News & Analysis as of

Eye on Privacy Newsletter - March 2014

In this issue: - Kaiser Foundation Health Plan Settles California Attorney General Charges over Delayed Data Breach Notification - Status of the EU Regulation and the Safe Harbor Framework - FTC Steps...more

Data Breach Class Settlement Approved After Eleventh Circuit Held Identity Theft Following Breach Presents Cognizable Injury

Recently, the U.S. District Court for the Southern District of Florida approved a class settlement in a case in which the plaintiffs claimed financial harm from a health care company’s failure to protect their personal...more

Counties Beware – Your Governmental Status Does Not Protect You from Liability for a HIPAA Breach

As a county government, you may think that you have the protection of sovereign immunity and protection from other governments penalizing you. Your status does not protect you. The Department of Health and Human Services...more

Do Windows XP Users Risk HIPAA Non-Compliance?

Microsoft recently announced that, after April 8, 2014, it will not longer provide security updates or technical support for Windows XP. Microsoft’s statement that “businesses that are governed by regulatory obligations such...more

FTC Settles Case With Medical Transcription Company

The Federal Trade Commission (FTC) recently announced that it had settled its data privacy case against medical transcription firm GMR Transcription Services, Inc. (GMR) following allegations that GMR had failed to adequately...more

Health Law Blog: County Government Settles Alleged HIPAA Violations

A small county in Washington has agreed to pay $215,000 to settle allegations that it violated HIPAA by failing to secure electronic protected health information. Skagit County maintained protected health information (“PHI”)...more

Belgium: Beware Of The Barking Privacy Watchdog, She’s Biting

The quietness in the privacy landscape in Belgium is about to drastically change. Reason for the change of pace are the recent major data breaches that were published by the media. The Privacy Commission announced it will...more

Proposed $6.8M Fine Related to Puerto Rico Breach Incident

Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other...more

Unprecedented HIPAA Fine May Mean Increased Scrutiny and Penalties

Triple-S Management Corp. (“Triple-S”), a Puerto Rico-based health insurer, has been fined $6.8 million by the Puerto Rico Health Insurance Administration (“PRHIA”) following a Health Insurance Portability and Accountability...more

California Attorney General Files Suit Over Untimely Data Breach Notice

On January 24, the California Attorney General (AG) sued a health care company over its alleged failure to timely submit notice of a 2011 data breach. According to the complaint, the company learned of the breach at the end...more

Health Care Entity Pays $150,000 to HHS as a Result of Stolen Thumb Drive Containing PHI

Encrypting USB drives, analyzing security risks, and implementing breach notification policies and procedures could mean the difference between compliance with the Health Insurance Portability and Accountability Act (“HIPAA”)...more

U.S. Privacy and Data Protection: 2013 Year in Review and a Look Ahead to 2014

In Boston, we celebrated Data Privacy Day (January 28) by presenting “U.S. Privacy and Data Protection: 2013 Year In Review and a Prediction of What’s to Come in 2014” for participants in an IAPP KnowledgeNet. Our panel of...more

Health Update - Jan 27, 2014

Going Digital with Patients: Managing Potential Liability Risks of Patient-Generated Electronic Health Information - Patients are increasingly using new electronic tools, such as personal health records and mobile...more

Data Breach Wall of Shame: 2013's Highlights and Lessons

Since 2009, the HHS Office for Civil Rights (“OCR”) has posted all large data breaches – those that involve 500 or more individuals – online on its so-called “Wall of Shame.” In 2013, 160 large data breaches were reported to...more

HHS Announces First HIPAA Settlement Based on Lack of Breach Notification Policies and Procedures

The Department of Health and Human Services (HHS) recently announced the first settlement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) based on violations of the law's privacy, security,...more

New Jersey Federal Court Applies Supreme Court’s Clapper Decision and Dismisses Data Breach Class Action

Relying in part on the recent United States Supreme Court’s ruling in Clapper v. Amnesty International, a federal judge in New Jersey dismissed a putative data breach class action against three healthcare entities and a...more

Settlement Reached Regarding Dermatology Practice’s HIPAA Violation

Adult and Pediatric Dermatology (A&P Dermatology) of Concord, Massachusetts has entered into a resolution agreement with the Department of Health and Human Services (HHS) to settle potential violations of the Health Insurance...more

How To Catch-Up in a Revised HIPAA World

The HIPAA final omnibus rule (Omnibus Rule) made sweeping changes to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules earlier this year. Although the compliance deadline of September 23, 2013 has come...more

Cyber Risk Trends for 2014

According to recent post from Property Casualty 360°, The Six Trends of Cyber Risk in 2014, insurers need to know: 1. Data breach costs are trending downward. The cost per record to respond to a breach dropped from...more

On the Second Day of Privacy, California Gave to Me……

Well, the headlines don’t exactly work with the traditional tune, but blame the editor for that... 2013 was a busy year for California. We passed a budget with a surplus, let Kim and Kanye get engaged in one of our...more

Calif. Case Limits Health Care Data Breach Claims

The California Court of Appeal recently limited plaintiffs’ ability to state a claim under the California Medical Information Act (CMIA), Cal. Civ. Code §§ 56 et seq., and their ability to get statutory damages under the act....more

Recent California Decision Upholds Data Breach Coverage

The U.S. District Court for the Central District of California recently upheld coverage under a commercial general liability policy for a hospital data breach that compromised the confidential medical records of nearly 20,000...more

Another major medical data breach in California

Or….why are health care institutions still leaving laptops containing PHI unencrypted???? The Los Angeles Times (the “Times”) reported this week the theft of two laptops from an administrative office of hospital group...more

Cloud Computing: Healthcare Issues in a Digital Age – (Part Two)

Hospitals and health care providers must often look to third party vendors offering cloud computing solutions, but are these companies well-prepared to meet the HIPPA/HITECH Act privacy and security requirements as well as...more

Settlement Emphasizes the Need for HIPAA Risk Management

A HIPAA violation involving a health plan’s failure to erase protected health information from photocopier hard drives has resulted in a $1.2 million settlement. Your risk can be significantly reduced if you adopt and...more

43 Results
|
View per page
Page: of 2