SuperCare Health Hit with Another Data Breach Class Action
In the U.S. District Court for the Central District of California last week, SuperCare Health, Inc. was hit with another proposed class action based on a data breach that allegedly compromised...
Privacy Tip #324 – What Happens to My Health Information When a Hospital Goes Out of Business?
In general, both state and federal laws apply to health information or protected health information that is in the possession of hospitals, health systems, and medical providers. HIPAA requires that covered...
ONC Information Blocking Data Show Majority of Claims Against Health Care Providers
On February 28, 2022, the Office of the National Coordinator for Health Information Technology (ONC) issued data on information blocking claims received since April 5, 2021, the effective date of information...
Reporting of Breaches Under 500 Due by March 1
HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals...
Health Care IoT Devices Pose Risk to Patient Care
As if health care entities don’t have enough to worry about during this chaotic and difficult time in the pandemic, a new report released by Cynerio, entitled “The State of IoMT...
Broward Health Data Breach Affects 1.3 Million Individuals
On January 1, 2022, Broward Health, which operates dozens of health care facilities in Broward County, Florida, notified over 1.3 million individuals that a threat actor gained access to and removed...
New Jersey Settles with Cancer Center Over Business Email Compromise
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess...
No Private Right of Action under HIPAA, but State Law Claims May Still be Asserted
A federal district court in Montana has confirmed that HIPAA precludes a private right of action for patients to claim an unauthorized access, use, or disclosure of protected health information. Nonetheless,...
OCR Announces 20th Settlement Under Right of Access Initiative
The Office for Civil Rights (OCR) recently announced that it has entered into the 20th settlement under its Right of Access Initiative. The settlement with Children’s Hospital and Medical Center in...
Hospital Continues to Divert Patients Over a Week After Ransomware Attack
Eskenazi Health in Indianapolis has been diverting emergency department patients arriving by ambulance to other area hospitals since it shut down its network following a ransomware attack on August 4, 2021....