News & Analysis as of

What Preemption? Connecticut State Court Gives Life to Negligence Claims Based on HIPAA Privacy Standard of Care

Like many federal statutes, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) contains a provision governing how the statute is designed to interact with similar or otherwise related state laws. When...more

Hospital Fires Back: Accuses Whistleblowers of Violating Patient Confidentiality

Hospitals have long seethed over employees who exploit their inside information to become whistleblowers. There’s generally not much they can do besides seethe unless the employee has some special duty of confidentiality...more

News from the Health Law Gurus™

Patient Medical Records Stolen from New Jersey Storage Facility – Tribeca Medical Center is notifying patients that their protected health information may be compromised. According to a privacy notice posted on Tribeca...more

Employer Liability for Employees’ Privacy Violations: What your organization should learn from Walgreens’ expensive lesson (hint:...

You may already have read the scintillating facts surrounding a jury award of $1.44 million (recently challenged unsuccessfully on appeal) against Walgreen Co. (Walgreens) following its pharmacist’s alleged inappropriate...more

On The Eighth Day of Privacy, Health Care Systems (Over)Shared Data

When is “sharing” too much of a good thing? And will it get worse for health care systems in 2015? Data sharing has become a point of sharp focus in the efforts to improve the quality and efficiency of health...more

Let the Games Begin: First Sony Class Action Lawsuit Filed Over Data Breach

It’s happened. The first class action lawsuit has been filed against Sony for failing to prevent hackers from stealing its current and former employees’ social security numbers, medical records, and salary information....more

Latest HIPAA Settlement: Compliance is an Ongoing Process

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) issued its first settlement under new OCR Director Jocelyn Samuels earlier this month. This latest settlement serves as a reminder that a...more

Malware Incident at Mental Health Nonprofit Leads to $150K Settlement with OCR

As cyberattacks targeting the healthcare industry continue to escalate, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) has published its first-ever resolution agreement stemming from an...more

Failure to Follow HIPAA Policies Results in $150,000 Liability and Corrective Action Plan

The U.S. Department of Health and Human Services, Office for Civil Rights (HHS-OCR) has recently released information about another HIPAA settlement, emphasizing yet again the government's focus on the Health Insurance...more

HIPAA Settlement Underscores the Vulnerability of Unpatched and Unsupported Software

The title of this alert, which comes straight from the Department of Health and Human Services Office for Civil Rights' (OCR) announcement of its most recent settlement, again underscores the critical need for covered...more

Recent HHS Settlement Highlights Importance of Updating HIPAA Compliance Programs

On December 8, 2014, the U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) announced a resolution agreement with Anchorage Community Mental Health Services, Inc. (ACMHS). The agreement, which...more

Anchorage Community Mental Health Services to Pay $125,000 in Newest HIPAA Settlement: Covered Entities and Business Associates...

Anchorage Community Mental Health Services, Inc. (“ACMHS”) will pay $125,000 to the United States Department of Health and Human Services, Office for Civil Rights (“OCR”) to settle alleged violations of the Health Insurance...more

Blog: Beth Israel To Pay $100,000 for Massachusetts Health Information Breach

Beth Israel Deaconess Medical Center (Beth Israel) reached a settlement with the Massachusetts Attorney General’s Office for a data breach in which a physically unsecured laptop was stolen containing personal and protected...more

Indiana Appeals Court Upholds Jury Verdict For Pharmacist’s Wrongful Use Of Patient Information

A recent decision by the Court of Appeals of Indiana reinforces the peril faced by health care employers when employees authorized to access confidential information do so for improper purposes. In Walgreen Co. v. Hinchy, the...more

Connecticut Supreme Court Allows Plaintiffs to Circumvent HIPAA’s No Private Right of Action Clause

In an opinion released on November 11, the Connecticut Supreme Court ruled on whether the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations preempt a common law claim for...more

Connecticut Supreme Court Issues Decision That Could Expand State Law Liability in Data Breach Class Actions for Businesses...

Health care providers have not escaped the recent proliferation of data breach class actions, but plaintiffs generally have been unsuccessful in bringing claims based on the Health Insurance Portability and Accountability Act...more

No Harm, No Foul: Court of Appeal lets UCLA off the hook for $16 million in lost medical data case

A computer hard drive containing private medical information for 16,000 patients at UCLA was stolen. One of the patients filed a class action lawsuit seeking $1,000 per patient ($16 million total) in statutory damages against...more

Recent California Decision Holds That Privacy/Data Breach Liability Covered Under “Traditional” Insurance Policy

In an October 7th decision, the United States District Court for the Central District of California upheld coverage under a commercial general liability policy for a hospital data breach that compromised the records of nearly...more

PHI Breach Reporting Deadline is March 1, 2013

To comply with the HITECH breach notice requirements, HIPAA covered entities are required to report all small breaches of unsecured protected health information (“PHI”) that occurred in calendar year 2012 to the U.S....more

Significant Changes to HIPAA Effective March 26, 2013

The following is a summary of the major changes to HIPAA under the new Final Rule: 1. Breach Notification Standard Lowered — In perhaps the most significant change under the Final Rule, the new regulations considerably...more

New HIPAA Regulations Affect Business Associates and Subcontractors

The Health Insurance Portability and Accountability Act omnibus regulations recently released by the U.S. Department of Health and Human Services have significant ramifications for business associates and subcontractors of...more

A Detailed Analysis of Changes to HIPAA and the Implications for Healthcare Providers and Others in the Healthcare Industry: HIPAA...

Changes to the HIPAA Security Rule Background: The HIPAA Security Rule protects electronic PHI by requiring Covered Entities to implement certain administrative, physical, and technical safeguards surrounding...more

OCR'S Breach Settlement: The First Ever Involving Less Than 500 Patients

The HHS Office for Civil Rights (OCR) started 2013 with a bang by announcing that it had reached "the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500...more

23 Results
|
View per page
Page: of 1