News
Data Breach Class Action Against Radiology Companies Dismissed for Lack of Standing

Last week, New York federal judge Vincent L. Bricetti dismissed a data breach class action against Northeast Radiology PC (Northeast) and Alliance HealthCare Services (Alliance) because the plaintiffs failed to allege...

Read more
News
Okta Notifies Customers of LAPSUS$ Attack

Okta, which markets itself as a “leading provider of identity” in the health care, public sector, energy, financial services, technology, travel and hospitality, and nonprofit industries, has notified some of its...

Read more
News
Privacy Tip #324 – What Happens to My Health Information When a Hospital Goes Out of Business?

In general, both state and federal laws apply to health information or protected health information that is in the possession of hospitals, health systems, and medical providers. HIPAA requires that covered...

Read more
News
Reporting of Breaches Under 500 Due by March 1

HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals...

Read more
News
Mobile Health Apps and the FTC’s Health Breach Notification Rule: New Enforcement Initiative Coming

Mobile health apps are growing in popularity and their number is increasing every year. Many of us find it convenient to use an app to schedule medical appointments, check medical records,...

Read more
News
New Jersey Settles with Cancer Center Over Business Email Compromise

One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess...

Read more
News
No Private Right of Action under HIPAA, but State Law Claims May Still be Asserted

A federal district court in Montana has confirmed that HIPAA precludes a private right of action for patients to claim an unauthorized access, use, or disclosure of protected health information.  Nonetheless,...

Read more
News
OCR Cybersecurity Newsletter Focuses on Controlling Access to ePHI

The Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services recently issued its Summer 2021 Cybersecurity Newsletter, which focuses on controlling access to electronic personal health...

Read more
News
Diabetes, Endocrinology & Lipidology Center Becomes 19th Settlement with OCR for HIPAA Right-of-Access Violation

Last week, Diabetes, Endocrinology & Lipidology Center Inc. (DELC) of West Virginia reached a $5,000 settlement with the Office for Civil Rights (OCR) over  allegations that it failed to provide timely...

Read more
News
OCR Announces Settlement with Clinical Lab for Alleged HIPAA Violations

The Office for Civil Rights (OCR) this week announced a settlement with Peachstate Health Management LLC (aka AEON Clinical Laboratories) following a compliance review that uncovered alleged violations of HIPAA. The...

Read more