On October 22, 2018, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP co-hosted a workshop in Brussels on “Can GDPR Work for Health Scientific Research?” with the European Federation of Pharmaceutical Industries and Associations and the Future of Privacy Forum to address the challenges raised by the GDPR in conducting scientific health research.
Continue Reading
Health Privacy
Medical Transcription Vendor Agrees to $200,000 Settlement with New Jersey Attorney General
Posted on
Posted in Enforcement, Health Privacy
On October 30, 2018, ATA Consulting LLC agreed to a $200,000 settlement with the New Jersey Attorney General resulting from a server misconfiguration that allowed private medical records to be posted publicly online.…
Continue Reading
OCR Enters into Record Settlement with Anthem
Posted on
Recently, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and record settlement of $16 million with Anthem, Inc. following Anthem’s 2015 data breach, the largest breach of protected health information in history that affected approximately 79 million individuals.…
Continue Reading
Judge Grants Final Approval of Record Data Breach Settlement in Anthem Class Action
Posted on
On August 15, 2018, U.S. District Judge Lucy Koh signed an order granting final approval of the record 115 million dollar class action settlement agreed to by Anthem Inc. in June 2017. …
Continue Reading
OCR Issues Guidance on Disclosures to Family, Friends and Others
Posted on
Posted in Health Privacy, Information Security
In its most recent cybersecurity newsletter, the U.S. Department of Health and Human Services’ Office for Civil Rights provided guidance regarding identifying vulnerabilities and mitigating the associated risks on software used to process electronic protected health information.…
Continue Reading
Eleventh Circuit Vacates FTC Data Security Order
Posted on
On June 6, 2018, the Eleventh Circuit vacated a 2016 Federal Trade Commission order compelling LabMD to implement a “comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers.” The Eleventh Circuit agreed with LabMD that the FTC order was unenforceable because it did not direct the company to stop any “unfair act or practice” within the meaning of Section 5a of the Federal Trade Commission Act.…
Continue Reading
HHS Publishes Advance Notices of Proposed Rulemaking on Accounting of Disclosures and Civil Monetary Penalties
Posted on
Posted in Health Privacy
The Department of Health and Human Services recently published two advance notices of proposed rulemaking that address accounting of disclosures and the potential distribution of civil monetary penalties to affected individuals. …
Continue Reading
Unsecured PHI Leads to OCR Settlement with Closed Business
Posted on
On February 13, 2018, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement with the receiver appointed to liquidate the assets of Filefax, Inc. in order to settle potential violations of HIPAA. …
Continue Reading
HHS Announces $3.5 Million Settlement with Fresenius Medical Care
Posted on
On February 1, 2018, the Department of Health and Human Services’ Office for Civil Rights announced a settlement with dialysis clinic operator, Fresenius Medical Care, for alleged lax security practices that led to breaches of protected health information. …
Continue Reading
Aetna Agrees to $1.15 Million Settlement with New York Attorney General
Posted on
Posted in Health Privacy, Information Security
On January 23, 2018, the New York Attorney General announced that Aetna Inc. agreed to pay 1.15 million dollars and enhance its privacy practices following an investigation alleging it risked revealing the HIV status of 2,460 New York residents by mailing them information in transparent window envelopes.…
Continue Reading