Our experienced team views data breach response as a joint effort in partnership with the client where the client’s philosophy, brand and customer base are considered integral in reconciling compliance with the numerous, and often competing, laws and regulations. [...]
HHS ISSUES FINAL BREACH NOTIFICATION RULES – The end of “no harm, no foul”?
Last week the Department of Health and Human Services (HHS) issued its long-awaited “Final Rule”[.pdf] meant to strengthen various HIPAA/HITECH privacy and security rules related to individuals’ health information. The 563 pages of federal regulations contain numerous rule modifications. Notably with respect to the scope of this Blog, there are significant changes to the Breach Notification Rule for protected health information (PHI). When originally issued as an “interim final rule” in … Continue reading
OFFICE OF CIVIL RIGHTS RINGS IN NEW YEAR WITH SIGNIFICANT HIPAA DATA BREACH SETTLEMENT
The HHS’ Office of Civil Rights (OCR) announced today that The Hospice of North Idaho has agreed to pay a $50,000 settlement for violations of the HIPAA Security Rule. OCR made a point of announcing that the settlement is the first one that involves a breach of unprotected PHI affecting fewer than 500 individuals. In … Continue reading
A MASSACHUSETTS HEALTH CARE PROVIDER AGREED TO PAY $1.5 MILLION TO SETTLE A HIPAA PRIVACY VIOLATION
HHS’ Office of Civil Rights announced this week that a Mass. health care provider will pay a $1.5 million settlement to resolve a HIPAA privacy violation. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/meei-agreement.html. The monetary settlement is part of a resolution agreement and the result of the alleged 2010 theft of a laptop computer that held 3,621 patient records. The … Continue reading
STOLEN LAPTOP LEADS TO HEALTHCARE DATA BREACH INVOLVING 55,000 INDIVIDUALS IN INDIANA
Cancer Care Group (CCG), an Indiana oncology practice, has announced a data breach that affected approximately 55,000 individuals, including patients and employees. CCG has approximately 21 locations within Indiana. CCG reported that a laptop computer bag was stolen from an employee’s locked vehicle on July 19th. The data allegedly stored on the laptop computer … Continue reading
NEW CONNECTICUT DATA BREACH IS A PERFECT EXAMPLE OF DATA SECURITY FAILURES
The Connecticut Attorney General just announced that personal health information and protected health information for over 9,000 Hartford Hospital patients was lost in June. http://www.ct.gov/ag/cwp/view.asp?Q=508726&A=2341. A laptop carried by an EMC subsidiary employee was reportedly stolen. The State AG announced that the unencrypted information on the laptop contained names, addresses, dates of birth, social security … Continue reading
HIPAA Audits: Coming to Provider Near You?
In November, 2011, the Office of Civil Rights began conducting Audits of Covered Entities for compliance with the HIPAA privacy and security rules. These audits followed after Congress took the OCR to task for not effectively enforcing HIPAA. Readers of this Blog may also recall a study performed by OIG which found significant lapses in … Continue reading
HHS Hits Insurer for $1.5 Million
On March 13, 2012 the U.S. Department of Health and Human Services announced that it settled its first enforcement action resulting from a reported HITECH breach. In the settlement, Blue Cross/Blue Shield of Tennessee agreed to pay One Million Five Hundred Thousand Dollar ($1,500,000.00) to resolve potential violations of the HIPAA Privacy and Security Rules. Additionally, … Continue reading
Health Care Data Breaches Significantly Increased in 2011
The Ponemon Institute just released their second annual benchmark study on patient privacy and data security. Not surprisingly, the study demonstrates that data breaches significantly increased in 2011. A number of key points can be found in the study’s findings. One of the more interesting findings was the increased use of unsecured mobile … Continue reading
DATA BREACH v. DATA LOSS: WHICH IS WORSE?
Electronic health records are a valuable tool for sharing information and coordinating patient care. These systems enhance quality by allowing providers across the spectrum of care to share and analyze information that would otherwise not be easily accessible. The benefits to such systems have been analyzed extensively and are now taken for granted. What happens, … Continue reading
Texas Expands the Privacy Rights of Patients Beyond HIPAA and HITECH
The State Sets Mandatory Deadlines for Training, and Requires Breach Notification for all Healthcare Providers Doing Business in Texas. Texas, already known for its strict privacy laws, recently enacted legislation which surprisingly expands privacy rights beyond those proscribed in HIPAA and HITECH. This new law, HB300, will become effective on September 1, 2012. It will … Continue reading