Data Breach Protected Health Information

News & Analysis as of

Think You Know Your HIPAA-Related Obligations? Read the ONC’s New Privacy and Security Guide to Find Out

In 2013, we alerted you to the expansion of the definition of the term “business associate” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Now, the Office of the National Coordinator for Health...more

Comingling of employee and patient data compromises employer’s HIPAA defense to employee’s claim of discharge for union activity

An administrative law judge (ALJ) of the National Labor Relations Board has concluded that a health care employer’s use of its medical records software to store employee contact information allowed an employee to access that...more

Issues Concerning Medical Identity Theft

Whenever a large data breach occurs in the healthcare industry, such as the Anthem Blue Cross Blue Shield breach this past winter, some news stories always seem to focus on the strange medical catastrophes that could...more

OCR Announces Settlement and Corrective Action Plan with Pharmacy Stemming from Alleged Violations

On April 24, 2015, the HHS Office for Civil Rights (“OCR”) once again stressed the importance of properly disposing of protected health information (“PHI”) when it announced its settlement and corrective action plan with...more

OCR Announces Another HIPAA Settlement and Warns Not to Forget About Paper Records

On April 27, 2015, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that Cornell Prescription Pharmacy (“Cornell Pharmacy”) had entered into a resolution agreement to settle,...more

HIPAA Rules and Procedures in the Event of a Data Breach, Part One

As discussed in my prior post, recent massive data breaches at major retailers and health insurance providers paint a bleak picture of modern data and emphasize the importance of strong security safeguards and plans for...more

Lessons Learned from Recent Data Security Breaches, Part Two

Because controlling access is essential to protecting privacy of PHI under HIPAA, the HITECH Security Rule essentially requires that a covered entity control physical and electronic access to the data system by implementing...more

State Legislatures React To Latest Health Data Breaches By Updating State Data Breach Notification Laws And Encryption...

Recent, large-scale breaches of health information have served to highlight the fact that federal agencies have only rarely assessed penalties against companies as a result of these breaches, while many states do not have...more

Lessons Learned from the Anthem Cyber-Attack and Corresponding “HIPAA Actions”

Anthem Inc. (“Anthem”), the nation's second-largest health insurer, disclosed on Wednesday, February 4, 2015, that it was the victim of a major cyber-attack. According to Anthem, the attack exposed personal information of...more

Monthly Benefits Alert - February 2015

Health & Wellness Plans - Anthem Data Breach Requires Plan Sponsor Attention - On January 29, 2015, Anthem Inc., one of the largest managed health care companies in the country, disclosed that the sensitive...more

US District Court in Texas Finds Plaintiffs Lack Article III Standing in PHI Breach

Beverly Peters v. St. Joseph Services Corporation d/b/a St. Joseph Health Care System was a class action that arose out of a data breach of the defendant-health care service provider. It was alleged in the action that...more

“Bring Your Own Device” To Work Programs: Regulatory and Legal Risks and How To Minimize Them

If you’ve ever left your mobile phone on an airplane, in a restaurant, or somewhere other than in your possession, you know it’s frightening enough to think of losing the device itself, which costs a premium, as well as your...more

HIPAA Compliant Technology and the Importance of Encryption

We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc. The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This means that any...more

Court Dismisses Data Breach Class Complaint For Lack Of Standing

On February 11, 2015, the U.S. District Court for the Southern District of Texas held that a plaintiff lacked standing to pursue claims for alleged violations of the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq....more

No Harm, No Standing: Texas Federal Court Dismisses Data Breach Class Action

Dismissing a class action based on a data breach, the Southern District of Texas added to the growing number of decisions that find an alleged risk of future identity theft due to a data breach is not an injury that creates...more

Latest Update on Anthem Data Breach - Other BCBS Plans May Be Impacted

As a follow-up to its announcement of a massive cyber breach last week, Anthem has updated its “Frequently Asked Questions” for its employer clients, which are posted at www.AnthemFacts.com. The most significant development...more

What the Anthem Cyberattack Means for the Health Care Industry

Unfortunately, account hacks and data breaches are nothing new. Every day, we hear reports of hackers compromising networks and their protected data. When it happens on a massive scale to a powerful player in the health...more

FAQs by Employers Regarding the Anthem Breach

Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is...more

Honored in the Breach: Employer Action Items for an Insurer Data Breach

This morning, Anthem Blue Cross and Blue Shield, one of the largest health insurers in the country, notified its policyholders, members, and business partners that it was recently the target of an external cyber attack that...more

Protections Governing Theft and Publication of Medical Records

As instances of medical data breaches increase, U.S. courts are interpreting the scope of liability stemming from them. In California, the court in Sutter Health et al. v. The Superior Court of Sacramento County (Atkins) held...more

Privacy Tuesday – January 6, 2015

Welcome to the first Privacy Tuesday of 2015! We hope that you enjoyed our 12 Days of Privacy series (and if you missed it, they are all linked in the right column of the blog…). Three things that you should...more

Happy New Year! 2015 Brings More Reasonable Breach Notification Reporting Periods for CA Health Care Providers

In 2008 California put into effect breach reporting laws applicable to certain licensed health care providers Healthcare Entities that are more stringent than HIPAA - so stringent that Healthcare Entities have been required...more

Data Breach Plaintiff Given Second Chance to Certify Class Action Suit

Recently, the Pennsylvania Superior Court ruled in favor of data breach plaintiff Avrum Baum, giving him a second chance to certify a class action suit against Keystone Mercy Health Plan. Baum brought suit against the...more

What Can You Expect in 2015 Regarding HIPAA Enforcement?

As of earlier this month, 1, 170 breaches involving 31 million records have been reported to the Department of Health and Human Services (HHS) since mandated reporting of breaches began in September 2009.  An increase in the...more

Let the Games Begin: First Sony Class Action Lawsuit Filed Over Data Breach

It’s happened. The first class action lawsuit has been filed against Sony for failing to prevent hackers from stealing its current and former employees’ social security numbers, medical records, and salary information....more

176 Results
|
View per page
Page: of 8

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.
×