This blog series has been following breaches of Protected Health Information (“PHI”) that have been reported on the U.S. Department of Health and Human Services (“HHS”) ever-lengthening parade list (the
Continue Reading The Parade of Major Reported PHI Breaches Jumps Ahead to 646 – Theft Continues to Dominate the Numbers
PHI Security Breach Notification
The Parade of Major Reported PHI Breaches Creeps Ahead to 525 – Theft Continues to Dominate the Numbers
As of January 1, 2013, there were 525 postings on the U.S. Department of Health and Human Services list of breaches of unsecured PHI affecting 500 or more individuals. “Theft” constituted the majority of PHI breach types reported.
Continue Reading The Parade of Major Reported PHI Breaches Creeps Ahead to 525 – Theft Continues to Dominate the Numbers
A Reader’s Comment about a Third Potential Posting on the HHS Breach Parade for Massachusetts Eye and Ear Infirmary
A thoughtful reader commented on a recent blog post in this series by highlighting the importance of evaluating the risk of harm by any covered entity that experiences a PHI security breach.
Continue Reading A Reader’s Comment about a Third Potential Posting on the HHS Breach Parade for Massachusetts Eye and Ear Infirmary
As the Breach Parade Passes 500 Marchers: Should There be a Posting on the HHS List for a Third Massachusetts Eye and Ear Infirmary Breach?
Much has been written about the circumstances surrounding the agreement of Massachusetts Eye and Ear Infirmary (“MEEI”) to pay the U.S. Department of Health and Human Services the sum of $1.5 million to settle potential violations involving an alleged 2010 security breach of PHI under HIPAA. However, relatively little has been written that the 2010 breach was the second of what may be three significant PHI breaches experienced by MEEI within the last three years.
Continue Reading As the Breach Parade Passes 500 Marchers: Should There be a Posting on the HHS List for a Third Massachusetts Eye and Ear Infirmary Breach?
Advice from OCR’s Breach Parade Reviewing Stand: Verify Whether Your Business Associate is also an Independent Covered Entity
The federal Office of Civil Rights deems it necessary for a covered entity (CE) to verify whether a business associate (BA) is also a covered entity with respect to the CE’s protected health information; in turn such CE and BA and their respective counsel should use the verification process to develop provisions in the business associate agreement.
Continue Reading Advice from OCR’s Breach Parade Reviewing Stand: Verify Whether Your Business Associate is also an Independent Covered Entity
MD Anderson Posts Notice of Breach on Day 59
University of Texas MD Anderson Cancer Center posted notice on its website of a theft of an unencrypted laptop computer containing data on more than 30,000 patients exactly 59 days after the theft took place.
Continue Reading MD Anderson Posts Notice of Breach on Day 59
The Breach Parade: OCR’s Reviewing Stand Lashes Out and Takes $1.7 million from Alaska Medicaid – Who is Really Being Penalized?
The recent Department of Health and Human Services (“HHS”) resolution with Alaska Department of Health and Social Services, the state Medicaid agency (“Alaska Medicaid”), which includes the payment by Alaska Medicaid to HHS of $1.7 million respecting possible violations of HIPAA, raises questions as to the exacting of payments by HHS from a state agency that funds medical care for the Alaska indigent from taxpayers.
Continue Reading The Breach Parade: OCR’s Reviewing Stand Lashes Out and Takes $1.7 million from Alaska Medicaid – Who is Really Being Penalized?
The Parade of Major PHI Breaches Marches Onward – What Lessons Can Be Learned from Comments by OCR’s Reviewing Stand?
The Department of Health and Human Services list of breaches of unsecured PHI affecting 500 or more individuals includes focused guidance for covered entities and business associates in the form of brief summaries of the cases that the federal Office of Civil Rights has investigated and closed.
Continue Reading The Parade of Major PHI Breaches Marches Onward – What Lessons Can Be Learned from Comments by OCR’s Reviewing Stand?
Boston Children’s Hospital: Reported Large PHI Security Breach in Argentina Gives the Parade a New International Flavor
Within the last week, The Boston Globe has reported that venerable Boston Children’s Hospital, the primary pediatric teaching hospital of Harvard Medical School, has notified the public media and affected individuals of a large PHI security breach that occurred in Buenos Aires, Argentina.
Continue Reading Boston Children’s Hospital: Reported Large PHI Security Breach in Argentina Gives the Parade a New International Flavor
Utah Department of Health: A Bold Repeat Marcher in the Parade of Major PHI Security Breaches
On March 30, 2012, a large data security breach, which has not yet been posted on the U.S. Department of Health and Human Services list of breaches of unsecured PHI, was experienced by the Utah Department of Technology Services on a computer server that stores Medicaid and Children’s Health Insurance Program claims data.
Continue Reading Utah Department of Health: A Bold Repeat Marcher in the Parade of Major PHI Security Breaches