Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

HIPAA/HITECH

Subscribe to HIPAA/HITECH RSS Feed

Could the Anthem Hack Happen in NY? New Report Highlights Risk for NY Insurers

Posted in Cybersecurity, Data Breach, HIPAA/HITECH, Security

The New York State Department of Financial Services (the “Department”) recently released a “Report on Cyber Security in the Insurance Sector” (the “Report”). The Report was released on February 8, 2015,  just four days after Anthem first reported the breach of its database estimated to contain as many as 80 million customer records. While the… Continue Reading

Register for our next Wednesday Webinar — February 25

Posted in Employee Privacy, Events and Webinars, HIPAA/HITECH, Identity Theft, Mobile Privacy, Privacy Litigation, Security, Social Media

Registration is open for the next installment in the Mintz Levin Privacy & Security Group Wednesday Webinar series — This webinar,  scheduled for Wednesday, February 25,  will focus on privacy in the workplace. Our workplace is everywhere these days, which makes employment and privacy compliance even more challenging. Jen Rubin and Gauri Punjabi will discuss… Continue Reading

The Anthem Data Breach: The Fallout and What’s Next

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Identity Theft

By now (unless you have been under a snow drift), you have likely heard about the apparent intrusion into a database at the nation’s largest health insurer, Anthem, Inc.  Rather than reiterate the facts as currently known (see Anthem’s dedicated website for updates), we’ll look at the fallout and what’s next.

Privacy Monday – January 26, 2015

Posted in Cybersecurity, Data Breach, HIPAA/HITECH, Legislation, Privacy Monday, Privacy Regulation, Uncategorized

Good Monday – The East Coast prepares for Apocalypse (Sn)ow. In the meantime, here are three privacy-related tidbits for your day. Privacy Concerns Cause Scale Back of Release of HealthCare.gov Data We spend a fair amount of time warning about third party vendors and the risk that such vendors can pose to sensitive data.  … Continue Reading

You’re Invited: Tips for Surviving a HIPAA Audit

Posted in HIPAA/HITECH

Celebrate Data Privacy Day!  On Wednesday January 28th, Mintz Levin’s Dianne Bourque, will be presenting a webinar on how to survive a HIPAA audit.  With the New Year in full swing, the HHS Office of Civil Rights (“OCR”) is resuming its random audit program to assess compliance with HIPAA privacy, security and breach notification rules. … Continue Reading

Save the Date — HIPAA Audit Preparedness Webinar January 28, 2015

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation, Security

The First Rule of How to Survive a HIPAA Audit:  Be Prepared 2015 is bringing along with it the start of the HHS Office for Civil Rights random audit program to assess compliance with the HIPAA privacy, security and breach notification rules.   It is anticipated that 300-400 business associates will be the subject of a… Continue Reading

On the Tenth Day of Privacy, OCR Gave to Me…..

Posted in 12 Days of Privacy, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

……………..a cumbersome C-A-P Written by Dianne Bourque  The U.S Department of Health and Human Services Office for Civil Rights has received tremendous publicity in recent years for its upward-trending fines and aggressive enforcement of HIPAA violations.  Seven-figure fines are becoming the norm for serious violations, for example, in May of this year, OCR fined a hospital and university a combined total of $4.8 million dollars for their separate HIPAA… Continue Reading

On The Eighth Day of Privacy, Health Care Systems (Over)Shared Data

Posted in 12 Days of Privacy, HIPAA/HITECH, Privacy Regulation

When is “sharing” too much of a good thing?  And will it get worse for health care systems in 2015?  Read on….. Written by Stephanie D. Willis Data sharing has become a point of sharp focus in the efforts to improve the quality and efficiency of health services in the United States.  Given all that has… Continue Reading

OCR Issues New Bulletin on Ensuring Privacy in Public Health Emergencies

Posted in HIPAA/HITECH

Written by Stephanie Willis   This week, the HHS Office of Civil Rights (OCR) issued a bulletin (Bulletin) to remind covered entities and business associates that “the protections of the Privacy Rule are not set aside during an emergency.”  The Bulletin’s information on appropriate disclosures and protections under emergency circumstances is especially timely in the wake… Continue Reading

Notes from the Joint OCR/NIST HIPAA Security Conference

Posted in Cybersecurity, HIPAA/HITECH, Privacy Regulation, Security

Written by:  Dianne Bourque, Kimberly Gold, Kate Stewart, and Stephanie D. Willis  (original post in Mintz Levin’s Health Law & Policy Matters blog) As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance through HIPAA Security” into three phrases:  (i) risk assessment, (ii)… Continue Reading

Privacy Monday – September 22, 2014

Posted in Cybersecurity, Data Breach, HIPAA/HITECH, Privacy Monday

Happy autumnal equinox — http://www.skyandtelescope.com/astronomy-news/observing-news/autumnal-equinox-2014-arrives-09222014/ Home Depot Breach – By the Numbers 56 million cards at risk (compare to Target = 40 million) $62 million in estimated costs (compare to Target  =$146 million and counting) $27 million insurance coverage (compare to Target = $100 million in cover) Lawsuits filed – at least 1 in US and… Continue Reading

Massive Data Breach Affects 4.5 Million Patients in 29 States

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH

Written by Julia Siripurapu, CIPP/US and Dianne J. Bourque Community Health Systems, Inc. (the “Company”), one of the largest hospital organizations in the country, announced via a public filing (Form 8K) made yesterday with the Securities and Exchange Commission (“Report”) that the Company was the target of a cyber attack that compromised the health data… Continue Reading

Changes in Breach Notification Risk Assessments Under HIPAA

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

Reposted from Mintz Levin’s Health Law & Policy Matters blog The American Bar Association Health Law Section’s July 2014 eSource publication includes an article by Dianne Bourque, Kimberly Gold, and Stephanie Willis that provides examples of how risk assessments under the Breach Notification Rule have changed since the HIPAA Omnibus Rule went into effect in September 2013.   The examples analyzed… Continue Reading

D’oh! OCR Confirms that Medical Records Should Not be Left in the Driveway

Posted in Data Breach, Data Breach Notification, HIPAA/HITECH

Written by  Dianne J. Bourque  (reprinted from Mintz Levin’s Health Law Policy Matters blog) The most recent Office for Civil Rights (“OCR”) HIPAA enforcement action serves as an important reminder to health care providers of the security risks associated with a mishandled medical records custody transfer and the risks of leaving paper records in the… Continue Reading

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation, Security

Written by Stephanie D. Willis and Dianne J. Bourque (republished from Mintz Levin’s Health Law Policy Matters blog)   Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information… Continue Reading

Health Data Breach Victims Have Standing to Sue Says WV Supreme Court

Posted in Data Breach, HIPAA/HITECH, Privacy Litigation

The most common defense against class actions for data breach has itself been breached in a ruling last week by the West Virginia Supreme Court. The Court’s opinion held that representatives of the class of medical clinic patients whose names, contact details, social security numbers and medical information had been accidentally posted to a publicly… Continue Reading

Protecting Attorney-Client Privilege: Making Sure What’s Said In House Stays In House

Posted in HIPAA/HITECH, Uncategorized

Attorney-client privilege, and how to ensure that advice and counsel to their clients is covered by the privilege, is always a top-of-mind issue for in-house counsel, particularly with respect to compliance questions.   The privacy office does not always report into the legal department in all companies.  Therefore, when it comes to data breach compliance and privacy advice, privacy… Continue Reading

Record $4.8 Million HIPAA Fine Assessed

Posted in Data Breach Notification, HIPAA/HITECH

In the largest Health Insurance Portability and Accountability Act (HIPAA) settlement to date, two New York hospitals have agreed to pay $4.8 million to settle allegations that they failed to secure thousands of patients’ electronic protected health information (ePHI) held on their shared network.  Our sister blog, Health Law Policy Matters, provides an analysis of the incidents and… Continue Reading

We have seen this movie before ….. and we all should know that it does not end well.

Posted in Data Breach, HIPAA/HITECH, Privacy Regulation

This was originally posted on Mintz Levin’s Health Law & Policy Matters blog: Written by: Kimberly J. Gold How much is the cost of doing nothing when it comes to encryption of sensitive data?   In the case of electronic protected health information, about $2 million. Two companies have been hit with fines equaling a total of almost… Continue Reading