Cyber crooks steal medical information of tens of millions of people in the U.S. every year, a number that is rising fast as health care undergoes its digital transformation. It leads to millions of dollars in losses for hospitals, insurers and other health care organizations, threatens care delivery and exposes patients to identity theft.

Today, the Office for Civil Rights (OCR) at the Department of Health and Human Services announced a settlement with New England Dermatology P.C., d/b/a New England Dermatology and Laser Center (“NDELC”), over the improper disposal of protected health information, a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. As a result, NEDLC paid $300,640 to OCR and agreed to implement a corrective action plan to resolve this investigation. NEDLC is located in Massachusetts and provides dermatology services.

The co-chairs of Congress’ Cyberspace Solarium Commission are requesting a sit-down with Biden administration officials to discuss what they say is a lack of timely sharing of actionable threat information with the healthcare industry. In a letter sent Thursday to Health and Human Services Secretary Xavier Becerra, Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wisconsin, say the growing threat requires dramatic improvements within the department Becerra oversees.

Today, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced the resolution of eleven investigations in its Health Insurance Portability and Accountability Act (HIPAA) Right of Access Initiative, bringing the total number of these enforcement actions to thirty-eight since the initiative began. OCR created this initiative to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule.