On July 25, 2019, New York Governor Andrew Cuomo signed into law Senate Bill S5575B, an amendment to New York’s breach notification law. This blog entry provides an overview of the changes.
Continue Reading
HIPAA
Washington AG Settles with Premera on Behalf of Multistate Coalition
Posted on
On July 11, 2019, Washington Attorney General Bob Ferguson announced that his office had entered into a consent decree and $10 million settlement with Premera Blue Cross (“Premera”) that stems from a 2014-2015 breach that affected more than 11 million individuals. The settlement, which includes a payment of roughly $5.4 million to Washington state and $4.6 million to a coalition of 29 other state Attorneys General (the “Multistate AGs”), is one of the largest ever for a breach involving protected health information (“PHI”) and comes just one month after another notable HIPAA settlement involving a similar coalition of state AGs.
…
Continue Reading
First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement
Posted on
Arizona Attorney General Mark Brnovich recently announced a settlement with healthcare software provider Medical Informatics Engineering Inc. and its wholly owned subsidiary NoMoreClipboard, LLC. This blog entry provides an overview of the case. …
Continue Reading
Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors
Posted on
On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which extends Oregon’s data breach notification requirements to include third-party vendors. This blog entry provides an overview of the bill.…
Continue Reading
Nevada Law Provides Consumers with Limited Right to Opt Out of Sale
Posted on
Posted in Online Privacy, U.S. State Law
On May 29, 2019, Nevada’s governor approved SB 220, which provides amendments to an existing law that requires operators of websites and online services to post a notice on their website regarding their privacy practices. This blog entry provides a summary of the Amendment Bill.…
Continue Reading
OCR Settles with Medical Imaging Services Company
Posted on
On May 6, 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement and $3 million settlement with Touchstone Medical Imaging. The settlement is the first OCR HIPAA enforcement action in 2019, following an all-time record year of HIPAA enforcement in 2018.…
Continue Reading
Federal Government Reduces Maximum Annual Penalties for Most Healthcare Privacy Violations
Posted on
On April 26, 2019, the U.S. Department of Health and Human Services reduced the available penalties for three out of the four tiers of privacy and security violations set forth in the HITECH Act. This blog entry provides an overview of the reductions.…
Continue Reading
CCPA: Employers Should Consider Implications for Employee Benefit Plans
Posted on
Posted in Health Privacy, Workplace Privacy
As we move closer to implementation of the California Consumer Privacy Act of 2018, companies should consider how the new law could affect their operations in multiple ways – including, for example, data collected through their employee benefit plans.…
Continue Reading
HHS Publishes Health Industry Cybersecurity Practices
Posted on
The U.S. Department of Health and Human Services recently published “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” which was developed by the Healthcare & Public Health Sector Coordinating Councils Public Private Partnership, a group comprised of over 150 cybersecurity and healthcare experts from government and private industry.…
Continue Reading
Medical Transcription Vendor Agrees to $200,000 Settlement with New Jersey Attorney General
Posted on
Posted in Enforcement, Health Privacy
On October 30, 2018, ATA Consulting LLC agreed to a $200,000 settlement with the New Jersey Attorney General resulting from a server misconfiguration that allowed private medical records to be posted publicly online.…
Continue Reading