The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) issued two reports yesterday calling for the HHS Office of Civil Rights (OCR) to strengthen its Health Insurance Portability and...more
The 56 Dean Street Clinic, which is operated by the Chelsea and Westminster NHS Trust and specializes in HIV and other sexual health services, has apologized for the error which revealed (to all 780 recipients) the full names...more
The Massachusetts Attorney General announced Friday that her office had reached a settlement with Beth Israel Deaconess Medical Center (BIDMC) surrounding a 2012 data breach in which a physician’s unencrypted personal laptop...more
The Federal Trade Commission (FTC) has suffered a significant setback in its ongoing dispute with LabMD, a now-closed medical laboratory that the FTC charged with failing to adopt reasonable data security practices that...more
In an October 7th decision, the United States District Court for the Central District of California upheld coverage under a commercial general liability policy for a hospital data breach that compromised the records of nearly...more
The Health Insurance Portability and Accountability Act omnibus regulations recently released by the U.S. Department of Health and Human Services have significant ramifications for business associates and subcontractors of...more
Changes to the HIPAA Security Rule Background: The HIPAA Security Rule protects electronic PHI by requiring Covered Entities to implement certain administrative, physical, and technical safeguards surrounding...more
For the fourth time since the Massachusetts data security regulations took effect in March 2010, the Massachusetts Attorney General’s Office (“AGO”) has settled allegations that Massachusetts-based entities violated the...more
The HHS Office for Civil Rights (OCR) started 2013 with a bang by announcing that it had reached "the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500...more
On January 2, 2013, the U.S Department of Health and Human Services, Office of Civil Rights (OCR) announced its first HIPAA breach settlement involving less than 500 patients. OCR took action against a hospice provider in...more
On January 2, 2013, HHS announced that the Hospice of North Idaho (HONI) agreed to pay $50,000 and enter into a Corrective Action Plan (CAP) as part of a settlement involving a breach of unsecured electronic protected health...more
On January 2, 2013, the U.S. Department of Health and Human Services (HHS) announced a settlement with the Hospice of North Idaho (HONI) for potential HIPAA violations....more
In what is best understood as a follow-up to both the recent settlement with MEEI and the release of its mobile device security guidance, HHS OCR recently released details of a settlement reached with the Hospice of Northern...more