News & Analysis as of

A Year in Review: Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights

The U.S. Department of Health and Human Services Office for Civil Rights had another busy year in 2014. More resolution agreements were signed by HHS and Covered Entities than in the previous year, and several Covered...more

Think You Know Your HIPAA-Related Obligations? Read the ONC’s New Privacy and Security Guide to Find Out

In 2013, we alerted you to the expansion of the definition of the term “business associate” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Now, the Office of the National Coordinator for Health...more

April Brings Amendments to Washington and North Dakota Breach Notification Requirements

April saw amendments to Washington State's and North Dakota's breach notification statutes. In a prior Orrick Alert, we discussed some of the implications from the proposed data breach notification amendments in...more

Comingling of employee and patient data compromises employer’s HIPAA defense to employee’s claim of discharge for union activity

An administrative law judge (ALJ) of the National Labor Relations Board has concluded that a health care employer’s use of its medical records software to store employee contact information allowed an employee to access that...more

New Study Finds That Criminal Attacks Are The Number One Cause Of Health Sector Data Breaches

On May 7, 2015, the Ponemon Institute released its Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data (the “Study”), which surveyed 90 HIPAA covered entities and 88 business associates regarding their...more

OCR Announces Settlement and Corrective Action Plan with Pharmacy Stemming from Alleged Violations

On April 24, 2015, the HHS Office for Civil Rights (“OCR”) once again stressed the importance of properly disposing of protected health information (“PHI”) when it announced its settlement and corrective action plan with...more

Gavel to Gavel: Protect your data

The ever-increasing expense of corrective actions taken by companies after data breaches is often publicized. What’s not as apparent, or as publicized, are steps companies can take that may reduce the costs and the likelihood...more

Criminal Cyberattacks: The No. 1 Cause of Health Care Data Breaches in 2014

A new study released on May 7, 2015, by the Ponemon Institute revealed that criminal cyberattacks on health care organizations were the most prevalent cause of data breaches in 2014. The report underscores the need to think...more

New Washington State Data Breach Amendments Mandate Notice to Consumers Within 45 Days of Breach

On April 23, Gov. Jay Inslee signed amendments to Washington state’s data breach notification law. The amendments strengthen protections to consumers and mandate a new time frame and reporting requirements for alerting...more

Partners HealthCare Hit with Phishing Expedition Exposing 3,300 Patient Records

Late last week, Partners HealthCare announced that it notified approximately 3,300 patients of a security breach involving a hacking incident where intruders accessed medical and personal information of patients....more

OCR Announces Another HIPAA Settlement and Warns Not to Forget About Paper Records

On April 27, 2015, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that Cornell Prescription Pharmacy (“Cornell Pharmacy”) had entered into a resolution agreement to settle,...more

HIPAA Rules and Procedures in the Event of a Data Breach, Part Two

My last post focused on the discovery and investigation of a data security breach to determine if breach notification is needed. Today’s post now turns to the requirements of breach notification triggered by a data security...more

HIPAA Rules and Procedures in the Event of a Data Breach, Part One

As discussed in my prior post, recent massive data breaches at major retailers and health insurance providers paint a bleak picture of modern data and emphasize the importance of strong security safeguards and plans for...more

Data Breach Class Actions: Don’t Overlook Standing Defense Just Because Plaintiff Alleges Identity Theft

A New Jersey federal district court recently dismissed the putative class action claims of four plaintiffs against a health care defendant following the theft of two password-protected laptops allegedly containing personal...more

Health Plan Lawsuits and Data Breach Claims: Recent Developments and Implications

Five class action lawsuits have been filed against Premera Blue Cross in federal court in Seattle, Washington following the recent report of a data breach that affected approximately 11 million individuals. The lawsuits make...more

Healthcare Legal News Volume 5 Number 2

According to a recent study by Accenture, by 2017 approximately 18 percent of the American public will purchase insurance through exchanges versus relying on traditional employer healthcare coverage or foregoing insurance...more

State Law Claims Based on HIPAA Guideline Violations Are Not Preempted by HIPAA

Though the Health Insurance Portability and Accountability Act of 1996 (HIPAA) precludes a private right of action in the event of a breach of confidentiality, recent decisions have found that claims based on such breaches...more

Getting the Best Medical Care: a Newsletter from Patrick Malone - April 2015

In This Issue: - What's at Risk - Who's Peeking Into Your File? - Quality Control Is Lacking - How to Protect Your Health Information - Excerpt from Who's Peeking Into Your File? The Washington Post...more

Another Health Plan Hit By Massive CyberAttack and Class Actions Follow

Coming fresh off the heels of the Anthem data breach Premera Blue Cross announced on March 17th that it was the victim of a “sophisticated” cyberattack that may have exposed the personal information of approximately 11...more

HIPAA Breach Affects Many Western New York School Districts

Recently, a national BlueCross BlueShield affiliate, Anthem, Inc., discovered that its information technology systems was hacked. The information believed to have been accessed includes names, member ID numbers, dates of...more

Blog: Class Action Following Health Information Data Breach

As we discussed in our previous post, Premera Blue Cross (Premera) recently revealed that it suffered a massive data breach potentially exposing the personal data of 11 million customers. ...more

Lessons Learned from Recent Data Security Breaches, Part Two

Because controlling access is essential to protecting privacy of PHI under HIPAA, the HITECH Security Rule essentially requires that a covered entity control physical and electronic access to the data system by implementing...more

Premera Cyber-Attack Announced: Defining Your Obligations as an Employer

On March 17, 2015, Premera announced a data breach involving the personal information of more than 11 million individuals resulting from what it characterized as a sophisticated, targeted cyber-attack. Employers and plan...more

Lessons Learned from the Anthem Cyber-Attack and Corresponding “HIPAA Actions”

Anthem Inc. (“Anthem”), the nation's second-largest health insurer, disclosed on Wednesday, February 4, 2015, that it was the victim of a major cyber-attack. According to Anthem, the attack exposed personal information of...more

Monthly Benefits Alert - February 2015

Health & Wellness Plans - Anthem Data Breach Requires Plan Sponsor Attention - On January 29, 2015, Anthem Inc., one of the largest managed health care companies in the country, disclosed that the sensitive...more

231 Results
|
View per page
Page: of 10

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.
×