On May 6, 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement and $3 million settlement with Touchstone Medical Imaging. The settlement is the first OCR HIPAA enforcement action in 2019, following an all-time record year of HIPAA enforcement in 2018.
Continue Reading
HIPAA
Federal Government Reduces Maximum Annual Penalties for Most Healthcare Privacy Violations
Posted on
On April 26, 2019, the U.S. Department of Health and Human Services reduced the available penalties for three out of the four tiers of privacy and security violations set forth in the HITECH Act. This blog entry provides an overview of the reductions.…
Continue Reading
CCPA: Employers Should Consider Implications for Employee Benefit Plans
Posted on
Posted in Health Privacy, Workplace Privacy
As we move closer to implementation of the California Consumer Privacy Act of 2018, companies should consider how the new law could affect their operations in multiple ways – including, for example, data collected through their employee benefit plans.…
Continue Reading
HHS Publishes Health Industry Cybersecurity Practices
Posted on
The U.S. Department of Health and Human Services recently published “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” which was developed by the Healthcare & Public Health Sector Coordinating Councils Public Private Partnership, a group comprised of over 150 cybersecurity and healthcare experts from government and private industry.…
Continue Reading
Medical Transcription Vendor Agrees to $200,000 Settlement with New Jersey Attorney General
Posted on
Posted in Enforcement, Health Privacy
On October 30, 2018, ATA Consulting LLC agreed to a $200,000 settlement with the New Jersey Attorney General resulting from a server misconfiguration that allowed private medical records to be posted publicly online.…
Continue Reading
OCR Enters into Record Settlement with Anthem
Posted on
Recently, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and record settlement of $16 million with Anthem, Inc. following Anthem’s 2015 data breach, the largest breach of protected health information in history that affected approximately 79 million individuals.…
Continue Reading
CCPA Amended: Enforcement Delayed, Few Substantive Changes Made
Posted on
Posted in Online Privacy, U.S. State Law
On August 31, 2018, the California State Legislature passed SB-1121, a bill that delays enforcement of the California Consumer Privacy Act of 2018 and makes other modest amendments to the CCPA. The CCPA introduces key privacy requirements for businesses and its provisions will become operative on January 1, 2020.…
Continue Reading
OCR Issues Guidance on Disclosures to Family, Friends and Others
Posted on
Posted in Health Privacy, Information Security
In its most recent cybersecurity newsletter, the U.S. Department of Health and Human Services’ Office for Civil Rights provided guidance regarding identifying vulnerabilities and mitigating the associated risks on software used to process electronic protected health information.…
Continue Reading
HHS Publishes Advance Notices of Proposed Rulemaking on Accounting of Disclosures and Civil Monetary Penalties
Posted on
Posted in Health Privacy
The Department of Health and Human Services recently published two advance notices of proposed rulemaking that address accounting of disclosures and the potential distribution of civil monetary penalties to affected individuals. …
Continue Reading
Unsecured PHI Leads to OCR Settlement with Closed Business
Posted on
On February 13, 2018, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement with the receiver appointed to liquidate the assets of Filefax, Inc. in order to settle potential violations of HIPAA. …
Continue Reading