News & Analysis as of

Let the Games Begin: First Sony Class Action Lawsuit Filed Over Data Breach

It’s happened. The first class action lawsuit has been filed against Sony for failing to prevent hackers from stealing its current and former employees’ social security numbers, medical records, and salary information....more

Blog: Beth Israel To Pay $100,000 for Massachusetts Health Information Breach

Beth Israel Deaconess Medical Center (Beth Israel) reached a settlement with the Massachusetts Attorney General’s Office for a data breach in which a physically unsecured laptop was stolen containing personal and protected...more

Encryption and Securing BYO Devices at the Heart of Massachusetts AG $100,000 Settlement

The Massachusetts Attorney General announced Friday that her office had reached a settlement with Beth Israel Deaconess Medical Center (BIDMC) surrounding a 2012 data breach in which a physician’s unencrypted personal laptop...more

Connecticut Supreme Court Allows Plaintiffs to Circumvent HIPAA’s No Private Right of Action Clause

In an opinion released on November 11, the Connecticut Supreme Court ruled on whether the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations preempt a common law claim for...more

Connecticut Supreme Court Issues Decision That Could Expand State Law Liability in Data Breach Class Actions for Businesses...

Health care providers have not escaped the recent proliferation of data breach class actions, but plaintiffs generally have been unsuccessful in bringing claims based on the Health Insurance Portability and Accountability Act...more

Health Data Breach Victims Have Standing to Sue Says WV Supreme Court

The most common defense against class actions for data breach has itself been breached in a ruling last week by the West Virginia Supreme Court....more

FTC Ordered to Testify Regarding Data Security Standards in LabMD Dispute

The Federal Trade Commission (FTC) has suffered a significant setback in its ongoing dispute with LabMD, a now-closed medical laboratory that the FTC charged with failing to adopt reasonable data security practices that...more

Two Health Care Organizations Pay Largest HIPAA Fine at $4.8 Million Resulting from Unsecured Shared Network

New York-Presbyterian Hospital and Columbia University entered into a settlement with the Department of Health and Human Services’ Office of Civil Rights (OCR) to resolve allegations that the organizations had violated the...more

$4.8 Million – Largest HIPAA Settlement to Date

On May 7, 2014, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) issued a press release announcing that two health care organizations—New York and Presbyterian Hospital (“NYP”) and Columbia...more

Server Breach Makes ePHI Accessible on Google, Costs Covered Entities $4.8 Million

It would be pretty unsettling if your patient status, vital signs, medications, and laboratory results were available for the world to see on Google, wouldn’t it? According to recent settlement agreements announced by the...more

No Harm, No Foul: Court of Appeal lets UCLA off the hook for $16 million in lost medical data case

A computer hard drive containing private medical information for 16,000 patients at UCLA was stolen. One of the patients filed a class action lawsuit seeking $1,000 per patient ($16 million total) in statutory damages against...more

Recent California Decision Holds That Privacy/Data Breach Liability Covered Under “Traditional” Insurance Policy

In an October 7th decision, the United States District Court for the Central District of California upheld coverage under a commercial general liability policy for a hospital data breach that compromised the records of nearly...more

PHI Breach Reporting Deadline is March 1, 2013

To comply with the HITECH breach notice requirements, HIPAA covered entities are required to report all small breaches of unsecured protected health information (“PHI”) that occurred in calendar year 2012 to the U.S....more

Significant Changes to HIPAA Effective March 26, 2013

The following is a summary of the major changes to HIPAA under the new Final Rule: 1. Breach Notification Standard Lowered — In perhaps the most significant change under the Final Rule, the new regulations considerably...more

A Detailed Analysis of Changes to HIPAA and the Implications for Healthcare Providers and Others in the Healthcare Industry: HIPAA...

Changes to the HIPAA Security Rule Background: The HIPAA Security Rule protects electronic PHI by requiring Covered Entities to implement certain administrative, physical, and technical safeguards surrounding...more

OCR'S Breach Settlement: The First Ever Involving Less Than 500 Patients

The HHS Office for Civil Rights (OCR) started 2013 with a bang by announcing that it had reached "the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500...more

Health Law Alert: Deficient Data Security On Mobile Devices Leads To First HIPAA Breach Settlement Involving Less Than 500...

On January 2, 2013, the U.S Department of Health and Human Services, Office of Civil Rights (OCR) announced its first HIPAA breach settlement involving less than 500 patients. OCR took action against a hospice provider in...more

First HHS OCR Settlement for HIPAA Breach Involving Less Than 500 Patients Sends Message to Providers

On January 2, 2013, HHS announced that the Hospice of North Idaho (HONI) agreed to pay $50,000 and enter into a Corrective Action Plan (CAP) as part of a settlement involving a breach of unsecured electronic protected health...more

First-Ever HIPAA Settlement Involving Fewer Than 500 Patients Announced

On January 2, 2013, the U.S. Department of Health and Human Services (HHS) announced a settlement with the Hospice of North Idaho (HONI) for potential HIPAA violations....more

First OCR Settlement Involving a “Small” Breach Focuses on Mobile Device Security

In what is best understood as a follow-up to both the recent settlement with MEEI and the release of its mobile device security guidance, HHS OCR recently released details of a settlement reached with the Hospice of Northern...more

20 Results
|
View per page
Page: of 1