On October 12, 2021, New Jersey Acting Attorney General Andrew J. Bruck and the Division of Consumer Affairs announced a settlement with Diamond Institute for Infertility and Menopause, LLC over a data breach that compromised the personal information of 14,663 patients, including 11,071 New Jersey residents. The Division of Consumer Affairs alleged that the fertility clinic violated the New Jersey Consumer Fraud Act and the federal HIPAA’s Privacy and Security Rules by removing protected health information safeguards.
Continue Reading New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic
Protected Health Information
HHS Reaches Settlement with Clinical Laboratory for Alleged Violations of HIPAA Security Rule
On May 25, 2021, the Office for Civil Rights of the U.S. Department of Health and Human Services announced that it had reached a settlement with a clinical laboratory for violations of the HIPAA Security Rule. As part of this settlement, the company agreed to pay OCR $25,000 and to implement a robust corrective action plan. …
Continue Reading HHS Reaches Settlement with Clinical Laboratory for Alleged Violations of HIPAA Security Rule
OCR Continues to Settle HIPAA Right of Access Initiative Cases
The U.S. Department of Health and Human Services’ Office for Civil Rights recently announced more settlements associated with its HIPAA Right of Access Initiative.
Continue Reading OCR Continues to Settle HIPAA Right of Access Initiative Cases
Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty
The United States Court of Appeals for the Fifth Circuit recently vacated a 4.3 million dollar civil monetary penalty imposed by the Department of Health and Human Services’ Office for Civil Rights in 2017 against the University of Texas M.D. Anderson Cancer Center, holding that the penalty was “arbitrary, capricious, and otherwise unlawful.”…
Continue Reading Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty
OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance
On September 21, 2020, the U.S. Department of Health and Human Services Office for Civil Rights announced a $1.5 million settlement with Athens Orthopedic Clinic PA for alleged violations of the HIPAA Privacy and Security Rules.
Continue Reading OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance
OCR Settles Five More Investigations Under HIPAA Right of Access Initiative
On September 15, 2020, the U.S. Department of Health and Human Services’ Office for Civil Rights announced five more settlements under its HIPAA Right of Access Initiative.
Continue Reading OCR Settles Five More Investigations Under HIPAA Right of Access Initiative
California Senate Proposes Amendment to CCPA to Address De-Identification and Information Used for Research and Public Health Purposes
On June 11, 2020, the California Senate amended AB-713 to the California Consumer Privacy Act. The Senate’s recent amendments impose new contractual obligations on the use or sale of de-identified information and modify the exemption from the CCPA for information used for public health purposes. …
Continue Reading California Senate Proposes Amendment to CCPA to Address De-Identification and Information Used for Research and Public Health Purposes
Webinar on the Key Privacy Considerations for Reopening Businesses in the EU
Join us on May 19, 2020, for an in-depth webinar on the Key Privacy Considerations for Reopening Businesses in the EU. This post contains a link to register. …
Continue Reading Webinar on the Key Privacy Considerations for Reopening Businesses in the EU
OCR Issues Bulletin on the Sharing and Security of PHI During Coronavirus Pandemic
The Office for Civil Rights at the U.S. Department of Health and Human Services issued a Bulletin on sharing and protecting patients’ protected health information during the COVID-19 national emergency. The Bulletin emphasizes that HIPAA-covered entities may use or disclose patients’ PHI when necessary to treat a patient, to protect the nation’s public health and for other critical purposes.
Continue Reading OCR Issues Bulletin on the Sharing and Security of PHI During Coronavirus Pandemic
District Court Limits HIPAA Right of Access
The District Court for the District of Columbia recently invalidated certain Department of Health and Human Services (“HHS”) rules regarding an individual’s access to their protected health information (“PHI”). The Court held that: (1) individuals can only direct their electronic PHI to third parties (and not hard copy PHI); and (2) the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Omnibus Rule provisions regarding the caps on fees that HIPAA-covered entities may charge for such requests did not follow relevant administrative law procedures.
Continue Reading District Court Limits HIPAA Right of Access