Employers should limit PHI that they provide with respect to medical examinations of employees and job applicants and in other contexts to the least amount of medical information necessary for evaluation in order to avoid potential violations of the Americans with Disabilities Act, the Genetic Information Nondisclosure Act, State workers’ compensation laws and other statutes.
Continue Reading Employers: Beware of PHI “Minimum Necessary” Standards Lurking Under Statutes Other Than HIPAA and State PHI Statutes
Health and Human Services
Advice from OCR’s Breach Parade Reviewing Stand: Verify Whether Your Business Associate is also an Independent Covered Entity
The federal Office of Civil Rights deems it necessary for a covered entity (CE) to verify whether a business associate (BA) is also a covered entity with respect to the CE’s protected health information; in turn such CE and BA and their respective counsel should use the verification process to develop provisions in the business associate agreement.
Continue Reading Advice from OCR’s Breach Parade Reviewing Stand: Verify Whether Your Business Associate is also an Independent Covered Entity
Why Can’t I Sue Under HIPAA for a Breach of my Protected Health Information? What Can I Do?
Many people who have been in the unfortunate situation where they believe that their protected health information (PHI) has been compromised inappropriately, are often surprised and deeply disappointed to learn that the HIPAA law does not provide a “private right of action.”…
Continue Reading Why Can’t I Sue Under HIPAA for a Breach of my Protected Health Information? What Can I Do?
MD Anderson Posts Notice of Breach on Day 59
University of Texas MD Anderson Cancer Center posted notice on its website of a theft of an unencrypted laptop computer containing data on more than 30,000 patients exactly 59 days after the theft took place.
Continue Reading MD Anderson Posts Notice of Breach on Day 59
The Breach Parade: OCR’s Reviewing Stand Lashes Out and Takes $1.7 million from Alaska Medicaid – Who is Really Being Penalized?
The recent Department of Health and Human Services (“HHS”) resolution with Alaska Department of Health and Social Services, the state Medicaid agency (“Alaska Medicaid”), which includes the payment by Alaska Medicaid to HHS of $1.7 million respecting possible violations of HIPAA, raises questions as to the exacting of payments by HHS from a state agency that funds medical care for the Alaska indigent from taxpayers.
Continue Reading The Breach Parade: OCR’s Reviewing Stand Lashes Out and Takes $1.7 million from Alaska Medicaid – Who is Really Being Penalized?
The Parade of Major PHI Breaches Marches Onward – What Lessons Can Be Learned from Comments by OCR’s Reviewing Stand?
The Department of Health and Human Services list of breaches of unsecured PHI affecting 500 or more individuals includes focused guidance for covered entities and business associates in the form of brief summaries of the cases that the federal Office of Civil Rights has investigated and closed.
Continue Reading The Parade of Major PHI Breaches Marches Onward – What Lessons Can Be Learned from Comments by OCR’s Reviewing Stand?
Boston Children’s Hospital: Reported Large PHI Security Breach in Argentina Gives the Parade a New International Flavor
Within the last week, The Boston Globe has reported that venerable Boston Children’s Hospital, the primary pediatric teaching hospital of Harvard Medical School, has notified the public media and affected individuals of a large PHI security breach that occurred in Buenos Aires, Argentina.
Continue Reading Boston Children’s Hospital: Reported Large PHI Security Breach in Argentina Gives the Parade a New International Flavor
Utah Department of Health: A Bold Repeat Marcher in the Parade of Major PHI Security Breaches
On March 30, 2012, a large data security breach, which has not yet been posted on the U.S. Department of Health and Human Services list of breaches of unsecured PHI, was experienced by the Utah Department of Technology Services on a computer server that stores Medicaid and Children’s Health Insurance Program claims data.
Continue Reading Utah Department of Health: A Bold Repeat Marcher in the Parade of Major PHI Security Breaches
The Parade of Major Reported PHI Breaches Hits 400 – A Closer Look at Victim 400 and its Actions in Response to the Breach – Part 2
On February 24, 2012, HHS posted number 400 on its ever-lengthening list of breaches of unsecured PHI affecting 500 or more individuals. Theft of laptops is a recurrent source of such breaches, and the 400th breach was such an incident affecting Triumph, LLC in North Carolina.
Continue Reading The Parade of Major Reported PHI Breaches Hits 400 – A Closer Look at Victim 400 and its Actions in Response to the Breach – Part 2
The Parade of Major Reported PHI Breaches Hits 400 – Theft is the Primary Type of Breach
On February 24, 2012, HHS posted number 400 on its ever-lengthening list of breaches of unsecured PHI affecting 500 or more individuals.
Continue Reading The Parade of Major Reported PHI Breaches Hits 400 – Theft is the Primary Type of Breach