HIPAA

AI Impersonates Clinicians: What You Need to Know Artificial intelligence is rapidly entering everyday medical workflows—from documentation support and patient messaging to clinical decision support and triage tools. While these technologies can improve efficiency in private practice settings, a recent Pennsylvania lawsuit highlights an important and emerging risk: AI systems that appear to “act like clinicians” may be crossing into the unlicensed practice of medicine.

With the inception of the world wide web and storing patient information electronically, offices have had to trust software vendors, cloud services, and third-party partners with their most sensitive information — ePHI. But trust alone is not a control.

Over the years, we’ve published several articles explaining what constitutes a breach and the steps to take if one occurs in your practice. Today, we’re focusing on “Safe Harbor” provisions—specifically, when an incident may not be considered a reportable breach.

Data Breaches in Healthcare and the Rising Risk of Class Action Litigation Data breaches in healthcare continue to increase in frequency and severity, and they are increasingly followed by class action lawsuits against medical practices and healthcare systems. These lawsuits represent a significant financial and operational risk for covered entities and business associates alike.

Prepare for the Next Network or System Outage: Ensure Continuity of Patient Care Healthcare practices rely heavily on electronic systems for managing patient care, scheduling, documentation, prescriptions, referrals, billing, and communication. Unexpected outages—whether caused by cyberattacks, natural disasters, software errors, or network failures—can have a drastic impact on patient care and business operations. Because of this, having a comprehensive plan to respond to downtime is essential. This plan is known as your downtime contingency plan.

Were you using NextGen in 2023 and did your practice experience a data breach? Your patients may be eligible to join a class action lawsuit against NextGen. According to Claim Depot

Cyberattacks targeting health care organizations are on the rise. According to OCR Director Melanie Fontes Rainer, securing electronic protected health information (ePHI) is more important than ever. Organizations that fail to address known vulnerabilities put patient data—and their reputation—at risk.

TriZetto Provider Solutions is a healthcare IT subsidiary of Cognizant Technology Solutions that provides revenue cycle management and claims processing services to physicians, hospitals, and health systems. Trizetto has experienced a significant data breach of patient information.

Maintaining good email security is an important factor in keeping your network secure and your patient information safe. Statistics show that 75-90% of cyberattacks start with a phishing email, making it the top delivery method for malware and/or ransomware. Email Security needs to be addressed whether or not emails are used to send patient information. Any time anyone, an employee or a patient, sends or receives emails on your network, that is an access point to your network. In order to protect your network, we need to determine what security protocols are in place to ensure nothing malicious is able to piggy-back on the email connections.

HHS’ Office for Civil Rights Settles HIPAA Right of Access Investigation with Concentra, Inc.