CardioNet calls itself the “leading supplier of Mobile Cardiac Outpatient Telemetry.” In other words, they sell wireless devices that help monitor heart conditions in patients. Now CardioNet is leading the way in multi-million dollar settlements with OCR for violating HIPAA privacy and security rules. On April 24, 2017 OCR announced the $2.5 million settlement. In…
Colorado based Metro Community Provider Network (MCPN) may just be the victim of the most expensive phishing attack on record. MCPN did not lose their money to the attackers but rather is writing a $400,000 check to the Office for Civil Rights (OCR) for the breach that resulted. This amount would likely have been higher…
Business Associates who fail to conduct health information risk assessments and adopt required security policies and procedures face a growing threat of discovery and fines. Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) got more than a prayerful penance after violating HIPAA rules. The $650,000 fine imposed by HHS arose from the reported theft of a CHCS issued, unencrypted…
Don’t show me anything, don’t send me anything, don’t even speak to me. It’s the only way I can think of to avoid the growing liabilities associated with failure to secure personal information. Recent guidance from federal HIPAA regulators makes information security optional for patients the law was written to protect. Before you wander off, information…
