News & Analysis as of

Security Rule Compliance: The Importance of Performing Regular Risk Analyses

It is likely that you are familiar with the HIPAA Security Rule’s mandate that covered entities and business associates document the decision making process that led to the selection of their means to achieve security for...more

HIPAA Complaint Seeks Class Action Status

A complaint filed in the Superior Court of California on March 14, 2014, requested certification as a class action and sought a wide variety of damages arising from a breach of personal information. Doe vs. Sutherland Health...more

Take 5 Newsletter: 5 Employment Law Considerations in "The Cloud"

What is "the cloud," and what on Earth (pun intended) does cloud computing have to do with employment law? While many definitions abound, cloud computing at its core is a form of remote electronic data storage,...more

Health Law Blog: County Government Settles Alleged HIPAA Violations

A small county in Washington has agreed to pay $215,000 to settle allegations that it violated HIPAA by failing to secure electronic protected health information. Skagit County maintained protected health information (“PHI”)...more

New Ponemon Study on Patient Privacy & Data Security Released

The Ponemon Institute’s Fourth Annual Study on Patient Privacy & Data Security, dated March of 2014 and sponsored by ID Experts, is now available. The study, involving a sample of 91 organizations, contains both good news and...more

Proposed $6.8M Fine Related to Puerto Rico Breach Incident

Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other...more

Triple-S Socked with $6.8 Million Sanctions for PHI Breach

Triple-S, an insurance holding company and subsidiary of Triple-S Management Corporation, was notified by the Puerto Rican Health Insurance Administration (“HIA”) that HIA would pursue penalties against Triple-S for its...more

Unprecedented HIPAA Fine May Mean Increased Scrutiny and Penalties

Triple-S Management Corp. (“Triple-S”), a Puerto Rico-based health insurer, has been fined $6.8 million by the Puerto Rico Health Insurance Administration (“PRHIA”) following a Health Insurance Portability and Accountability...more

How To Analyze A HIPAA Breach

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) and subsequent regulations have changed several aspects of compliance with HIPAA, including the way covered entities should think about...more

Health Care Entity Pays $150,000 to HHS as a Result of Stolen Thumb Drive Containing PHI

Encrypting USB drives, analyzing security risks, and implementing breach notification policies and procedures could mean the difference between compliance with the Health Insurance Portability and Accountability Act (“HIPAA”)...more

U.S. Privacy and Data Protection: 2013 Year in Review and a Look Ahead to 2014

In Boston, we celebrated Data Privacy Day (January 28) by presenting “U.S. Privacy and Data Protection: 2013 Year In Review and a Prediction of What’s to Come in 2014” for participants in an IAPP KnowledgeNet. Our panel of...more

Health Update - Jan 27, 2014

Going Digital with Patients: Managing Potential Liability Risks of Patient-Generated Electronic Health Information - Patients are increasingly using new electronic tools, such as personal health records and mobile...more

Stolen Thumb Drive Sets HIPAA Precedent

A Massachusetts dermatology practice, Adult & Pediatric Dermatology, P.C. ("APDerm") recently agreed to pay $150,000 to settle potential violations of HIPAA Privacy, Security, and Breach Notification Rules. The settlement was...more

Dermatology Practice Agrees to Settlement in Connection with HIPAA Breach

A Massachusetts-based dermatology practice recently agreed to pay $150,000 to settle claims that it failed to have sufficient policies and procedures in place to address a breach notification requirement under the HITECH Act....more

Accretive Health Data Breach Leads To Twenty-Year Settlement With The FTC

On December 31, 2013, the Federal Trade Commission ("FTC") announced that Accretive Health, Inc., ("Accretive") agreed to settle charges that the company's inadequate data security measures exposed sensitive consumer...more

HHS Announces First HIPAA Settlement Based on Lack of Breach Notification Policies and Procedures

The Department of Health and Human Services (HHS) recently announced the first settlement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) based on violations of the law's privacy, security,...more

Settlement Reached Regarding Dermatology Practice’s HIPAA Violation

Adult and Pediatric Dermatology (A&P Dermatology) of Concord, Massachusetts has entered into a resolution agreement with the Department of Health and Human Services (HHS) to settle potential violations of the Health Insurance...more

Providers: Prepare Your Breach Notification Policy!

On December 26, 2013, Adult & Pediatric Dermatology, a dermatology practice located in Massachusetts, agreed to pay a $150,000 fine after it lost an unencrypted thumb drive containing over 2,000 patients’ health records, and...more

On the Second Day of Privacy, California Gave to Me……

Well, the headlines don’t exactly work with the traditional tune, but blame the editor for that... 2013 was a busy year for California. We passed a budget with a surplus, let Kim and Kanye get engaged in one of our...more

Calif. Case Limits Health Care Data Breach Claims

The California Court of Appeal recently limited plaintiffs’ ability to state a claim under the California Medical Information Act (CMIA), Cal. Civ. Code §§ 56 et seq., and their ability to get statutory damages under the act....more

Recent California Decision Upholds Data Breach Coverage

The U.S. District Court for the Central District of California recently upheld coverage under a commercial general liability policy for a hospital data breach that compromised the confidential medical records of nearly 20,000...more

Little Harm, Big Damages: AvMed Settlement Could Change the Landscape for Privacy Breach Class Actions

On October 21, Florida-based health insurer AvMed, Inc. (AvMed) settled a data breach class action lawsuit for $3 million, even though no plaintiffs in the class demonstrated that they had suffered identity theft or any other...more

Another major medical data breach in California

Or….why are health care institutions still leaving laptops containing PHI unencrypted???? The Los Angeles Times (the “Times”) reported this week the theft of two laptops from an administrative office of hospital group...more

No Harm, No Foul: Court of Appeal lets UCLA off the hook for $16 million in lost medical data case

A computer hard drive containing private medical information for 16,000 patients at UCLA was stolen. One of the patients filed a class action lawsuit seeking $1,000 per patient ($16 million total) in statutory damages against...more

Recent California Decision Holds That Privacy/Data Breach Liability Covered Under “Traditional” Insurance Policy

In an October 7th decision, the United States District Court for the Central District of California upheld coverage under a commercial general liability policy for a hospital data breach that compromised the records of nearly...more

121 Results
|
View per page
Page: of 5