The HIPAA Journal

APRIL 18, 2025

The Department of Health and Human Services Office for Civil Rights (OCR) has announced its 7th HIPAA enforcement action under its HIPAA risk analysis enforcement initiative, settling an alleged HIPAA risk analysis violation with a Guam hospital authority for $25,000.

HIPAA 78

HIPAA Hospital Business Associate 78

The HIPAA Journal

JULY 23, 2025

A law firm that provides legal counsel and assistance to Durham County Hospital Corporation in North Carolina has experienced a data breach involving the personal and protected health information of 2,150 individuals. The post Business Associate Data Breach Affects Duke Regional Hospital Patients appeared first on The HIPAA Journal.

Business Associate 57

Business Associate Hospital HIPAA Diagnostics 57

The HIPAA Journal

OCTOBER 31, 2024

The HHS’ Office for Civil Rights shows two listings about this incident, one involving the records of 85,133 individuals in its capacity as a healthcare provider and a breach involving the protected health information of 2,402 individuals in its capacity as a business associate. Anthony Regional Hospital, Iowa St.

Hospital 116

Hospital Business Associate HIPAA Insurance 116

The HIPAA Journal

APRIL 23, 2024

The reason for the exceptionally high number of data breaches was a cyberattack on the rehabilitation and long-term acute care hospital operator Ernest Health. When a health system experiences a breach that affects multiple hospitals, the breach is usually reported as a single breach. breaches a month over the past 12 months.

Business Associate 126

Business Associate HIPAA Hospital Billing 126

The HIPAA Journal

MARCH 20, 2025

MN Business Associate 190,000,000 Hacking/IT Incident 2 2015 Anthem Inc. CO Business Associate 14,782,887 Hacking/IT Incident 4 2024 Kaiser Foundation Health Plan, Inc. NY Health Plan 9,358,891 Hacking/IT Incident 10 2023 Perry Johnson & Associates, Inc.

Business Associate 111

Business Associate HIPAA Unit Organization and Environment Hospital 111

The HIPAA Journal

APRIL 30, 2024

DRS is issuing notification letters on behalf of the following covered entity clients: Air Methods AMG Healthcare Management Services CAN Emergency Physicians Cedars-Sinai Medical Center CHA Hollywood Presbyterian Medical Center, L.P.

Business Associate 106

Business Associate HIPAA Follow-Up Hospital 106

The HIPAA Journal

JUNE 26, 2025

The largest data breach of the month occurred at the business associate Serviceaide, a provider of agentic AI-powered agents for IT and workflow management. The second-largest data breach also occurred at a business associate. TX Business Associate 88,609 Hacking incident Shelby Dermatology d.b.a

Business Associate 86

Business Associate HIPAA Hospital Appointments 86

The HIPAA Journal

DECEMBER 24, 2022

Since the introduction of the Omnibus Rule, the new penalties for HIPAA violations apply to healthcare providers, health plans, healthcare clearinghouses, and all other covered entities, as well as to business associates (BAs) of covered entities that are found to have violated HIPAA Rules. Arbour Hospital. Sharpe Healthcare.

HIPAA 124

HIPAA Business Associate Follow-Up Medication 124

The HIPAA Journal

APRIL 27, 2025

State Attorneys General can also impose financial penalties on HIPAA-covered entities and business associates for violations of the HIPAA Rules. Read more… Guam Memorial Hospital Authority Guam Memorial Hospital Authority, the operator of a public hospital in the U.S.

HIPAA 85

HIPAA Business Associate Hospital Medication 85

Minority Nurse

AUGUST 12, 2024

They administer pre-hospital care onboard helicopters and airplanes and work with physicians and paramedics during in-flight destinations. Examples of places flight nurses work include hospitals, private medical transport companies, and the Air Force. 5 Specialties to Consider Flight Nursing Yes, some nurses work on flights!

Business Associate 52

Business Associate Medical Terminology Vital Signs Triage 52

Arkenea

MARCH 31, 2025

Privacy Incorporation Expenses influence HIPAA compliance costs Anticipated costs differ amongst organizations, based on the size, computer system used, covered entities (CE) involved, business associates involved, and more. Type of organization: Risk levels and quantity of PHI safeguarded depends on the type of organization.

HIPAA 52

HIPAA Business Associate Appointments Insurance 52

Health Populi

MARCH 27, 2018

Here’s what we-know-we know about health care, privacy, and security: briefly, • HIPAA covers patients’ PHI that is held by covered entities and shared with contracted business associates. Cyber-breaches are a new-normal in health care.

HIPAA 72

HIPAA Business Associate Best Practices Patient Records 72

The HIPAA Journal

MAY 19, 2025

a San Jose, California-based business associate that offers agentic AI-powered agents for IT and workflow management, has announced a major data breach affecting almost half a million patients of the six-hospital New York healthcare system, Catholic Health. Serviceaide, Inc.,

HIPAA 55

HIPAA Business Associate Insurance Hospital 55

Physicians Practice

JULY 24, 2025

6] Pursuant to 45 CFR §164.530(c)(1), covered entities and business associates must have in place appropriate technical, administrative and physical safeguards “to protect the privacy of protected health information.” which affected 11 million individuals at 170 hospitals, recently settled.[1] For example, Gary Silvers, et al.

HIPAA 40

HIPAA Communication Billing Documentation 40

The HIPAA Journal

MARCH 29, 2024

billion has been provided to safety net hospitals and federally qualified health centers that serve high-risk patients and communities. The Washington State Hospital Association ( WSHA ) has also been contacted by its members who have expressed concern about the notification requirements after reading OCR’s letter.

HIPAA 97

HIPAA Unit Organization and Environment Follow-Up Business Associate 97

The HIPAA Journal

JULY 25, 2025

McKenzie Memorial Hospital in Michigan has reported a hacking incident affecting more than 54,000 patients. Arbor Associates in Massachusetts has reported a 17K-record data breach, and data breaches have been confirmed by Blue Shield of California and Human Development Services of Westchester.

Hospital 55

Hospital HIPAA Business Associate Insurance 55

The HIPAA Journal

MARCH 20, 2025

AZ Business Associate 67,567 Hacking incident Charleston Area Medical Center WV Healthcare Provider 67,413 Email accounts compromised in phishing incident Heartland Medical Clinic, Inc. AZ Business Associate 10,673 Hacking incident In February, 6 healthcare data breaches were reported to OCR that affected 500 or 501 individuals.

Business Associate 115

Business Associate HIPAA Insurance Follow-Up 115

The HIPAA Journal

APRIL 3, 2025

The framework would be informed in part by the methodologies and findings of the Hospital Landscape Analysis and the HSCC Prioritized Recognized Cybersecurity Practices.

HIPAA 52

HIPAA Patient Safety Business Associate Best Practices 52

The HIPAA Journal

DECEMBER 14, 2022

The SUD records can then be shared by a covered entity or business associate for all TPO reasons, as is the case with HIPAA. Uses and disclosures must be limited to the minimum necessary information and consent can be withdrawn (in writing) by the patient at any time. The compliance date for the CMS rule was July 1, 2021.

HIPAA 126

HIPAA Business Associate Appointments Transfers 126

The HIPAA Journal

MARCH 27, 2025

CHIME said, Our members strongly believe that the combination of the depth and breadth of the proposed requirements on an unreasonable timeline presents significant challenges, and the unfunded mandates associated with this regulation would place an undue financial strain on hospitals and healthcare systems.

HIPAA 78

HIPAA Best Practices Business Associate Hospital 78

The HIPAA Journal

JANUARY 9, 2023

Many healthcare industry stakeholders had been campaigning for the addition of a safe harbor for HIPAA-covered entities and business associates that have adopted a common security framework and have implemented industry-standard security best practices, yet still experienced a data breach.

HIPAA 111

HIPAA Business Associate Appointments Scheduling 111