Navigant recently published the latest update of its comprehensive Information Security and Data Breach Report, which adds yet another analytic view of the data breach picture. And the view is not a pretty one. You can get a copy of the report here. Some of the “highlights”: Healthcare entities again accounted for the largest percentage… Continue Reading
Category Archives: HIPAA/HITECH
Subscribe to HIPAA/HITECH RSS FeedGetting ready to forward that spreadsheet to your personal email account? Think twice…..then think again…
Posted in Data Breach, HIPAA/HITECH, Identity Theft, SecurityAn employee — former employee — of the South Carolina Department of Health and Human Services found out the hard way after transferring the information of more than 228,000 Medicaid beneficiaries to his personal email account. The data included Medicare numbers (which include Social Security numbers as part of the identifier) linked to the beneficiaries… Continue Reading
The Rising Cost of HIPAA Violations: $100,000 Fine Levied on Physician Group
Posted in Data Compliance & Security, HIPAA/HITECH, SecurityWritten by Kimberly Gold If your company needs another reminder that policies and procedures, risk assessments, documentation and training are critical elements for HIPAA compliance programs, we have another corrective action plan – and monetary fine – that should be utilized as a “teachable moment” for health care providers and business associates alike. Phoenix Cardiac… Continue Reading
The cost of HIPAA non-compliance – $17 million – UPDATE
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECHWritten by Kevin McGinty If it wasn’t clear before, a recent settlement of HIPAA claims brought by the Department of Health and Human Services against BlueCross BlueShield of Tennessee (“BCBST”) underscores the high regulatory cost of non-compliance with privacy requirements. HHS announced on March 13, 2012 that BCBST has agreed to pay $1.5 million… Continue Reading
HIPAA Breach Reporting Deadline Approaching
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECHOur colleagues over at the Mintz Health Law Policy Matters blog have posted a reminder about the approaching annual HITECH data breach reporting deadline. All “small” calendar year 2011 breaches affecting fewer than 500 must be reported to the Office of Human Rights by the end of February. If you think this may be you,… Continue Reading
New Year’s Resolutions – Privacy & Security
Posted in 201 CMR 17.00, Data Breach, Data Compliance & Security, HIPAA/HITECH, Identity Theft, Privacy Regulation, Secure Traveling, SecuritySince it’s traditionally the time for new beginnings and resolutions to clear away old habits, we’d like to pass on some tips for improving privacy and security in your operations — and in your own life — in 2012. 1. Be sure to secure. Many data breaches occur by leaving sensitive information lying around the… Continue Reading
Things to do in 2012: Questions to Ask of Cloud Vendors
Posted in Data Breach Notification, Data Compliance & Security, European Union, HIPAA/HITECH, SecurityAdoption of cloud computing is certainly on the increase — but 2011 has seen evidence of some of the risks associated with moving to the cloud. Notable among the year’s data breaches was the breach at e-mail marketer Epsilon Data. To quickly refresh your memory, Epsilon was the victim of a hacking attack, and once… Continue Reading
HIPAA Audits Begin; Huge Medical Data Theft from California Provider
Posted in Data Breach, Data Breach Notification, HIPAA/HITECHOur sister blog, Health Law & Policy Matters, includes a detailed discussion (warning?) relating to the commencement of HIPAA audits by the Office of Civil Rights. That post can be found here, and it and the embedded links should be required reading for anyone involved with protected health information. Yesterday, we learned of a major… Continue Reading
Monday Morning Privacy 101
Posted in Data Breach, Data Breach Notification, HIPAA/HITECH, UncategorizedCan you identify the major problems lurking in this one short paragraph? We’ve given you some help. The UCLA Health System has notified more than 16,000 patients of the theft of their PHI during a home invasion of a former employee. The PHI was contained on an external computer hard drive and although the information… Continue Reading
Update on Patient Information Breaches
Posted in Class Action Litigation, Data Breach, Data Breach Notification, HIPAA/HITECHWritten by Dianne Bourque Nemours Children’s Health System has reported the loss of three, unencrypted computer backup takes containing patient billing and employee payroll data. The tapes had been stored in a locked cabinet, and were reported missing on September 8th. It is believed that they may have been removed in early August during a… Continue Reading
Massachusetts General Hospital settles 2009 breach with Office of Civil Rights
Posted in Data Breach, HIPAA/HITECHThe cost of data breaches keeps on rising. Add another million to this week’s HIPAA charges. Just released this afternoon – the Office of Civil Rights announced that it has reached a settlement with Massachusetts General Hospital relating to a 2009 loss of medical records when a billing manager who was carrying the records accidentally… Continue Reading
WellPoint Sued by Indiana AG for $300K – UPDATE
Posted in Data Breach, Data Breach Notification, HIPAA/HITECH(This post is updated to include links to the Indiana Attorney General’s press release and a copy of the complaint) Back on July 1, we blogged in this space about a very large data breach experienced by health insurer WellPoint. According to WellPoint, over 470,000 individual insurance customers may have been affected by a breach that… Continue Reading
