Tag Archives: HIPAA

Minnesota AG Sues Debt Collection Agency for Health Privacy Violations

Posted on January 24, 2012 by Hunton & Williams LLP

On January 19, 2012, Minnesota Attorney General Lori Swanson announced a lawsuit against Accretive Health, Inc., (“Accretive”) for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations, the Minnesota Health Records Act, Minnesota’s debt collection statutes and Minnesota’s consumer protection laws. The suit, which was filed in Federal District Court in Minnesota, alleges that Accretive failed to adequately safeguard patients’ protected health information (“PHI”). This failure contributed to a July 2011 information security breach when an Accretive employee left an unencrypted laptop containing information of approximately 23,500 patients in a rental car. The laptop was stolen and has not yet been recovered.

Tags: Consumer Protection, HIPAA, HITECH Act, Minnesota, Privacy Rule, Protected Health Information, Social Security Number, State Attorneys General

California Bulks Up Security Breach Notification Requirements

Posted on September 2, 2011 by Hunton & Williams LLP

On August 31, 2011, California Governor Jerry Brown signed into law amendments to that state’s security breach notification statute. The revisions establish new content requirements for breach notification letters to California residents, and mandate notification to the state Attorney General when a breach affects more than 500 Californians. Senate Bill 24 was the third effort by State Senator Joe Simitian to build on the landmark California breach notification law he authored in 2002. The two previous bills he proposed were passed by the California legislature, but vetoed by former Governor Arnold Schwarzenegger.

Tags: California, Consumer Protection, HIPAA, HITECH Act, Legislation, Social Security Number

HHS Pressured to Drop Access Report Provision in Proposed Rule

Posted on August 5, 2011 by Hunton & Williams LLP

Several health care industry groups requested that the Department of Health and Human Services (“HHS”) either remove or significantly revise a proposed “access report” requirement in its recent notice of proposed rulemaking (the “Proposed Rule”) for the accounting of disclosures of protected health information (“PHI”). As we reported in May, HHS issued the Proposed Rule that revises existing HIPAA Privacy Rule provisions regarding accounting of disclosures and gives individuals a new right to obtain an “access report” that would list the specific persons who have accessed a patient’s PHI, and describe any actions taken by those persons with respect to the PHI (e.g., create, modify, access or delete).

Tags: Department of Health and Human Services, HIPAA, HITECH Act, Privacy Rule, Protected Health Information

IAPP Hosts Webinar on Upcoming OCR Audit Program

Posted on August 2, 2011 by Hunton & Williams LLP

On July 28, 2011, the International Association of Privacy Professionals (“IAPP”) hosted a webinar that addressed the upcoming audit program of the Department of Health and Human Services Office of Civil Rights (“OCR”). Susan McAndrew, the Deputy Director for Health Information Privacy at OCR, provided an overview of the audit program, noting that it stemmed from Section 13411 of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. That section of the HITECH Act authorized the Secretary of the Health and Human Services to “provide for periodic audits to ensure that covered entities and business associates” comply with the requirements of the HIPAA Privacy and Security Rules.

Tags: Compliance, Department of Health and Human Services, HIPAA, HITECH Act, International Association of Privacy Professionals, Privacy Rule, Protected Health Information, Security Rule

House Subcommittees Convene Hearing to Launch Review of Internet Privacy

Posted on July 15, 2011 by Hunton & Williams LLP

On July 14, 2011, the U.S. House of Representatives Energy and Commerce Committee convened a joint hearing of the Subcommittee on Commerce, Manufacturing and Trade (chaired by Rep. Mary Bono Mack (R-CA)), and the Subcommittee on Communications and Technology (chaired by Rep. Greg Walden (R-OR)), to launch a comprehensive review of Internet privacy. The series of hearings began with testimony from officials representing three agencies with jurisdiction over consumer privacy issues: FTC Commissioner Edith Ramirez, FCC Chairman Julius Genachowski, and Department of Commerce Assistant Secretary for Communications and Information Lawrence Strickling. Continue reading…

Tags: Congress, Consumer Protection, Do Not Track, Edith Ramirez, Federal Communications Commission, Federal Trade Commission, HIPAA, Lawrence Strickling, Legislation, Obama

Texas Enacts Expansive New Health Privacy Law

Posted on July 11, 2011 by Hunton & Williams LLP

Last month, Texas Governor Rick Perry signed a health privacy bill into law that imposes new obligations exceeding the requirements in the HIPAA Privacy Rule. The law, which will become effective on September 1, 2012, incorporates the expanded definition of the term “covered entity” in Texas’s existing health privacy law and could have a broad impact on many non-HIPAA covered entities.

Tags: HIPAA, Privacy Rule, Protected Health Information, Texas

HHS Announces $865,500 Settlement with UCLA Health System for HIPAA Violations

Posted on July 8, 2011 by Hunton & Williams LLP

On June 7, 2011, the Department of Health and Human Services (“HHS”) announced a resolution agreement and $865,500 settlement with the University of California at Los Angeles Health System (“UCLA Health System”) for violations of the HIPAA Privacy and Security Rules. UCLA Health System employees were accused of violating the Privacy Rule by improperly accessing the protected health information (“PHI”) of patients, including several high-profile celebrities who filed complaints with HHS. A subsequent investigation by HHS’s Office of Civil Rights (“OCR”) revealed that in addition to neglecting to sanction the employees who had improperly accessed patient PHI, UCLA Health System had failed to train its employees on the HIPAA Privacy and Security Rules or implement security measures to “reduce the risks of impermissible access to electronic protected health information by unauthorized users to a reasonable and appropriate level.”

Tags: Department of Health and Human Services, HIPAA, Penalty, Privacy Rule, Protected Health Information

Representative Mary Bono Mack Releases Discussion Draft of the SAFE Data Act

Posted on June 17, 2011 by Hunton & Williams LLP

On June 13, 2011, Representative Mary Bono Mack (R-CA) released a discussion draft of the Secure and Fortify Data Act (the “SAFE Data Act”), which is designed to “protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach.” Representative Bono Mack is Chairman of the House Subcommittee on Commerce, Manufacturing and Trade. In a press release, Representative Bono Mack remarked that “E-commerce is a vital and growing part of our economy. We should take steps to embrace and protect it – and that starts with robust cyber security.” She added that “consumers have a right to know when their personal information has been compromised, and companies and other organizations have an overriding responsibility to promptly alert them.”

Tags: Consumer Protection, Credit Monitoring, Credit Report, Cybersecurity, Federal Trade Commission, Gramm Leach Bliley Act, HIPAA, Legislation, Payment Card, Privacy Policy, Social Security Number

HHS Issues Notice of Proposed Rulemaking for Accounting of Disclosures of Protected Health Information

Posted on May 31, 2011 by Hunton & Williams LLP

On May 27, 2011, the Department of Health and Human Services (“HHS”) issued a notice of proposed rulemaking regarding the HIPAA Privacy Rule provision that requires covered entities to provide an accounting of disclosures of protected health information (“PHI”) to individuals upon request. The proposed rule revises existing HIPAA Privacy Rule provisions regarding an accounting of disclosures and also gives individuals a new right to obtain an “access report” about which specific individuals have accessed electronic PHI in a designated record set. The proposed rule also requires covered entities to modify their privacy notices to include that individuals have the right to obtain an access report from the covered entities.

Tags: Department of Health and Human Services, HIPAA, HITECH Act, Privacy Rule, Protected Health Information

CVS Sued for Alleged Privacy Violations

Posted on March 11, 2011 by Hunton & Williams LLP

On March 7, 2011, Arthur Steinberg and the Philadelphia Federation of Teachers Health and Welfare Fund sued CVS Caremark Corporation (“CVS”), alleging that its unauthorized disclosure of protected health information (“PHI”) constituted an unfair trade practice. The complaint claims that CVS, one of the nation’s largest pharmacies, sent letters to physicians that listed their patients’ names, dates of birth and prescribed medications. The letters encouraged the physicians to prescribe drugs made by pharmaceutical manufacturers, who paid CVS to send them. This purported disclosure of PHI would violate the HIPAA Privacy Rule’s prohibitions against disclosing PHI for marketing purposes without an individual’s authorization.

This is the second major lawsuit filed against CVS in the past few year. Last December, a group of Texas pharmacies filed suit against CVS for violations of Racketeer Influenced and Corrupt Organizations Act (“RICO”) and misappropriation of trade secrets. The Texas complaint alleged that CVS disclosed PHI to pharmaceutical manufacturers for the manufacturers’ marketing purposes. In 2009, CVS paid $2.25 million to the Department of Health and Human Services (“HHS”) to settle charges that it violated the HIPAA Security Rule by dumping prescription records in dumpsters.

Tags: Consumer Protection, Department of Health and Human Services, HIPAA, Privacy Rule, Protected Health Information

Privacy and Information Security Law Blog - Global privacy and information security law updates and analysis

Tag Archives: HIPAA

HHS Pressured to Drop Access Report Provision in Proposed Rule

IAPP Hosts Webinar on Upcoming OCR Audit Program

House Subcommittees Convene Hearing to Launch Review of Internet Privacy

Texas Enacts Expansive New Health Privacy Law

HHS Announces $865,500 Settlement with UCLA Health System for HIPAA Violations

HHS Issues Notice of Proposed Rulemaking for Accounting of Disclosures of Protected Health Information

CVS Sued for Alleged Privacy Violations

Published By Hunton & Williams

Search

Subscribe

Topics

Recent Updates

Blogroll

Privacy News