Tag Archives: data breach

Deeper Dive: Integrating Physician Practices into a Health System’s HIPAA Privacy and Security Program

By Paulette Thomas on Posted in Uncategorized
The health system needs to understand its IT capabilities and operating competencies and develop the required infrastructure to support clinical integration of the physician practices The healthcare industry shift to a value-based business model is resulting in greater alignment between hospitals and physicians to provide quality, outcomes driven care in order to receive payment for … Continue Reading

Alan L. Friel Details “9 tips for contracting” in Healthcare IT

By Alan L. Friel on Posted in Uncategorized
Partner Alan L. Friel authored an article published in the June 23, 2015, issue of FierceHealthIT. The article, headlined, “Healthcare IT: 9 tips for contracting,” outlines key legal and business issues that healthcare organizations should consider during the RFP and contracting process to reduce risks and help minimize expensive change orders. Read the article. A … Continue Reading

FAQs by Employers Regarding the Anthem Breach

Photo of Theodore J. Kobus IIIPhoto of Lynn SessionsBy Theodore J. Kobus III and Lynn Sessions on Posted in Uncategorized
Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is self-insured and your company contracts with Anthem to administer the plan, process claims, etc., then your company’s group health plan … Continue Reading

Managing Your Health Information Risks Should Not Begin After a Breach Is Reported

Photo of Lynn SessionsBy Lynn Sessions on Posted in Uncategorized
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. Our attorneys have written about specific examples of those services. Healthcare is plagued by a high frequency of reported breaches. Although they are often caused by employees making mistakes, such as misdirecting a fax or losing a thumb drive, we are seeing more and … Continue Reading

Medical Information More Valuable to Hackers Than Credit Card Numbers

Photo of Lynn SessionsBy Lynn Sessions and Nita Garg on Posted in Uncategorized
In light of the recently reported large healthcare data breaches that have resulted in the potential theft of the personal information of millions of patients, the FBI warned healthcare providers yet again of the dangers of cyber attacks. Healthcare providers, already sensitive to the need for increased patient data protection in response to the 2013 … Continue Reading

Selby and Sessions Offer Advice for Building a Breach Response Team Before a Breach in an Article for CSO.com and CIO.com

Photo of BakerHostetlerBy BakerHostetler on Posted in Uncategorized
Partners Judy Selby and Lynn Sessions co-authored an article entitled, “Building a Data Breach Response Team, Before You Have a Breach,” which was published by CSO.com and CIO.com on October 3, 2014. They advised companies to address the issue before they have a breach in order to assemble the best team for the company’s need. … Continue Reading

Florida Gives Breach Notification Statute More Teeth

By Cory J. Fox on Posted in Uncategorized
Editor’s note:  This post originally appeared on BakerHostetler’s Data Privacy Monitor blog. On June 20, 2014, Florida Governor Rick Scott signed the Florida Information Protection Act of 2014 (FIPA), which will repeal Florida’s current breach notification statute at Fla. Stat. § 817.5681 and replace it with a new statute at Fla. Stat. § 501.171 effective … Continue Reading

Health System Pays $800,000 Fine for Leaving PHI in Doctor’s Driveway

Photo of Lynn SessionsBy Lynn Sessions and Kimberly M. Wong on Posted in Uncategorized
While enforcement activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has focused primarily on a covered entity’s safeguard of electronic protected health information (ePHI), organizations cannot forget about PHI in nonelectronic form.  In 2009, a retiring physician filed a complaint with HHS against Parkview Health System, Inc. … Continue Reading

Children’s Hospitals Today Publishes Article on Data Breach Prevention and Response by Partner Lynn Sessions

Photo of BakerHostetlerBy BakerHostetler on Posted in Uncategorized
The Spring 2014 issue of Children’s Hospitals Today, published by the Children’s Hospital Association, features an article by BakerHostetler partner Lynn Sessions on preparing and responding to healthcare data breaches. In the article, “Breached: 10 Ways to Prepare and Respond,” Sessions discusses potential consequences of failing to adequately respond to a data breach, including “regulatory … Continue Reading

Get Ready! HHS OCR Announces Next Round of HIPAA Audits

Photo of Lynn SessionsBy Lynn Sessions and Kimberly M. Wong on Posted in Uncategorized
To combat new risks associated with rapidly evolving health information technology, HIPAA and HITECH provide standards for the privacy of protected health information (PHI), the security of electronic protected health information (ePHI) and breach notification to individuals. HITECH also requires the U.S. Department of Health and Human Services (HHS) to perform periodic audits of covered … Continue Reading

OCR Settles Potential HIPAA Violations With County Government

Photo of Lynn SessionsBy Lynn Sessions and Kimberly M. Wong on Posted in Uncategorized
To start 2014, HHS OCR issued its first resolution agreement of the year and its first settlement with a county government—signaling that even local and county governments, regardless of size, must safeguard the privacy and security of patient information in compliance with HIPAA. Skagit County, Washington (County), located in northwest Washington with approximately 118,000 residents, … Continue Reading

Proposed $6.8M Fine Related to Puerto Rico Breach Incident

Photo of Lynn SessionsBy Lynn Sessions and Kimberly M. Wong on Posted in Uncategorized
Triple-S Salud, Inc. (Triple-S), a Puerto Rico Health Insurance Administration (PRHIA) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty (CMP) of $6,768,000 and other administrative sanctions stemming from a breach incident affecting 13,336 dual eligible Medicare beneficiaries.  The breach incident occurred in September 2013 when Triple-S mailed to … Continue Reading

FTC Settles Case With Medical Transcription Company

By Anne Foster on Posted in Uncategorized
The Federal Trade Commission (FTC) recently announced that it had settled its data privacy case against medical transcription firm GMR Transcription Services, Inc. (GMR) following allegations that GMR had failed to adequately protect the personal information of its consumers.  The consent order signed by the parties is a particularly notable milestone in that it marks … Continue Reading

Some Things Better Left Unshared: Social Media and Medical Identity Theft

Photo of Lynn SessionsBy Lynn Sessions and Anne Foster on Posted in Uncategorized
The Washington Post recently published an article reminding individuals not to tweet or otherwise share information concerning their medical conditions on social media, warning that disclosing such information publicly “is akin to posting your address along with the dates you’ll be away on vacation.” Quoting Jennifer Trussell, who investigates medical identity theft on behalf of … Continue Reading
LexBlog