Decoded: Technology Law Insights, Volume 3, Issue 1

EHR Vendor Breach Lawsuit Seeks Security Improvements -

"Patient portal hacking incident last summer affected nearly 320,000."

Why this is important: On October 22, 2021, QRS Inc., a medical practice management system and electronic health record vendor, provided a HIPAA breach notification to the Department of Health and Human Services. QRS informed DHHS that over a three-day period in late August 2021, its patient portal was breached. The result of this breach was the potential exposure of 320,000 patients' personal health information. A putative class action lawsuit was filed in federal court in Tennessee alleging that the putative class representative and class members suffered damages related to actual identity theft as a result of the breach. In addition to damages, the putative class is seeking injunctive relief that would require QRS to implement a wide range of security improvements, including barring QRS from maintaining personal health information on a cloud-based database. This class action is based on the fact that QRS failed to implement "government-recommended" security measures and not statutory and regulatory mandated security measures. Therefore, complying with governmental mandates is not enough to avoid litigation in the event of a breach. However, it is yet to be seen whether failing to implement recommended, but not required, security measures will result in the finding of liability.

Please see full Newsletter below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Spilman Thomas & Battle, PLLC | Attorney Advertising

Written by:

Spilman Thomas & Battle, PLLC

Spilman Thomas & Battle, PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.