On November 27, 2019, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a $2.175 million dollar settlement with a hospital system to resolve alleged violations of HIPAA’s Breach Notification Rule and Privacy Rule. The settlement is noteworthy as it represents OCR’s fourth HIPAA settlement in excess of $1 million
HIPAA
Texas Health and Human Services Fined $1.6 Million for HIPAA Violations
The Office for Civil Rights (OCR) announced that it has fined the Texas Health and Human Services Commission (TXHHS) $1.6 million for HIPAA violations. This is one of the few fines the OCR has levied against a state agency.
The fine centers around a data breach that TXHHS self-reported to the OCR in June 2015…
Introducing the New York SHIELD Act
The New York “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act), N.Y. Gen Bus. Law§ 899-bb, requires businesses that collect private information on New York residents to implement reasonable cybersecurity safeguards to protect that information. While this is a new law in the State of New York, it is simply joining other states,…
Jackson Health System Fined by OCR
The Office for Civil Rights (OCR) announced on October 23, 2019, that Jackson Health System (Jackson), a not-for-profit hospital system comprised of six hospitals, urgent care centers, nursing facilities, and primary care and specialty services based in Miami, Florida, has waived its right to a hearing and did not contest the findings set forth in…
Dental Practice Pays $10,000 Fine to OCR for Disclosing PHI on Social Media
Elite Dental Associates (Elite), located in Dallas, Texas has agreed to settle alleged HIPAA violations with the Office for Civil Rights (OCR) for $10,000.
The OCR alleged that it received a complaint from a patient in June of 2016 that Elite had disclosed the patient’s last name and details of the patient’s health condition on…
Privacy Tip #210 – HHS Office of Inspector General Issues Fraud Alert for Genetic Testing Scam Targeting Seniors
Everyone knows how I feel about those home genetic testing kits—most people don’t understand that when they send their DNA to a private company that it is not protected by HIPAA or any other law, and the company can legally use and disclose it, including selling it to other companies. Understand what companies are doing…
OCR Issues Fact Sheet Listing Circumstances in which Business Associates May Face Direct Liability for HIPAA Violations
In a development that may – understandably – have been overlooked by many heading into Memorial Day weekend, on May 24, 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a Fact Sheet on Direct Liability of Business Associates under the Health Insurance Portability and Accountability Act (HIPAA).…
Questions to Consider Asking Your Broker About Cyberliability Coverage
One of the first questions we ask our clients when they call about a security incident is whether they have insurance that may cover the costs associated with investigating the incident, potential forensic analysis, and coverage for a data breach. Sometimes the client will say “Yes, we have cyber coverage.” However, when reviewing the coverage…
Privacy Tip #191 – Trying to Protect Your Medical Information—Let’s Ask Questions About Data Security
In the top three of the list of highly sensitive personal data to be concerned about is our medical information. It’s so sensitive because it is so personal. It used to be that our medical information was located in paper charts at our doctor’s office, the hospital, the pharmacy and our health insurer. Now it’s…
Diagnostic Medical Imaging Company Pays $3 Million to Resolve Potential HIPAA Violations Stemming from Data Breach
The Office of Civil Rights (OCR), the enforcement arm of the Department of Health & Human Services (HHS), announced that a Tennessee diagnostic medical imaging services company has agreed to pay $3 million to settle potential HIPAA violations arising from a data breach that exposed over 300,000 patients’ protected health information. As part of the…