Tag Archives: Protected Health Information

HIPAA Settlement Emphasizes Importance of Risk Analyses

On December 14, 2015, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with the University of Washington on behalf of the university’s medical center, medical school and affiliated labs and clinics. … Continue Reading

HHS Settles Case Involving Unattended Medical Records

On June 23, 2014, the Department of Health and Human Services announced a resolution agreement and 800,000 USD settlement with Parkview Health System, Inc. following a complaint involving patient medical records that were left unattended on a physician’s driveway. … Continue Reading

HHS Announces Pre-Audit HIPAA Surveys

The Department of Health and Human Services Office for Civil Rights recently announced that it intends to survey up to 1,200 covered entities and business associates to determine their suitability for a more fulsome HIPAA compliance audit.… Continue Reading

Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident

Triple-S Management Corporation reported in a recent SEC filing that its health insurance subsidiary, Triple-S Salud, Inc., has been notified by the Puerto Rico Health Insurance Administration that the Administration will impose a $6.8 million civil monetary penalty on the insurer in connection with a data breach that occurred in September 2013. … Continue Reading

FTC Reaches Settlement with Accretive Health

On December 31, 2013, the Federal Trade Commission announced that Accretive Health, Inc. has agreed to settle charges that the company's inadequate data security measures unfairly exposed sensitive consumer information to the risk of theft or misuse. Accretive experienced a breach in July 2011 that involved the protected health information of more than 23,000 patients.… Continue Reading

HIPAA Omnibus Rule Compliance Deadline Has Arrived

Today marks the deadline for compliance with the HIPAA Omnibus Rule that was issued in January 2013. Covered entities, business associates and subcontractors that access, use or disclose protected health information should ensure that they meet the new compliance requirements outlined in this post.… Continue Reading

HHS Releases Model Notices of Privacy Practices

This week, the Department of Health and Human Services' Office for Civil Rights, in conjunction with the Office of the National Coordinator for Health Information Technology, released model Notices of Privacy Practices.… Continue Reading

HHS Settles with Affinity Health Plan Over Photocopier Security Breach

On August 14, 2013, the Department of Health and Human Services announced a resolution agreement and 1.2 million dollar settlement with Affinity Health Plan stemming from an information security breach that affected approximately 350,000 individuals whose data was stored on the hard drives of leased photocopiers.… Continue Reading

HHS Settles with Shasta Regional Medical Center

On June 13, 2013, the Department of Health and Human Services announced a resolution agreement and 275,000 dollar settlement with Shasta Regional Medical Center in connection with impermissible disclosures of protected health information to the media, as well as to Shasta’s entire workforce.… Continue Reading