News & Analysis as of

Data Breach Health Insurance Portability and Accountability Act

HIPAA Enforcement Update (February 2017 – April 2017)

by Locke Lord LLP on

In recent months, the Department of Health and Human Services, Office for Civil Rights (OCR) has announced four settlement agreements and one civil monetary penalty to resolve allegations of Health Insurance Portability and...more

Press Release Mistake Leads to $2.4 Million HIPAA Penalty for Health System

by Nossaman LLP on

On May 10, 2017, the U.S. Health and Human Services Department Office for Civil Rights (“OCR”) announced an agreement whereby Memorial Hermann Health System (“MHHS”) will pay a $2.4 million penalty for releasing a patient’s...more

HHS OCR Resumes HIPAA Enforcement Action Announcements: Four New Settlements and Penalties Totaling More than $5 million in a One...

by Arnall Golden Gregory LLP on

After a pause of nearly two months, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has resumed its announcement of settlements for alleged HIPAA violations, with four new settlement agreements...more

Misconfigured Backup Server Exposes 7,000+ Medical Records

A misconfigured backup server hosted by medical records technology vendor iHealth Solutions resulted in exposure of over 7,000 medical records, some containing sensitive information. The records, involving patients seen at...more

Wireless HealthHealthcare Services Provider’s $2.5m Settlement Demonstrates Why Understanding HIPAA Requirements Is a Must

by Dickinson Wright on

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced a $2.5 million Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement with CardioNet, which is a company that...more

New Mexico Enacts Data Breach Notification Law

by King & Spalding on

On April 6, 2017, New Mexico became the 48th state to enact a data breach notification law; the Data Breach Notification Act (the “Act”) will go into effect on June 16, 2017. The good news for many in the health care...more

OCR Settles With Texas Health System for $2.4 Million for Disclosing PHI to Media In a Press Release

The Office for Civil Rights (OCR) issued a press release today announcing that it has settled alleged HIPAA violations with Memorial Hermann Health System (MHHS) for $2.4 million. According to the Resolution Agreement it has...more

2017 HIPAA Enforcement – Appears Not To Be Slowing Down

by Snell & Wilmer on

To state the obvious, there has been some uncertainty regarding how the Trump Administration will affect federal agency enforcement efforts. However, at least, in regard to HIPAA Privacy and Security, the U.S. Department of...more

OCR Settlement Lessons - Failing to Perform an Electronic Access Risk Analysis Before an Unauthorized Access Occurs

by Ruder Ware on

Failure to conduct a risk assessment before a hacking incident occurred resulted in a $400,000 settlement between the Office of Civil Rights (OCR) and a Federally Qualified Health Clinic (FQHC). The FQHC filed a breach...more

Lessons from OCR HIPAA Settlements - Mobile Device Security Standards

by Ruder Ware on

In the first known case involving a wireless provider, a cardiology service provider agreed to pay a $2.5 million settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI)....more

A Draft Won’t Do: OCR Settles with CardioNet $2.5m for Failing to Finalize Policies and Procedures

On April 24, 2017, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk for cardiac...more

Two HIPAA Mistakes Lead to Fines from OCR

It was a busy April for the Office for Civil Rights (“OCR”) (see our prior post on a settlement from earlier in April). On April 20, OCR announced a Resolution Agreement with Center for Children’s Digestive Health, S.C....more

4,229 Psychiatric Patients’ Records Hacked

Bangor Health Center, a psychiatric practice located in Bangor, Maine, has notified 4,229 patients that a hacker from Moldova has accessed their psychiatric records, including names, addresses, Social Security numbers,...more

OCR Settles First Case With Wireless Provider for $2.5 Million

Touted as the first OCR settlement with a wireless health services provider, the OCR announced on April 24, 2017, that it has settled alleged HIPAA violations with CardioNet, based in Pennsylvania for $2.5 million....more

First HIPAA Settlement Involving a Wireless Health Services Provider

by Saul Ewing LLP on

?On April 24, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that CardioNet, Inc. (CNI) agreed to pay $2.5 million and enter into a Corrective Action Plan (CAP) to settle...more

It’s Just Plain Risky Not to Do A Risk Analysis: Recent OCR Settlement One of Several Resulting from Failure to Analyze and...

by Williams Mullen on

On April 12, 2017, the Office for Civil Rights (“OCR”) announced a settlement and corrective action plan with a Colorado federally-qualified health center, Metro Community Provider Network (“MCPN”), after a 2012 breach of...more

Healthcare Advisory: HHS Announces First Settlement with a Wireless Health Services Provider

by Sherman & Howard L.L.C. on

On April 24, 2017, the Department of Health and Human Services, Office of Civil Rights (“OCR”), announced its first settlement with a wireless health services provider, CardioNet, Inc., for alleged violations of the Health...more

Health Care E-Note - April 2017

by Burr & Forman on

An often overlooked and under publicized provision of the False Claims Act (“FCA”) is the retaliatory discharge prohibition. This is probably because retaliatory discharge claims do not grab headlines by winning multimillion...more

Failure to Implement Business Associate Agreement Results in $31,000 Settlement For Health Care Provider

by Saul Ewing LLP on

On April 20, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Children’s Digestive Health (CDH) agreed to pay HHS $31,000 for its failure to have a business associate...more

The Center for Children’s Digestive Health Settles with OCR for $31,000

The Office for Civil Rights (OCR) has announced that it entered into a settlement with The Center for Children’s Digestive Health (CCDH) for $31,000.  CCDH is a small for-profit health care provider with seven locations in...more

OCR Levies Hefty Fine Against FQHC

Showing no signs of letting up on enforcement actions, the Office for Civil Rights (OCR) late last week settled an investigation against Metro Community Provider Network MCPN, a Colorado based federally qualified health...more

March Sees an Uptick in Health Data Breaches

The monthly breach report issued by Protenus last week outlining data breaches that occurred in the month of March concludes that there was an “uptick in the number of health data breach incidents.”...more

$400,000 Settlement Highlights Need for Pre- and Post-Breach Safeguards

by Dickinson Wright on

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced another Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement. This one is with Metro Community Provider...more

ABCD Pediatrics Victim of Ransomware

ABCD Pediatrics, located in San Antonio, Texas has notified the Office for Civil Rights that a ransomware cyber intrusion has resulted in access to its servers, including the protected health information (PHI) of its...more

Washington University School of Medicine Victim of Phishing Attack

Another employee falls for a phishing attack. This time, it was an employee of the Washington University School of Medicine The employee received a phishing email on December 2, 2016, and feel for what looked like a real...more

502 Results
|
View per page
Page: of 21
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
Feedback? Tell us what you think of the new jdsupra.com!