Written by: Ashik Jahan, Esq. On May 12, 2016, the Occupational Safety and Health Administration (OSHA) published another final rule regarding the reporting of injuries and illnesses and protecting employees who make complaints. This new OSHA rule, which goes into effect on August 10, 2016, goes after two workplace safety policies that are often involved in Georgia Workers’ Compensation claims: 1) incentive programs for accident avoidance and 2) post-incident drug testing. OSHA will consider incentive programs to be retaliatory if they offer benefits to employees who do not report injuries and illnesses. A policy will not be considered to be reasonable if it would “deter or discourage” an employee from accurately reporting a workplace injury or illness. Programs that reward employees for correctly following legitimate safety rules or promote participation in safety trainings or investigations will not be considered to be retaliatory. Consequently, safety incentive programs should be reviewed to…       Read More

Compiled By: Richard Sheinis, Esq. UMMC to pay $2.75 million fee in federal settlement Hattiesburg American JACKSON – After failing to notify patients of a potential data breach in 2013, the University of Mississippi Medical Center announced Friday it will pay … Decisio Health delivers data bedside in the ICU ModernHealthcare.com Healthcare providers are turning to data analytics and standardization as they … Science Center at Houston, Decisio took a clinician’s approach to data. … servers to store patient data, minimizing the risk of security breaches or data … As Biometric Scanning Use Grows, So Does Security Risk NBCNews.com An estimated 22 million people had their personal data stolen in a massive data breach at the Office of Personnel Management in December 2014, Police, cyber firms tackle ‘ransomware’ hacking threat Sun Daily DUTCH police, Europol and a coalition of cyber security firms launched a new website Monday to fight a…       Read More

Written by: Don Benson, Esq. Congress enacted legislation in November of 2015 requiring federal agencies to adjust their civil penalties to account for inflation. OSHA’s maximum penalties were last adjusted in 1990. The new penalties will increase by 78%. Effective August 1, 2016, any citations issued by OSHA     after that date will be subject to the new penalties if the alleged violations occurred after November 2, 2015. The penalties will be adjusted for inflation annually based on the Consumer Price Index. State OSH Agencies are required to adopt penalties that are at least as effective [i.e. costly] as the new federal maximum penalties.

Written by :  Richard Sheinis, Esq. Over the last several months I have written about the dangers of hacker’s compromising various types of internet connected medical devices used by hospitals, and other medical providers. TrapX Security has now issued Part 2 of their “Anatomy of Attack” series, addressing the hacking of medical devices (http://deceive.trapx.com/rs/929-JEW-675/images/AOA_Report_TrapX_MEDJACK.2.pdf?aliId=1419599). This is an excellent study, which highlights the continued vulnerability of Internet connected medical devices. One of the challenges in securing medical devices is that any security has to be built-in by the manufacturer. Medical providers cannot change or alter medical devices, which have gone through the FDA approval process.Therefore, the medical provider’s usual cyber defense software cannot be installed on the device. Unfortunately, hackers have been able to breach medical devices even when they are installed on the medical provider’s system, which is believed to be protected by the providers firewall. Hackers are using medical devices to…       Read More

Written by: Richard Sheinis, Esq.  On Monday, July 11, HHS issued a “Fact Sheet” on ransomware and HIPAA. While we know that the frequency of ransomware attacks has gone through the roof, HHS brought us some sobering figures. Since early 2016 there have been 4,000 daily ransomware attacks reported in the U.S. This represents a 300% increase over the daily ransomware attacks reported in 2015. The most pertinent information in the Fact Sheet is HHS’s guidance on whether it is a HIPAA breach when ransomware infects the computer system of a medical provider or a business associate. While this has been a subject of debate in the medical/legal HIPAA community for some time, it has been my opinion that “classic” ransomware, which only encrypts electronic Protected Health Information (“ePHI”) in the computer system, is not a HIPAA breach because it does not view, acquire or disclose the PHI. HHS disagrees…       Read More

Compiled By: Richard Sheinis, Esq. EU Reach New Data Privacy Agreement ABC News The U.S. and European Union have announced approval of a new data privacy agreement that EU regulators say will impose stricter obligations on … HHS: Ransomware attacks considered breaches in most cases Becker’s  Hospital Review Stakeholders questioned whether this type of attack is considered a data breach because in such events data is made inaccessible to the users and … Alabama website breach revealed personal data of some state retirees AL.com A Mobile woman who was helping her parents with their state health insurance coverage saw names, dependent’s names, dates of birth and Social … Google notifies users of 4000 state-sponsored cyber attacks per month CNBC A senior executive of Alphabet’s Google unit said on Monday that the company was notifying customers of 4,000 state-sponsored cyber attacks per … Guccifer never hacked Clinton email server, FBI director…       Read More

Compiled by: Richard Sheinis, Esq Hospitals Targeted in New Wave of Medjack Attacks Softpedia News These medical devices will make these networks much more susceptible to a successful cyber attack,” TrapX writes in its report. “We noted this in early   Hard Rock Hotel & Casino Announces Second Data Breach LowCards.com The Hard Rock Hotel & Casino in Las Vegas, Nevada announced they have experienced their second data breach in just over a year. The company … Data potentially breached for 2500+ patients at Planned Parenthood in Dubuque KCRG DUBUQUE, Iowa (KCRG-TV9) — Planned Parenthood of the Heartland says a potential data breach may have affected 2,506 patients in Dubuque who … Half-year in review: 8 biggest data breaches from the past 6 months Becker’s Hospital Review The first six months of the year saw numerous data breaches. Here are eight of the biggest ones that occurred at hospitals and…       Read More