On March 5, 2026, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement with MMG Fusion, LLC (MMG). MMG is a Maryland software company that was ...

Faulty or non-existent security risk analyses cost a medical imaging provider, a women's healthcare group, a health plan and ...

The 2026 Security Rule eliminates 'addressable' safeguards, making encryption of ePHI at rest and in transit, multi-factor authentication for all logins, and network segmentation mandatory.

On July 7, 2025, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a $225,000 settlement with Deer Oaks – The Behavioral Health Solution (“Deer Oaks”) ...

Despite the revamped federal HIPAA Omnibus Rule which holds covered entities and business associates more accountable for failing to adequately protect patients' health information, some groups ...

Some 5,100 patients treated at Kaiser Permanente were sent HIPAA breach notification letters Friday after a KP research computer was found to have been infected with malicious software. Officials say ...

HIPAA violations don't always come from malicious attacks or headline-making data breaches. More often, they stem from everyday mistakes, like misdirected emails and vendors that aren't as secure as ...

Largest HIPAA privacy breaches in the U.S. (listed by number of individuals affected) 1. 78.8 million — Anthem network server hacked, 2015. 2. 11 million — Premera Blue Cross network server hacked, ...

Healthcare organizations are rapidly adopting cloud solutions, but HIPAA compliance remains a non‑negotiable. From encryption and access controls to audit trails and vendor agreements, securing ePHI ...

Purdue University is a Hybrid Entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Purdue’s primary purpose is education; however, Purdue does have departments and ...