Tag: breach

HHS Issues Reports on HIPAA Breaches and HIPAA Compliance

Last week, the U.S. Department of Health and Human Services (“HHS”) released two reports to Congress, pursuant to its obligations under the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”): a report on Breaches of Unsecured Protected Health Information for 2011 – 2012 (the “Breach Report”) and a […]

Two New York Providers Reach Largest HIPAA Settlement with OCR To Date

Earlier this week, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) reached settlements with New York and Presbyterian Hospital (“NYP”) and Columbia University (“CU”) for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  The entities operate a shared data network […]

New HIPAA Settlements Show OCR’s Focus on Encryption

Last week, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) reached settlements with two separate entities for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  Specifically, Concentra Health Services (“Concentra”) agreed to pay $1,725,220 following the theft of an unencrypted laptop and the […]

Breach of Patient Information at University of Washington Medical Center

Last week, the University of Washington Medical Center (“UWMC”) issued a press release explaining the details of a recent data breach and corrective action undertaken.  Specifically, in early October 2013, a UWMC employee opened an email attachment that contained malicious software (“malware”).  The malware took control of the computer in […]

HIPAA Breach at Iowa Hospital Chain Highlights the Vulnerability of Electronic Medical Records and the Importance of Internal Audits

Another month, another HIPAA breach.  On October 2, 2013, UnityPoint Health, a large network of hospitals and clinics in Iowa and Illinois, announced that it had discovered a breach of its electronic medical records system and alerted the FBI.  The breach, in which a contractor gained access to the system over the course of […]

HIPAA Settlement Alert: WellPoint, Inc. Agrees to Pay $1.7 Million

On July 11, 2013, WellPoint, Inc. (“WellPoint”) entered into a Resolution Agreement (the “Agreement”) with the U.S. Department of Health and Human Services (“HHS”) to pay $1,700,000 to settle alleged privacy and security violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  The Agreement does not contain […]