A bibliographic listing of recently published material related to HIPAA.
Updated on June 20, 2017
Links to full-text articles are provided where available.
For information on obtaining print copies of articles, please call the AHA Resource Center at (312) 422-2050.
Davis, J. (2017, May 16). Privacy & Security. Denial-of-service attacks on healthcare poised to explode. Healthcare IT News. Retrieved from: http://www.healthcareitnews.com/news/denial-service-attacks-healthcare-poised-explode
Iandolo, M. (2017, Mar. 1). Horizon Healthcare Services seetles data breach case for $1.1 million. Legal NewsLine. Retrieved from: http://legalnewsline.com/stories/511085361-horizon-healthcare-services-settles-data-breach-case-for-1-1-million
Byers, J. (2017, Feb. 27). Cybersecurity-what healthcare administrators need to know. HealthcareDIVE. Retrieved from: http://www.healthcaredive.com/news/cybersecurity-healthcare-administrators-2017/436983/
Office of the National Coordinator for Health Information Technology. 2016 Model Privacy Notice: Draft. Dec. 2, 2016. Retrieved from: https://www.healthit.gov/sites/default/files/2016_model_privacy_notice.pdf
Johnson, T. (2016, Oct. 28). Health care sector gets a near-failing grade on cybersecurity. National. Retrieved from: http://www.mcclatchydc.com/news/nation-world/national/article111144232.html
Davidson, J. (2016, Sept. 28). Cyberattacks on personal health records growing 'exponentially'. Washington Post. Retrieved from: https://www.washingtonpost.com/news/powerpost/wp/2016/09/28/cyberattacks-on-personal-health-records-growing-exponentially
(2016, Aug.). Healthcare Organization and Hospital Discussion Guide for Cybersecurity. Washington: Department of Health and Human Services. Retrieved from: http://www.cdc.gov/phpr/healthcare/documents/healthcare-organization-and-hospital-cyber-discussion-guide.pdf
Ornstein, C. (2016, July 21). The secret documents that details how patients' privacy is breached. Pro Publica. Retrieved from: https://www.propublica.org/article/the-secret-documents-that-detail-how-patients-privacy-is-breached
Ornstein, C. (2016, July 19). Health gadgets and apps outpace privacy protections, report finds. Pro Publica. Retrieved from: https://www.propublica.org/article/health-gadgets-and-apps-outpace-privacy-protections-report-finds
Andrews, S. (2016, July 15). Boston Hospital Warns Staff of Privacy Violations with Pokemon Go. Middleton, MA: HCPro. Retrieved from: http://www.medicarecompliancewatch.com/news-analysis/boston-hospital-warns-staff-privacy-violations-pokémon-go
(2016, July 14). CMS offers HIPAA guidance on ransonware. HealthLeaders Media News. Retrieved from: http://www.healthleadersmedia.com/leadership/cms-offers-hipaa-guidance-ransomware
Samels J. (2016, July 11). Your money or your PHI: new guidance on ransomware. Washington: U.S. Department of Health and Human Services blog. Retrieved from: http://www.hhs.gov/blog/2016/07/11/your-money-or-your-phi.html#
(2016, July). When asked, covered entities must give patients records by email. AISHealth. 16(7):1-3. Retrieved from: https://aishealth.com/archive/hipaa0716-04?utm_source=Real%20Magnet&utm_medium=Email&utm_campaign=100386702
Office for Civil Rights. (2016, July). Fact sheet: Ransomware and HIPAA. Washington: U.S. Department of Health and Human Services. Retrieved from: http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
(2016, June 17). Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA. Washington: U.S. Department of Health and Human Services. Retrieved from: https://www.healthit.gov/sites/default/files/non-covered_entities_report_june_17_2016.pdf
Tennant, R. (2016, June 1). Understanding patient access rights and practice responsibilities. Executive View Magazine. Retrieved from: http://www.mgma.com/practice-resources/mgma-connection-plus/executive-view/2016/june-2016/understanding-patient-access-rights-and-practice-responsibilities
Andrews, M. (2016, May 31). When adult children get sick, it may be hard for parents to get information. Kaiser Health News. Retrieved from: http://khn.org/news/when-adult-children-get-sick-it-may-be-hard-for-parents-to-get-information/
Ornstein, C. (2016, May 27). To your health. Doctors fire back at bad Yelp reviews - and reveal patients' information online. The Washington Post. Retrieved from: https://www.washingtonpost.com/news/to-your-health/wp/2016/05/27/docs-fire-back-at-bad-yelp-reviews-and-reveal-patients-information-online/
Appleby, J. (2016, May 17). Final EEOC rule sets limits for financial incentives on wellness programs. Kaiser Health News. Retrieved from: http://khn.org/news/final-eeoc-rule-sets-limits-for-financial-incentives-on-wellness-programs
Diamond, D. (2016, May 10). Insiders: Health care is 'being held hostage to hackers'. Politico. Retrieved from: http://www.politico.com/story/2016/05/insiders-health-care-is-being-held-hostage-to-hackers-223002
Ornstein, C. (2016, Apr. 21). New York Hospital to pay $2.2 million over unauthorized filming of 2 patients. New York Times. Retrieved from: http://www.nytimes.com/2016/04/22/nyregion/new-york-hospital-to-pay-fine-over-unauthorized-filming-of-2-patients.html
McGee, M. (2016, Apr. 14). Old IT Project Raises New Concerns for 1,400 Organizations. Princeton, NJ: Healthcare Info Security. Retrieved from: http://www.healthcareinfosecurity.com/old-project-raises-new-concerns-for-1400-organizations-a-9047
Murphy, T. (2016, Mar. 30). Hospital cyberattack highlights health care vulnerabilities. ABC News. Retrieved from: http://abcnews.go.com/Business/wireStory/hospital-cyberattack-highlights-health-care-vulnerabilities-38029521
Morrissey, J. (2015, Oct. 12). How hospitals can prepare for inevitable breaches of patient data. Trustee. Retrieved from: http://www.trusteemag.com/display/TRU-news-article.dhtml?dcrPath=/templatedata/HF_Common/NewsArticle/data/TRU/Magazine/2015/October/feature-cybersecurity-patient-data
(2015, Aug. 25). Body Worn Camera Use in Health Care Facilities. Glendale Heights, IL: IAHSS Foundation. Retrieved from: http://ihssf.org/PDF/ihssfbodyworncameras.pdf
Castelluccio, J., editor. (2015, July 6). HIMSS Survey Shows Progress on Cybersecurity, but Healthcare Orgs Still Unprepared for Cyber Hacks. Danvers, MS: HCPro, Inc. Retrieved from: http://www.hcpro.com/HIM-318111-865/HIMSS-survey-shows-progress-on-cybersecurity-but-healthcare-orgs-still-unprepared-for-cyber-hacks.html
(2015, June 30). HIMSS Survey Finds Two-Thirds of Healthcare Organizations Experienced a Significant Security Incident in Recent Past. Chicago: Healthcare Information and Management Systems Society (HIMSS). Retrieved from: http://www.himss.org/News/NewsDetail.aspx?ItemNumber=42944
Goedert, J. (2015, May 21). The CareFirst Hack: What Went Right, What Went Wrong. HealthData Management. http://www.healthdatamanagement.com/news/the-carefirst-hack-what-went-right-what-went-wrong-50551-1.html
Peterson, A. (2015, March 20). The Switch: 2015 is already the year of the health-care hack - and it's only going to get worse. Washington Post. Retrieved from: http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/20/2015-is-already-the-year-of-the-health-care-hack-and-its-only-going-to-get-worse/
(2015, Mar. 17). Premera Blue Cross says data breach could affect 11m people. New York Times. Retrieved from: http://www.nytimes.com/aponline/2015/03/17/us/ap-us-premera-blue-cross-data-breach.html
Gross, L., Manchir, M., and Bowean, L. (2015, Feb. 11). Jackie Robinson West stripped title. Chicago Tribune. Retrieved from: http://www.chicagotribune.com/news/nationworld/sns-ap-us-health-care-hacking-20150205-story.html#page=1
Peterson, A. (2015, Feb. 5). Why hackers are targeting the medical sector. Washington Post. http://www.washingtonpost.com/blogs/the-switch/wp/2015/02/05/why-hackers-are-targeting-the-medical-sector/?hpid=z1
Ornstein, C. (2015, January 2). When a patient's death is broadcast without permission. New York Times. Retrieved from: http://www.propublica.org/article/when-a-patients-death-is-broadcast-without-permission
Bulletin: HIPAA Privacy in Emergency Situations. (2014, November). Washington: U.S. Department of Health and Human Services, Office for Civil Rights. Retrieved from: http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/emergency/hipaa-privacy-emergency-situations.pdf
Hall, S. (2014, October 31). California data breach report underscores need for encryption in healthcare. FierceHealthIT. Retrieved from: http://www.fiercehealthit.com/story/california-breach-report-underscores-need-encryption-healthcare/2014-10-31
Holtzman, D. (2014, October 31). Surviving a HIPAA privacy and security audit. Health Data Management. Retrieved from: http://www.healthdatamanagement.com/gallery/Surviving-a-HIPAA-Privacy-Security-Audit-49126-1.html
Slideshow: Top Health Data Breaches Caused by Hackers. Health Data Management, Aug. 21, 2014. http://www.healthdatamanagement.com/gallery/top-health-data-breaches-caused-by-hackers-48650-1.html
Goedert, J. Huge hacking breach at community health systems. Health Data Management. Aug. 18, 2014. http://www.healthdatamanagement.com/news/huge-hacking-breach-at-community-health-system-48630-1.html?utm_campaign=alert-aug%2018%202014&utm_medium=email&utm_source=newsletter&ET=healthdatamanagement%3Ae2954765%3A3655165a%3A&st=email
Finkle, J., and Humer, C. Community Health says data stolen in cyber attack from China. Reuters, Aug. 18, 2014. http://www.reuters.com/article/2014/08/18/us-community-health-cybersecurity-idUSKBN0GI16N20140818
$800,000 settlement shows dangers of neglecting HIPAA amidst business deals. AISHealth. July 9, 2014. http://aishealth.com/archive/hipaa0714-01?utm_source=Real%20Magnet&utm_medium=Email&utm_campaign=45042976
Pittman, D. Big cyber hack of health records is 'only a matter of time. Politico Pro, July 1, 2014. http://www.politico.com/story/2014/07/cyber-hack-health-records-matter-time-108486.html
Goedert, J. Health data breach impacts nearly all Montana residents. Health Data Management. June 26, 2014. http://www.healthdatamanagement.com/news/Health-Data-Breach-Impacts-Nearly-All-Montana-Residents-48297-1.html
Hospital networks are leaking data, leaving critical devices vulnerable. HealthLeaders Media. June 26, 2014. http://www.healthleadersmedia.com/content/TEC-305900/Hospital-networks-are-leaking-data-leaving-critical-devices-vulnerable
Fitzgerald, J., editor. Two organizations fined $4.8 million for HIPAA violations. Danvers, MA: HCPro, Inc., May 12, 2014. http://www.hcpro.com/HIM-304352-865/Two-organizations-fined-48-million-for-HIPAA-violations.html
Conn, J. A pair of troubling stories on healthcare data insecurity. Modern Healthcare. Mar. 18, 2014. http://www.modernhealthcare.com/article/20140318/blog/303189996#
Wah R. Live from HIMSS14: Criminal Elements Eyeing Patient Records. H&HN Daily, Feb, 26, 2014. http://www.hhnmag.com/display/HHN-news-article.dhtml?dcrPath=/templatedata/HF_Common/NewsArticle/data/HHN/Daily/2014/Feb/022614-Wah-EHR-Security-AMA
Sage, A. Physical security, HIPAA, and the HHS wall of shame. Journal of Healthcare Protection Management;30(1):85-104, 2014.
Cybersecurity and Hospitals: What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response. Chicago: American Hospital Association, 2014. http://www.aha.org/hospital-members/content/14/14cybersecuritytrustees.pdf
Health Information Privacy: Model Notices of Privacy Practices. Washington: U.S. Department of Health & Human Services, 2014. http://www.hhs.gov/ocr/privacy/hipaa/modelnotices.html
Health Information Privacy: Disclosures for Emergency Preparedness - A Decision Tool. Washington: U.S. Department of Health & Human Services, 2014. http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/emergency/decisiontoolintro.html
Social media policies should address 'spying' by physicians. Health Business Daily. Dec. 11, 2013. http://aishealth.com/archive/hipaa1213-05
N.M. case tests how far CEs must go to meet the demands of law enforcement. Health Business Daily. Dec. 10, 2013. http://aishealth.com/archive/hipaa1213-03
Mooney B and Boyle A. HIPAA and patient privacy: exploring challenges and solutions. FierceHealthIT.com, Dec. 2013. http://servicecenter.fiercemarkets.com/files/leadgen/hipaa_and_patient_privacy_5.pdf
Mehta, J. Texting, safety and privacy: how your smartphone interfaces with HIPAA. American Society of Anesthesiologists Newsletter;77(10):18-20, Oct. 2013.
Harris, K. Medical Identify Theft. Sacramento, CA: California Department of Justice. Oct. 2013. https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/medical_id_theft_recommend.pdf
Workers who become patients require extra vigilance by CEs. AISHealth. 13(10) Oct. 2013. http://aishealth.com/archive/hipaa1013-06
Mace, S. Preparing for tougher privacy rules. HealthLeaders;16(7):48-51, Sept. 2013.
Vaidya, A. 10 Ways to ensure HIPAA compliance on social media. Becker’s Hospital Review. Aug. 5, 2013. http://www.beckershospitalreview.com/healthcare-information-technology/10-ways-to-ensure-hipaa-compliance-on-social-media.html
Warner, D. Safe de-identification of big data is critical to health care. Journal of Health Care Compliance. 15(4):63-72, July-Aug. 2013.
Jenkins, M. The real causes of HIPAA security breaches: bad IT system design, bad user behavior, bad policies, bad operations. Becker’s Hospital Review. July 22, 2013. http://www.beckershospitalreview.com/healthcare-information-technology/the-real-causes-of-hipaa-security-breaches-bad-it-system-design-bad-user-behavior-bad-policies-bad-operations.html
Mace, S. Probe uncovers hospital’s inability to protect patient privacy. HealthLeaders Media. June 25, 2013. http://www.healthleadersmedia.com/content/TEC-293643/Probe-Uncovers-Hospitals-Inability-to-Protect-Patient-Privacy
FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks. Silver Spring, MD: FDA Safety Communications. June 13, 2013. http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm356423.htm
Dunlap, E.F., and Frigy, R.L. The wait is over: the HIPAA final rule has arrived. Journal of Health Care Compliance;15(3):5-10, May-June 2013.
Shuman, L. New compliance challenge: preparing for OCR HIPAA audits. Journal of Health Care Compliance;15(3):51-52, May-June 2013.
Strauss, L.J. Overview of the HIPAA final omnibus rule. Journal of Health Care Compliance;15(3):53-56 , May-June 2013.
Tennant, R. Modifying your ‘notice-ofprivacy’ practices to meet the new federal requirements. MGMA Connexion. 13(5):32-33, May-June 2013.
McCallister, S. Don’t forget the other HIPAA when thinking about meaningful use. MGMA Connexion. 13(5):50-51, May-June 2013.
Wife of slain coach: is HIPAA privacy more important than a life? HIM-HIPAA Insider. May 13, 2013. http://www.hcpro.com/HIM-292059-865/Wife-of-slain-coach-Is-HIPAA-privacy-more-important-than-a-life.html
Beck, M. Poor prognosis for privacy rules that give patients more control of their records face technical problems. Wall Street Journal. May 1, 2013. http://www.google.com/url?sa=t&rct=j&q=poor%20prognosis%20for%20privacy&source=web&cd=1&cad=rja&ved=0CD0QqQIwAA&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424127887323798104578454793056230984.html&ei=_8eDUcSzOYigyAHxqoCoCA&usg=AFQjCNHkfC91V_kj0q6ldunXU6dLJuJNVw&bvm=bv.45960087,d.aWc
Levine, C. HIPAA as a hurdle. Modern Healthcare;43(15):26, Apr. 15, 2013.
Using the HITRUST CSF to assess cybersecurity preparedness. HITRUST Central. Apr. 9, 2013. https://www.hitrustcentral.net/news_repository/blog/usingthehitrustcsftoassesscybersecuritypreparedness
Mace, S. Phishing a real threat to healthcare, no fooling. HealthLeaders Media. Apr. 2, 2013. http://www.healthleadersmedia.com/page-2/TEC-290726/Phishing-a-Real-Threat-to-Healthcare-No-Fooling
Accessing decreased patient records - FAQ. Journal of AHIMA. Apr. 1, 2013. http://journal.ahima.org/2013/04/01/accessing-deceased-patient-health-records-faq/
Solove, J. "HIPAA Turns 10: Analyzing the Past, Present and Future Impact." Journal of AHIMA. 84(4):22-28, Apr. 2013. http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_050149.hcsp?dDocName=bok1_050149
New patients' access rights mean new requirements, including 'Duty to warn'. AISHealth. Apr. 2013. http://aishealth.com/archive/hipaa0413-01
Tennant, R., and Nordeng, A. New privacy and security omnibus rule released. MGMA Connexion. 13(4):18-21, Apr. 2013.
Vaidya, A. 10 steps for ensuring compliance. Mar 20, 2013. http://www.beckershospitalreview.com/legal-regulatory-issues/10-steps-for-ensuring-hipaa-compliance.html
Greenwald, J. Solid safeguards: providers struggle with new HIPAA security rules. Modern Healthcare;43(11):29, Mar. 18, 2013.
Data Breach Incidents and Reponses. Minneapolis, MN: Health Care Compliance Association, Jan. 14, 2013. http://www.hcca-info.org/Resources/View/ArticleId/880/Data-Breach-Incidents-Responses.aspx
Rose, R. V. 5 ways to reduce risk related to personal health information. Healthcare Financial Management. 67(1):34, Jan. 2013.
Bowe, R. Identity crisis: organizations are implementing medical identity theft teams to combat rising incidents. Journal of AHIMA. 84(1):38-42, quiz 43, Jan. 2013.
Beware of malware on medical devices. ECRI. 24(12):1-3, Dec. 2012.