Defensorum6d ago
🚨 #OPM proposal requires monthly claims-level data from 65 carriers πŸ“Š 8M+ federal employees, retirees, families affected ⚠️ #HIPAA Minimum Necessary Rule compliance concerns raised πŸ₯ Proposal lacks clear limitations on #PHI data elements #Compliance #DataPrivacy #RegulatoryRisk #PrivacyRule πŸ‘‰https://www.defensorum.com/opm-health-data-collection-hipaa/
OPM Health Data Collection Proposal Raises HIPAA Compliance and Privacy Concerns - Defensorum

The Office of Personnel Management proposal to collect claims-level health insurance data for federal employees and retirees has generated sustained criticism due to privacy risks, potential violations of the HIPAA Privacy Rule, and concerns about data misuse and insufficient safeguards. Proposal Scope and Data Collection Requirements A December 12, 2025 notice outlines a request to ... Read more

Defensorum
Dissent Doe  Jan 7

The second part of my interview with Rachel Seeger of North Country Communications is now online. If you know any HIPAA-regulated SMBs struggling with compliance issues or seeking great information and advice, point them to Rachel's consultancy.

HIPAA Compliance and Breach Communications: Helpful Tips for SMBs:
https://databreaches.net/2026/01/06/hipaa-compliance-and-breach-communications-helpful-tips-for-smbs/

or download a copy od the interview:
https://databreaches.net/wp-content/uploads/HIPAA-Compliance-and-Breach-Communications.pdf

Direct link to North Country Communications: https://northcountrycommunications.com/

#HIPAA #compliance #BreachNotification #PrivacyRule #SecurityRule #BusinessAssociates

HIPAA Compliance and Breach Communications: Helpful Tips for SMBs – DataBreaches.Net

Published by DataBreaches.net in collaboration with North Country Communications, LLC. January 6, 2026 On December 15, North Country Communications   launched a

DataBreaches.Net
Dissent Doe  Aug 1, 2025

NEW: Six months after discovering an attack, Northwest Radiologists notifies almost 350,000 Washington State residents

https://databreaches.net/2025/08/01/six-months-after-discovering-an-attack-northwest-radiologists-notifies-almost-350000-washington-state-residents/

#databreach #incident_management #healthsec #HIPAA #SecurityRule #PrivacyRule

DefensorumJan 2, 2025
πŸ“’ Proposed changes to the #HIPAA #PrivacyRule focus on safeguarding sensitive reproductive #healthcare data! 🌟 Transparency and consent are essential. Learn more πŸ”— https://www.defensorum.com/hipaa-privacy-rule-reproductive-healthcare/
HIPAA Privacy Rule: New Requirements for Reproductive Healthcare Entities - Defensorum

In April 2024, the HHS Office for Civil Rights (OCR) released the HIPAA Privacy Rule to assist the Reproductive Healthcare Privacy Final Rule. The new rule became effective on June 23, 2024, but the last day of compliance for everything except the Notice of Privacy Practices requirement is December 23, 2024. The Notice of Privacy ... Read more

Defensorum
Dissent Doe  Jan 1, 2025

Westend Dental agrees to pay Indiana $350K and to implement a corrective action plan to settle charges of multiple HIPAA violations.

This is one of THE WORST incident responses I have ever read and I've read a lot of bad ones over the years. But it's not just an incident response disaster. They were routinely violating HIPAA privacy and security rules.

Kudos to the state of Indiana for going after the dental practice and investigating to find out all the problems.

Don't ask me what HHS OCR did, because I don't think they were ever even told about this 2020 ransomware attack.

Read more here, where you will also find the court filings I've uploaded so you can read how bad this one was:

https://databreaches.net/2024/12/31/westend-dental-agrees-to-pay-indiana-350k-and-to-implement-corrective-action-plan-to-settle-charges-of-multiple-hipaa-violations/

#ransomware #compliance #HIPAA #healthsec #encryption #backup #PrivacyRule #SecurityRule #ransparency #disclosure #notification

@zackwhittaker @jgreig

Dissent Doe  Oct 22, 2023

Another plastic surgery practice appears to have been hit -- this time by Hunters International:

https://www.databreaches.net/another-plastic-surgery-practice-appears-to-have-been-hit-this-time-by-hunters-international/

@brett @briankrebs @campuscodi @vxunderground @lawrenceabrams

#databreach #HealthSec #cybersecurity #extortion #HIPAA #SecurityRule #PrivacyRule #FTC