Recent HIPAA News

  • Investigation of Blue Cross Blue Shield of Montana for Delayed Data Breach Notification

    February 1, 2026
    Blue Cross Blue Shield of Montana (BCBSMT) is being investigated for potential non-compliance with Montana’s breach notification rules after a data breach resulted in the compromise of sensitive personal data and protected health information (PHI) [...]

  • HIPAA Training for Pharmacy Staff

    January 27, 2026
    HIPAA training for pharmacy staff means teaching every workforce member how to protect protected health information during dispensing, counseling, billing, and daily customer interactions. In a pharmacy, PHI appears in patient profiles, prescriptions, insurance claims, [...]

  • Healthcare Data Breach Report for November 2025

    January 25, 2026
    According to breach reports filed with the U.S. Department of Health and Human Services (HHS), November only had 32 healthcare data breaches. The average number of healthcare data breaches involving 500 or more individuals reported [...]

  • HIPAA Awareness Training for Business Associates

    January 25, 2026
    HIPAA awareness training for business associates is mandatory under HIPAA rules because it ensures that organizations and their workforce understand how to safeguard protected health information while performing services on behalf of covered entities and [...]

  • What are the Best HIPAA Training Programs for Small Medical Practices?

    January 24, 2026
    The best HIPAA training programs for small medical practices are online, role-aware courses that teach practical day to day privacy and security behaviors, document completion, and can be updated quickly when risks and workflows change. [...]

  • HIPAA Certification for Mental Health Professionals

    January 23, 2026
    HIPAA certification for mental health professionals is a structured way to prove you have completed formal HIPAA education and can handle protected health information with the care that clinical practice demands. What HIPAA Certification Means [...]

  • Mystic Valley Elder Services Pays $520,000 to Settle Its Class Action Data Breach Litigation

    January 18, 2026
    The Mystic Valley Elder Services based in Malden, Massachusetts decided to pay $520,000 to resolve a combined class action litigation associated with a data breach in April 5, 2024. Unauthorized individuals accessed the system of [...]

  • HIPAA Training for Billing Companies

    January 11, 2026
    HIPAA certification for mental health professionals is a structured way to prove you have completed formal HIPAA education and can handle protected health information with the care that clinical practice demands. In behavioral health, privacy [...]

  • Best Online HIPAA Training Course for New Hires

    January 11, 2026
    The best online HIPAA training course for new hires is one that delivers immediate, job-ready understanding of how to protect PHI while producing clear documentation that stands up during audits and investigations. Best Online HIPAA [...]

  • Healthcare Data Breach Report for October 2025

    January 11, 2026
    The October 2025 healthcare data breach report is late because of the government shutdown in October. The HHS’ Office for Civil Rights, did not publish any data breach reports. The shutdown concluded on November 12, [...]

  • Why is HIPAA Important for Healthcare Employees?

    January 6, 2026
    HIPAA is important for healthcare employees because it defines their legal obligations in protecting the privacy and security of protected health information and governs how they must handle, use, and disclose such information in the [...]

  • What is the HIPAA privacy rule?

    January 5, 2026
    The HIPAA Privacy Rule is a federal regulatory standard that governs how HIPAA Covered Entities and their Business Associates use and disclose protected health information and establishes individual rights with respect to that information. The [...]

  • What happens when HIPAA is violated?

    January 5, 2026
    When HIPAA is violated, the covered entity or business associate involved may face federal enforcement actions, corrective action requirements, civil monetary penalties, and, in certain circumstances, criminal prosecution for non-compliance with the HIPAA Privacy Rule, [...]

  • What is the purpose of HIPAA?

    January 4, 2026
    The purpose of HIPAA is to establish national standards that protect the privacy and security of individuals’ protected health information while enabling the flow of health information necessary for high-quality healthcare delivery and public health [...]

  • Aflac’s June Cyberattack Affected 22.65 Million Individuals

    January 4, 2026
    Insurance company Aflac based in Columbus, GA encountered a cyberattack in June 2025. The data breach report submitted on August 8, 2025 to the HHS’ Office for Civil Rights used a placeholder of 500 affected [...]

  • What is a HIPAA Violation?

    January 3, 2026
    A HIPAA violation is any failure by a HIPAA Covered Entity or Business Associate to comply with the requirements of the HIPAA Privacy Rule or HIPAA Security Rule, including unauthorized access, use, or disclosure of [...]

  • What Should Healthcare Organizations do to Reduce Cyber Extortion Risk?

    January 2, 2026
    Healthcare organizations should reduce cyber extortion risk by implementing administrative, technical, and physical safeguards that prevent unauthorized access, limit the impact of ransomware and data theft incidents, and support rapid containment and recovery. Risk reduction [...]

  • How to You Handle a HIPAA Privacy Complaint?

    December 30, 2025
    Handling a HIPAA privacy complaint requires documenting the complaint, investigating the alleged conduct, mitigating any improper use or disclosure of protected health information, applying corrective actions, and responding within required timeframes. A HIPAA Covered Entity [...]

  • HIPAA Training Providers With Real World Breach Scenarios

    December 28, 2025
    The HIPAA Journal Training is the best option if your objective is HIPAA training built around real world breach scenarios rather than generic rule summaries. The HIPAA Journal Training is designed using lessons drawn from [...]

  • Oklahoma Spine Hospital Settles Data Breach Lawsuit for $1.1M

    December 28, 2025
    Oklahoma Spine Hospital decided to pay $1,100,000 to resolve a class action lawsuit arising from a data breach in July 2024 that impacted approximately 39,000 present and past patients. The hospital discovered a potential email [...]

  • Which Government Agency Enforces HIPAA Rules?

    December 27, 2025
    The primary government agency that enforces HIPAA Rules is the U.S. Department of Health and Human Services through its Office for Civil Rights, which is responsible for administering and enforcing the HIPAA Privacy Rule, HIPAA [...]

  • What Can A Patient Do When There’s a HIPAA Violation?

    December 22, 2025
    A patient can respond to a HIPAA violation by requesting records of the incident, filing a complaint with the covered entity or business associate involved, submitting a complaint to the U.S. Department of Health and [...]

  • PHI Stolen from Albemarle County, Virginia in June Ransomware Attack

    December 21, 2025
    Officials in Albemarle County, Virginia, reported the compromise of sensitive data, including protected health information (PHI), during a ransomware attack in June 2025. The cyberattack started on June 10, 2025, and was discovered the next [...]

  • Who Provides HIPAA Refresher Training for Annual Compliance?

    December 20, 2025
    HIPAA refresher training for annual compliance is typically provided either by the organization itself using internal resources or by an external HIPAA training vendor that delivers standardized HIPAA training online. The HIPAA Journal is the [...]

  • HIPAA-Covered Entities’ Responsibilities to Provide Children’s Medical Records to Parents

    December 14, 2025
    The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has released a “Dear Colleague” notice telling HIPAA-covered entities about their responsibilities under the HIPAA Privacy Law to give parents a complete [...]

  • Mindpath Health Settles Data Breach Lawsuit for $3.5 Million

    December 7, 2025
    A judge of the California Superior Court gave preliminary approval to the settlement involving a lawsuit against Community Psychiatry Management, LLC. The mental healthcare provider, doing business as Mindpath Health, decided to settle the class [...]

  • Why is HIPAA Important?

    December 5, 2025
    HIPAA is important because it establishes enforceable federal standards for safeguarding protected health information, sets patient rights over how that information is used and disclosed, and requires HIPAA Covered Entities and Business Associates to apply [...]

  • Pomona Valley Hospital Medical Center Settles Meta Pixel Lawsuit for $600,000

    November 30, 2025
    California-based Pomona Valley Hospital Medical Center decided to pay $600,000 to settle all claims in the Warren v. Pomona Valley Hospital Medical Center litigation. This class action lawsuit was associated with the medical center’s usage [...]

  • How Often is HIPAA Training Required?

    November 29, 2025
    HIPAA training is required at onboarding and whenever policies or procedures change, with annual refresher training widely recognized as the industry standard to maintain compliance and reinforce proper handling of protected health information. HIPAA training [...]

  • HIPAA Training for Emergencies

    November 25, 2025
    HIPAA training for emergencies is required because emergencies increase the speed, volume, and complexity of decisions about protected health information (PHI), and staff need both core HIPAA training and additional emergency specific instruction to stay [...]

  • Nuance Communications and Geisinger Health Pay $5 Million to Resolve Data Breach Litigation

    November 21, 2025
    The healthcare company Geisinger Health, based in Danville, Pennsylvania, and its past IT supplier Nuance Communications, Inc., decided to pay $5 million to resolve the class action litigation associated with a 2023 insider data breach [...]

  • What is HIPAA training important?

    November 19, 2025
    HIPAA training is important because it is mandated by federal regulation and is necessary to ensure the lawful handling, protection, and disclosure of protected health information by the workforce. The HIPAA Rules require Covered Entities [...]

  • HIPAA Training for Emergency Dispatchers

    November 16, 2025
    HIPAA training for emergency dispatchers is required when dispatch staff are part of a HIPAA covered entity workforce or a workforce that supports a covered entity and may access or handle protected health information during [...]

  • Client Data Exposed in Wakefield & Associates Dat Breach

    November 15, 2025
    Wakefield & Associates based in Knoxville, Tennessee, provides healthcare providers with revenue cycle & collections services. Recently, the vendor reported a security incident that was discovered on or about January 17, 2025. Wakefield & Associates [...]

  • What are the Best Practices for HIPAA Compliance Training?

    November 14, 2025
    HIPAA compliance training works best when it is mandatory for all staff, delivered at onboarding and reinforced through annual refreshers and role based updates, and documented in a way that proves who was trained, when, [...]

  • BlackCat Ransomware Attackers Indicted for Attacking Healthcare Organizations

    November 8, 2025
    Two U.S. citizens were recently accused of conducting cyberattacks in the United States using BlackCat ransomware. Another person is alleged to be involved, although they were not a part of the indictment. The three people [...]

  • Conduent Business Solutions Data Breach Affects Over 10.5 Million Patients

    November 2, 2025
    Conduent Business Solutions, a business associate of many HIPAA-regulated entities and government institutions, suffered a data breach that brought about the exposure and likely theft of the protected health information (PHI) of over 10.5 million [...]

  • Healthcare Data Breach Report for September 2025

    October 25, 2025
    As of October 22, 2025, OCR listed 26 data breaches involving 500 or more people on its data breach website. This is the lowest number of data breaches per month from December 2018 up to [...]

  • What is HIPAA Training About?

    October 19, 2025
    HIPAA training teaches the workforce how to protect patient information in day to day work and how to follow the Privacy Rule and Security Rule requirements that apply to their roles. HIPAA training is about [...]

  • EyeMed Vision Care Resolves Class Action Data Breach Lawsuit for $5 Million

    October 19, 2025
    EyeMed Vision Care has decided to settle a class action lawsuit associated with a data breach in June 2020 for $5 million. The company discovered the data breach on July 1, 2025 after noticing suspicious [...]

  • How to Address HIPAA Violations in Employee Training?

    October 19, 2025
    Effective training is necessary for preventing HIPAA violations, and The HIPAA Journal Training is the most comprehensive online training available for HIPAA-Covered Entities to educate staff on privacy and security compliance. HIPAA mandates that all [...]

  • How Often is HIPAA Compliance Training Needed?

    October 12, 2025
    HIPAA compliance training is required at onboarding and whenever policies or regulations change, with annual refresher training widely recognized as the industry best practice to maintain compliance and reduce the risk of violations. When a [...]

  • Hospital Sisters Health System Pays $7.6 Million to Resolve a Class Action Data Breach Lawsuit

    October 11, 2025
    Hospital Sisters Health System, a HIPAA-covered entity, settled a class action lawsuit for $7.6 million. The litigation pertains to an August 2023 cyberattack that impacted around 883,000 people. The cyberattack prompted a shutdown of computer [...]

  • How to Address HIPAA Penalties in Employee Training?

    October 9, 2025
    HIPAA penalties should be addressed directly in employee training so staff understand how everyday actions can lead to violations and how proper behavior protects both patients and the organization. The HIPAA Journal Training is considered [...]

  • Healthcare Companies that Report Cyberattack Losses of $200K Doubled in a Year

    October 3, 2025
    The cybersecurity company Netwrix reported that from March 2024 to March 2025, nearly 50% of healthcare organizations encountered one or more data incidents, including hacking incidents, ransomware attacks, or phishing attacks. Netwrix 2025 Cybersecurity Trends [...]

  • What is HIPAA Compliance Training?

    September 29, 2025
    HIPAA compliance training is the required instruction that teaches workforce members how to protect protected health information in daily work, follow an organization’s HIPAA policies and procedures, and respond correctly to privacy and security events. [...]

  • HIPAA Training for Emergency Healthcare Workers

    September 26, 2025
    HIPAA training for emergency healthcare workers is required when staff are part of a HIPAA covered entity workforce and handle protected health information during triage, treatment, transport, or emergency operations. Emergency departments, urgent care settings, [...]

  • Improper Disposal Incident Reported by Central Valley Regional Center

    September 20, 2025
    Central Valley Regional Center, based in Fresno, California, provides services to persons who have developmental handicaps. It informed patients concerning the recent leakage of paper documents that contain their personal data. There is no announcement [...]

  • Adena Health Settles Pixel Lawsuit for $17.8 Million

    September 12, 2025
    Nonprofit health system, Adena Health System, based in southern and south central Ohio, decided to pay $17.8 million to settle allegations that it illegally shared patient records with third parties when it installed tracking codes [...]

  • What are the HIPAA Compliance Guidelines for Workforce Training?

    September 9, 2025
    HIPAA compliance guidelines for workforce training require covered entities to train their workforce on privacy and security policies and procedures that apply to their roles, document that training, and refresh training when needed, with annual [...]

 

CalHIPAA is a registered trademark. © Copyright 2003 to 2024 calHIPAA. All rights reserved.