Last week, the Connecticut Attorney General (the “Connecticut AG”) announced that Hartford Hospital and its subcontractor, EMC Corporation (“EMC”), agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The entities will collectively pay a $90,000 penalty and also sign an Assurance of Voluntary Compliance (an […]
Last week, St. Elizabeth’s Medical Center (SEMC), a hospital located in Brighton, Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $218,400 and adopting a robust corrective action plan.
The Health Insurance Portability and Accountability Act (HIPAA) mandates that both Covered Entities and Business Associates protect the security of Protected Health Information (PHI) in a variety of ways. Specifically, HIPAA’s Security Rule sets forth various technical, administrative, and physical safeguards that must be enacted in order to ensure the […]
HIPAA Breach at Iowa Hospital Chain Highlights the Vulnerability of Electronic Medical Records and the Importance of Internal Audits
Another month, another HIPAA breach. On October 2, 2013, UnityPoint Health, a large network of hospitals and clinics in Iowa and Illinois, announced that it had discovered a breach of its electronic medical records system and alerted the FBI. The breach, in which a contractor gained access to the system over the course of […]
On August 23, 2013, Advocate Medical Group (“AMG”), Illinois’s largest health care network, announced that four computers housing the personal information of over four million patients were stolen in the burglary of an administrative building on July 15, 2013. Upon discovering the burglary, AMG immediately notified local police, who are […]
On July 11, 2013, WellPoint, Inc. (“WellPoint”) entered into a Resolution Agreement (the “Agreement”) with the U.S. Department of Health and Human Services (“HHS”) to pay $1,700,000 to settle alleged privacy and security violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Agreement does not contain […]