Healthcare is plagued by a high frequency of reported breaches. Although they are often caused by employees making mistakes, such as misdirecting a fax or losing a thumb drive, we are seeing more and more breaches caused by malware, phishing scams, and hacking. We have worked with healthcare entities in responding to data breaches, including breach analysis and notification obligations to patients, the media, and regulatory agencies.
Unlike any other industry, when a healthcare organization is dealing with a breach involving over 500 individuals, not only is the organization required to report the breach to the media, but the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) will assuredly conduct an investigation. Increasingly, our clients are also seeing inquiries from state attorneys general, who have enforcement authority under Health Insurance Portability and Accountability Act (HIPAA) as well as the state laws. Read More»»