Following the investigation of a self-reported data breach involving the loss of an unencrypted laptop containing the protected health information (PHI) of 13,000 individuals, the OCR slammed the New York based biomedical research Feinstein Institute with a whopping $3.9 million fine. The Feinstein Institute also agreed to a Corrective Action Plan that addresses compliance with

Health care providers and their medical records custodians constantly find themselves under pressure to release medical records immediately upon receipt of a subpoena.  However, regardless of the subpoena or the pesky insistence of the requesting attorney, with the recent ruling by the Connecticut Supreme Court in Byrne v. Avery Ctr., 314 Conn. 433 (2014),