The HIPAA Journal

APRIL 17, 2025

One of the objectives of the HIPAA Journal 2024/25 Annual Survey was to obtain insights into HIPAA compliance best practices. If finalized, the proposals will not only become standards required for HIPAA compliance , but may also be adopted by CMS as conditions for participation in Medicare and Medicaid.

HIPAA 62

HIPAA Best Practices Tests Communication 62

The HIPAA Journal

APRIL 23, 2024

Biggest Healthcare Data Breaches in March 2024 18 data breaches were reported in March that involved the protected health information of 10,000 or more individuals, all of which were hacking incidents. Geographical Distribution of Healthcare Data Breaches In March, data breaches were reported by HIPAA-regulated entities in 33 U.S.

Business Associate 124

Business Associate HIPAA Hospital Billing 124

The HIPAA Journal

APRIL 18, 2025

On August 6, 2024, a member of staff at SSM Healths St. The post Cybersecurity Firm CEO Charged with Installing Malware on a Hospital Computer appeared first on The HIPAA Journal. The CEO of an Edmond, OK-based cybersecurity firm has been accused of intentionally installing malware at an Oklahoma City hospital.

Hospital 88

Hospital HIPAA 88

The HIPAA Journal

MARCH 28, 2025

The email account was secured the same day, and the forensic investigation confirmed the account was compromised from December 2 to December 4, 2024. This breach also involved a compromised email account and was detected by Restorix on May 30, 2024. Restorix sent notification letters to the affected patients on December 18, 2024.

Business Associate 70

Business Associate HIPAA Insurance Certification 70

The HIPAA Journal

APRIL 30, 2025

The cyberattack was detected on or around November 14, 2023, and the forensic investigation confirmed on March 18, 2024, that sensitive data had been accessed or acquired by the threat actor. The post City of Long Beach Notifies Individuals Affected by November 2023 Cyberattack appeared first on The HIPAA Journal.

HIPAA 69

HIPAA 69

The HIPAA Journal

MARCH 11, 2025

Suspicious activity was identified within its computer systems on April 11, 2024. The invitations were circulated on September 3, 2024, October 3, 2024, November 7, 2024, and/or December 30, 2024. The post Cyberattack on Sunflower Medical Group Affects 221,000 Patients appeared first on The HIPAA Journal.

Medication 81

Medication Appointments HIPAA Insurance 81

The HIPAA Journal

MARCH 19, 2025

On or around July 6, 2024, an unauthorized third party accessed the network and viewed or acquired individuals protected health information.The affected data was reviewed, and that process was completed on March 6, 2025. Suspicious activity was identified in a single computer on November 20, 2024.

HIPAA 89

HIPAA Insurance 89

The HIPAA Journal

APRIL 1, 2025

On or around September 11, 2024, suspicious activity was identified in an employee email account. Third-party digital forensics specialists were engaged to investigate the activity and confirmed that an unauthorized third party had gained access to several employee email accounts from August 19, 2024, to September 25, 2024.

HIPAA 75

HIPAA Insurance Medication 75

The HIPAA Journal

MARCH 26, 2025

The Sunflower Medical Group data breach occurred on December 15, 2024, but was not discovered for more than three weeks. The post Sunflower Medical Group Sued Over 221,000-Record Data Breach appeared first on The HIPAA Journal. Sunflower Medical Group is a private multi-specialty medical practice with four locations in Kansas.

Medication 74

Medication HIPAA Insurance 74

The HIPAA Journal

APRIL 18, 2025

doing business as Vitruvian Health in Georgia and Tennessee, and Erlanger Health in Tennessee, have been affected by a cyberattack on its debt collection vendor, Nationwide Recovery Service.Suspicious activity was identified within the Nationwide Recovery Service network on July 11, 2024.

HIPAA 55

HIPAA Hospital Documentation Insurance 55

The HIPAA Journal

MARCH 11, 2025

Hillcrest Convalescent Center Hillcrest Convalescent Center in Durham, North Carolina has notified 106,194 individuals about a data security incident identified on June 27, 2024. Notification letters were mailed to all affected individuals on March 3, 2024. The Hillcrest incident involved the data of 106,194 individuals.

HIPAA 68

HIPAA Insurance Medication 68

The HIPAA Journal

MARCH 18, 2025

In April 2024, Kentucky joined the growing number of states that have adopted comprehensive consumer privacy and data protection laws. The Kentucky Consumer Data Protection Act was signed into law on April 4, 2024, and is due to take effect on January 1, 2026. 8 164.514(e).

HIPAA 73

HIPAA Documentation 73

The HIPAA Journal

MARCH 19, 2025

Access TeleCare, Texas The Dallas, TX-based acute and specialty telemedicine provider Access TeleCare identified unauthorized access to an employees email account on January 8, 2024. On or around November 18, 2024, suspicious activity was identified in an employee email account.

HIPAA 74

HIPAA Documentation Insurance Medication 74

The HIPAA Journal

NOVEMBER 7, 2024

The use of ransomware in cyberattacks decreased slightly in the first half of the year; however, the severity of ransomware attacks increased according to the 2024 Cyber Claims Report: Mid-Year Update from cyber insurance and security service provider Coalition.

Follow-Up 95

Follow-Up Insurance Transfers HIPAA 95

The HIPAA Journal

MAY 1, 2024

On May 1, 2024, the 2024 Verizon Data Breach Investigations Report ( DBIR ) was released, which this year involved an analysis of a record number of security incidents (30,458), and more than double the number of confirmed data breaches as last year (10,626). Top causes of non-erro, non-misuse data breaches.

Follow-Up 105

Follow-Up Transfers HIPAA Medication 105

The HIPAA Journal

MARCH 20, 2025

The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. CO Business Associate 14,782,887 Hacking/IT Incident 4 2024 Kaiser Foundation Health Plan, Inc.

Business Associate 109

Business Associate HIPAA Unit Organization and Environment Hospital 109

The HIPAA Journal

JULY 8, 2024

Palomar Health Medical Group has warned patients that they may have been affected by an April 2024 cyberattack, and DaVita has learned that tracking tools on its website and mobile app may have sent user data to third-party vendors. DaVita Notifies Patients About Tracking Technology Privacy Incident DaVita Inc.,

Medication 126

Medication HIPAA Tests Medical History 126

The HIPAA Journal

APRIL 28, 2025

Email accounts have been compromised at four HIPAA-regulated organizations: Alternate Solutions Health Network in Ohio; Park Royal Hospital in Florida; 90 Degree Benefits in Minnesota; and the Charleston Fire Department in West Virginia. Suspicious activity was identified in an employee’s email account in October 2024.

HIPAA 72

HIPAA Billing Hospital Admissions 72

Sensible Medicine

MARCH 25, 2025

In 2024, the NIH Office of Strategic Coordination launched the Replication to Enhance Research Impact Initiative. For example, the Feinstein Institute for Medical Research settled HIPAA violations for $3.9 When data are used, most analyses are not reproducible.

Collaboration 215

Collaboration Follow-Up HIPAA Medication 215

The HIPAA Journal

MARCH 24, 2025

OrthoMinds, an Alpharetta, Georgia-based provider of orthodontic practice management software, has recently announced a November 2024 security incident that potentially resulted in unauthorized access to patients protected health information.

HIPAA 51

HIPAA Insurance Medication 51

The HIPAA Journal

MARCH 21, 2025

Tennessee implemented a very similar law in 2024, and a handful of states have implemented data breach safe harbor laws to limit the costs arising from data breaches. The shield law does not offer protection against regulatory lawsuits, such as those seeking penalties for HIPAA violations.

HIPAA 53

HIPAA Billing 53

The HIPAA Journal

APRIL 26, 2024

This is the largest healthcare data breach to be reported so far in 2024 and the largest confirmed healthcare data breach to date involving website tracking technologies. Notifications are expected to be issued in May 2024. Million Individuals appeared first on HIPAA Journal. Kaiser Permanente Health Plan Inc. is notifying 13.4

HIPAA 117

HIPAA Hospital Insurance 117

The HIPAA Journal

OCTOBER 28, 2024

Last week, the Department of Health and Human Services (HHS) and the National Institute for Standards and Technology (NIST) hosted the Safeguarding Health Information: Building Assurance Through HIPAA Security 2024 conference after a 5-year absence. It is one of the most common reasons for individuals filing complaints with OCR.

HIPAA 100

HIPAA Medication 100

The HIPAA Journal

FEBRUARY 4, 2024

The Office for Civil Rights imposed 13 financial penalties on HIPAA-regulated entities, including two financial penalties of more than $1 million. State Attorneys General have also been actively enforcing HIPAA compliance, with 15 investigations leading to financial penalties, including a $49.5 million settlement with Blackbaud.

HIPAA 117

HIPAA 117

The HIPAA Journal

MARCH 20, 2025

In late October 2024, an unidentified individual stole the mobile phone of a Roswell Park employee. The intrusion was detected on January 13, 2025, and the investigation confirmed that an unauthorized third party had access to its network between December 8, 2024, and January 11, 2025. Topy America Topy America Inc.,

Hospice 79

Hospice HIPAA Medical History Diagnostics 79

The HIPAA Journal

JULY 4, 2024

Gaia Software has disclosed details of a February 2024 cyberattack, Pinnacle Orthopaedics & Sports Medicine Specialists are investigating an April 2024 cyberattack, and OB GYN Specialists of Lima have discovered the improper disposal of patient data.

HIPAA 118

HIPAA Documentation Billing Insurance 118

The HIPAA Journal

MAY 6, 2024

On February 16, 2024, Continuum announced on its website that it was investigating the incident while the investigation was ongoing. The file review was completed on March 8, 2024, when it was confirmed that the exposed data included patients’ names and Social Security numbers.

Medication 117

Medication HIPAA Tests Follow-Up 117

The HIPAA Journal

MARCH 28, 2025

of all data breaches in 2024 originated from third-party compromises, up 6.5% In 2023, 75% of third-party breaches involved technology products; however, in 2024, threat actors diversified, with only 46.75% of breaches involving technology products. According to a recent report from SecurityScorecard, at least 35.5%

Transfers 55

Transfers Follow-Up HIPAA 55

The HIPAA Journal

OCTOBER 31, 2024

Mystic Valley Elder Services, a Malden, Massachusetts-based non-profit agency providing home and community-based care to elders and adults living with disabilities, has started issuing individual notifications about a cyberattack and data breach that was identified on April 5, 2024.

Hospital 114

Hospital Business Associate HIPAA Insurance 114

Valant

JULY 29, 2024

Altered mental status, unspecified (R41.82) is a billable ICD-10 diagnostic code under HIPAA regulations from October 1, 2020, to September 30, 2021. ICD-10 Code for Altered Mental Status In this blog post, Valant discusses the ICD-10 code for Altered Mental Status. Check out the 2023 ICD-10 updates here. Clinicians should only use the R41.82

Diagnostics 97

Diagnostics Insurance HIPAA Medication 97

The HIPAA Journal

MARCH 10, 2025

CareFirst BlueCross BlueShield has filed a lawsuit against Change Healthcare in response to the February 2024 ransomware attack that caused extensive disruption to Change Healthcares services.CareFirst BlueCross BlueShield provides health plans to 3.5 million individuals and groups in Maryland and the Washington D.C.

HIPAA 75

HIPAA Billing 75

The HIPAA Journal

MARCH 26, 2025

Microsoft launched its Cybersecurity for Rural Hospitals Program in June 2024 to help address the problem. The post Almost One-Third of Rural Hospitals Benefiting from Microsofts Cybersecurity for Rural Hospitals Program appeared first on The HIPAA Journal.

Hospital 79

Hospital Collaboration Best Practices HIPAA 79

The HIPAA Journal

APRIL 29, 2025

The investigation confirmed that an unauthorized third party had access to its IT environment between December 26, 2024, and February 28, 2025, during which time, files containing patient and health plan member data may have been viewed or acquired.

Hospital 75

Hospital HIPAA Insurance Medication 75

The HIPAA Journal

JULY 9, 2024

The review of the affected files was not completed until June 13, 2024. Call 4 Health Issues Notifications About March 2024 Cyberattack Call 4 Health, Inc., Unauthorized network access was detected on May 6, 2024, and immediate action was taken to prevent further unauthorized access.

Triage 120

Triage HIPAA Documentation Billing 120

The HIPAA Journal

JULY 3, 2024

Suspicious network activity was identified on March 27, 2024, and third-party cybersecurity specialists were engaged to investigate the activity. The group says it has given the hospital until July 8, 2024, to pay the ransom demand and will leak the stolen data if payment is not made.

Hospital 124

Hospital HIPAA Insurance Medication 124

The HIPAA Journal

JULY 5, 2024

The breach was detected on March 25, 2024, and immediate action was taken to prevent further unauthorized access. An investigation was launched which determined that between November 2, 2023, and March 29, 2024, the vendor accessed and downloaded information from a Kairos database.

HIPAA 120

HIPAA Insurance Medication 120

The HIPAA Journal

APRIL 30, 2024

On January 22, 2024, DRS identified suspicious activity within its network. On March 8, 2024, after a time-consuming and detailed review of the files, DRS confirmed that they contained the personal and protected health information of current and former patients of its healthcare clients.

Business Associate 105

Business Associate HIPAA Follow-Up Hospital 105