Articles and Blogs

Two separate alleged HIPAA violations resulted in an enforcement action by the Department of Health and Human Services (“HHS”) against a Massachusetts hospital (“Hospital”).  On July 10, 2015, the HHS Office for Civil Rights (“OCR”) announced a $218,400 settlement with the Hospital to resolve HIPAA investigations into two issues: READ MORE

On April 27, 2015, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced that it entered into a settlement with a Colorado pharmacy (“Pharmacy”) arising from alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule.  Under the settlement, the Pharmacy agreed to pay $125,000 in... READ MORE

Health care data breaches are not new. The breach announced by health insurer Anthem on February 5, 2015 is notable mostly for its scope. According to Anthem’s statement, hackers utilized a very sophisticated cyber attack to gain access to the information of potentially 80 million current and former Anthem members. The information accessed included... READ MORE

On December 8, 2014, the Department of Health and Human Services (“HHS”) announced that it had reached a settlement with a nonprofit, community mental health care provider (“Provider”) arising out of alleged violations of the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The settlement comes after an HHS... READ MORE

The Indiana Court of Appeals recently issued an opinion in the case of Walgreen Co. vs Hinchy that could permanently alter the landscape for employer liability for HIPAA violations committed by employees.  Health care providers should be aware of this case and take actions to limit their exposure to this type of liability. Background... READ MORE

On October 31, 2014, the U.S. Department of Health and Human Services Office of Inspector General (“OIG”) released the Work Plan for Fiscal Year 2015 (“Work Plan”). The Work Plan confirms OIG will continue to concentrate a great deal of their enforcement efforts on the security and vulnerabilities of protected health information (“PHI”) contained... READ MORE

Governor Scott Walker recently signed into law the HIPAA Harmonization – Mental Health Care Coordination Act (2013 WI Act 238, the “Act”).  The Act is intended to alleviate barriers to coordination of care for patients receiving mental health treatment by aligning aspects of Wisconsin’s mental health privacy laws with the Federal Health Insurance Portability... READ MORE

OCR Chief Regional Counsel for Region V, Jerome Meites, has warned that enforcement activity over the past year will “pale in comparison” to the next 12 months. While Mr. Meites was not specific as to this pronouncement being limited to Region V, it may be important to note that Region V covers Illinois, Indiana,... READ MORE

On May 8, 2014, the Department of Health and Human Services (“HHS”) announced that it had reached settlements with two health care organizations arising from alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy and Security Rules.  The settlements result from the organizations’ failure to secure thousands of patients’ electronic protected... READ MORE

On April 22, 2014, the Department of Health and Human Services (“HHS”) announced that it reached settlements with two covered entities arising from alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy and Security Rules.  Both settlements involve the theft of unencrypted laptops and follow investigations in which the Office for... READ MORE