In a uniquely timed second showing of enforcement authority, the Department of Health and Human Services (HHS) announced on February 24, 2011 a one million dollar settlement with a Massachusetts hospital that allegedly breached patient data. This settlement announcement comes only days after HHS announced a 4.3 million dollar HIPAA Privacy Rule fine. The
HHS’ First Civil Penalty Under HIPAA is $4.3 Million
By Joseph J. Lazzarotti on
The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has imposed its first civil monetary penalty since the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) became effective in April 2003. HHS issued a Notice of Final Determination finding that Cignet Health of Prince George’s County…
FTC Issues Guidance Addressing Medical Identity Theft
By Joseph J. Lazzarotti on
Last month, the Federal Trade Commission’s Bureau of Consumer Protection posted FAQs on its website to guide health care providers and health plans when their patients and subscribers are affected by medical identity theft.
When most people hear about an identity theft or a data breach, they typically think about credit card data or Social Security…
Employers Beware: Aggrieved Employee Commits Data Breach Affecting 2400 Individuals
As employees become more savvy with electronic communications and employers face increasing challenges with controlling vast amounts of data, the circumstances in this recent San Francisco Examiner story are likely being repeated all over the country – employee takes company information to support her wrongful termination case.
Continue Reading Employers Beware: Aggrieved Employee Commits Data Breach Affecting 2400 Individuals
Data Breach Insurance Growing In Popularity for Health Care Providers, Others
By Joseph J. Lazzarotti on
The demand for "data breach" insurance appears to be growing based on our experiences, as well as commentary such as a recent article by Pamela Lewis Dolan of American Medical News.
As we’ve reported, data breach coverage is something quite different than traditional "cyber-risk" coverage which tends to address "hazards such as unauthorized Web site access, online…
California Department of Public Health Continues to Fine Hospitals and Nursing Homes for Data Breaches
CDPH’s data privacy enforcement activity continues, this time affecting 6 hospitals and a nursing home with total penalties approaching $800,000.
Continue Reading California Department of Public Health Continues to Fine Hospitals and Nursing Homes for Data Breaches
Connecticut Insurance Department Settles Health Net Data Breach
By Joseph J. Lazzarotti on
What had been the first use of the enforcement authority under the HIPAA privacy regulations granted to a State Attorney General, has ended in a settlement agreement between Connecticut’s Insurance Department and Health Net of Connecticut. Under the agreement, Health Net will pay $375,000 in penalties, and it agreed to provide credit monitoring protection for 2 years to all affected persons in Connecticut…
Doctors’ Orders Through Your Cell Phone?
“Washington Post” Voxiva “mobile phone”…
Continue Reading Doctors’ Orders Through Your Cell Phone?
Employees Protected from Retaliation When Raising Concerns about HIPAA and Data Security
In March 2010, we reported on a decision by the U.S. District Court for the District of New Jersey that allowed an employee’s retaliation claim to proceed to trial under the New Jersey Conscientious Employee Protection Act (“CEPA”) on the ground that he was engaged in protected whistle blowing activity – voicing concerns regarding his employer’s …
Data Privacy and Security Primer for Law Firms
A UK law firm may find itself subject to significant penalties following reports of a data breach affecting thousands of people. The recent 2010 ABA Annual Meeting in San Francisco devoted two sessions to the topic, specifically dealing with “cloud computing,” and the risks and ethical issues it raises for law firms. As data privacy and security risks…