Scanning the Headlines: HIPAA

 Updated on September 26, 2016

Click here for HIPAA Archive Bibliography

[2010-2011]  [2009] [2008] [2007] [2006-2005] [2004-2003] [2002-1996] 

Links to full-text articles are provided where available.
For information on obtaining print copies of articles, please call the AHA Resource Center at (312) 422-2050. 

(2016, Aug.).  Healthcare Organization and Hospital Discussion Guide for Cybersecurity.  Washington:  Department of Health and Human Services.  Retrieved from:

Ornstein, C.  (2016, July 21).  The secret documents that details how patients' privacy is breached. Pro Publica.  Retrieved from:

Ornstein, C.  (2016, July 19).  Health gadgets and apps outpace privacy protections, report finds.  Pro Publica.  Retrieved from:

Andrews, S.  (2016, July 15).  Boston Hospital Warns Staff of Privacy Violations with Pokemon Go.  Middleton, MA:  HCPro.  Retrieved from:émon-go

(2016, July 14).  CMS offers HIPAA guidance on ransonware.  HealthLeaders Media News.  Retrieved from:

Samels J.  (2016, July 11).   Your money or your PHI: new guidance on ransomware.  Washington:  U.S. Department of Health and Human Services blog.  Retrieved from:

(2016, July).  When asked, covered entities must give patients records by email.  AISHealth.  16(7):1-3.  Retrieved from:

Office for Civil Rights.  (2016, July).   Fact sheet: Ransomware and HIPAA. Washington:  U.S. Department of Health and Human Services.  Retrieved from:

(2016, June 17).  Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA.  Washington:  U.S. Department of Health and Human Services.  Retrieved from:

Tennant, R.  (2016, June 1).  Understanding patient access rights and practice responsibilities.  Executive View Magazine.  Retrieved from:

Andrews, M.  (2016, May 31).  When adult children get sick, it may be hard for parents to get information.  Kaiser Health News.  Retrieved from:

Ornstein, C.  (2016, May 27).  To your health.  Doctors fire back at bad Yelp reviews - and reveal patients' information online.  The Washington Post.  Retrieved from:

Appleby, J.  (2016, May 17).  Final EEOC rule sets limits for financial incentives on wellness programs.  Kaiser Health News.  Retrieved from:

Diamond, D.  (2016, May 10).  Insiders:  Health care is 'being held hostage to hackers'.  Politico.  Retrieved from:

Ornstein, C.  (2016, Apr. 21).  New York Hospital to pay $2.2 million over unauthorized filming of 2 patients.  New York Times.  Retrieved from:

McGee, M.  (2016, Apr. 14).  Old IT Project Raises New Concerns for 1,400 Organizations.  Princeton, NJ:  Healthcare Info Security.  Retrieved from:

Murphy, T.  (2016, Mar. 30).  Hospital cyberattack highlights health care vulnerabilities.  ABC News.  Retrieved from:

Morrissey, J.  (2015, Oct. 12).  How hospitals can prepare for inevitable breaches of patient data.  Trustee.  Retrieved from:

(2015, Aug. 25).  Body Worn Camera Use in Health Care Facilities.  Glendale Heights, IL:  IAHSS Foundation.  Retrieved from:

Castelluccio, J., editor.  (2015, July 6).  HIMSS Survey Shows Progress on Cybersecurity, but Healthcare Orgs Still Unprepared for Cyber Hacks.  Danvers, MS:  HCPro, Inc.  Retrieved from:

(2015, June 30).  HIMSS Survey Finds Two-Thirds of Healthcare Organizations Experienced a Significant Security Incident in Recent Past.  Chicago:  Healthcare Information and Management Systems Society (HIMSS).  Retrieved from:

Goedert, J.  (2015, May 21).  The CareFirst Hack: What Went Right, What Went Wrong.  HealthData Management

Peterson, A.  (2015, March 20).  The Switch:  2015 is already the year of the health-care hack - and it's only going to get worse.  Washington Post.  Retrieved from:

(2015, Mar. 17).  Premera Blue Cross says data breach could affect 11m people.  New York Times.  Retrieved from:

Gross, L., Manchir, M., and Bowean, L.  (2015, Feb. 11).  Jackie Robinson West stripped title.  Chicago Tribune.  Retrieved from:

Peterson, A.  (2015, Feb. 5).  Why hackers are targeting the medical sector.  Washington Post

Ornstein, C.  (2015, January 2).  When a patient's death is broadcast without permission.  New York Times. Retrieved from:

Bulletin:  HIPAA Privacy in Emergency Situations.  (2014, November).  Washington:  U.S. Department of Health and Human Services, Office for Civil Rights.  Retrieved from:

Hall, S.  (2014, October 31).  California data breach report underscores need for encryption in healthcare.  FierceHealthIT.  Retrieved from:

Holtzman, D. (2014, October 31).  Surviving a HIPAA privacy and security audit. Health Data Management.  Retrieved from:

Slideshow: Top Health Data Breaches Caused by Hackers. Health Data Management, Aug. 21, 2014.

Goedert, J.  Huge hacking breach at community health systems.  Health Data Management. Aug. 18, 2014.

Finkle, J., and  Humer, C. Community Health says data stolen in cyber attack from China. Reuters, Aug. 18, 2014.

$800,000 settlement shows dangers of neglecting HIPAA amidst business deals.  AISHealth.  July 9, 2014.

Pittman, D. Big cyber hack of health records is 'only a matter of time.  Politico Pro, July 1, 2014.

Goedert, J.  Health data breach impacts nearly all Montana residents.  Health Data Management.  June 26, 2014.

Hospital networks are leaking data, leaving critical devices vulnerable.  HealthLeaders Media.  June 26, 2014.

Fitzgerald, J., editor.  Two organizations fined $4.8 million for HIPAA violations.  Danvers, MA:  HCPro, Inc., May 12, 2014.

Conn, J.  A pair of troubling stories on healthcare data insecurity.  Modern Healthcare.  Mar. 18, 2014.

Wah R. Live from HIMSS14: Criminal Elements Eyeing Patient Records. H&HN Daily, Feb, 26, 2014.

Sage, A.  Physical security, HIPAA, and the HHS wall of shame.  Journal of Healthcare Protection Management;30(1):85-104, 2014.

Cybersecurity and Hospitals: What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response.  Chicago:  American Hospital Association, 2014.

Health Information Privacy:  Model Notices of Privacy Practices.  Washington:  U.S. Department of Health & Human Services, 2014.

Health Information Privacy:  Disclosures for Emergency Preparedness - A Decision Tool.  Washington:  U.S. Department of Health & Human Services, 2014.

Social media policies should address 'spying' by physicians.  Health Business Daily.  Dec. 11, 2013.

N.M. case tests how far CEs must go to meet the demands of law enforcement.  Health Business Daily.  Dec. 10, 2013.

Mooney B and Boyle A. HIPAA and patient privacy: exploring challenges and solutions., Dec. 2013.

Mehta, J.  Texting, safety and privacy: how your smartphone interfaces with HIPAA.  American Society of Anesthesiologists Newsletter;77(10):18-20, Oct. 2013. 

Harris, K.  Medical Identify Theft.  Sacramento, CA:  California Department of Justice. Oct. 2013.

Workers who become patients require extra vigilance by CEs.  AISHealth. 13(10) Oct. 2013.

Mace, S.  Preparing for tougher privacy rules.  HealthLeaders;16(7):48-51, Sept. 2013.

Vaidya, A.  10 Ways to ensure HIPAA compliance on social media.  Becker’s Hospital Review.  Aug. 5, 2013.

Warner, D.  Safe de-identification of big data is critical to health care.  Journal of Health Care Compliance.  15(4):63-72, July-Aug. 2013.

Jenkins, M.  The real causes of HIPAA security breaches: bad IT system design, bad user behavior, bad policies, bad operations.  Becker’s Hospital Review.  July 22, 2013.

Mace, S.  Probe uncovers hospital’s inability to protect patient privacy.  HealthLeaders Media.  June 25, 2013.

FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks.  Silver Spring, MD:  FDA Safety Communications.  June 13, 2013.

Dunlap, E.F., and Frigy, R.L.  The wait is over: the HIPAA final rule has arrived.  Journal of Health Care Compliance;15(3):5-10, May-June 2013. 

Shuman, L.  New compliance challenge: preparing for OCR HIPAA audits.  Journal of Health Care Compliance;15(3):51-52, May-June 2013. 

Strauss, L.J.  Overview of the HIPAA final omnibus rule.  Journal of Health Care Compliance;15(3):53-56 , May-June 2013.

Tennant, R.  Modifying your ‘notice-ofprivacy’ practices to meet the new federal requirements.  MGMA Connexion.  13(5):32-33, May-June 2013. 

McCallister, S.  Don’t forget the other HIPAA when thinking about meaningful use.  MGMA Connexion.  13(5):50-51, May-June 2013. 

Wife of slain coach: is HIPAA privacy more important than a life?  HIM-HIPAA Insider.  May 13, 2013.

Beck, M.  Poor prognosis for privacy rules that give patients more control of their records face technical problems.  Wall Street Journal.  May 1, 2013.,d.aWc

Levine, C.  HIPAA as a hurdle.  Modern Healthcare;43(15):26, Apr. 15, 2013.

Using the HITRUST CSF to assess cybersecurity preparedness.  HITRUST Central.   Apr. 9, 2013.

Mace, S.  Phishing a real threat to healthcare, no fooling.  HealthLeaders Media.  Apr. 2, 2013.

Accessing decreased patient records - FAQ.  Journal of AHIMA. Apr. 1, 2013.

Solove, J. "HIPAA Turns 10: Analyzing the Past, Present and Future Impact." Journal of AHIMA. 84(4):22-28, Apr. 2013.

New patients' access rights mean new requirements, including 'Duty to warn'.  AISHealth.  Apr. 2013. 

Tennant, R., and Nordeng, A.  New privacy and security omnibus rule released.  MGMA Connexion.  13(4):18-21, Apr. 2013. 

Vaidya, A.  10 steps for ensuring compliance.  Mar 20, 2013.

Greenwald, J.  Solid safeguards: providers struggle with new HIPAA security rules.  Modern Healthcare;43(11):29, Mar. 18, 2013. 

Data Breach Incidents and Reponses.  Minneapolis, MN: Health Care Compliance Association, Jan. 14, 2013.

Rose, R. V.  5 ways to reduce risk related to personal health information.  Healthcare Financial Management.  67(1):34, Jan. 2013. 

Bowe, R.  Identity crisis: organizations are implementing medical identity theft teams to combat rising incidents.  Journal of AHIMA.  84(1):38-42, quiz 43, Jan. 2013. 

Beware of malware on medical devices.  ECRI.  24(12):1-3, Dec. 2012.{AB0069F9-0216-DD11-8901-0015600F6010}&cm_medium=email

A driver of some privacy breaches, the market for stolen PHI is strong.  AISHealth, Nov. 2012.

Goedert, J.  Eye and ear practice fined $1.5 million for security rule violations.  Sept. 17, 2012.

Tocknell, M.  Damage from healthcare data breaches spreading.  HealthLeaders Media.  Aug. 30, 2012.

Barth-Jones, D.  The debate over 're-identification' of health information:  What do we risk?  Health Affairs.  Aug. 10, 2012. 

Goedert, J.  Hartford breach affecting 9,558 includes social security numbers.  HealthData Management.  August 1, 2012.

Beth Israel deaconess notifying 3,900 patients about data breach.  iHealthBeat.  July 23, 2012.

Horowitz, B.  Disaster recovery plans lacking at a majority of hospitals:  Report.  Health Care IT News.  June 29, 2012.

Appeals court says knowledge of HIPAA isn't required for proof of a violation.  AISHealth.  June 2012.

Achieving the Right Balance: Privacy and Security Policies to Support Electronic Health Information Exchange.  Calfornia Healthcare Foundation, 2011.

Greene, A.H., Ovsepyan, H.E., and Tremaine, D.W.  The privacy and security of ACOs: improving patient care while complying with HIPAA.  AHLA Connections;16(5):32-35, May 2012. 

Sentinel, S.  Patient ID information stolen at Memorial hospitals.  HealthLeaders Media.  Apr. 13, 2012.

Dimick, C.  The new privacy officer.  Journal of AHIMA;83(4):21-25, Apr. 2012.

Gorton, E.R.  A new age for mental and substance abuse health records.  Journal of AHIMA;83(4):42-43, Apr. 2012.

Greene, A.H.  HIPAA compliance for clinician texting.  Journal of AHIMA;83(4):34-36, Apr. 2012.

Herrin, B.S.  Long distance records: requesting and managing the records of foreign nationals.  Journal of AHIMA;83(4):23-33, Apr. 2012.

McDavid, J., and Bowen, R.  Everyday risk: protecting against breach in release of information.  Journal of AHIMA;83(4):26-29, Apr. 2012.

Mobile device security (updated): practice brief.  Journal of AHIMA;83(4):50-55, Apr. 2012.

Carlson, J.  Too little, too late? First fine from HIPAA breach-notification rule not seen as much of a deterrent.  Modern Healthcare;42(12):14, Mar. 19, 2012. 

Tomes, J.P.  Keeping it private: staying compliant with the HIPAA privacy and security rules.  Journal of AHIMA.  83(3):32-34, Mar. 2012. 

McLendon, K.  Automation for privacy and security compliance.  Journal of AHIMA.  83(3):38-39, Mar. 2012. 

Manos, D., editor.  Health data breaches up 97 percent in 2011.  Healthcare IT News.  Feb. 1, 2012.

Dimick, C.  Simplification at last? HHS rolls out operating rules for HIPAA transaction standards.  Journal of AHIMA;83(2):24-29, Feb. 2012.

Galewitz, P.  Hospitals mine patient records in search of customers.  USA Today.  Jan. 18, 2012.

Garvin, P. The Financial Impact of Breached Protected Health Information.  Source: American National Standards Institute, 2012.


About AHA


Member Constituency Sections

Key Relationships

News Center

Performance Improvement

Advocacy Issues

Products & Services


Research & Trends


155 N. Wacker Dr.
Chicago, Illinois 60606

800 10th Street, N.W.
Two CityCenter, Suite 400
Washington, DC 20001-4956