Last week, St. Elizabeth’s Medical Center (SEMC), a hospital located in Brighton, Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $218,400 and adopting a robust corrective action plan.
Beth Israel Deaconess Medical Center (Beth Israel) reached a settlement with the Massachusetts Attorney General’s Office for a data breach in which a physically unsecured laptop was stolen containing personal and protected health information of nearly 4,000 patients and employees. In May 2012, a physician’s laptop was stolen from his desk at […]
The Connecticut Supreme Court held that the federal Health Insurance Portability and Accountability Act (HIPAA) does not bar individuals from bringing negligence and emotional distress claims under state common law for breach of confidentiality against medical providers who unlawfully exposed their protected health information (PHI). In an opinion released this […]
The mobile medical application marketplace has developed into a $68 billion industry; however, the U.S. Department of Health and Human Services (HHS) has not yet updated guidance regarding the Health Insurance Portability and Accountability Act’s (HIPAA) application to app developers that collect and use sensitive personal data. In response to […]
HIPAA Breach at Iowa Hospital Chain Highlights the Vulnerability of Electronic Medical Records and the Importance of Internal Audits
Another month, another HIPAA breach. On October 2, 2013, UnityPoint Health, a large network of hospitals and clinics in Iowa and Illinois, announced that it had discovered a breach of its electronic medical records system and alerted the FBI. The breach, in which a contractor gained access to the system over the course of […]
September 23, 2013 is rapidly approaching, and Covered Entities and Business Associates must comply with the requirements of the HIPAA Omnibus Rule by this date. Among the tasks facing Covered Entities and Business Associates seeking to meet Omnibus Rule requirements, they must ensure that their Business Associate Agreements (“BAAs”) comply […]
On July 11, 2013, WellPoint, Inc. (“WellPoint”) entered into a Resolution Agreement (the “Agreement”) with the U.S. Department of Health and Human Services (“HHS”) to pay $1,700,000 to settle alleged privacy and security violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Agreement does not contain […]