Filefax, Inc., a defunct Illinois medical records storage and management company, has been fined $100,000 for improperly handling medical data under an agreement with the court-appointed receiver managing the company’s assets on behalf of its creditors. This settlement has implications for both service providers and their covered entity clients. Fox Rothschild partners Elizabeth Litten and
Office of Civil Rights
The Heavy Hit of HIPAA: Violations May Send You to Jail
By Elizabeth Litten on
Posted in HIPAA Enforcement
The recent criminal conviction of a Massachusetts physician provides a stark reminder that violating HIPAA can result in more than civil monetary penalties and the financial and reputational fall-out that results from a breach. In this case, perhaps the cover-up was worse than the crime, or maybe prosecutors decided that a conviction on other charges…
6 Takeaways from Memorial Hermann HIPAA Settlement: Press Releases Lead to $2.4 Million Payout
By Michael Kline on
Posted in Privacy & Security, Security Breach Notification
Post Contributed by Matthew J. Redding.
On April 26, 2017, Memorial Hermann Health System (“MHHS”) agreed to pay the U.S. Department of Health and Human Services (“HHS”) $2.4 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule.
The underlying incident occurred in September of 2015,…
Election Year Predictions: Expansion of Federal Healthcare Privacy Regulation
By Michael Kline on
Posted in HIPAA Enforcement, Privacy & Security
Our partner Elizabeth Litten and I were quoted by our good friend Marla Durben Hirsch in her article in Medical Practice Compliance Alert entitled “6 Compliance Trends Likely to Affect Your Practices in 2016.” Full text can be found in the January 13, 2016, issue, but a synopsis is below.
For her article, Marla asked…
Six Tips for Physicians to Protect Patient Data on the Internet
By Michael Kline on
Posted in HIPAA Enforcement, Privacy & Security
Our partner Elizabeth Litten and I were once again quoted by our good friend Marla Durben Hirsch in her recent articles in Medical Practice Compliance Alert entitled “Misapplication of Internet Application Triggers $218,400 Settlement” and “Protect Patient Data on the Internet with These 6 Steps.” The three of us together were able to come up…
HIPAA Compliance Trends for 2015
By Michael Kline on
As she had done in 2014, Marla Durben Hirsch interviewed my partner Elizabeth Litten and me for her annual Medical Practice Compliance Alert article on compliance trends for the New Year. While the article, which was entitled “6 Compliance Trends That Will Affect Physician Practices in 2015,” was published in the January 5, 2015 …
OCR: HIPAA Privacy Rule “Not Set Aside in an Emergency”
By William Maruca on
Posted in Privacy & Security
The threats to health privacy in the face of the Ebola scare has not escaped the notice of the Office of Civil Rights (OCR). As we reported last month, a great deal of information regarding the identity and condition of individuals who may have been exposed to or treated for Ebola has appeared in news…
The Wild West of Data Breach Enforcement by the Feds
By Elizabeth Litten & Fox Rothschild LLP on
Posted in HIPAA Enforcement, Privacy & Security
Imagine you have completed your HIPAA risk assessment and implemented a robust privacy and security plan designed to meet each criteria of the Omnibus Rule. You think that, should you suffer a data breach involving protected health information as defined under HIPAA (PHI), you can show the Secretary of the Department of Health and Human…
Puerto Rico Raises a High Bar for Fines Levied for PHI Breaches
By Elizabeth Litten on
Posted in HIPAA Enforcement
My partner Bill Maruca was quoted in Jeff Overley’s article “Historic HIPAA Fine Will Push Feds To Get Tougher” published in Law360 on Friday, February 20, 2014. The article reports on the nearly $7 million fine imposed by the Puerto Rico Health Insurance Administration on a contractor, health plan Triple-S Salud Inc. (“Triple-S”). Bill’s quote…
Collateral Effects of the Omnibus Rule: Exercise Caution in Using Past OCR Summaries on Large PHI Breaches as a Roadmap for Future Guidance
By Michael Kline on
Posted in Security Breach Notification
While the summaries of closed investigations posted on the U.S. Department of Health and Human Services list of breaches of unsecured PHI affecting 500 or more individuals continue to provide highly useful information for covered entities, business associates and subcontractors relative to confronting PHI breaches, large and small, they must be analyzed with appropriate care and attention paid to changes brought about by the recently-published Omnibus Rule.…
Continue Reading