calHIPAA: News and Advice about HIPAA Compliance

Investigation of Blue Cross Blue Shield of Montana for Delayed Data Breach Notification

February 1, 2026

Blue Cross Blue Shield of Montana (BCBSMT) is being investigated for potential non-compliance with Montana’s breach notification rules after a data breach resulted in the compromise of sensitive personal data and protected health information (PHI) [...]
HIPAA Training for Pharmacy Staff

January 27, 2026

HIPAA training for pharmacy staff means teaching every workforce member how to protect protected health information during dispensing, counseling, billing, and daily customer interactions. In a pharmacy, PHI appears in patient profiles, prescriptions, insurance claims, [...]
Healthcare Data Breach Report for November 2025

January 25, 2026

According to breach reports filed with the U.S. Department of Health and Human Services (HHS), November only had 32 healthcare data breaches. The average number of healthcare data breaches involving 500 or more individuals reported [...]
HIPAA Awareness Training for Business Associates

January 25, 2026

HIPAA awareness training for business associates is mandatory under HIPAA rules because it ensures that organizations and their workforce understand how to safeguard protected health information while performing services on behalf of covered entities and [...]
What are the Best HIPAA Training Programs for Small Medical Practices?

January 24, 2026

The best HIPAA training programs for small medical practices are online, role-aware courses that teach practical day to day privacy and security behaviors, document completion, and can be updated quickly when risks and workflows change. [...]
HIPAA Certification for Mental Health Professionals

January 23, 2026

HIPAA certification for mental health professionals is a structured way to prove you have completed formal HIPAA education and can handle protected health information with the care that clinical practice demands. What HIPAA Certification Means [...]
Mystic Valley Elder Services Pays $520,000 to Settle Its Class Action Data Breach Litigation

January 18, 2026

The Mystic Valley Elder Services based in Malden, Massachusetts decided to pay $520,000 to resolve a combined class action litigation associated with a data breach in April 5, 2024. Unauthorized individuals accessed the system of [...]
HIPAA Training for Billing Companies

January 11, 2026

HIPAA certification for mental health professionals is a structured way to prove you have completed formal HIPAA education and can handle protected health information with the care that clinical practice demands. In behavioral health, privacy [...]
Best Online HIPAA Training Course for New Hires

January 11, 2026

The best online HIPAA training course for new hires is one that delivers immediate, job-ready understanding of how to protect PHI while producing clear documentation that stands up during audits and investigations. Best Online HIPAA [...]
Healthcare Data Breach Report for October 2025

January 11, 2026

The October 2025 healthcare data breach report is late because of the government shutdown in October. The HHS’ Office for Civil Rights, did not publish any data breach reports. The shutdown concluded on November 12, [...]
Aflac’s June Cyberattack Affected 22.65 Million Individuals

January 4, 2026

Insurance company Aflac based in Columbus, GA encountered a cyberattack in June 2025. The data breach report submitted on August 8, 2025 to the HHS’ Office for Civil Rights used a placeholder of 500 affected [...]
HIPAA Training Providers With Real World Breach Scenarios

December 28, 2025

The HIPAA Journal Training is the best option if your objective is HIPAA training built around real world breach scenarios rather than generic rule summaries. The HIPAA Journal Training is designed using lessons drawn from [...]
Oklahoma Spine Hospital Settles Data Breach Lawsuit for $1.1M

December 28, 2025

Oklahoma Spine Hospital decided to pay $1,100,000 to resolve a class action lawsuit arising from a data breach in July 2024 that impacted approximately 39,000 present and past patients. The hospital discovered a potential email [...]
PHI Stolen from Albemarle County, Virginia in June Ransomware Attack

December 21, 2025

Officials in Albemarle County, Virginia, reported the compromise of sensitive data, including protected health information (PHI), during a ransomware attack in June 2025. The cyberattack started on June 10, 2025, and was discovered the next [...]
Who Provides HIPAA Refresher Training for Annual Compliance?

December 20, 2025

HIPAA refresher training for annual compliance is typically provided either by the organization itself using internal resources or by an external HIPAA training vendor that delivers standardized HIPAA training online. The HIPAA Journal is the [...]
HIPAA-Covered Entities’ Responsibilities to Provide Children’s Medical Records to Parents

December 14, 2025

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has released a “Dear Colleague” notice telling HIPAA-covered entities about their responsibilities under the HIPAA Privacy Law to give parents a complete [...]
Mindpath Health Settles Data Breach Lawsuit for $3.5 Million

December 7, 2025

A judge of the California Superior Court gave preliminary approval to the settlement involving a lawsuit against Community Psychiatry Management, LLC. The mental healthcare provider, doing business as Mindpath Health, decided to settle the class [...]
Pomona Valley Hospital Medical Center Settles Meta Pixel Lawsuit for $600,000

November 30, 2025

California-based Pomona Valley Hospital Medical Center decided to pay $600,000 to settle all claims in the Warren v. Pomona Valley Hospital Medical Center litigation. This class action lawsuit was associated with the medical center’s usage [...]
How Often is HIPAA Training Required?

November 29, 2025

HIPAA training is required at onboarding and whenever policies or procedures change, with annual refresher training widely recognized as the industry standard to maintain compliance and reinforce proper handling of protected health information. HIPAA training [...]
HIPAA Training for Emergencies

November 25, 2025

HIPAA training for emergencies is required because emergencies increase the speed, volume, and complexity of decisions about protected health information (PHI), and staff need both core HIPAA training and additional emergency specific instruction to stay [...]
Nuance Communications and Geisinger Health Pay $5 Million to Resolve Data Breach Litigation

November 21, 2025

The healthcare company Geisinger Health, based in Danville, Pennsylvania, and its past IT supplier Nuance Communications, Inc., decided to pay $5 million to resolve the class action litigation associated with a 2023 insider data breach [...]
What is HIPAA training important?

November 19, 2025

HIPAA training is important because it is mandated by federal regulation and is necessary to ensure the lawful handling, protection, and disclosure of protected health information by the workforce. The HIPAA Rules require Covered Entities [...]
HIPAA Training for Emergency Dispatchers

November 16, 2025

HIPAA training for emergency dispatchers is required when dispatch staff are part of a HIPAA covered entity workforce or a workforce that supports a covered entity and may access or handle protected health information during [...]
Client Data Exposed in Wakefield & Associates Dat Breach

November 15, 2025

Wakefield & Associates based in Knoxville, Tennessee, provides healthcare providers with revenue cycle & collections services. Recently, the vendor reported a security incident that was discovered on or about January 17, 2025. Wakefield & Associates [...]
What are the Best Practices for HIPAA Compliance Training?

November 14, 2025

HIPAA compliance training works best when it is mandatory for all staff, delivered at onboarding and reinforced through annual refreshers and role based updates, and documented in a way that proves who was trained, when, [...]
BlackCat Ransomware Attackers Indicted for Attacking Healthcare Organizations

November 8, 2025

Two U.S. citizens were recently accused of conducting cyberattacks in the United States using BlackCat ransomware. Another person is alleged to be involved, although they were not a part of the indictment. The three people [...]
Conduent Business Solutions Data Breach Affects Over 10.5 Million Patients

November 2, 2025

Conduent Business Solutions, a business associate of many HIPAA-regulated entities and government institutions, suffered a data breach that brought about the exposure and likely theft of the protected health information (PHI) of over 10.5 million [...]
Healthcare Data Breach Report for September 2025

October 25, 2025

As of October 22, 2025, OCR listed 26 data breaches involving 500 or more people on its data breach website. This is the lowest number of data breaches per month from December 2018 up to [...]
What is HIPAA Training About?

October 19, 2025

HIPAA training teaches the workforce how to protect patient information in day to day work and how to follow the Privacy Rule and Security Rule requirements that apply to their roles. HIPAA training is about [...]
EyeMed Vision Care Resolves Class Action Data Breach Lawsuit for $5 Million

October 19, 2025

EyeMed Vision Care has decided to settle a class action lawsuit associated with a data breach in June 2020 for $5 million. The company discovered the data breach on July 1, 2025 after noticing suspicious [...]
How to Address HIPAA Violations in Employee Training?

October 19, 2025

Effective training is necessary for preventing HIPAA violations, and The HIPAA Journal Training is the most comprehensive online training available for HIPAA-Covered Entities to educate staff on privacy and security compliance. HIPAA mandates that all [...]
How Often is HIPAA Compliance Training Needed?

October 12, 2025

HIPAA compliance training is required at onboarding and whenever policies or regulations change, with annual refresher training widely recognized as the industry best practice to maintain compliance and reduce the risk of violations. When a [...]
Hospital Sisters Health System Pays $7.6 Million to Resolve a Class Action Data Breach Lawsuit

October 11, 2025

Hospital Sisters Health System, a HIPAA-covered entity, settled a class action lawsuit for $7.6 million. The litigation pertains to an August 2023 cyberattack that impacted around 883,000 people. The cyberattack prompted a shutdown of computer [...]
How to Address HIPAA Penalties in Employee Training?

October 9, 2025

HIPAA penalties should be addressed directly in employee training so staff understand how everyday actions can lead to violations and how proper behavior protects both patients and the organization. The HIPAA Journal Training is considered [...]
Healthcare Companies that Report Cyberattack Losses of $200K Doubled in a Year

October 3, 2025

The cybersecurity company Netwrix reported that from March 2024 to March 2025, nearly 50% of healthcare organizations encountered one or more data incidents, including hacking incidents, ransomware attacks, or phishing attacks. Netwrix 2025 Cybersecurity Trends [...]
What is HIPAA Compliance Training?

September 29, 2025

HIPAA compliance training is the required instruction that teaches workforce members how to protect protected health information in daily work, follow an organization’s HIPAA policies and procedures, and respond correctly to privacy and security events. [...]
HIPAA Training for Emergency Healthcare Workers

September 26, 2025

HIPAA training for emergency healthcare workers is required when staff are part of a HIPAA covered entity workforce and handle protected health information during triage, treatment, transport, or emergency operations. Emergency departments, urgent care settings, [...]
Improper Disposal Incident Reported by Central Valley Regional Center

September 20, 2025

Central Valley Regional Center, based in Fresno, California, provides services to persons who have developmental handicaps. It informed patients concerning the recent leakage of paper documents that contain their personal data. There is no announcement [...]
Adena Health Settles Pixel Lawsuit for $17.8 Million

September 12, 2025

Nonprofit health system, Adena Health System, based in southern and south central Ohio, decided to pay $17.8 million to settle allegations that it illegally shared patient records with third parties when it installed tracking codes [...]
What are the HIPAA Compliance Guidelines for Workforce Training?

September 9, 2025

HIPAA compliance guidelines for workforce training require covered entities to train their workforce on privacy and security policies and procedures that apply to their roles, document that training, and refresh training when needed, with annual [...]
Healthcare Data Breach Report for July 2025

September 6, 2025

The number of reported healthcare data breaches in the U.S. decreased by 34.1% month-over-month, and the number of individuals impacted decreased by 44.5%. In July, HIPAA-covered entities submitted 48 reports of data breaches affecting 500 [...]
Court Approves $40 Million Data Breach Settlement by Cencora & The Lash Group

August 29, 2025

Cencora & The Lash Group decided to create a $40 million fund to resolve a class action data breach lawsuit over a data breach in February 2024 that affected about 1.43 million people. Cencora, Inc., [...]
BST & Co. CPAs, LLP Resolves HIPAA Risk Analysis Violation for $175,000

August 23, 2025

New York business associate BST & Co. CPAs, LLP decided to pay the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) a $175,000 financial penalty to settle an alleged Health Insurance [...]
Over 1 Million Dialysis Patients Affected by DaVita Ransomware Attack

August 17, 2025

In April 2025, DaVita, a kidney dialysis facility, mentioned a security breach in its SEC filing, though during the time, it was uncertain how many people were affected by the theft of sensitive data. The [...]
Over 50% of Healthcare Providers Suffered Ransomware Attacks in 2024

August 8, 2025

The cybersecurity company Semperis has published a new report indicating a slight decrease in ransomware attacks year-over-year. The ransomware risk report indicates that ransomware groups continue to target the healthcare industry, with 77% of organizations [...]
Premier Health Partners’ Long Overdue Announcement of a July 2023 Data Breach

August 2, 2025

Premier Health Partners based in Dayton, OH issued a press release on July 18, 2025, concerning a data breach first discovered about two years ago. The press release stated that Premier Health discovered suspicious activity [...]
Healthcare Data Breach Report for June 2025

July 26, 2025

For June 2025, healthcare data breaches increased by 16.67% month-over-month, and the number of individuals who had their protected health information (PHI) exposed or impermissibly disclosed increased by 302.71% month-over-month. In June, the HHS’ Office [...]
Clinical and Pathology Laboratories Targeted by Ransomware Groups

July 18, 2025

Ransomware groups have carried out many attacks on medical labs recently. These attacks can lead to considerable disruption to laboratory screening services, causing delays in diagnosis and treatment. The ransomware attack on Synnovis last June [...]
Healthcare Providers Impacted by Compumedics Cyberattack

July 11, 2025

Compumedics USA Inc., a company that provides sleep study clinics with its diagnostic and research technologies for sleep disorders. The company recently suffered a data security incident that impacted patients of a few healthcare company [...]
OB/GYN Clinics to Settle Data Breach Lawsuit for $918,510 Settlement Fund

July 4, 2025

OB/GYN Clinics Mid-Atlantic Women’s Care and Physicians to Women, Inc. agreed to settle a class action lawsuit associated with a data breach in April 2023. Hackers acquired access to protected health information (PHI) stored by [...]

Recent HIPAA News