As we mentioned in last week’s Webinar on the HIPAA Final Omnibus Rule, there are less than nine short months for covered entities and their business associates (and all downstream business associates) to comply with the HIPAA final rules. For those entities that have already taken steps following the release of the HITECH interim rules, the… Continue Reading
Tag Archives: Breach
OCR Settles with Hospice of Northern Idaho for $50,000.00
Posted in EnforcementOCR’s recent enforcement action against a small non-profit hospice organization in Idaho is more evidence that OCR is looking carefully at HIPAA Security Rule compliance. On December 28, 2012, HHS announced that Hospice of Northern Idaho (“HONI”) had agreed to pay HHS $50,000 to settle potential violations of the HIPAA Security Rule. This is the… Continue Reading
Additional Costs of Breach: Identity Theft Class Action Moves Forward
Posted in Litigation, UncategorizedThe costs of HIPAA breaches are well-documented. Thefts of laptops containing sensitive health information of patients impose significant costs on providers and their business associates, ranging from preliminary investigations to mail notification of all patients impacted, to say nothing of the reputational harm inflicted by the mandatory self-reporting to CMS’s public wall of shame. If these costs… Continue Reading
Alaska Medicaid Pays $1.7 Million to Settle HIPAA Violations
Posted in EnforcementLast week, the Alaska Department of Health and Human Services (“Alaska DHHS”), the state’s Medicaid agency, agreed to pay U.S. Health and Human Services $1.7 million to settle alleged violations of the HIPAA Security Rule. The HIPAA Security Rule protects health information in electronic form by requiring covered entities to use physical, technical, and administrative… Continue Reading
Blue Cross Blue Shield Settles HIPAA Violation With HHS for $1.5 Million
Posted in EnforcementOn March 13, 2012, HHS announced that Blue Cross Blue Shield of Tennessee (“BCBST”) has agreed to pay it $1.5 million to settle potential HIPAA violations arising from the theft of 57 unencrypted computer hard drives from a leased facility in Tennessee. This settlement is significant because it is OCR’s first enforcement action arising out… Continue Reading
Additional Liabilities From Breach May Be Significant
Posted in LitigationLiability from a breach of health information may be much more significant than the costs of notifying the affected individuals. Although there is no private right of action under HIPAA, private litigants have been attempting to devise theories which would support recovery of damages for violations of HIPAA. A recently amended complaint alleges that victims… Continue Reading