Tag archive: breach

HIPAA Update – Newest Settlement of $475,000 Results From Untimely Breach Report

Don’t let your clients get caught paying a “big” settlement for failing to report a HIPAA breach! For the first time, the Office of Civil Rights (OCR) has announced a HIPAA settlement with a provider who failed to provide a timely breach report. Presence Health, a health network serving Illinois with approximately 150 locations, including…

HIPPA’s Not Just For Covered Entities – Recent Enforcement Action Extends To Business Associates

On June 29, 2016, the Office of Civil Rights (OCR) announced a Resolution Agreement it entered with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) a business associate of six nursing homes. This Resolution Agreement included a monetary payment of $650,000 and a Corrective Action Plan (CAP). The CAP requires CHCS to conduct…

HIPAA News – $750,000 Settlement Following Stolen Laptop

Ever wonder if the Office of Civil Rights (“OCR”) is serious about the requirements for a HIPAA Security risk analysis and policy specific to removing hardware and electronic media containing ePHI from a covered entity’s facility? Yes, the OCR is extremely serious about those requirements as Cancer Care Group, P.C. (“Cancer Care”), a radiation oncology…

Phase 2 HIPAA Audits Are Coming, Now Is The Time To Get Ready

In 2011-2012, the U.S. Department of Health and Human Services Office for Civil Rights conducted a pilot audit program (Phase 1) to evaluate covered entities compliance with HIPAA privacy, security and breach notification rules. The results of those audits…

Reminder Annual OCR Breach Reporting is Due March 1, 2015

Covered entities must submit annual report to the OCR by March 1, 2015 for breaches affecting fewer than 500 individuals. Breach notification obligations differ depending on whether the breach affects 500 or more individuals or fewer than 500 individuals. A covered entity must submit its annual notification to the Office for Civil Rights (OCR) if…

Lewellen v. Franklin: Missouri Supreme Court Holds Statutory Cap on Punitive Damages Unconstitutional

On September 9, 2014, the Missouri Supreme Court unanimously struck down the State’s punitive damage cap in Lewellen v. Franklin, 2014 WL 4425202 (Mo. banc Sept. 9, 2014). The plaintiff in Lewellen was a 77-year-old widow with less than $1,000 of monthly income who contracted to purchase a vehicle with National Auto Sales North’s (“National”)…

Happy HIPAA Monday – Stolen Laptop + No Encryption = Provider Data Breach

Cedars-Sinai Medical Center in LA reported a stolen employee laptop containing patient protected health information as well as social security numbers and other personal information of at least 500 patients. While the hospital has encryption policies, this laptop lacked encryption after a recent operating system upgrade. The hospital will mail letters this week to potentially…

Nearly $5M Settlement for ePHI Breach Underlines Data Security Concerns

If you ever wonder if you should be concerned about HIPAA compliance, think about this latest Office of Civil Rights (OCR) settlement with New York Presbyterian Hospital (NYP) and Columbia University Medical Center (CU). Following a joint breach report on September 27, 2010, when NYP and CU disclosed the breach of electronic protected health information…

HIPAA Update – OCR Takes Unencrypted Laptops Seriously

OCR issued an update regarding two important HIPAA settlements involving theft of unencrypted laptops. The first involved Concentra Health Systems report of a breach that an unencrypted laptop was stolen from the Springfield Missouri Physical Therapy Center. After concluding that Concentra had previously recognized its lack of encryption in multiple risk analyses, its efforts to…

Another HIPAA Breach – Encryption Matters

The Department of Health and Human Services’ Office for Civil Rights, the division responsible for investigating HIPAA breaches, has said repeatedly encryption is one of the most basic things providers and business associates can implement to protect patient information. “Pay attention to encryption,” said Susan McAndrew, deputy director for health information privacy at OCR, speaking…

MISSOURI

St. Louis  |  Clayton  |   Kansas City

ILLINOIS

Alton  |  Carbondale  |  Edwardsville  |  O'Fallon

The information on this website is for general information purposes only. Nothing on this site should be taken as legal advice for any individual case or situation.
This information is not intended to create, and receipt or viewing does not constitute, an attorney-client relationship. © 2014 Sandberg Phoenix & von Gontard P.C. All Rights Reserved.

Menu