On July 11, 2019, Washington Attorney General Bob Ferguson announced that his office had entered into a consent decree and $10 million settlement with Premera Blue Cross (“Premera”) that stems from a 2014-2015 breach that affected more than 11 million individuals. The settlement, which includes a payment of roughly $5.4 million to Washington state and $4.6 million to a coalition of 29 other state Attorneys General (the “Multistate AGs”), is one of the largest ever for a breach involving protected health information (“PHI”) and comes just one month after another notable HIPAA settlement involving a similar coalition of state AGs.

Continue Reading

On May 6, 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement and $3 million settlement with Touchstone Medical Imaging. The settlement is the first OCR HIPAA enforcement action in 2019, following an all-time record year of HIPAA enforcement in 2018.
Continue Reading

The U.S. Department of Health and Human Services recently published “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” which was developed by the Healthcare & Public Health Sector Coordinating Councils Public Private Partnership, a group comprised of over 150 cybersecurity and healthcare experts from government and private industry.
Continue Reading