Tag Archives: PHI

HHS/OCR releases guidance for mobile apps and health information exchange and “fact sheets”

The Office for Civil Rights has provided additional educational materials for app developers through the app developers portal that it developed last fall. The new material is intended to assist healthcare entities and software developers to learn from different scenarios that explain when HIPAA applies to mobile health apps and when it doesn’t. In particular, … Continue Reading

Lincare, Inc. ordered to pay civil monetary fines for HIPAA violations

In an unusual scenario, in fact, only the second time in history, the Office for Civil Rights (OCR) was successful before an Administrative Law Judge (ALJ) in obtaining an order for the payment of civil monetary fines as a result of HIPAA violations. The OCR assessed a penalty of $240,000 against Lincare Holdings, Inc. (Lincare) … Continue Reading

Eight District Attorneys in Oklahoma sued for wrongfully disclosing personal information in court filings

Generally, court filings are public records unless sealed from public access by a judge. Vast amounts of personal information contained in public records can be, and are, accessed by criminals in order to obtain personal information of individuals, which can be aggregated with other information, to perpetrate fraud and identity theft. For this reason, most … Continue Reading

Class action suit dismissed against Georgia Secretary of State for data breach

We previously reported that the Georgia Secretary of State’s office experienced a massive data breach in October, and didn’t find out about it until November. The breach affected approximately 6 million Georgian voters, and included their names, addresses, dates of birth, driver’s license numbers and Social Security numbers. Following the data breach and notification to … Continue Reading

Centene announces search for missing hard drives containing PHI of 950,000 individuals

Centene Corporation, a health insurer headquartered in St. Louis, announced on January 25, in a press release that it is undertaking an, “ongoing comprehensive internal search for six hard drives that are unaccounted for in its inventory of information technology (IT) assets.” The press release states that the hard drives contained the names, addresses, dates of … Continue Reading

HHS issues new guidance on individual access to PHI under HIPAA

On January 7, 2015, HHS issued new guidance (Guidance) regarding an individual’s right to access his or her health information under HIPAA’s Privacy Rule. The Guidance emphasizes that HIPAA, while protecting the privacy and confidentiality of individuals’ health information, also recognizes the importance of providing individuals with access to their health information. The Guidance reviews … Continue Reading

Lahey Hospital agrees to pay a whopping $850,000 to OCR for stolen laptop

Just before Thanksgiving, the Office for Civil Rights (OCR) announced that Lahey Hospital and Medical Center (Lahey) has agreed to pay $850,000 in fines and penalties to the OCR and enter into a resolution agreement following the self-disclosure that a laptop containing CT scans was stolen from Lahey in October of 2011. Surprisingly, the fine … Continue Reading

Triple-S settles HIPAA violations for $3.5M

Triple-S Management Corp., an insurance holding company based in San Juan, Puerto Rico, has agreed to settle an investigation of HIPAA violations by the Office for Civil Rights (OCR) for $3.5 million. According to the OCR press release dated November 30, Triple-S, formerly known as American Health Medicare Inc., will pay the fine and “adopt … Continue Reading

Former hospital employee convicted and sentenced for HIPAA violations

The US Attorney’s Office for the Eastern District of Texas recently announced that a former employee of an East Texas hospital has been sentenced to 18 months in federal prison for criminal HIPAA violations. Although we frequently report on any civil penalties imposed by the Office for Civil Rights of the Department of Health and … Continue Reading
LexBlog