Category Archives: Healthcare Privacy

Subscribe to Healthcare Privacy RSS Feed

HHS Reduces Penalties for HIPAA Violations; Distinguishes Based on Culpability

The U.S. Department of Health and Human Services recently published a Notice of Enforcement Discretion that markedly reduced HIPAA-related penalties. According to the Notice, effective immediately, HHS will change how it applies regulations concerning the assessment of Civil Money Penalties under HIPAA. Prior to issuance of the Notice, HHS regulations applied the same $1.5 million … Continue Reading

HHS Announces First HIPAA Breach Settlement of 2019; 300,000 Patients Affected

On May 6, 2019, the U.S. Department of Health and Human Services announced that Touchstone Medical Imaging will pay $3 million to settle potential HIPAA violations associated with a breach that exposed more than 300,000 patients’ Protected Health Information. The breach occurred in May 2014. One of Touchstone’s servers allowed uncontrolled access to patients’ PHI. … Continue Reading

HIPAA Breach Results in a $4,500,000 Class Action Settlement

Community Health System, one of the largest health systems in the United States, has agreed to pay $4,500,000 to settle claims made against it arising from a 2014 data breach. The data breach, believed to be caused by malware installed by Chinese hackers on CHS’s computer system, exposed the names, dates of birth, addresses, telephone … Continue Reading

Company’s Vendor Suffers Breach, No Business Associate Agreement, $500K OCR Settlement

A Florida staffing agency which provides physicians to hospitals and nursing homes, has agreed to a $500,000 settlement with the U.S. Department of Health and Human Services, Office for Civil Rights. The settlement comes after an investigation revealed that the company, Advanced Care Hospitalists, disclosed the protected health information of 9,255 people to a third-party … Continue Reading

States Taking Actions Against Health IT Companies Over Data Breaches

Twelve state attorneys general have brought suit against two medical Information Technology companies. The AGs allege that the companies, Medical Informatics Engineering Inc. and its subsidiary, NoMoreClipboard LLC, had poor security practices that led to medical data breaches. Those breaches impacting close to four million patients. This case is the first coordinated multistate attorney general … Continue Reading

FDA Issues New Draft Cybersecurity Guidance for Medical Devices

The Food & Drug Administration has recently released for comment a draft expansion of guidance regarding Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Although the FDA issued existing guidance in 2014, the new guidance reflects concerns about the rapidly-changing nature of cybersecurity threats, and the potentially grave consequences of cybersecurity incidents … Continue Reading

Texas Hospital Order to Pay $4.3M for Failure to Implement its HIPAA Security Policies

A Texas hospital was recently ordered by an administrative law judge to pay a $4,300,000 penalty for three data breaches over the course of 2012 and 2013 that exposed the personal health information – including social security numbers, patient names and treatment records – of more than 33,000 individuals in violation of HIPAA. The specific … Continue Reading

New York Settles EmblemHealth Breach for $575,000

The recent $575,000 settlement with EmblemHealth signals a push from AG Schneiderman “for stronger security laws and hold[ing] businesses accountable for protecting their customers’ personal data.”  Noting New York’s “weak and outdated” security laws, AG Scheiderman used the settlement to urge for the swift passage of the Stop Hacks and Improve Electronic Data Security Act … Continue Reading

HHS-OCR Closes 2017 with Six Figure Settlement in PHI Data Breach Impacting Over 2 Million Individuals

At the end of last year the Department of Health and Human Services – Office for Civil Rights announced its resolution agreement and settlement with 21st Century Oncology for $2.3 million. The company, which billed itself as the largest operator of cancer treatment centers in the world, filed for bankruptcy in May of 2017.  OCR’s … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree