On November 9, the Florida Supreme Court ruled in the case of Emma Gayle Weaver, etc. v. Stephen C. Myers, M.D., et al., that the right to privacy under the Florida Constitution does not end upon an individual’s death. Fox partner and HIPAA Privacy & Security Officer Elizabeth Litten recently reacted to the decision
Lawsuits
Equifax Breach Checker – Curiosity May Have a Cost (But it’s Refundable)
Individuals who have received notice of a HIPAA breach are often offered free credit monitoring services for some period of time, particularly if the protected health information involved included social security numbers. I have not (yet) received such a notice, but was concerned when I learned about the massive Equifax breach (see here to view…
Where’s Your Wallet? The Ongoing Saga of FTC v. LabMD (Part 2 of 2)
It was the wallet comment in the response brief filed by the Federal Trade Commission (FTC) in the U.S. Court of Appeals for the 11th Circuit that prompted me to write this post. In its February 9, 2017 filing, the FTC argues that the likelihood of harm to individuals (patients who used LabMD’s laboratory…
From the Wild West to Westworld and (Maybe) Back to Normal – the Ongoing Saga of LabMD (Part 1 of 2)
It was nearly three years ago that I first blogged about the Federal Trade Commission’s “Wild West” data breach enforcement action brought against now-defunct medical testing company LabMD. Back then, I was simply astounded that a federal agency (the FTC) with seemingly broad and vague standards pertaining generally to “unfair” practices of a business entity…
Dumpster Diving for PHI Exposes Business Associate (and Physician Practice) to Liability
A Chicago record storage and disposal company has been named in a complaint filed by the Illinois Attorney General as a result of the negligent disposal of a medical practice’s patient records in an unlocked dumpster. The complaint alleges that FileFax, Inc. violated the Illinois Consumer Fraud and Deceptive Business Practices Act by failing to…
Connecticut “Opens Floodgates” for HIPAA Litigation
My partner Elizabeth Litten and I were recently interviewed for an article entitled “Connecticut ‘opens floodgates’ for HIPAA litigation” published in “Privacy this Week” by DataGuidance. The full text of the article can be found in the November 13, 2014 issue of “Privacy this Week,” but a discussion of the article is set forth …
PHI Breach Involving Health Plan Leads to Lawsuit by Identity Theft Victims Who Were Plan Members
The principle that individuals whose protected health information is stolen, lost, or otherwise inappropriately used, accessed, or left unsecured have no private right of action against the person or entity responsible for the breach under the HIPAA/HITECH laws may change for victims of identity theft who can show the theft was caused by a HIPAA breach, at least if the action is brought in the 11th Circuit.…
Continue Reading PHI Breach Involving Health Plan Leads to Lawsuit by Identity Theft Victims Who Were Plan Members
The Hazards of Data Mining: Minnesota AG Sues Collection Agency for Breach, Improper Use of PHI
A Wall Street-based medical collection service has been sued by the Minnesota Attorney General after losing a laptop containing sensitive information about 23,500 patients treated by two hospitals which contracted with the company. More significantly, the AG’s complaint alleges that the company, Accretive Health, Inc., was mining, analyzing and using the data for purposes…
A First: Connecticut AG Settles With Health Net Over Breach For $250,000
In the first settlement of a HIPAA enforcement action brought by a state attorney general under the new authority granted by the HITECH Act, Connecticut Attorney General Richard Blumenthal announced that the state had entered into an agreement with Health Net for failing to secure patient health and financial information. The AG had brought suit…
Help Me Understand HIPAA!
It’s been years since HIPAA became a household term. Yet, there continues to be a significant amount of confusion about when it applies, what types of uses and disclosures of PHI are permitted, and if individuals can sue someone for a HIPAA violation.
The Office for Civil Rights recently published separate guides, one for health care providers and one for …