPAA fine has been announced by the New Jersey Division of Consumer Affairs. In addition to a $1.1 million financial settlement, Horizon BCBS of New Jersey is required to adopt a corrective action plan to ensure that the electronic protected health information (ePHI) of its policyholders is appropriately secured. Horizon BCBS of New Jersey HIPAA Fine Resolves Multiple Privacy and Security Rule Violations...

Read More
$5.5 Million Memorial Healthcare HIPAA Fine Agreed
Feb17

$5.5 Million Memorial Healthcare HIPAA Fine Agreed

The Department of Health and Human Services’ Office for Civil Rights has announced a massive settlement has been reached with Florida-based Memorial Healthcare System. The Memorial Healthcare HIPAA fine of $5.5 million settles potential violations of the HIPAA Privacy and Security Rules spanning several years. The settlement is the joint largest ever HIPAA fine issued to a single covered entity. The Memorial Healthcare HIPAA fine...

Read More
Children’s Health HIPAA Fine: $3.2 Million Paid to OCR to Resolve Multiple HIPAA Violations
Feb03

Children’s Health HIPAA Fine: $3.2 Million Paid to OCR to Resolve Multiple HIPAA Violations

The Department of Health and Human Services’ Office for Civil Rights has announced the first Civil Monetary Penalty of the year: The Children’s Health HIPAA fine of $3.2 million is one of the largest penalties to date for a single HIPAA-covered entity. The size of the CMP reflects the number of violations discovered and the length of time that the HIPAA violations were allowed to persist before Children’s Health eventually complied...

Read More
MAPFRE Life HIPAA Settlement: $2.2 Million for Impermissible Disclosure of ePHI
Jan19

MAPFRE Life HIPAA Settlement: $2.2 Million for Impermissible Disclosure of ePHI

MAPFRE Life Insurance Company of Puerto Rico has settled potential violations of the Health Insurance Portability and Accountability Act (HIPAA) with the Department of Health and Human Services’ Office for Civil Rights. MAPFRE Life HIPAA Settlement of $2.2 Million Agreed with OCR According to the resolution agreement, MAPFRE Life will pay OCR $2,204,182 and must adopt a corrective action plan to address multiple noncompliance issues...

Read More
2016 Healthcare Data Breach Report Published
Jan18

2016 Healthcare Data Breach Report Published

The 2016 healthcare data breach report from cybersecurity company Protenus shows that 2016 was a record-breaking year for healthcare data breaches. In 2016, more than one healthcare data breach occurred every day on average. Those breaches resulted in the theft or exposure of 27 million individuals’ confidential information. In total, 450 breach incidents were reported by healthcare organizations – healthcare providers, health plans,...

Read More
$475,000 Presense Healthcare HIPAA Settlement Agreed with OCR
Jan10

$475,000 Presense Healthcare HIPAA Settlement Agreed with OCR

The Department of Health and Human Services’ Office for Civil Rights has announced a $475,000 Presense Healthcare HIPAA settlement has been agreed. This is the first HIPAA enforcement action of 2017 and the first time OCR has settled a case solely based on the delayed issuing of breach notifications to individuals impacted by a protected health information breach. In 2013, Presense St. Joseph Medical Center, a hospital run by...

Read More
63% Increase in Healthcare Data Breaches in 2016
Dec22

63% Increase in Healthcare Data Breaches in 2016

There has been a 63% increase in major healthcare data breaches in 2016, according to the 2016 Healthcare Cyber Breach Report from cybersecurity firm TrapX. The report, which covers healthcare data breaches in 2016 from January 1 to December 12, shows that while the total number of healthcare records exposed in 2016 was considerably lower than last year, the number of incidents increased substantially. In 2015, 111,812,172 records...

Read More
November 2016 Breach Barometer Report: Worst Month for Health Data Breaches
Dec16

November 2016 Breach Barometer Report: Worst Month for Health Data Breaches

The November 2016 Breach Barometer Report from Protenus provides a snapshot of the state of healthcare data security, cataloging the health data breaches that occurred last month. The report is released each month and provides a useful record of HIPAA breaches throughout the year. While the total number of health records exposed or stolen in November fell from the previous month, and November figures are the seventh lowest of the...

Read More
2015 Ashley Madison Data Breach Results in $1.75 Million Fines
Dec15

2015 Ashley Madison Data Breach Results in $1.75 Million Fines

The 2015 Ashley Madison data breach that exposed the credentials of more than 37 million would-be adulterers has resulted in fines of $17.5 million being issued to Ruby Corp., the organization that owns Ashley Madison. The fines were announced this week by both the Federal Trade Commission and the New York attorney general. The fines were issued due to poor security practices which contributed to the cyberattack, but also for...

Read More
$650,000 UMass HIPAA Settlement Announced by OCR
Nov23

$650,000 UMass HIPAA Settlement Announced by OCR

The University of Massachusetts Amherst (UMass) has agreed to pay the Department of Health and Human Services’ Office for Civil Rights (OCR) $650,000 to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA). The UMass HIPAA settlement could have been much higher, although OCR took into consideration the financial position of the University, which had operated at a financial loss last year. OCR...

Read More
$1 Million Settlement for 2013 Adobe Systems Data Breach
Nov11

$1 Million Settlement for 2013 Adobe Systems Data Breach

Connecticut Attorney General George Jepsen has announced that a settlement has been reached for the 2013 Adobe Systems data breach that affected more than half a million individuals in 15 states. The 2013 Adobe Systems data breach first came to light on September 17, 2013 when the company received an alert that one of its servers was approaching capacity. The response to that alert revealed that an unauthorized individual was...

Read More
Guidance on HIPAA and the FTC Act
Oct25

Guidance on HIPAA and the FTC Act

The Federal Trade Commission (FTC) in conjunction with the Department of Health and Human Services’ Office for Civil Rights (OCR) has issued guidance on HIPAA and the FTC Act explaining it is not sufficient to only consider HIPAA regulations when sharing health data. Organizations must also ensure they comply with the Federal Trade Commission Act (FTC Act). The guidance on HIPAA and the FTC Act was issued to ensure that organizations...

Read More
EHNAC Migrates HIPAA Privacy and Security Modules to HITRUST CSF Framework
Oct20

EHNAC Migrates HIPAA Privacy and Security Modules to HITRUST CSF Framework

The two leading standards development associations – the Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance HITRUST – have announced they are to collaborate and will be streamlining their certification and accreditation programs for healthcare industry stakeholders. The standards development organizations have a similar vision and want to reduce the complexity of information...

Read More
$2.14 Million St. Joseph Health HIPAA Settlement Announced
Oct19

$2.14 Million St. Joseph Health HIPAA Settlement Announced

The Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to a $2.14 million St. Joseph Health HIPAA settlement after a data breach investigation uncovered serious violations of the HIPAA Security Rule. St Joseph Health, which is sponsored by the St. Joseph Health Ministry, operates 14 acute care hospitals in California, New Mexico, and Texas, in addition to many skilled nursing facilities, hospices, home...

Read More
Healthcare Lawyers Increasingly Involved in Cybersecurity Matters
Oct17

Healthcare Lawyers Increasingly Involved in Cybersecurity Matters

A recent survey conducted by Bloomberg Law and the American Health Lawyers Association (AHLA) asked more than 300 healthcare attorneys from across the United States about their involvement in cybersecurity matters and their opinions on their future involvement in data breaches and cyber-attacks. The survey revealed the extent to which healthcare attorneys are being called upon to deal with cybersecurity matters and showed attorneys...

Read More
OCR Issues Cloud Computing Guidance for HIPAA Covered Entities
Oct07

OCR Issues Cloud Computing Guidance for HIPAA Covered Entities

Today, the Department of Health and Human Services’ Office for Civil Rights (OCR) has issued cloud computing guidance for HIPAA covered entities. The new guidance was issued in response to numerous questions that had been asked by covered entities and their business associates about how cloud services could be adopted without falling afoul of HIPAA Rules. The new cloud computing guidance for HIPAA covered entities can also be used by...

Read More
Business Associate HIPAA Audits Now Imminent
Oct01

Business Associate HIPAA Audits Now Imminent

The business associate HIPAA audits are scheduled to commence this month, The business associate HIPAA compliance audits are not expected to result in punitive action being taken if HIPAA violations are discovered. The audits provide a snapshot of the state of compliance and are intended to identify common compliance issues which will be used to direct future guidance. OCR may prefer to resolve noncompliance with voluntary actions and...

Read More
Data Breach Notification Law in California Updated
Sep30

Data Breach Notification Law in California Updated

Data breach notification law in California has been updated again, further strengthening the already stringent laws in the state. Data breach notification law in California is already the strongest in the country. The latest update is intended to further protect state residents whose personal information is compromised. The latest update closes a gap in the data breach notification law in California, which has previously not required...

Read More
HHS Privacy and Security Guidance is not in Line with Federal Guidelines, says GAO
Sep28

HHS Privacy and Security Guidance is not in Line with Federal Guidelines, says GAO

The Government Accountability Office (GAO) has released a damning report on the Department of Health and Human Services (HHS), criticizing its lack of oversight and privacy and security guidance for HIPAA covered entities. The GAO determined that the privacy and security guidance issued by the HHS failed to meet federal guidelines and did not cover all of the elements of the Cybersecurity Framework issued by the National Institute of...

Read More
ONC Issues Guidance on EHR Contract Negotiations
Sep27

ONC Issues Guidance on EHR Contract Negotiations

The Office of the National Coordinator for Health IT (ONC) has issued new guidance on EHR contract negotiations to help HIPAA covered entities avoid some of the common problems experienced when selecting, negotiating, and implementing new EHR systems. The new guidance on EHR contract negotiations – EHR Contracts Untangled: Selecting Wisely, Negotiating Terms, and Understanding the Fine Print – is intended to help HIPAA covered...

Read More
ONC Report Confirms Most Hospitals Allow Patients to Access Their EHRs
Sep13

ONC Report Confirms Most Hospitals Allow Patients to Access Their EHRs

Significant progress has been made toward providing all patients with access to their ePHI, according to a recent report issued by the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC). Back in 2012, only 24% of non-acute care hospitals allowed patients to view their ePHI. The percentage of hospitals now allowing access to ePHI has risen to 95%; an increase of 4% since...

Read More
Health and Fitness App Privacy Policies Often Absent, says Think Tank
Aug19

Health and Fitness App Privacy Policies Often Absent, says Think Tank

One would assume that health and fitness app privacy policies would be more important than many other types of app, given the types of data they collect. However, according to a recent study performed by Washington DC think tank, The Future of Privacy, health and fitness app privacy policies are often nowhere to be seen. Only 60% of the apps assessed for the study actually had privacy policies compared to 76% of general apps. The...

Read More
OCR Data Breach Investigations to Be Increased for Sub-500 Record Breaches
Aug18

OCR Data Breach Investigations to Be Increased for Sub-500 Record Breaches

The Department of Health and Human Services’ Office for Civil Right is the main enforcer of HIPAA Rules. All complaints about potential violations of HIPAA Rules are followed up, and OCR data breach investigations are initiated for all breaches if they impact more than 500 individuals. That is not to say that data breaches involving the exposure or theft of fewer than 500 records are never investigated, only that with limited funding...

Read More
Walgreens HIPAA Violations Do Not Result in Financial Penalty
Aug12

Walgreens HIPAA Violations Do Not Result in Financial Penalty

Walgreens HIPAA violations discovered by reporters from WTHR 13 in 2006 have not resulted in any punitive action being taken by the Department of Health and Human Services’ Office for Civil Rights (OCR). According to a recent WTHR 13 report, the case against Walgreens has now been closed. Potential Walgreens HIPAA violations were uncovered by WTHR 13 reporters in 2006 following an investigation into the suspected dumping of protected...

Read More
CMS Takes Steps to Prevent Abuse of Nursing Home Residents on Social Media Sites
Aug09

CMS Takes Steps to Prevent Abuse of Nursing Home Residents on Social Media Sites

Reports of abuse of nursing home residents on social media networks have prompted the Centers for Medicare and Medicaid Services (CMS) to take steps to protect seniors living in nursing homes and assisted living facilities. While the vast majority of nursing home employees are committed to providing excellent levels of care for elders in nursing facilities, the volume of reports of abuse of nursing home residents on social media...

Read More
Largest Ever HIPAA Penalty: Advocate Health Agrees to $5.55 Million Settlement
Aug05

Largest Ever HIPAA Penalty: Advocate Health Agrees to $5.55 Million Settlement

This week, the HHS’ Office for Civil Rights announced it has issued the largest ever HIPAA penalty to a single covered entity. Advocate Health will pay a penalty of $5.55 million to OCR to settle the case, which involved multiple potential HIPAA violations some of which spanned several years. OCR reports that some violations of the Health Insurance Portability and Accountability Act date back to when the HIPAA Security Rule was first...

Read More
37 Months’ Imprisonment for Criminal HIPAA Violations
Aug04

37 Months’ Imprisonment for Criminal HIPAA Violations

A former customer service representative at Tampa General Hospital has been sentenced to 37 months’ imprisonment for criminal HIPAA violations and tax fraud. Shanakia Benton abused her data access rights while employed at the hospital and accessed and stole patient data with intent to commit fraud. Benton was provided with access to the data in order to perform work duties. According to the court documents, Benton had previously...

Read More
Medical Students Potentially Violating HIPAA by Tracking Patients using EHRs
Jul29

Medical Students Potentially Violating HIPAA by Tracking Patients using EHRs

A recent study published in JAMA Internal Medicine suggests medical students may be violating HIPAA regulations by tracking patients using EHRs. A survey was conducted in an academic health center to determine the extent to which medical students were tracking patients using EHRs. The survey was conducted in August 2013 on 169 fourth year students. Little research had previously been conducted and the extent to which students were...

Read More
OIG Assesses HIPAA Standards for EHR Contingency Planning
Jul26

OIG Assesses HIPAA Standards for EHR Contingency Planning

The Department of Health and Human Services’ Office of Inspector General has conducted a survey to investigate whether HIPAA standards for EHR contingency planning were being met by U.S. hospitals. 400 hospitals were asked questions about EHR contingency planning and whether their plans had been put into practice. While a majority of hospitals had developed EHR contingency plans and had largely complied with HIPAA regulations, only...

Read More
University of Mississippi Medical Center HIPAA Settlement Announced
Jul22

University of Mississippi Medical Center HIPAA Settlement Announced

The failure to comply with HIPAA Rules can prove costly, as the University of Mississippi Medical Center HIPAA settlement clearly shows. Following an investigation into a breach of 500 patient records, the Department of Health and Human Services’ Office for Civil Rights (OCR) discovered multiple violations of Health Insurance Portability and Accountability Act Rules. The University of Mississippi Medical Center HIPAA settlement...

Read More
OCR Announces $2.7 million OHSU HIPAA Violation Settlement
Jul19

OCR Announces $2.7 million OHSU HIPAA Violation Settlement

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that Oregon Health & Science University (OHSU) has agreed to settle multiple potential HIPAA violations which contributed to the potential disclosure of protected health information on a number of occasions. The OHSU HIPAA violation settlement is one of the largest of 2016. OHSU is required to make a monetary payment of $2.7 million to the OCR...

Read More
167 HIPAA Covered Entities Selected for a Compliance Audit
Jul12

167 HIPAA Covered Entities Selected for a Compliance Audit

The long awaited second phase of HIPAA compliance audits started earlier this year with the sending of emails to covered entities requesting contact information. From the responses, the Department of Health and Human Services’ Office for Civil Rights (OCR) formed a pool of eligible covered entities which would be eligible for a HIPAA compliance audit. The OCR announced this week that 167 covered entities have been selected for a “desk...

Read More
OCR Releases Ransomware Guidance for HIPAA Covered Entities
Jul11

OCR Releases Ransomware Guidance for HIPAA Covered Entities

The Department of Health and Human Services’ Office for Civil Rights (OCR) has released new guidance for covered entities to help them protect their organizations from ransomware attacks, and deal with attacks if they should occur. The new guidance also clarifies how HIPAA Rules apply to healthcare ransomware infections. Earlier this year, Deputy Director for Health Information Privacy Deven McGraw announced that new guidance on...

Read More
Business Associate Agrees to $650,000 Settlement for HIPAA Failures
Jun30

Business Associate Agrees to $650,000 Settlement for HIPAA Failures

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced it has agreed to settle the case against Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) for $650,000. CHCS has agreed to a corrective action plan and will pay the financial penalty to the OCR to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA), without admission of liability. In...

Read More
HIPAA Minimum Necessary Standard Discussed at NCVHS Hearing
Jun20

HIPAA Minimum Necessary Standard Discussed at NCVHS Hearing

Melissa Martin, the President of the American Health Information Management Association (AHIMA) gave a testimony at a recent National Committee on Vital and Health Statistics’ (NCVHS) meeting regarding the HIPAA minimum necessary standard. The NCVHS subcommittee on privacy, confidentiality, and security held the hearing to discuss whether changes need to be made to the HIPAA minimum necessary standard, and whether HIPAA covered...

Read More
Illinois Data Breach Notification Law Updated
Jun19

Illinois Data Breach Notification Law Updated

Bruce Rauner – the Governor of Illinois – has recently signed a number of amendments to Illinois data breach notification law. The changes are intended to better protect Illinois residents in the event that their personal information is exposed or stolen. Health Insurance and Medical Information Included in Illinois Data Breach Notification Law Changes have been made to the Personal Information Privacy Act (PIPA) which expand the...

Read More
OIG Report: Washington State Insurance Exchange Security Places PHI at Risk
Jun17

OIG Report: Washington State Insurance Exchange Security Places PHI at Risk

The Department of Health and Human Services’ Office of the Inspector General (OIG) has recently published a report of its investigation into Washington State’s health insurance exchange. The audit, which commenced in May 2015, was conducted to determine whether the exchange had adhered to federal requirements, including those stipulated in the Centers for Medicare & Medicaid Services in its Minimum Acceptable Risk Standards for...

Read More
NIST Cybersecurity Framework Update
Jun14

NIST Cybersecurity Framework Update

The National Institutes of Standards and Technology (NIST) has announced that there will be a minor NIST Cybersecurity Framework update in early 2017. NIST sought suggestions from industry stakeholders over a period of two years since the NIST Cybersecurity framework was published. NIST issued a request for information (RFI) in December 2015 and received over 100 responses on best practices, Framework use, and suggestions for long...

Read More
ONC Releases New Tools Explaining Consumers’ Rights to Access Health Information
Jun06

ONC Releases New Tools Explaining Consumers’ Rights to Access Health Information

The HHS’ Office of the National Coordinator for Health IT has released a new set of tools explaining consumers’ rights to access health information under HIPAA. Earlier this year the HHS’ Office for Civil Rights released new guidance for healthcare providers and other covered entities explaining how the HIPAA Privacy Rule requires covered entities to provide consumers with a copy of their electronic protected health information (ePHI)...

Read More
Healthcare Professionals Committing HIPAA Violations on Yelp
May31

Healthcare Professionals Committing HIPAA Violations on Yelp

A recent ProPublica report has revealed that many healthcare professionals are committing HIPAA violations on Yelp and other review sites when responding to bad feedback from patients. A response to a negative comment may be viewed as a good way of mitigating some of the damage caused, but this can all too easily backfire. When physicians or other healthcare professionals see a bad review, they have to exercise much greater caution...

Read More
Beware of HIPAA Violations When Responding to Yelp Reviews
May28

Beware of HIPAA Violations When Responding to Yelp Reviews

Online reviews of patients’ experiences with healthcare providers can be an invaluable way to gain feedback from patients. Some healthcare providers even encourage patients to write reviews of their experiences, while others are wary as poor reviews can be bad for business. Concern about the latter has led some healthcare providers to respond to comments about the poor treatment of patients, and by doing they have violated one of the...

Read More
OCR Updates HIPAA Guidance for Health App Developers
May25

OCR Updates HIPAA Guidance for Health App Developers

The Department of Health and Human Services’ Office for Civil Rights (OCR) has updated its HIPAA guidance for health app developers to make it easier for developers of health apps to obtain answers to questions about the Health Insurance Portability and Accountability Act Rules. Last year, the OCR was criticized by the app industry for doing too little to help health app developers understand the complexities of HIPAA Rules. The OCR...

Read More
How Much Can Covered Entities Charge for PHI Access? HHS Issues Clarification
May24

How Much Can Covered Entities Charge for PHI Access? HHS Issues Clarification

There is a lot of uncertainty about how much covered entities can charge patients for PHI access under HIPAA Rules. Many healthcare providers feel they have received conflicting information about the allowable charges for providing patients with copies of their protected health information (PHI). Patients are likewise confused. Many individuals would like to obtain copies of their health data, and are allowed to do so under the HIPAA...

Read More
Have You Started Preparing for a HIPAA Compliance Audit?
May23

Have You Started Preparing for a HIPAA Compliance Audit?

Have you started preparing for a HIPAA compliance audit? Will you be able to supply compliant documentation to OCR auditors if your organization is selected for an audit later this year? Time to Start Preparing for a HIPAA Compliance Audit The Office for Civil Rights (OCR) will be auditing covered entities later this year and assessing compliance with the HIPAA Privacy, Security, and Breach Notification Rules. The first round of HIPAA...

Read More
Guidance for Dealing with Ransomware Attacks to be Issued by OCR
May20

Guidance for Dealing with Ransomware Attacks to be Issued by OCR

Many HIPAA covered entities believe that guidance for dealing with ransomware attacks should be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR). There has been some confusion over whether a ransomware attack actually constitutes a data breach. HIPAA covered entities are required to report breaches of protected health information to the OCR within 60 days of the discovery of a breach. They must also...

Read More
AHA Calls for Changes to Healthcare Data Privacy Rules
May14

AHA Calls for Changes to Healthcare Data Privacy Rules

The American Hospital Association (AHA) has urged congress to update data privacy rules to align them more closely with HIPAA. At present, the privacy rules of 42 CFR Part 2 (Part 2) restrict the use and disclosure of substance abuse records of patients that have been enrolled in certain substance abuse programs. The AHA is concerned that because current regulations prohibit the disclosure of patients’ entire medical records,...

Read More
OCR Warns Hospitals to Prepare for Business Associate Data Breaches
May10

OCR Warns Hospitals to Prepare for Business Associate Data Breaches

The Department of Health and Human Services’ Office for Civil Rights (OCR) has recently issued a warning to HIPAA covered entities saying they should be prepared for business associate data breaches. Recent surveys have suggested that HIPAA covered entities do not believe that some of their business associates would inform them of a data breach that exposed their patients’ protected health information. Many covered entities also...

Read More
Nebraska Data Breach Notification Law Amended
May01

Nebraska Data Breach Notification Law Amended

Pete Ricketts – the Governor of Nebraska – has recently put his name to a new bill (LB 835) that amends Nebraska Data Breach Notification Law. The bill was recently passed with a unanimous 46-0 vote. The new bill expands the state’s definition of personal information and clarifies when data encryption does – and does not – require organizations to issue notifications to individuals affected by a security breach. The changes have...

Read More
Joint Commission Ends Text Message Ban on Orders
Apr27

Joint Commission Ends Text Message Ban on Orders

The Joint Commission has lifted its five-year ban on clinicians using smartphones to send orders via text message. In the May copy of its Perspectives newsletter, the Joint Commission announced that the text message ban has been lifted with immediate effect, although there is one caveat. A secure text messaging platform must be used. The ban on text messaging was first introduced in 2011. Clinicians were prohibited from sending orders...

Read More
Pharma Company Manager Pleads Guilty to Criminal HIPAA Violations
Apr22

Pharma Company Manager Pleads Guilty to Criminal HIPAA Violations

It is a relatively rare occurrence for the Department of Justice to pursue cases against individuals for criminal HIPAA violations, although action is being taken against a pharma company manager for alleged criminal HIPAA violations. Charges of Criminal HIPAA Violations in Pharmaceutical Fraud Scheme A case has been filed against Landon Eckles, a district manager for the pharmaceutical firm Warner Chilcott, for criminal HIPAA...

Read More
$2.2 Million HIPAA Penalty for Unauthorized Filming of Patients
Apr21

$2.2 Million HIPAA Penalty for Unauthorized Filming of Patients

The Department of Health and Human Services’ Office for Civil Rights has announced its second HIPAA settlement in three days, having arrived at an agreement with New York Presbyterian Hospital (NYP) over alleged violations of the HIPAA Privacy Rule. The settlement stems from the ‘egregious disclosure’ of protected health information to multiple individuals during the filming of a television show at the hospital. NYP had agreed to...

Read More
Orthopaedic Clinic Pays Penalty for Business Associate Agreement HIPAA Violation
Apr21

Orthopaedic Clinic Pays Penalty for Business Associate Agreement HIPAA Violation

A Business Associate Agreement HIPAA violation discovered by the Department of Health and Human Services’ Office for Civil Rights (OCR) has culminated in a $750,000 settlement being reached with the Raleigh Orthopaedic Clinic (ROC) of North Carolina. An investigation was launched by OCR in 2013 following receipt of ROC’s report of a disclosure of protected health information (PHI) to a potential business partner. ROC entered into a...

Read More
$750,000 Settlement for HIPAA Business Associate Agreement Failures
Apr19

$750,000 Settlement for HIPAA Business Associate Agreement Failures

The latest OCR settlement for HIPAA Business Associate Agreement (BAA) failures highlights the importance of having up to date, HIPAA-compliant BAAs in place for all business associates. Raleigh Orthopaedic Clinic, P.A., of North Carolina has agreed to settle a case filed by the Office for Civil Rights for alleged violations of HIPAA Rules, stemming from an April 30, 2013 breach of PHI. An investigation was launched by OCR after...

Read More
Healthcare IT Security Focus On Compliance Not Breach Prevention
Apr15

Healthcare IT Security Focus On Compliance Not Breach Prevention

According to the latest Vormetric data threat report, the main healthcare IT security focus is meeting HIPAA compliance requirements, not preventing data breaches. HIPAA Compliance is the Main Healthcare IT Security Focus For the report, Vormetric commissioned 451 Research to conduct a survey which questioned healthcare IT managers about their spending plans for the coming year. They were asked where the bulk of the cybersecurity...

Read More
Phase 2 HIPAA Audit Protocol Released
Apr07

Phase 2 HIPAA Audit Protocol Released

The Department of Health and Human Services’ Office for Civil Rights published the new phase 2 HIPAA audit protocol this week. The protocol details the inquiries that will be made when the audits are conducted later this year. The second round of audits has been much delayed, and while the OCR has indicated progress was being made, the publication of the phase 2 HIPAA audit protocol suggests that the delays have come to an end and the...

Read More
The Hidden Cost of Pagers in Healthcare
Mar31

The Hidden Cost of Pagers in Healthcare

Numerous studies have been conducted on the cost of HIPAA-compliant alternatives to the pager, yet little research has actually been conducted on the actual cost of pagers in healthcare. Pager use is in steep decline. Pager services are being dropped by telecoms companies due to the lack of demand. Most industries have retired pagers long ago and have switched to smartphones. However, the healthcare industry lags behind. Pagers are...

Read More
Phase 2 HIPAA Audit Program Begins
Mar24

Phase 2 HIPAA Audit Program Begins

The Department of Health and Human Services’ Office for Civil Rights has announced that the phase 2 HIPAA audit program has now started. Covered entities are now being emailed to verify contact information and to gather preliminary information. The initial stage of the phase 2 HIPAA audit program requires OCR to form the sample pool from which covered entities are chosen. The emails have been sent to the contacts OCR has listed for...

Read More
Phase 2 HIPAA Compliance Audits Underway, says OCR
Mar21

Phase 2 HIPAA Compliance Audits Underway, says OCR

Phase 2 of the HIPAA compliance audits is now underway, according to a recent announcement issued by the Department of Health and Human Services’ Office for Civil Rights (OCR). The audits are being conducted to assess compliance with the HIPAA Privacy, Security, and Breach Notification Rules. The OCR explains that audits are an important tool that enable the OCR to assess whether organizations are implementing the necessary safeguards...

Read More
3.9 Million Dollar HIPAA Breach Settlement Announced by OCR
Mar18

3.9 Million Dollar HIPAA Breach Settlement Announced by OCR

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced it has arrived at a settlement with the Feinstein Institute for Medical Research for potential HIPAA violations stemming from a 2012 data breach. The Feinstein Institute has agreed to pay the OCR $3.9 million to settle the charges and has also agreed to adopt a corrective action plan (CAP) to address the issues raised during the OCR breach...

Read More
Feinstein Institute to Pay OCR $3.9 Million for Improper Disclosure of PHI
Mar18

Feinstein Institute to Pay OCR $3.9 Million for Improper Disclosure of PHI

Feinstein Institute for Medical Research has agreed to settle charges of improper disclosure of PHI with the Department of Health and Human Services’ Office for Civil Rights (OCR). A payment of $3.9 million will be made, with Feinstein also required to adopt a stringent corrective action plan to address a number of violations of HIPAA Rules discovered by OCR investigators. Laptop Containing PHI Was Left On the Back Seat of a Car OCR...

Read More
North Memorial Healthcare to Pay $1.5 Million HIPAA Fine
Mar17

North Memorial Healthcare to Pay $1.5 Million HIPAA Fine

North Memorial Healthcare has agreed to pay the Department of Health and Human Services’ Office for Civil Rights (OCR) $1.5 million for failing to obtain a HIPAA-compliant business associate agreement from a major contractor. North Memorial also failed to conduct a comprehensive, organization-wide risk analysis according to a statement issued by the OCR. The OCR initiated an investigation into North Memorial Healthcare after receiving...

Read More
Business Associate Data Breaches Can Be Expensive: Hospital Pays OCR $1.55 Million
Mar17

Business Associate Data Breaches Can Be Expensive: Hospital Pays OCR $1.55 Million

The latest OCR HIPAA settlement illustrates just how expensive business associate data breaches can be if a HIPAA-covered entity has not obtained a signed, compliant business associate agreement (BAA). North Memorial Health Care of Minnesota has recently agreed to pay $1,550,000 to settle HIPAA violations that were discovered when the Department of Health and Human Services’ Office for Civil Rights conducted an investigation into a...

Read More
HIPAA Rules for Workplace Wellness Programs
Mar15

HIPAA Rules for Workplace Wellness Programs

There has been some confusion surrounding the HIPAA Rules for workplace wellness programs. This week, the Department of Health and Human Services’ Office for Civil Rights has taken action and has issued new guidance which clarifies how HIPAA applies to certain workplace wellness programs. HIPAA Rules for Workplace Wellness Programs Clarified by OCR The Health Insurance Portability and Accountability Act covers healthcare providers,...

Read More
HIPAA Rules Covering mHealth Apps Require Clarification
Mar12

HIPAA Rules Covering mHealth Apps Require Clarification

A bipartisan group of congressmen has written to Sylvia Matthews Burwell, the Secretary of Health and Human Services (HHS), criticizing the HHS for failing to clarify HIPAA Rules covering mHealh apps. While the HHS has taken some steps to help mHealth app developers comply with HIPAA Rules, the efforts made so far have not been sufficient and many app developers are still none the wiser about how and when HIPAA Rules apply. In...

Read More
Pagers in Healthcare: New Research Reveals Hidden Cost
Mar10

Pagers in Healthcare: New Research Reveals Hidden Cost

For a number of years there have been secure and reliable alternatives to pagers, yet the use of pagers in healthcare continues. Some hospitals have already made the switch to secure messaging platforms, although a great deal still rely on pagers to communicate with physicians, nurses, and other healthcare workers. Pagers have served the healthcare industry well for a number of decades. The devices are reliable and physicians are...

Read More
NIST Cybersecurity Framework and HIPAA Security Rule Crosswalk Issued
Mar03

NIST Cybersecurity Framework and HIPAA Security Rule Crosswalk Issued

The Department of Health and Human Services’ Office for Civil Rights has issued a crosswalk between the NIST Cybersecurity Framework and HIPAA Security Rule to help covered entities assess whether there are any gaps in their compliance programs. NIST Cybersecurity Framework and HIPAA Security Rule Crosswalk Issued By OCR The crosswalk between the NIST Cybersecurity Framework and HIPAA Security Rule was developed in conjunction with...

Read More
OCR Issues Crosswalk Between the HIPAA Security Rule and NIST Cybersecurity Framework
Feb25

OCR Issues Crosswalk Between the HIPAA Security Rule and NIST Cybersecurity Framework

The Department of Health and Human Services’ Office for Civil Rights has recently issued a crosswalk to assist HIPAA covered entities comply with the HIPAA Security Rule and manage cybersecurity risks under the National Institutes of Standards and Technology (NIST) Cybersecurity Framework. The purpose of the Crosswalk is to help covered entities identify mappings between the Security Rule and the NIST Framework. The Crosswalk can be...

Read More
HHS Clarifies HIPAA Data Sharing Rules
Feb24

HHS Clarifies HIPAA Data Sharing Rules

After seeking feedback from covered entities about aspects of the Health Insurance Portability and Accountability Act that are causing confusion, the U.S Department of Health and Human Services has published two fact sheets to improve understanding of HIPAA data sharing rules. If a fully interoperable health system is to be developed, it is essential that HIPAA-covered entities understand HIPAA data sharing rules. It is hoped that...

Read More
HIPAA Rules on Website Testimonials: 25K Fine for Privacy Breach
Feb18

HIPAA Rules on Website Testimonials: 25K Fine for Privacy Breach

A physical therapy provider has reached a settlement with the Department of Health and Human Services’ Office for Civil Rights to resolve HIPAA privacy violations dating back to 2012, when PHI was posted on the company website without prior authorization having been obtained from patients. HIPAA Rules on Website Testimonials: Obtain Authorization Before Disclosing PHI Complete P.T., Pool & Land Physical Therapy, Inc., (CPT) had...

Read More
HIPAA Guidance for Health App Developers Issued by OCR
Feb17

HIPAA Guidance for Health App Developers Issued by OCR

The Department of Health and Human Services’ Office for Civil Rights has issued new HIPAA guidance for health app developers. The new guidance covers a number of scenarios when HIPAA Rules must be followed, as well as explaining when app developers are not bound by HIPAA rules. The new HIPAA guidance for health app developers is intended to clear up confusion about when HIPAA rules must be obeyed and when HIPAA Rules do not apply....

Read More
Lincare Ordered to Pay $239,800 HIPAA Violation Penalty
Feb08

Lincare Ordered to Pay $239,800 HIPAA Violation Penalty

Clearwater, Florida-based respiratory and infusion care provider Lincare Holdings has been ordered to pay a HIPAA violation penalty of $239,800 to the Department of Health and Human Services Office for Civil Rights (OCR) by an administrative law judge. This is only the second time in the past 8 years that a HIPAA-covered entity has been forced to pay a HIPAA fine rather than agreeing to a settlement with the OCR to settle...

Read More
HIPAA Cybersecurity Standards Not Adhered to By Law Firms
Feb05

HIPAA Cybersecurity Standards Not Adhered to By Law Firms

According to a new survey conducted by Legal Workspace, many law firms are not adhering to HIPAA cybersecurity standards and are not keeping protected health information secure. Data is not being protected by encryption, intrusion detection systems are not being implemented, logs of data access not being kept, and when they are, those logs are not being maintained and reviewed. Adhering to HIPAA cybersecurity standards is not...

Read More
CMP for HIPAA Violations Imposed on Lincare Inc., by OCR
Feb04

CMP for HIPAA Violations Imposed on Lincare Inc., by OCR

Office for Civil Rights has announced that Lincare, a provider of respiratory care and home health services, has been ordered to pay a CMP for HIPAA violations as a result of the accidental disclosure of 278 confidential patient records. The civil monetary penalty of $239,800 was deemed appropriate after HIPAA Privacy Rule violations were discovered to have directly contributed to the patient privacy breach. $239,800 CMP for HIPAA...

Read More
Why is Healthcare Technology Behind the Times?
Jan15

Why is Healthcare Technology Behind the Times?

Look at the annual profits reported by healthcare providers and it will be clear that many organizations can afford to implement new technology, especially when it will improve workflows, efficiency, and productivity. So why is healthcare technology behind the times? What is holding healthcare providers back when there is technology that can be leveraged to allow huge cost savings to be made and patient outcomes to be improved? Why is...

Read More
HIPAA and Firearms Background Checks
Jan07

HIPAA and Firearms Background Checks

Healthcare providers concerned about HIPAA and firearms background checks have received further clarification on when it is possible for PHI to be disclosed. A new rule has been finalized by the Obama administration that permits healthcare providers to disclose certain elements of Protected Health Information to the FBI as part of its firearms background check program, amending the Health Insurance Portability and Accountability Act...

Read More
New Data Breach Notification Laws in California Effective
Jan06

New Data Breach Notification Laws in California Effective

On January 1, 2016, new data breach notification laws in California came into effect. All agencies doing business in the state of California must comply with the new laws if a data breach is suffered that exposes personal information of state residents. Cal. Civ. Code § 1798.29(d)(1)(D) Data Breach Notification Laws in California Come into Effect The new data breach laws in California apply if data is either exposed, or is reasonably...

Read More
ProPublica HIPAA Helper Database Uncovers HIPAA Bad Boys
Dec31

ProPublica HIPAA Helper Database Uncovers HIPAA Bad Boys

ProPublica has launched a HIPAA violation search engine to make it easier for consumers to find healthcare organizations that have violated patient privacy in the past. The ProPublica HIPAA Helper database allows individuals to find out who is repeatedly violating patient privacy and HIPAA Privacy and Security Rules. Setting up the ProPublica HIPAA Helper Database Determining which healthcare organizations have violated HIPAA Rules...

Read More
Business Associate HIPAA Compliance to Be Tested By OCR
Dec30

Business Associate HIPAA Compliance to Be Tested By OCR

The next round of OCR HIPAA compliance audits is penciled in to start in the first quarter of 2016. While the audits have been much delayed, it is unlikely that they will be pushed back further. OCR has been heavily criticized for its lack of enforcement of HIPAA, in particular the failure of the audit program to materialize. The next round of audits will see Business associate HIPAA compliance efforts examined, as this will be the...

Read More
Allina Health System HIPAA Violation Uncovered
Dec24

Allina Health System HIPAA Violation Uncovered

An Allina Health System HIPAA violation has been discovered that dates back to April 6, 2015. Documents containing the PHI of patients have been accidentally disposed of with regular trash instead of being sent for shredding. Allina Health System HIPAA Violation Potentially Affects up to 6,100 Patients of the Isles Clinic Several thousand patients of the Minneapolis Isles clinic run by Allina Health System have been notified that some...

Read More
HIPAA Holding Back Healthcare Cloud Application Adoption
Dec17

HIPAA Holding Back Healthcare Cloud Application Adoption

A new survey conducted by Bitglass shows the adoption of cloud applications has grown considerably since 2014 across all industries, but healthcare cloud application adoption lags behind. Only the retail and utility industries have a lower overall adoption rate, according to the report. Healthcare Cloud Application Adoption Increases by 350% Compared to 2014, healthcare cloud application adoption has grown considerably. The percentage...

Read More
OCR HIPAA Settlement for a Phishing Attack
Dec15

OCR HIPAA Settlement for a Phishing Attack

University of Washington Medicine has agreed to an OCR HIPAA settlement for a phishing attack suffered in 2013. A financial penalty of $750,000 must be paid to Office for Civil Rights, and a corrective action plan (CAP) must be adopted to address areas of non-compliance with the HIPAA Security Rule. First OCR HIPAA Settlement for a Phishing Attack Data breaches are investigated by Office for Civil Rights and financial penalties are...

Read More
FTC V LabMD: Case Dismissed After Challenge: Appeal Lodged
Dec14

FTC V LabMD: Case Dismissed After Challenge: Appeal Lodged

In August 2013, the Federal Trade Commission filed a lawsuit against LabMD over a 2008 data breach. The FTC v LabMD case was recently dismissed due to insufficient evidence that breach victims faced a substantial risk of coming to harm as a result of the exposure of their personal data. The lawsuit was filed in response to the exposure of approximately 9,000 consumer records in 2008. A spreadsheet containing customer billing...

Read More
The State Attorney General HIPAA Fines Continue
Dec11

The State Attorney General HIPAA Fines Continue

State attorney general HIPAA fines continue to be issued, as the University of Rochester Medical Center agrees to pay a HIPAA settlement of $15,000 for a 2015 patient privacy breach. Earlier this year, the University of Rochester Medical Center suffered a data breach that affected 3,403 patients. The breach involved an employee of URMC taking patient data to her new employer, who used that information to send a mailing offering the...

Read More
Hospital Use of Two-Factor Authentication Solutions
Dec09

Hospital Use of Two-Factor Authentication Solutions

The results of a study on the use of two-factor authentication solutions by non-federal acute care hospitals have recently been published by the Office of the National Coordinator for Health Information Technology. The analysis of ePHI security protection trends showed that just under half of hospitals are now using two-factor authentication solutions to ensure the electronic Protected Health Information (ePHI) of patients is...

Read More
Triple-S Data Breach Settlement Reached with OCR
Dec04

Triple-S Data Breach Settlement Reached with OCR

This week, OCR announced a Triple-S data breach settlement was reached. The Puerto Rico health insurer will pay $3.5 million to OCR to settle potential HIPAA violations spanning 5 years. The Triple-S data breach settlement could potentially have been far greater, considering the BlueCross BlueShield licensee has reported eight data breaches to OCR since 2010 and has previously been fined for HIPAA violations. Triple-S Data Breach...

Read More
Lahey Hospital HIPAA Breach Settlement Agreed with OCR
Dec02

Lahey Hospital HIPAA Breach Settlement Agreed with OCR

The Department of Health and Human Services’ Office for Civil Rights (OCR) has reached a settlement with Lahey Hospital and Medical Center following an investigation into potential HIPAA violations. The Burlington, Mass. hospital has decided to settle the OCR’s case without admission of liability. The Lahey Hospital HIPAA breach settlement relates to the impermissible disclosure of Protected Health Information of 599 patients in...

Read More
Healthcare Secure Messaging Offers Many Benefits
Nov27

Healthcare Secure Messaging Offers Many Benefits

Implementing a healthcare secure messaging solution will help to ensure that privacy breaches are avoided. HIPAA regulations prohibit the sending of Protected Health Information (PHI) over open, unencrypted mobile networks. Should a physician or other healthcare professional send a text message containing PHI, HIPAA rules will be violated. The Department of Health and Human Services’ Office for Civil Rights (OCR) may not currently be...

Read More
Texas Seeks Civil Penalties for Improper Disposal of PHI
Nov25

Texas Seeks Civil Penalties for Improper Disposal of PHI

The state of Texas has recently sued Alliance Health Management & Consulting Inc., and is seeking civil penalties for improper disposal of PHI after the home health care management company failed to adhere to HIPAA and state regulations covering the disposal of medical records and personal information of patients. Boxes of files were discarded in recycling dumpsters close to Stevenson Middle School last year without first being...

Read More
Liability for PHI Disclosure on Social Media Websites
Nov16

Liability for PHI Disclosure on Social Media Websites

Who is liable for PHI disclosure on social media if an employee of a healthcare provider uploads a photo of a medical record to a Facebook account? Can the healthcare provider be sued for the improper disclosure? Where does liability for PHI disclosure lie? According to a Hamilton County Common Pleas Court judge, the healthcare provider is not liable. The plaintiff must seek damages from the individual responsible for exposing...

Read More
Attorney General HIPAA Penalties Continue with 90K Settlement
Nov14

Attorney General HIPAA Penalties Continue with 90K Settlement

Attorney General HIPAA penalties continue to be issued, with Hartford Hospital and its Business Associate (BA), EMC Corp, having recently settled with the state of Connecticut over a breach of PHI after an unencrypted laptop computer was stolen in 2012. The incident resulted in the PHI of 8,900 state residents being exposed. EMC had been contracted by Hartford Hospital to conduct an analysis of PHI in an effort to cut down on...

Read More
Tracking Medical Identity Theft: Senators Demand Answers
Nov12

Tracking Medical Identity Theft: Senators Demand Answers

Healthcare providers, health plans, and business associates of covered entities have suffered huge data breaches this year. Hackers have targeted healthcare plans in 2015 and have been successful in obtaining huge volumes of PHI. The data is used for identity theft, but what is being done about it? Are the CMS and/or OCR tracking medical identity theft? Four senators are now demanding some answers. Sens. Lamar Alexander, R-Tenn.,...

Read More