Business Associate Failed to Safeguard 3.5 Million Patients’ Medical Records

Share

Medical Informatics Engineering, Inc. and its wholly-owned subsidiaries (MIE) and the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS-OCR) entered into a $100,000 settlement and two-year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Continue reading

$3 Million Settlement for Two Separate HIPAA Breaches Affecting Over 62,500 Individuals

Share

Cottage Health and the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS-OCR) recently entered into a $3 million no-fault settlement and three year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA). This was HHS-OCR’s last HIPAA related settlement of 2018 – a record year in HIPAA enforcement activity, as detailed in this DBR on Data blog post.

Continue reading

2018 An All-Time Record Year for HIPAA Enforcement Actions by HHS-OCR

Share

The Office for Civil Rights at the U.S. Department of Health and Human Services (HHS-OCR) had a record-breaking year in 2018 with Health Insurance Portability and Accountability Act (HIPAA) enforcement activity.  HHS-OCR entered into 10 settlements and received summary judgment in a case before an Administrative Law Judge, totaling nearly $28.7 million in enforcement actions. According to the HHS-OCR Director, Roger Severino, this record year underscores the need for covered entities to be proactive about their HIPAA data security.

Continue reading

Business Associate Exposes Protected Health Information of 19,000 Patients

Share

An error made by a transcription service provider during a software upgrade on Orlando Orthopaedic Center (OOC)’s server in December 2017 has resulted in the exposure of more than 19,000 patients’ protected health information (PHI). PHI stored on OOC’s server from December 2017 until February 2018 – when the breach was finally discovered – was freely exposed over the internet without any authentication. Upon full investigation, patients’ names, social security numbers, dates of birth, insurance information, employer details, and treatment types were deemed accessible.

Continue reading

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy