Over the past thirty days, the Office for Civil Rights (“OCR”) has reached three HIPAA breach resolutions, signaling to organizations that are covered entities and business associates under HIPAA, the importance of instituting basic best practices for data breach prevention and response.

On November 26th, the OCR announced a settlement with Allergy Associations

Laptop-maker Lenovo (United States), Inc. agreed to a no-fault settlement with the Federal Trade Commission and 32 states over allegations that it installed ad software that compromised customers’ web security and invaded users’ privacy.

As part of the Consent Order, Lenovo agreed that it would:

  • Not misrepresent any feature of installed software related to consumer

New York State Attorney General Eric T. Schneiderman announced a settlement with Acer Service Corporation (a Taiwanese computer manufacturer) relating to the NYSAG’s investigation of a breach of Acer’s data. The data breach, first reported in June, 2016, involved data for over 35,000 customers throughout the United States, Canada and Puerto Rico, including 2,250 customers

For years, many questioned whether the HIPAA privacy and security rules would be enforced. The agency responsible for enforcement, Health and Human Services’ Office for Civil Rights (OCR), promised it would enforce the rules, but just after a period “soft” enforcement and compliance assistance. That period appears to be ending. During the first seven months

In the last two weeks, the Office for Civil Rights (OCR) announced two substantial settlements under HIPAA that together totaled $4.35 million. These large amounts seem to be driven not by actual harm to individuals, but in significant part by alleged HIPAA compliance failures identified by OCR following investigations commenced in response to receipt of

Skagit County, Washington, has agreed to settle potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), according to an announcement by the Office for Civil Rights (OCR) on Friday.  OCR reported that Skagit County, home to approximately 118,000 residents, agreed to a $215,000 monetary

On April 16, 2010, Florida Attorney General Bill McCollum announced a settlement (pdf) with Certegy Check Services, Inc. over how the company secures consumer records. The Attorney General’s enforcement action stems from a massive data breach by a former Certegy employee who stole personal identification information from approximately 5.9 million consumer files.

According to the