HIPAA

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has reached a settlement with Health Fitness Corporation following a HIPAA violation involving the unauthorized online exposure of electronic protected health information (ePHI). The breach occurred due to a software misconfiguration, making sensitive health data accessible online. This violation highlights the importance of maintaining proper security controls and conducting regular risk assessments to prevent unauthorized data exposure.

FDA Recalls April 2, 2025 - April 7, 2025

Phishing attacks remain a major cybersecurity threat, particularly in healthcare, where sensitive data is at risk. Your practice must take proactive measures to protect against phishing.

by Michael Brody, DPM, CEO TLD Systems

by Michael Brody, DPM, CEO TLD Systems

On January 8, HHS announced a settlement of $337,750 with USR Holdings for a violation of the HIPAA regulations. This is significant due to the nature of the HIPAA Violation. Among the violations by USR Holdings was Deletion of electronic Protected Health Information.

PIH Health in California was hit with a ransomware attack which severely impacted its computer and telephone systems. The attack forced the hospital to activate their Downtime Contingency Plan. A downtime contingency plan are the procedures that are followed to maintain the ability to provide patient care in the event of a computer outage. This typically involved going back to recording patient information on paper for later entry into the computer systems when they are back online.

The U.S. Department of Health and Human Services (HHS) has proposed significant updates to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to enhance the protection of electronic protected health information (ePHI) amid rising cyber threats.

A Security Risk Assessment (SRA) is a systematic process of identifying, evaluating, and mitigating risks that could compromise the security of an organization, system, or asset. The purpose of an SRA is to ensure that security controls are in place and sufficient to protect against potential threats, vulnerabilities, and their associated impacts.

A Privacy and Breach Risk Assessment (PBRA) is a systematic process used by organizations to evaluate potential privacy risks and the likelihood and impact of data breaches associated with handling personal or sensitive information. It is typically conducted to ensure compliance with privacy laws, regulations, and organizational policies while minimizing risks to individuals whose data is collected, processed, or stored.