News & Analysis as of

Even in Privacy Cases, Risk of Injury Does not Always Equal Injury

It’s an ancient conundrum; if a tree falls in the forest, and no one is there to hear it, does it make a sound? Privacy litigation may well offer the closest jurisprudential equivalent; if data is stolen, but no one does...more

California Court Grants Hospital Summary Judgment on Data Breach Claim

In its recent decision in Eisenhower Medical Center v. Superior Court, 226 Cal. App. 4th 430(Cal. App. 4th Dist. 2014), the Court of Appeal of California, Fourth District, had occasion to consider whether a medical facility’s...more

A Whistleblower Hotline can protect against medical identity theft

Last year, medical identity theft affected nearly two million Americans - 32% more than the year before. This is a staggering number! And considering that today, medical identity theft accounts for 43% of all identity theft...more

HIPAA Violation Results in $4.8 Million Settlement

While most healthcare providers know to pay close attention to the HIPAA rules when setting up their information technology systems, recent events have demonstrated that this close scrutiny should also be applied to computer...more

HIPAA Data Breaches

HIPAA has been on the books since 1996. With the advent of electronic health records, HHS adopted security regulations to require covered entities to protect the integrity, confidentiality, and availability of electronic...more

California Court Limits Liability for Loss of Certain Patient Information under CMIA

California appellate courts are clarifying potential liability under California’s Confidentiality of Medical Information Act, Cal. Civ. Code § 56 et seq. (“CMIA”) of health care providers, health plans, pharmaceutical...more

Health System Investigated for Leaving PHI in Doctor’s Driveway – Settles with OCR for $800K

While OCR enforcement activity has focused on a covered entity’s safeguarding of ePHI, organizations cannot forget about PHI in non-electronic form. To settle potential violations of the HIPAA Privacy Rule, Parkview Health...more

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured...more

FTC Uses Its "Unfair Acts" Power to Go After PHI Security Breach

The Federal Trade Commission (FTC) is moving forward with an administrative action against a small medical laboratory that suffered two data security breaches, resulting in its patients’ protected health information falling...more

Human Error Biggest Threat to Patient Data Security and Privacy

Human error remains the biggest threat to healthcare data privacy, according to the latest study on patient privacy and data security by the Ponemon Institute. Healthcare organizations also continue to struggle with...more

Florida Federal Judge Approves Settlement Agreement Providing Payments to All Victims of Data Breach, Even Those Who Suffered No...

On February 28, 2014, in Resnick et al. v. AvMed Inc., a Florida federal judge gave final approval to a groundbreaking settlement agreement in a data breach class action lawsuit. The settlement for the first time provides...more

Failure to Encrypt Mobile Devices = Nearly $2 Million in Settlements

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled for the collective amount of $1,975,220 with Concentra Health Services (Concentra) and QCA Health Plan, Inc. (QCA). The settlements stem...more

Health Update - May 2014

Litigation Arising from the Affordable Care Act: The Blessing and Curse of Interesting Times - The Affordable Care Act (ACA) has brought the most sweeping changes to the healthcare delivery and payment systems in the...more

Stolen Laptops Lead to $2 Million Fine To Settle HIPAA Violations

Lost or stolen unencrypted mobile devices — commonly laptops — are the primary cause of major healthcare data breaches. This unfortunate trend persists, despite warnings from the Office for Civil Rights (OCR) of the U.S....more

HHS OCR Settles Post-Data Breach Investigation for Record $4.8M

On May 7, 2014, HHS OCR announced a pair of resolution agreements with New York Presbyterian Hospital (NYP) and Columbia University (CU) totaling $4.8 million dollars—the highest settlement amount to date. These resolution...more

Heartbleed: It’s 10 PM; Do You Know Where Your Data is?

The Heartbleed vulnerability is, by now, an item about which we have all assuredly heard a lot. To get caught up on your reading on the technology aspects of this issue, see the linked articles I have compiled in the ”To...more

Security Rule Compliance: The Importance of Performing Regular Risk Analyses

It is likely that you are familiar with the HIPAA Security Rule’s mandate that covered entities and business associates document the decision making process that led to the selection of their means to achieve security for...more

HIPAA Complaint Seeks Class Action Status

A complaint filed in the Superior Court of California on March 14, 2014, requested certification as a class action and sought a wide variety of damages arising from a breach of personal information. Doe vs. Sutherland Health...more

Take 5 Newsletter: 5 Employment Law Considerations in "The Cloud"

What is "the cloud," and what on Earth (pun intended) does cloud computing have to do with employment law? While many definitions abound, cloud computing at its core is a form of remote electronic data storage,...more

Health Law Blog: County Government Settles Alleged HIPAA Violations

A small county in Washington has agreed to pay $215,000 to settle allegations that it violated HIPAA by failing to secure electronic protected health information. Skagit County maintained protected health information (“PHI”)...more

New Ponemon Study on Patient Privacy & Data Security Released

The Ponemon Institute’s Fourth Annual Study on Patient Privacy & Data Security, dated March of 2014 and sponsored by ID Experts, is now available. The study, involving a sample of 91 organizations, contains both good news and...more

Proposed $6.8M Fine Related to Puerto Rico Breach Incident

Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other...more

Triple-S Socked with $6.8 Million Sanctions for PHI Breach

Triple-S, an insurance holding company and subsidiary of Triple-S Management Corporation, was notified by the Puerto Rican Health Insurance Administration (“HIA”) that HIA would pursue penalties against Triple-S for its...more

Unprecedented HIPAA Fine May Mean Increased Scrutiny and Penalties

Triple-S Management Corp. (“Triple-S”), a Puerto Rico-based health insurer, has been fined $6.8 million by the Puerto Rico Health Insurance Administration (“PRHIA”) following a Health Insurance Portability and Accountability...more

How To Analyze A HIPAA Breach

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) and subsequent regulations have changed several aspects of compliance with HIPAA, including the way covered entities should think about...more

137 Results
|
View per page
Page: of 6