On August 8th, 2016, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued the largest Health Insurance Portability and Accountability Act (HIPAA) settlement to date with Advocate Health Care System (Advocate). Advocate agreed to pay $5.55 million to settle a variety of HIPAA violations. Advocate […]
Cooley Alerts | No More Safe Harbor: What Should Life Sciences and Biotech Companies Be Doing to Transfer Data to the US?
Source: Cooley LLP | Media | Alerts | No More Safe Harbor: What Should Life Sciences and Biotech Companies Be Doing to Transfer Data to the US?
Excellus, a BlueCross BlueShield (BCBS) provider servicing upstate New York, announced last week that it was the latest in a string of BCBS providers that experienced a data breach as a result of a cyberattack. CareFirst BlueCross Blue Shield, Anthem, and Premera Blue Cross all recently announced they were the victims of sophisticated cyberattacks […]
UCLA Health announced today that it was the victim of a cybersecurity attack. The press report disseminated by UCLA Health noted there is evidence that computer systems containing sensitive personal data and health data was accessed; however, at this time UCLA Health maintains that no personal or health data itself was accessed […]
This week, the Privacy and Security Workgroup within the Health IT Policy Committee was tasked by the U.S. Department of Health and Human Services (“HHS”) to discuss certain patient data protections. Specifically, they were asked to consider “updates or additional policies needed to address ethical privacy frameworks and research standards” […]
Last week, Los Angeles County Superior Court Judge Elihu Berle tentatively approved a $4.1 million settlement of a class action claim that Stanford Hospital & Clinics violated the California Confidentiality of Medical Information Act when the medical information of about 20,000 emergency room patients was posted online for nearly a year from 2010 until […]
Last week, the University of Washington Medical Center (“UWMC”) issued a press release explaining the details of a recent data breach and corrective action undertaken. Specifically, in early October 2013, a UWMC employee opened an email attachment that contained malicious software (“malware”). The malware took control of the computer in […]
HIPAA Breach at Iowa Hospital Chain Highlights the Vulnerability of Electronic Medical Records and the Importance of Internal Audits
Another month, another HIPAA breach. On October 2, 2013, UnityPoint Health, a large network of hospitals and clinics in Iowa and Illinois, announced that it had discovered a breach of its electronic medical records system and alerted the FBI. The breach, in which a contractor gained access to the system over the course of […]