Scanning the Headlines: HIPAA

A bibliographic listing of recently published material related to HIPAA.

Updated on June 20, 2017

Links to full-text articles are provided where available.
For information on obtaining print copies of articles, please call the AHA Resource Center at (312) 422-2050.

Davis, J. (2017, May 16). Privacy & Security. Denial-of-service attacks on healthcare poised to explode. Healthcare IT News. Retrieved from:

Iandolo, M. (2017, Mar. 1). Horizon Healthcare Services seetles data breach case for $1.1 million. Legal NewsLine. Retrieved from:

Byers, J. (2017, Feb. 27). Cybersecurity-what healthcare administrators need to know. HealthcareDIVE. Retrieved from:

Office of the National Coordinator for Health Information Technology. 2016 Model Privacy Notice: Draft. Dec. 2, 2016. Retrieved from:

Johnson, T. (2016, Oct. 28). Health care sector gets a near-failing grade on cybersecurity. National. Retrieved from:

Davidson, J. (2016, Sept. 28). Cyberattacks on personal health records growing 'exponentially'. Washington Post. Retrieved from:

(2016, Aug.). Healthcare Organization and Hospital Discussion Guide for Cybersecurity. Washington: Department of Health and Human Services. Retrieved from:

Ornstein, C. (2016, July 21). The secret documents that details how patients' privacy is breached. Pro Publica. Retrieved from:

Ornstein, C. (2016, July 19). Health gadgets and apps outpace privacy protections, report finds. Pro Publica. Retrieved from:

Andrews, S. (2016, July 15). Boston Hospital Warns Staff of Privacy Violations with Pokemon Go. Middleton, MA: HCPro. Retrieved from:émon-go

(2016, July 14). CMS offers HIPAA guidance on ransonware. HealthLeaders Media News. Retrieved from:

Samels J. (2016, July 11). Your money or your PHI: new guidance on ransomware. Washington: U.S. Department of Health and Human Services blog. Retrieved from:

(2016, July). When asked, covered entities must give patients records by email. AISHealth. 16(7):1-3. Retrieved from:

Office for Civil Rights. (2016, July). Fact sheet: Ransomware and HIPAA. Washington: U.S. Department of Health and Human Services. Retrieved from:

(2016, June 17). Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA. Washington: U.S. Department of Health and Human Services. Retrieved from:

Tennant, R. (2016, June 1). Understanding patient access rights and practice responsibilities. Executive View Magazine. Retrieved from:

Andrews, M. (2016, May 31). When adult children get sick, it may be hard for parents to get information. Kaiser Health News. Retrieved from:

Ornstein, C. (2016, May 27). To your health. Doctors fire back at bad Yelp reviews - and reveal patients' information online. The Washington Post. Retrieved from:

Appleby, J. (2016, May 17). Final EEOC rule sets limits for financial incentives on wellness programs. Kaiser Health News. Retrieved from:

Diamond, D. (2016, May 10). Insiders: Health care is 'being held hostage to hackers'. Politico. Retrieved from:

Ornstein, C. (2016, Apr. 21). New York Hospital to pay $2.2 million over unauthorized filming of 2 patients. New York Times. Retrieved from:

McGee, M. (2016, Apr. 14). Old IT Project Raises New Concerns for 1,400 Organizations. Princeton, NJ: Healthcare Info Security. Retrieved from:

Murphy, T. (2016, Mar. 30). Hospital cyberattack highlights health care vulnerabilities. ABC News. Retrieved from:

Morrissey, J. (2015, Oct. 12). How hospitals can prepare for inevitable breaches of patient data. Trustee. Retrieved from:

(2015, Aug. 25). Body Worn Camera Use in Health Care Facilities. Glendale Heights, IL: IAHSS Foundation. Retrieved from:

Castelluccio, J., editor. (2015, July 6). HIMSS Survey Shows Progress on Cybersecurity, but Healthcare Orgs Still Unprepared for Cyber Hacks. Danvers, MS: HCPro, Inc. Retrieved from:

(2015, June 30). HIMSS Survey Finds Two-Thirds of Healthcare Organizations Experienced a Significant Security Incident in Recent Past. Chicago: Healthcare Information and Management Systems Society (HIMSS). Retrieved from:

Goedert, J. (2015, May 21). The CareFirst Hack: What Went Right, What Went Wrong. HealthData Management.

Peterson, A. (2015, March 20). The Switch: 2015 is already the year of the health-care hack - and it's only going to get worse. Washington Post. Retrieved from:

(2015, Mar. 17). Premera Blue Cross says data breach could affect 11m people. New York Times. Retrieved from:

Gross, L., Manchir, M., and Bowean, L. (2015, Feb. 11). Jackie Robinson West stripped title. Chicago Tribune. Retrieved from:

Peterson, A. (2015, Feb. 5). Why hackers are targeting the medical sector. Washington Post.

Ornstein, C. (2015, January 2). When a patient's death is broadcast without permission. New York Times. Retrieved from:

Bulletin: HIPAA Privacy in Emergency Situations. (2014, November). Washington: U.S. Department of Health and Human Services, Office for Civil Rights. Retrieved from:

Hall, S. (2014, October 31). California data breach report underscores need for encryption in healthcare. FierceHealthIT. Retrieved from:

Holtzman, D. (2014, October 31). Surviving a HIPAA privacy and security audit. Health Data Management. Retrieved from:

Slideshow: Top Health Data Breaches Caused by Hackers. Health Data Management, Aug. 21, 2014.

Goedert, J. Huge hacking breach at community health systems. Health Data Management. Aug. 18, 2014.

Finkle, J., and Humer, C. Community Health says data stolen in cyber attack from China. Reuters, Aug. 18, 2014.

$800,000 settlement shows dangers of neglecting HIPAA amidst business deals. AISHealth. July 9, 2014.

Pittman, D. Big cyber hack of health records is 'only a matter of time. Politico Pro, July 1, 2014.

Goedert, J. Health data breach impacts nearly all Montana residents. Health Data Management. June 26, 2014.

Hospital networks are leaking data, leaving critical devices vulnerable. HealthLeaders Media. June 26, 2014.

Fitzgerald, J., editor. Two organizations fined $4.8 million for HIPAA violations. Danvers, MA: HCPro, Inc., May 12, 2014.

Conn, J. A pair of troubling stories on healthcare data insecurity. Modern Healthcare. Mar. 18, 2014.

Wah R. Live from HIMSS14: Criminal Elements Eyeing Patient Records. H&HN Daily, Feb, 26, 2014.

Sage, A. Physical security, HIPAA, and the HHS wall of shame. Journal of Healthcare Protection Management;30(1):85-104, 2014.

Cybersecurity and Hospitals: What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response. Chicago: American Hospital Association, 2014.

Health Information Privacy: Model Notices of Privacy Practices. Washington: U.S. Department of Health & Human Services, 2014.

Health Information Privacy: Disclosures for Emergency Preparedness - A Decision Tool. Washington: U.S. Department of Health & Human Services, 2014.

Social media policies should address 'spying' by physicians. Health Business Daily. Dec. 11, 2013.

N.M. case tests how far CEs must go to meet the demands of law enforcement. Health Business Daily. Dec. 10, 2013.

Mooney B and Boyle A. HIPAA and patient privacy: exploring challenges and solutions., Dec. 2013.

Mehta, J. Texting, safety and privacy: how your smartphone interfaces with HIPAA. American Society of Anesthesiologists Newsletter;77(10):18-20, Oct. 2013.

Harris, K. Medical Identify Theft. Sacramento, CA: California Department of Justice. Oct. 2013.

Workers who become patients require extra vigilance by CEs. AISHealth. 13(10) Oct. 2013.

Mace, S. Preparing for tougher privacy rules. HealthLeaders;16(7):48-51, Sept. 2013.

Vaidya, A. 10 Ways to ensure HIPAA compliance on social media. Becker’s Hospital Review. Aug. 5, 2013.

Warner, D. Safe de-identification of big data is critical to health care. Journal of Health Care Compliance. 15(4):63-72, July-Aug. 2013.

Jenkins, M. The real causes of HIPAA security breaches: bad IT system design, bad user behavior, bad policies, bad operations. Becker’s Hospital Review. July 22, 2013.

Mace, S. Probe uncovers hospital’s inability to protect patient privacy. HealthLeaders Media. June 25, 2013.

FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks. Silver Spring, MD: FDA Safety Communications. June 13, 2013.

Dunlap, E.F., and Frigy, R.L. The wait is over: the HIPAA final rule has arrived. Journal of Health Care Compliance;15(3):5-10, May-June 2013.

Shuman, L. New compliance challenge: preparing for OCR HIPAA audits. Journal of Health Care Compliance;15(3):51-52, May-June 2013.

Strauss, L.J. Overview of the HIPAA final omnibus rule. Journal of Health Care Compliance;15(3):53-56 , May-June 2013.

Tennant, R. Modifying your ‘notice-ofprivacy’ practices to meet the new federal requirements. MGMA Connexion. 13(5):32-33, May-June 2013.

McCallister, S. Don’t forget the other HIPAA when thinking about meaningful use. MGMA Connexion. 13(5):50-51, May-June 2013.

Wife of slain coach: is HIPAA privacy more important than a life? HIM-HIPAA Insider. May 13, 2013.

Beck, M. Poor prognosis for privacy rules that give patients more control of their records face technical problems. Wall Street Journal. May 1, 2013.,d.aWc

Levine, C. HIPAA as a hurdle. Modern Healthcare;43(15):26, Apr. 15, 2013.

Using the HITRUST CSF to assess cybersecurity preparedness. HITRUST Central. Apr. 9, 2013.

Mace, S. Phishing a real threat to healthcare, no fooling. HealthLeaders Media. Apr. 2, 2013.

Accessing decreased patient records - FAQ. Journal of AHIMA. Apr. 1, 2013.

Solove, J. "HIPAA Turns 10: Analyzing the Past, Present and Future Impact." Journal of AHIMA. 84(4):22-28, Apr. 2013.

New patients' access rights mean new requirements, including 'Duty to warn'. AISHealth. Apr. 2013.

Tennant, R., and Nordeng, A. New privacy and security omnibus rule released. MGMA Connexion. 13(4):18-21, Apr. 2013.

Vaidya, A. 10 steps for ensuring compliance. Mar 20, 2013.

Greenwald, J. Solid safeguards: providers struggle with new HIPAA security rules. Modern Healthcare;43(11):29, Mar. 18, 2013.

Data Breach Incidents and Reponses. Minneapolis, MN: Health Care Compliance Association, Jan. 14, 2013.

Rose, R. V. 5 ways to reduce risk related to personal health information. Healthcare Financial Management. 67(1):34, Jan. 2013.

Bowe, R. Identity crisis: organizations are implementing medical identity theft teams to combat rising incidents. Journal of AHIMA. 84(1):38-42, quiz 43, Jan. 2013.

Beware of malware on medical devices. ECRI. 24(12):1-3, Dec. 2012.