data protection

The University of Washington Medicine settles alleged HIPAA breach for US$ 750,000

By Mark Faccenda (US) on January 7, 2016

The University of Washington Medicine (“UWM”) has agreed to settle charges that it violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule for US$ 750,000, following a breach report first submitted by UWM on November 27, 2013. In addition to settlement, UWM has entered into a Resolution Agreement with the United States Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) and has entered into and agreed to comply with a Corrective Action Plan (“CAP”).

Anthem breach may trigger legal obligations for organizations that use Anthem to provide or support employee health insurance plans

Posted on February 16, 2015

Norton Rose Fulbright’s Data Privacy co-chairs authored a blog post that reported on the recent Anthem breach and the consequential cybersecurity risks for its customers. See Anthem breach posts significant cybersecurity risks for Anthem’s customers; may trigger legal obligations,…

HHS reports detail HIPAA breaches and compliance

By Mark Faccenda (US) on June 25, 2014

On June 11, 2014, the US Department of Health and Human Services (“HHS”) issued two reports to Congress addressing Health Information Accountability and Portability Act of 1996 (“HIPAA”) compliance activities for calendar years 2011 and 2012. The first report, relating…

Two New York hospitals agree to pay $4.8M in HIPAA fines

Posted on May 16, 2014

On May 7th, two New York hospitals agreed to pay the Department of Health and Human Services (“HHS”) $4.8 million dollars to settle claims that the hospitals had failed to secure patients’ electronic protected health information, in violation of the…

Two HIPAA settlement agreements illustrate need for encryption

By Mark Faccenda (US) on April 28, 2014

On April 22, 2014, the US Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) announced that it had reached settlement agreements with two organizations alleged to have violated the Health Information Portability and Accountability Act of…

Privacy – Mandatory breach notification coming to Australia

By Nick Abrahams (AU) & Bernard O'Shea (AU) on March 26, 2014

With many Australian organisations still coming to grips with recent changes to their privacy laws, legislation to mandate notification of privacy breaches is back on the agenda. Amongst other aspects, the recent changes introduced significant fines and increased the scope…

Government’s Fraud and Abuse Program nets US$4.3Bn in FY 2013

Posted on March 6, 2014

In a report released on February 26^th, the federal government stated that its Heath Care Fraud and Abuse Control Program (“HCFAC”), established under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), recovered $4.3 billion during FY…

Congressional hearings indicate additional security flaws with healthcare website

Posted on January 21, 2014

During a US House of Representatives Science Committee hearing last week, cybersecurity researchers described that the Affordable Care Act’s healthcare website, HealthCare.gov, is still susceptible to security issues, which could put patients’ sensitive health information at risk.

David Kennedy, president…

Health Law Pulse