Orleans Medical Clinic (Orleans) in Indiana has notified the Office for Civil Rights that the protected health information of 6,890 patients was compromised as a result of an upgrade to its server. Orleans is in the process...more
Everybody knows how much I hate USB and thumb drives. The latest scheme is for hackers to leave thumb drives in coffee shops, airports, office buildings, libraries and other public places. These USB and thumb drives contain...more
Not surprisingly, on August 30, 2016, LabMD filed its Application for a Stay of the Final Order of the Federal Trade Commission (FTC) pending review of the order by the appellate court. But since the matter is still pending...more
9/2/2016
/ Administrative Law Judge (ALJ) ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
LabMD ,
PHI ,
Section 5 ,
Stays ,
Unfair or Deceptive Trade Practices
We continue to warn health care organizations about the real and serious risks associated with ransomware and malware, but organizations don’t prepare for it adequately and are getting hit hard.
Just this past week,...more
8/22/2016
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Malware ,
PHI ,
Popular ,
Ransomware
Phoenix, Arizona, based Banner Health (Banner), reportedly one of the largest health care organizations in the country, began notifying up to 3.7 million patients this week of a data breach of its computer systems that...more
8/8/2016
/ Banner Health System ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Debit and Credit Card Transactions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Personally Identifiable Information ,
PHI ,
Point of Sale Terminals
Back in November 2015, Chief Administrative Law Judge (ALJ) D. Michael Chappell ruled that the Federal Trade Commission (FTC) failed to show that LabMD, Inc.’s (LabMD) data security practices caused harm to consumers stemming...more
8/8/2016
/ Administrative Law Judge (ALJ) ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
LabMD ,
PHI ,
Reversal ,
Section 5 ,
Unfair or Deceptive Trade Practices
Athens Orthopedic Clinic in Georgia reported on July 25, 2016, that a hacker gained access to its electronic medical record system at the end of June using the log-in credentials of a third-party vendor....more
StarCare Specialty Health System, located in Lubbock, Texas, is notifying 2,900 patients “who received Intellectual Developmental Disabilities program services, Behavioral Health program services, and Therapeutic Treatment...more
The Office for Civil Rights (OCR) has obtained another big settlement from a covered entity resulting from a data breach. This most recent settlement of fines and penalties and a Resolution Agreement is with the University of...more
Oregon Health & Science University (OHSU) has agreed to settle alleged HIPAA violations involving two separate data breaches with the Office for Civil Rights (OCR) for $2.7 million.
In the span of three months in 2013,...more
The importance of physical security and the risk associated with the unauthorized access to or loss of paper records is clear from recent experiences of Pruitt Health in South Carolina.
On March 2, 2016, an intruder...more
Our predictions that the Office for Civil Rights (OCR) will become more aggressive with audits, investigations, and fines against HIPAA business associates has come true.
On June 24, 2016, the OCR announced that it has...more
7/6/2016
/ Business Associates ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Audits ,
HIPAA Breach ,
HITECH Act ,
Investigations ,
Mobile Device Management ,
Mobile Devices ,
OCR ,
PHI ,
Settlement Agreements
Patterson Dental Supply, Massachusetts General Hospital’s (MGH) vendor that provides software to the hospital to manage dental practice information, has reportedly admitted that approximately 4,300 of MGH’s patient records...more
Governor Bruce Rauner signed several new provisions into law amending Illinois’ Personal Information Privacy Act, including health insurance and medical information into the definition of personal information that triggers...more
Genetic information is basically one’s DNA sequence, which includes health information and genetic information about the individual and their family. It is at the core of one’s individual privacy, as well as providing...more
Cloud-based electronic medical record (EMR) company Practice Fusion has agreed to settle an enforcement action with the FTC that alleges that it misled consumers when it solicited reviews of their doctors. The FTC alleges...more
The Ponemon Institute has recently released its Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data. The study has included business associates for the past two years. The study included information received...more
We previously reported that Intermedix was sued in a class action lawsuit regarding the data breach involving millions of patient records....more
The Joint Commission, which is the national accrediting organization for health care organizations, has long banned physicians using text messages to place orders for patient care due to data security concerns. In 2011, the...more
Consistent with the settlement the OCR agreed to with North Memorial Health Care of Minnesota, the Office for Civil Rights has settled its investigation of Raleigh Orthopaedic Clinic, P.A. (Raleigh Orthopaedic) for $750,000....more
The Office for Civil Rights (OCR) has issued its revamped audit protocol for its second phase of auditing covered entities and business associates’ compliance with the HIPAA Privacy, Security and Breach Notification Rules....more
While attending the International Association of Privacy Professionals annual global event, and listening to Chairwoman Edith Ramirez discuss the Federal Trade Commission’s (FTC) concerns about consumer privacy, the FTC, the...more
4/8/2016
/ App Developers ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
Mobile Health Apps ,
OCR ,
ONC ,
PHI ,
Privacy Concerns
We previously reported that 21st Century Oncology (21st Century) experienced a data breach of up to 2.2 million patient records that compromised the names, Social Security numbers and health and diagnostic information. It...more
Filed under the title of creative lawyering, a putative class action case has been filed against Facebook in federal court in Northern California alleging that health care providers and medical organizations have violated...more
We previously reported that 21st Century Oncology had suffered a data breach and notified 2.2 million patients that it had been the victim of a hacking that exposed the names, Social Security numbers, physicians’ names,...more