Scanning the Headlines: HIPAA

 Updated on September 26, 2016

Click here for HIPAA Archive Bibliography

[2010-2011]  [2009] [2008] [2007] [2006-2005] [2004-2003] [2002-1996] 

Links to full-text articles are provided where available.
For information on obtaining print copies of articles, please call the AHA Resource Center at (312) 422-2050. 


(2016, Aug.).  Healthcare Organization and Hospital Discussion Guide for Cybersecurity.  Washington:  Department of Health and Human Services.  Retrieved from:  http://www.cdc.gov/phpr/healthcare/documents/healthcare-organization-and-hospital-cyber-discussion-guide.pdf

Ornstein, C.  (2016, July 21).  The secret documents that details how patients' privacy is breached. Pro Publica.  Retrieved from:  https://www.propublica.org/article/the-secret-documents-that-detail-how-patients-privacy-is-breached

Ornstein, C.  (2016, July 19).  Health gadgets and apps outpace privacy protections, report finds.  Pro Publica.  Retrieved from:  https://www.propublica.org/article/health-gadgets-and-apps-outpace-privacy-protections-report-finds

Andrews, S.  (2016, July 15).  Boston Hospital Warns Staff of Privacy Violations with Pokemon Go.  Middleton, MA:  HCPro.  Retrieved from:  http://www.medicarecompliancewatch.com/news-analysis/boston-hospital-warns-staff-privacy-violations-pokémon-go

(2016, July 14).  CMS offers HIPAA guidance on ransonware.  HealthLeaders Media News.  Retrieved from:  http://www.healthleadersmedia.com/leadership/cms-offers-hipaa-guidance-ransomware

Samels J.  (2016, July 11).   Your money or your PHI: new guidance on ransomware.  Washington:  U.S. Department of Health and Human Services blog.  Retrieved from:  http://www.hhs.gov/blog/2016/07/11/your-money-or-your-phi.html#

(2016, July).  When asked, covered entities must give patients records by email.  AISHealth.  16(7):1-3.  Retrieved from:  https://aishealth.com/archive/hipaa0716-04?utm_source=Real%20Magnet&utm_medium=Email&utm_campaign=100386702

Office for Civil Rights.  (2016, July).   Fact sheet: Ransomware and HIPAA. Washington:  U.S. Department of Health and Human Services.  Retrieved from: http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf

(2016, June 17).  Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA.  Washington:  U.S. Department of Health and Human Services.  Retrieved from:  https://www.healthit.gov/sites/default/files/non-covered_entities_report_june_17_2016.pdf

Tennant, R.  (2016, June 1).  Understanding patient access rights and practice responsibilities.  Executive View Magazine.  Retrieved from:  http://www.mgma.com/practice-resources/mgma-connection-plus/executive-view/2016/june-2016/understanding-patient-access-rights-and-practice-responsibilities

Andrews, M.  (2016, May 31).  When adult children get sick, it may be hard for parents to get information.  Kaiser Health News.  Retrieved from:  http://khn.org/news/when-adult-children-get-sick-it-may-be-hard-for-parents-to-get-information/

Ornstein, C.  (2016, May 27).  To your health.  Doctors fire back at bad Yelp reviews - and reveal patients' information online.  The Washington Post.  Retrieved from:  https://www.washingtonpost.com/news/to-your-health/wp/2016/05/27/docs-fire-back-at-bad-yelp-reviews-and-reveal-patients-information-online/

Appleby, J.  (2016, May 17).  Final EEOC rule sets limits for financial incentives on wellness programs.  Kaiser Health News.  Retrieved from:  http://khn.org/news/final-eeoc-rule-sets-limits-for-financial-incentives-on-wellness-programs

Diamond, D.  (2016, May 10).  Insiders:  Health care is 'being held hostage to hackers'.  Politico.  Retrieved from:  http://www.politico.com/story/2016/05/insiders-health-care-is-being-held-hostage-to-hackers-223002

Ornstein, C.  (2016, Apr. 21).  New York Hospital to pay $2.2 million over unauthorized filming of 2 patients.  New York Times.  Retrieved from:  http://www.nytimes.com/2016/04/22/nyregion/new-york-hospital-to-pay-fine-over-unauthorized-filming-of-2-patients.html

McGee, M.  (2016, Apr. 14).  Old IT Project Raises New Concerns for 1,400 Organizations.  Princeton, NJ:  Healthcare Info Security.  Retrieved from:  http://www.healthcareinfosecurity.com/old-project-raises-new-concerns-for-1400-organizations-a-9047

Murphy, T.  (2016, Mar. 30).  Hospital cyberattack highlights health care vulnerabilities.  ABC News.  Retrieved from:  http://abcnews.go.com/Business/wireStory/hospital-cyberattack-highlights-health-care-vulnerabilities-38029521

Morrissey, J.  (2015, Oct. 12).  How hospitals can prepare for inevitable breaches of patient data.  Trustee.  Retrieved from:  http://www.trusteemag.com/display/TRU-news-article.dhtml?dcrPath=/templatedata/HF_Common/NewsArticle/data/TRU/Magazine/2015/October/feature-cybersecurity-patient-data

(2015, Aug. 25).  Body Worn Camera Use in Health Care Facilities.  Glendale Heights, IL:  IAHSS Foundation.  Retrieved from:  http://ihssf.org/PDF/ihssfbodyworncameras.pdf

Castelluccio, J., editor.  (2015, July 6).  HIMSS Survey Shows Progress on Cybersecurity, but Healthcare Orgs Still Unprepared for Cyber Hacks.  Danvers, MS:  HCPro, Inc.  Retrieved from:  http://www.hcpro.com/HIM-318111-865/HIMSS-survey-shows-progress-on-cybersecurity-but-healthcare-orgs-still-unprepared-for-cyber-hacks.html

(2015, June 30).  HIMSS Survey Finds Two-Thirds of Healthcare Organizations Experienced a Significant Security Incident in Recent Past.  Chicago:  Healthcare Information and Management Systems Society (HIMSS).  Retrieved from:  http://www.himss.org/News/NewsDetail.aspx?ItemNumber=42944

Goedert, J.  (2015, May 21).  The CareFirst Hack: What Went Right, What Went Wrong.  HealthData Managementhttp://www.healthdatamanagement.com/news/the-carefirst-hack-what-went-right-what-went-wrong-50551-1.html

Peterson, A.  (2015, March 20).  The Switch:  2015 is already the year of the health-care hack - and it's only going to get worse.  Washington Post.  Retrieved from:  http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/20/2015-is-already-the-year-of-the-health-care-hack-and-its-only-going-to-get-worse/

(2015, Mar. 17).  Premera Blue Cross says data breach could affect 11m people.  New York Times.  Retrieved from:  http://www.nytimes.com/aponline/2015/03/17/us/ap-us-premera-blue-cross-data-breach.html

Gross, L., Manchir, M., and Bowean, L.  (2015, Feb. 11).  Jackie Robinson West stripped title.  Chicago Tribune.  Retrieved from:  http://www.chicagotribune.com/news/nationworld/sns-ap-us-health-care-hacking-20150205-story.html#page=1

Peterson, A.  (2015, Feb. 5).  Why hackers are targeting the medical sector.  Washington Posthttp://www.washingtonpost.com/blogs/the-switch/wp/2015/02/05/why-hackers-are-targeting-the-medical-sector/?hpid=z1

Ornstein, C.  (2015, January 2).  When a patient's death is broadcast without permission.  New York Times. Retrieved from:  http://www.propublica.org/article/when-a-patients-death-is-broadcast-without-permission

Bulletin:  HIPAA Privacy in Emergency Situations.  (2014, November).  Washington:  U.S. Department of Health and Human Services, Office for Civil Rights.  Retrieved from:  http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/emergency/hipaa-privacy-emergency-situations.pdf

Hall, S.  (2014, October 31).  California data breach report underscores need for encryption in healthcare.  FierceHealthIT.  Retrieved from:  http://www.fiercehealthit.com/story/california-breach-report-underscores-need-encryption-healthcare/2014-10-31

Holtzman, D. (2014, October 31).  Surviving a HIPAA privacy and security audit. Health Data Management.  Retrieved from:   http://www.healthdatamanagement.com/gallery/Surviving-a-HIPAA-Privacy-Security-Audit-49126-1.html

Slideshow: Top Health Data Breaches Caused by Hackers. Health Data Management, Aug. 21, 2014. http://www.healthdatamanagement.com/gallery/top-health-data-breaches-caused-by-hackers-48650-1.html

Goedert, J.  Huge hacking breach at community health systems.  Health Data Management. Aug. 18, 2014. http://www.healthdatamanagement.com/news/huge-hacking-breach-at-community-health-system-48630-1.html?utm_campaign=alert-aug%2018%202014&utm_medium=email&utm_source=newsletter&ET=healthdatamanagement%3Ae2954765%3A3655165a%3A&st=email

Finkle, J., and  Humer, C. Community Health says data stolen in cyber attack from China. Reuters, Aug. 18, 2014.  http://www.reuters.com/article/2014/08/18/us-community-health-cybersecurity-idUSKBN0GI16N20140818

$800,000 settlement shows dangers of neglecting HIPAA amidst business deals.  AISHealth.  July 9, 2014.  http://aishealth.com/archive/hipaa0714-01?utm_source=Real%20Magnet&utm_medium=Email&utm_campaign=45042976

Pittman, D. Big cyber hack of health records is 'only a matter of time.  Politico Pro, July 1, 2014.  http://www.politico.com/story/2014/07/cyber-hack-health-records-matter-time-108486.html

Goedert, J.  Health data breach impacts nearly all Montana residents.  Health Data Management.  June 26, 2014.  http://www.healthdatamanagement.com/news/Health-Data-Breach-Impacts-Nearly-All-Montana-Residents-48297-1.html

Hospital networks are leaking data, leaving critical devices vulnerable.  HealthLeaders Media.  June 26, 2014.  http://www.healthleadersmedia.com/content/TEC-305900/Hospital-networks-are-leaking-data-leaving-critical-devices-vulnerable

Fitzgerald, J., editor.  Two organizations fined $4.8 million for HIPAA violations.  Danvers, MA:  HCPro, Inc., May 12, 2014.  http://www.hcpro.com/HIM-304352-865/Two-organizations-fined-48-million-for-HIPAA-violations.html

Conn, J.  A pair of troubling stories on healthcare data insecurity.  Modern Healthcare.  Mar. 18, 2014.  http://www.modernhealthcare.com/article/20140318/blog/303189996#

Wah R. Live from HIMSS14: Criminal Elements Eyeing Patient Records. H&HN Daily, Feb, 26, 2014.  http://www.hhnmag.com/display/HHN-news-article.dhtml?dcrPath=/templatedata/HF_Common/NewsArticle/data/HHN/Daily/2014/Feb/022614-Wah-EHR-Security-AMA

Sage, A.  Physical security, HIPAA, and the HHS wall of shame.  Journal of Healthcare Protection Management;30(1):85-104, 2014.

Cybersecurity and Hospitals: What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response.  Chicago:  American Hospital Association, 2014.  http://www.aha.org/hospital-members/content/14/14cybersecuritytrustees.pdf

Health Information Privacy:  Model Notices of Privacy Practices.  Washington:  U.S. Department of Health & Human Services, 2014.  http://www.hhs.gov/ocr/privacy/hipaa/modelnotices.html

Health Information Privacy:  Disclosures for Emergency Preparedness - A Decision Tool.  Washington:  U.S. Department of Health & Human Services, 2014.  http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/emergency/decisiontoolintro.html

Social media policies should address 'spying' by physicians.  Health Business Daily.  Dec. 11, 2013.  http://aishealth.com/archive/hipaa1213-05

N.M. case tests how far CEs must go to meet the demands of law enforcement.  Health Business Daily.  Dec. 10, 2013.  http://aishealth.com/archive/hipaa1213-03

Mooney B and Boyle A. HIPAA and patient privacy: exploring challenges and solutions. FierceHealthIT.com, Dec. 2013. http://servicecenter.fiercemarkets.com/files/leadgen/hipaa_and_patient_privacy_5.pdf

Mehta, J.  Texting, safety and privacy: how your smartphone interfaces with HIPAA.  American Society of Anesthesiologists Newsletter;77(10):18-20, Oct. 2013. 

Harris, K.  Medical Identify Theft.  Sacramento, CA:  California Department of Justice. Oct. 2013.  https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/medical_id_theft_recommend.pdf

Workers who become patients require extra vigilance by CEs.  AISHealth. 13(10) Oct. 2013.  http://aishealth.com/archive/hipaa1013-06

Mace, S.  Preparing for tougher privacy rules.  HealthLeaders;16(7):48-51, Sept. 2013.

Vaidya, A.  10 Ways to ensure HIPAA compliance on social media.  Becker’s Hospital Review.  Aug. 5, 2013.  http://www.beckershospitalreview.com/healthcare-information-technology/10-ways-to-ensure-hipaa-compliance-on-social-media.html

Warner, D.  Safe de-identification of big data is critical to health care.  Journal of Health Care Compliance.  15(4):63-72, July-Aug. 2013.

Jenkins, M.  The real causes of HIPAA security breaches: bad IT system design, bad user behavior, bad policies, bad operations.  Becker’s Hospital Review.  July 22, 2013.  http://www.beckershospitalreview.com/healthcare-information-technology/the-real-causes-of-hipaa-security-breaches-bad-it-system-design-bad-user-behavior-bad-policies-bad-operations.html

Mace, S.  Probe uncovers hospital’s inability to protect patient privacy.  HealthLeaders Media.  June 25, 2013.  http://www.healthleadersmedia.com/content/TEC-293643/Probe-Uncovers-Hospitals-Inability-to-Protect-Patient-Privacy

FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks.  Silver Spring, MD:  FDA Safety Communications.  June 13, 2013.  http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm356423.htm

Dunlap, E.F., and Frigy, R.L.  The wait is over: the HIPAA final rule has arrived.  Journal of Health Care Compliance;15(3):5-10, May-June 2013. 

Shuman, L.  New compliance challenge: preparing for OCR HIPAA audits.  Journal of Health Care Compliance;15(3):51-52, May-June 2013. 

Strauss, L.J.  Overview of the HIPAA final omnibus rule.  Journal of Health Care Compliance;15(3):53-56 , May-June 2013.

Tennant, R.  Modifying your ‘notice-ofprivacy’ practices to meet the new federal requirements.  MGMA Connexion.  13(5):32-33, May-June 2013. 

McCallister, S.  Don’t forget the other HIPAA when thinking about meaningful use.  MGMA Connexion.  13(5):50-51, May-June 2013. 

Wife of slain coach: is HIPAA privacy more important than a life?  HIM-HIPAA Insider.  May 13, 2013.  http://www.hcpro.com/HIM-292059-865/Wife-of-slain-coach-Is-HIPAA-privacy-more-important-than-a-life.html

Beck, M.  Poor prognosis for privacy rules that give patients more control of their records face technical problems.  Wall Street Journal.  May 1, 2013.  http://www.google.com/url?sa=t&rct=j&q=poor%20prognosis%20for%20privacy&source=web&cd=1&cad=rja&ved=0CD0QqQIwAA&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424127887323798104578454793056230984.html&ei=_8eDUcSzOYigyAHxqoCoCA&usg=AFQjCNHkfC91V_kj0q6ldunXU6dLJuJNVw&bvm=bv.45960087,d.aWc

Levine, C.  HIPAA as a hurdle.  Modern Healthcare;43(15):26, Apr. 15, 2013.

Using the HITRUST CSF to assess cybersecurity preparedness.  HITRUST Central.   Apr. 9, 2013.  https://www.hitrustcentral.net/news_repository/blog/usingthehitrustcsftoassesscybersecuritypreparedness

Mace, S.  Phishing a real threat to healthcare, no fooling.  HealthLeaders Media.  Apr. 2, 2013.  http://www.healthleadersmedia.com/page-2/TEC-290726/Phishing-a-Real-Threat-to-Healthcare-No-Fooling

Accessing decreased patient records - FAQ.  Journal of AHIMA. Apr. 1, 2013.  http://journal.ahima.org/2013/04/01/accessing-deceased-patient-health-records-faq/

Solove, J. "HIPAA Turns 10: Analyzing the Past, Present and Future Impact." Journal of AHIMA. 84(4):22-28, Apr. 2013.  http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_050149.hcsp?dDocName=bok1_050149

New patients' access rights mean new requirements, including 'Duty to warn'.  AISHealth.  Apr. 2013.  http://aishealth.com/archive/hipaa0413-01 

Tennant, R., and Nordeng, A.  New privacy and security omnibus rule released.  MGMA Connexion.  13(4):18-21, Apr. 2013. 

Vaidya, A.  10 steps for ensuring compliance.  Mar 20, 2013.  http://www.beckershospitalreview.com/legal-regulatory-issues/10-steps-for-ensuring-hipaa-compliance.html

Greenwald, J.  Solid safeguards: providers struggle with new HIPAA security rules.  Modern Healthcare;43(11):29, Mar. 18, 2013. 

Data Breach Incidents and Reponses.  Minneapolis, MN: Health Care Compliance Association, Jan. 14, 2013.  http://www.hcca-info.org/Resources/View/ArticleId/880/Data-Breach-Incidents-Responses.aspx

Rose, R. V.  5 ways to reduce risk related to personal health information.  Healthcare Financial Management.  67(1):34, Jan. 2013. 

Bowe, R.  Identity crisis: organizations are implementing medical identity theft teams to combat rising incidents.  Journal of AHIMA.  84(1):38-42, quiz 43, Jan. 2013. 

Beware of malware on medical devices.  ECRI.  24(12):1-3, Dec. 2012.  https://www.ecri.org/EmailResources/Emerging_Technology_Brief/2013/Emerging_Tech_Brief_February_2013.pdf?cm_mid=2126934&cm_crmid={AB0069F9-0216-DD11-8901-0015600F6010}&cm_medium=email

A driver of some privacy breaches, the market for stolen PHI is strong.  AISHealth, Nov. 2012.  http://aishealth.com/archive/hipaa1112-04

Goedert, J.  Eye and ear practice fined $1.5 million for security rule violations.  Sept. 17, 2012.  http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-fine-44990-1.html

Tocknell, M.  Damage from healthcare data breaches spreading.  HealthLeaders Media.  Aug. 30, 2012.  http://www.healthleadersmedia.com/content/TEC-283933/Damage-from-Healthcare-Data-Breaches-Spreading##

Barth-Jones, D.  The debate over 're-identification' of health information:  What do we risk?  Health Affairs.  Aug. 10, 2012.  http://healthaffairs.org/blog/2012/08/10/the-debate-over-re-identification-of-health-information-what-do-we-risk/ 

Goedert, J.  Hartford breach affecting 9,558 includes social security numbers.  HealthData Management.  August 1, 2012.  http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-44816-1.html?ET=healthdatamanagement:e2747:111840a:&st=email&utm_source=editorial&utm_medium=email&utm_campaign=HDM_Daily_080112

Beth Israel deaconess notifying 3,900 patients about data breach.  iHealthBeat.  July 23, 2012.  http://www.ihealthbeat.org/articles/2012/7/23/beth-israel-deaconess-notifying-3900-patients-about-data-breach.aspx

Horowitz, B.  Disaster recovery plans lacking at a majority of hospitals:  Report.  Health Care IT News.  June 29, 2012.  http://www.eweek.com/c/a/Health-Care-IT/Disaster-Recovery-Plans-Lacking-at-a-Majority-of-Hospitals-Report-321899/

Appeals court says knowledge of HIPAA isn't required for proof of a violation.  AISHealth.  June 2012.  http://aishealth.com/archive/hipaa0612-02

Achieving the Right Balance: Privacy and Security Policies to Support Electronic Health Information Exchange.  Calfornia Healthcare Foundation, 2011.  http://www.chcf.org/~/media/MEDIA%20LIBRARY%20Files/PDF/A/PDF%20AcheivingBalancePrivacySecurityHIE.pdf

Greene, A.H., Ovsepyan, H.E., and Tremaine, D.W.  The privacy and security of ACOs: improving patient care while complying with HIPAA.  AHLA Connections;16(5):32-35, May 2012. 

Sentinel, S.  Patient ID information stolen at Memorial hospitals.  HealthLeaders Media.  Apr. 13, 2012.  http://www.healthleadersmedia.com/content/TEC-278927/Patient-ID-information-stolen-at-Memorial-hospitals##

Dimick, C.  The new privacy officer.  Journal of AHIMA;83(4):21-25, Apr. 2012.

Gorton, E.R.  A new age for mental and substance abuse health records.  Journal of AHIMA;83(4):42-43, Apr. 2012.

Greene, A.H.  HIPAA compliance for clinician texting.  Journal of AHIMA;83(4):34-36, Apr. 2012.

Herrin, B.S.  Long distance records: requesting and managing the records of foreign nationals.  Journal of AHIMA;83(4):23-33, Apr. 2012.

McDavid, J., and Bowen, R.  Everyday risk: protecting against breach in release of information.  Journal of AHIMA;83(4):26-29, Apr. 2012.

Mobile device security (updated): practice brief.  Journal of AHIMA;83(4):50-55, Apr. 2012.

Carlson, J.  Too little, too late? First fine from HIPAA breach-notification rule not seen as much of a deterrent.  Modern Healthcare;42(12):14, Mar. 19, 2012. 

Tomes, J.P.  Keeping it private: staying compliant with the HIPAA privacy and security rules.  Journal of AHIMA.  83(3):32-34, Mar. 2012. 

McLendon, K.  Automation for privacy and security compliance.  Journal of AHIMA.  83(3):38-39, Mar. 2012. 

Manos, D., editor.  Health data breaches up 97 percent in 2011.  Healthcare IT News.  Feb. 1, 2012.  http://www.healthcareitnews.com/news/health-data-breaches-97-percent-2011

Dimick, C.  Simplification at last? HHS rolls out operating rules for HIPAA transaction standards.  Journal of AHIMA;83(2):24-29, Feb. 2012.

Galewitz, P.  Hospitals mine patient records in search of customers.  USA Today.  Jan. 18, 2012.  http://www.usatoday.com/money/industries/health/story/2012-01-18/hospital-marketing/52974858/1

Garvin, P. The Financial Impact of Breached Protected Health Information.  Source: American National Standards Institute, 2012.  http://webstore.ansi.org/phi/

 

About AHA

Membership

Member Constituency Sections

Key Relationships

News Center

Performance Improvement

Advocacy Issues

Products & Services

Publications

Research & Trends

Locations

155 N. Wacker Dr.
Chicago, Illinois 60606
312.422.3000

800 10th Street, N.W.
Two CityCenter, Suite 400
Washington, DC 20001-4956
202.638.1100

1.800.424-4301