Viewing entries tagged

Top 5 Security Risk Analysis Myths & Facts

Conducting a security risk analysis is a required measure for all HIPAA covered entities. Eligible professionals must conduct or review a security risk analysis for each reporting period to ensure the privacy and security of their patients’ protected health information. 

The latest HIPAA Audit Program results found that 83% of covered entities failed to perform an adequate SRA. Additionally, 94% failed to establish or maintain an information security risk management plan. Failure to perform a risk assessment or conducting an insufficient risk assessment is the leading cause of failing a HIPAA audit. 

21st Century Oncology to pay $2.3M HIPAA settlement for 2015 data breach

21st Century Oncology has agreed to pay a $2.3 million fine to the Department of Health and Human Services for a 2015 data breach that impacted more than 2.2 million patients.

According to court documents, the national cancer care provider headquartered in Fort Myers, Florida, has also agreed to class action lawsuits filed in 2016. 21st Century Oncology operates 179 treatment centers across 17 states.

The breach of the company's network SQL database and theft of the medical data and Social Security numbers of millions of patients is believed to have occurred as early as October 3, 2015.